forked from mnuessler/docker-tls-termination-proxy
-
Notifications
You must be signed in to change notification settings - Fork 0
/
pound.cfg
69 lines (54 loc) · 1.61 KB
/
pound.cfg
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
## Basic pound configuration for TLS termination.
##
## see pound(8) for details
######################################################################
## global options:
User "www-data"
Group "www-data"
#RootJail "/chroot/pound"
# Run in foreground otherwise docker container would exit immediately
Daemon 0
## Logging: (goes to syslog by default)
## 0 no logging
## 1 normal
## 2 extended
## 3 Apache-style (common log format)
LogLevel 1
# Log to stdout/stderr
LogFacility -
## check backend every X secs:
Alive 30
## use hardware-accelleration card supported by openssl(1):
#SSLEngine "<hw>"
# poundctl control socket
Control "/var/run/pound/poundctl.socket"
######################################################################
## listen, redirect and ... to:
ListenHTTPS
Address 0.0.0.0
Port 443
## allow PUT and DELETE also (by default only GET, POST and HEAD)?:
xHTTP 1
HeadRemove "X-Forwarded-Proto"
AddHeader "X-Forwarded-Proto: https"
# File that contains the server private key, the server
# certificate and (optionally) ca-certificates. The order does
# seem to be relevant!
Cert "${CERT_PATH}"
Ciphers "${CIPHERS}"
SSLHonorCipherOrder 1
Service
BackEnd
# Numeric IP address, or a symbolic host name
# that must be resolvable at run-time. If the
# name cannot be resolved to a valid address,
# Pound will assume that it represents the
# path for a Unix-domain socket.
# (In such cases the following error message
# is displayed: "Port is supported only for
# INET/INET6 back-ends".)
Address ${HTTPS_UPSTREAM_SERVER_ADDRESS}
Port ${HTTPS_UPSTREAM_SERVER_PORT}
End
End
End