-
Notifications
You must be signed in to change notification settings - Fork 338
TLS
xmrig edited this page Oct 20, 2017
·
5 revisions
XMRig-proxy does not natively support SSL/TLS, but you can put the proxy behind haproxy.
Sample haproxy.cfg
global
log /dev/log local0
log /dev/log local1 notice
chroot /var/lib/haproxy
stats socket /run/haproxy/admin.sock mode 660 level admin
stats timeout 30s
user haproxy
group haproxy
daemon
maxconn 20000
# Default SSL material locations
ca-base /etc/ssl/certs
crt-base /etc/ssl/private
# Default ciphers to use on SSL-enabled listening sockets.
# For more information, see ciphers(1SSL). This list is from:
# https://hynek.me/articles/hardening-your-web-servers-ssl-ciphers/
ssl-default-bind-ciphers ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:RSA+AESGCM:RSA+AES:!aNULL:!MD5:!DSS
ssl-default-bind-options no-sslv3
tune.ssl.default-dh-param 2048
defaults
log global
option dontlognull
timeout connect 5000
frontend xmrig
bind 45.76.33.57:443 name https ssl crt /etc/ssl/fees.xmrig.com
mode tcp
option tcplog
default_backend xmrig_backend
timeout client 10m
timeout server 10m
backend xmrig_backend
mode tcp
server proxy 127.0.0.1:80 check