Skip to content

TLS

Jump to bottom
xmrig edited this page Oct 20, 2017 · 5 revisions

XMRig-proxy does not natively support SSL/TLS, but you can put the proxy behind haproxy.

Sample haproxy.cfg. This config gets A rating on ssllabs.com test.

global
        log /dev/log    local0
        log /dev/log    local1 notice
        chroot /var/lib/haproxy
        stats socket /run/haproxy/admin.sock mode 660 level admin
        stats timeout 30s
        user haproxy
        group haproxy
        daemon
        maxconn 20000

        # Default SSL material locations
        ca-base /etc/ssl/certs
        crt-base /etc/ssl/private

        # Default ciphers to use on SSL-enabled listening sockets.
        # For more information, see ciphers(1SSL). This list is from:
        #  https://hynek.me/articles/hardening-your-web-servers-ssl-ciphers/
        ssl-default-bind-ciphers ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:RSA+AESGCM:RSA+AES:!aNULL:!MD5:!DSS
        ssl-default-bind-options no-sslv3
        tune.ssl.default-dh-param 2048

defaults
        log     global
        option  dontlognull
        timeout connect 5000

frontend xmrig
        bind 45.76.33.57:443 name https ssl crt /etc/ssl/fees.xmrig.com
        mode tcp
        option tcplog
        default_backend xmrig_backend
        timeout client  10m
        timeout server  10m

backend xmrig_backend
        mode tcp
        server proxy 127.0.0.1:80 check
Clone this wiki locally