From 6474e59c30c0d9603f536504e261e0670bd83898 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Sandro=20J=C3=A4ckel?= <sandro.jaeckel@gmail.com>
Date: Sun, 3 Sep 2023 22:34:45 +0200
Subject: [PATCH] haproxy: use tcp fastopen

---
 hosts/public-access-proxy/proxy.nix | 8 +++++---
 1 file changed, 5 insertions(+), 3 deletions(-)

diff --git a/hosts/public-access-proxy/proxy.nix b/hosts/public-access-proxy/proxy.nix
index 50173ff9..a22a87f4 100644
--- a/hosts/public-access-proxy/proxy.nix
+++ b/hosts/public-access-proxy/proxy.nix
@@ -120,7 +120,8 @@ in
           timeout server 30000
 
         frontend http-in
-          bind :::80 v4v6
+          # tfo is tcp fastopen
+          bind :::80 tfo v4v6
           option http-keep-alive
           default_backend proxy-backend-http
 
@@ -143,7 +144,8 @@ in
           }
 
         frontend https-in
-          bind :::443 v4v6
+          # tfo is tcp fastopen
+          bind :::443 tfo v4v6
           tcp-request inspect-delay 5s
           tcp-request content accept if { req.ssl_hello_type 1 }
 
@@ -154,7 +156,7 @@ in
           ) cfg.proxyHosts}
 
         ${lib.concatMapStrings ({ proxyTo, proxyProtocol, ...  }: ''
-        
+
           backend ${canonicalize proxyTo.host}-https
             server ${canonicalize proxyTo.host}-https ${proxyTo.host}:${toString proxyTo.httpsPort} check ${lib.optionalString proxyProtocol "backup"}
             ${lib.optionalString proxyProtocol "server ${canonicalize proxyTo.host}-proxy-https ${proxyTo.host}:${toString proxyTo.proxyHttpsPort} check send-proxy-v2"}