Disable explicit maxconn guarantee and allow stateless ACME challenges
This commit is contained in:
parent
ef76c39510
commit
bfadf91976
@ -3,7 +3,7 @@
|
||||
|
||||
. ../APKBUILD-config.template
|
||||
|
||||
pkgrel=6
|
||||
pkgrel=0
|
||||
depends="redxen-secret-letsencrypt-full redxen-data-haproxy-errorpages"
|
||||
checkdepends="haproxy"
|
||||
source="main.cfg"
|
||||
@ -14,5 +14,5 @@ check() {
|
||||
}
|
||||
|
||||
sha512sums="
|
||||
5c4c950dd3200afee22a5291376df67a2d5501d42700ffa570987c3dade8a44729eb63568f52da08e01d31e657f3a67f0f35b9402e2fe7582131e83e3a1500f8 main.cfg
|
||||
e4f983aba7e7e329548a03d09feba3ef097163e3ea2c33675482f3ed6e86fac2b81eb5d3e51cc08f74c5a2822cd605771989f7e97e1e875cd4abfedf57c247a7 main.cfg
|
||||
"
|
||||
|
@ -1,8 +1,6 @@
|
||||
global
|
||||
maxconn 2048
|
||||
maxconnrate 40
|
||||
|
||||
log 127.0.0.1:514 local0 info
|
||||
setenv ACCOUNT_THUMBPRINT 'l9SctgQw9TttOUQJJ7HzC_jhM8_8KH9pw-cYebwRGUM'
|
||||
|
||||
defaults
|
||||
mode http
|
||||
@ -81,6 +79,9 @@ frontend http
|
||||
stick-table type ipv6 size 100k expire 1h store http_req_rate(1m)
|
||||
http-request track-sc0 src
|
||||
|
||||
# Static ACME challenge
|
||||
http-request return status 200 content-type text/plain lf-string "%[path,field(-1,/)].${ACCOUNT_THUMBPRINT}\n" if { path_beg '/.well-known/acme-challenge/' }
|
||||
|
||||
http-response set-header X-Forwarded-Proto https
|
||||
http-response set-header X-XSS-Protection 1;\ mode=block
|
||||
http-response set-header X-Content-Type-Options nosniff
|
||||
|
Loading…
Reference in New Issue
Block a user