Disable explicit maxconn guarantee and allow stateless ACME challenges

This commit is contained in:
Alex D. 2025-01-20 12:40:23 +00:00
parent ef76c39510
commit bfadf91976
Signed by: caskd
GPG Key ID: F92BA85F61F4C173
2 changed files with 6 additions and 5 deletions

View File

@ -3,7 +3,7 @@
. ../APKBUILD-config.template
pkgrel=6
pkgrel=0
depends="redxen-secret-letsencrypt-full redxen-data-haproxy-errorpages"
checkdepends="haproxy"
source="main.cfg"
@ -14,5 +14,5 @@ check() {
}
sha512sums="
5c4c950dd3200afee22a5291376df67a2d5501d42700ffa570987c3dade8a44729eb63568f52da08e01d31e657f3a67f0f35b9402e2fe7582131e83e3a1500f8 main.cfg
e4f983aba7e7e329548a03d09feba3ef097163e3ea2c33675482f3ed6e86fac2b81eb5d3e51cc08f74c5a2822cd605771989f7e97e1e875cd4abfedf57c247a7 main.cfg
"

View File

@ -1,8 +1,6 @@
global
maxconn 2048
maxconnrate 40
log 127.0.0.1:514 local0 info
setenv ACCOUNT_THUMBPRINT 'l9SctgQw9TttOUQJJ7HzC_jhM8_8KH9pw-cYebwRGUM'
defaults
mode http
@ -81,6 +79,9 @@ frontend http
stick-table type ipv6 size 100k expire 1h store http_req_rate(1m)
http-request track-sc0 src
# Static ACME challenge
http-request return status 200 content-type text/plain lf-string "%[path,field(-1,/)].${ACCOUNT_THUMBPRINT}\n" if { path_beg '/.well-known/acme-challenge/' }
http-response set-header X-Forwarded-Proto https
http-response set-header X-XSS-Protection 1;\ mode=block
http-response set-header X-Content-Type-Options nosniff