Disable explicit maxconn guarantee and allow stateless ACME challenges

2025-01-20 12:40:23 +00:00 · 2025-01-20 12:40:23 +00:00 · bfadf91976
commit bfadf91976
parent ef76c39510
2 changed files with 6 additions and 5 deletions
--- a/config/haproxy/APKBUILD
+++ b/config/haproxy/APKBUILD
@ -3,7 +3,7 @@
 . ../APKBUILD-config.template
-pkgrel=6
+pkgrel=0
 depends="redxen-secret-letsencrypt-full redxen-data-haproxy-errorpages"
 checkdepends="haproxy"
 source="main.cfg"
@ -14,5 +14,5 @@ check() {
 }
 sha512sums="
-5c4c950dd3200afee22a5291376df67a2d5501d42700ffa570987c3dade8a44729eb63568f52da08e01d31e657f3a67f0f35b9402e2fe7582131e83e3a1500f8  main.cfg
+e4f983aba7e7e329548a03d09feba3ef097163e3ea2c33675482f3ed6e86fac2b81eb5d3e51cc08f74c5a2822cd605771989f7e97e1e875cd4abfedf57c247a7  main.cfg
 "
--- a/config/haproxy/main.cfg
+++ b/config/haproxy/main.cfg
@ -1,8 +1,6 @@
 global
 	maxconn     2048
 	maxconnrate 40
 	log 127.0.0.1:514 local0 info
 	setenv ACCOUNT_THUMBPRINT 'l9SctgQw9TttOUQJJ7HzC_jhM8_8KH9pw-cYebwRGUM'
 defaults
 	mode                        http
@ -81,6 +79,9 @@ frontend http
 	stick-table type ipv6 size 100k expire 1h store http_req_rate(1m)
 	http-request track-sc0 src
 	# Static ACME challenge
 	http-request return status 200 content-type text/plain lf-string "%[path,field(-1,/)].${ACCOUNT_THUMBPRINT}\n" if { path_beg '/.well-known/acme-challenge/' }
 	http-response set-header X-Forwarded-Proto https
 	http-response set-header X-XSS-Protection 1;\ mode=block
 	http-response set-header X-Content-Type-Options nosniff