Disable explicit maxconn guarantee and allow stateless ACME challenges
This commit is contained in:
parent
ef76c39510
commit
bfadf91976
@ -3,7 +3,7 @@
|
|||||||
|
|
||||||
. ../APKBUILD-config.template
|
. ../APKBUILD-config.template
|
||||||
|
|
||||||
pkgrel=6
|
pkgrel=0
|
||||||
depends="redxen-secret-letsencrypt-full redxen-data-haproxy-errorpages"
|
depends="redxen-secret-letsencrypt-full redxen-data-haproxy-errorpages"
|
||||||
checkdepends="haproxy"
|
checkdepends="haproxy"
|
||||||
source="main.cfg"
|
source="main.cfg"
|
||||||
@ -14,5 +14,5 @@ check() {
|
|||||||
}
|
}
|
||||||
|
|
||||||
sha512sums="
|
sha512sums="
|
||||||
5c4c950dd3200afee22a5291376df67a2d5501d42700ffa570987c3dade8a44729eb63568f52da08e01d31e657f3a67f0f35b9402e2fe7582131e83e3a1500f8 main.cfg
|
e4f983aba7e7e329548a03d09feba3ef097163e3ea2c33675482f3ed6e86fac2b81eb5d3e51cc08f74c5a2822cd605771989f7e97e1e875cd4abfedf57c247a7 main.cfg
|
||||||
"
|
"
|
||||||
|
@ -1,8 +1,6 @@
|
|||||||
global
|
global
|
||||||
maxconn 2048
|
|
||||||
maxconnrate 40
|
|
||||||
|
|
||||||
log 127.0.0.1:514 local0 info
|
log 127.0.0.1:514 local0 info
|
||||||
|
setenv ACCOUNT_THUMBPRINT 'l9SctgQw9TttOUQJJ7HzC_jhM8_8KH9pw-cYebwRGUM'
|
||||||
|
|
||||||
defaults
|
defaults
|
||||||
mode http
|
mode http
|
||||||
@ -81,6 +79,9 @@ frontend http
|
|||||||
stick-table type ipv6 size 100k expire 1h store http_req_rate(1m)
|
stick-table type ipv6 size 100k expire 1h store http_req_rate(1m)
|
||||||
http-request track-sc0 src
|
http-request track-sc0 src
|
||||||
|
|
||||||
|
# Static ACME challenge
|
||||||
|
http-request return status 200 content-type text/plain lf-string "%[path,field(-1,/)].${ACCOUNT_THUMBPRINT}\n" if { path_beg '/.well-known/acme-challenge/' }
|
||||||
|
|
||||||
http-response set-header X-Forwarded-Proto https
|
http-response set-header X-Forwarded-Proto https
|
||||||
http-response set-header X-XSS-Protection 1;\ mode=block
|
http-response set-header X-XSS-Protection 1;\ mode=block
|
||||||
http-response set-header X-Content-Type-Options nosniff
|
http-response set-header X-Content-Type-Options nosniff
|
||||||
|
Loading…
Reference in New Issue
Block a user