152 lines
4.7 KiB
INI
152 lines
4.7 KiB
INI
global
|
|
maxconn 2048
|
|
maxconnrate 40
|
|
|
|
log 127.0.0.1:514 local0 info
|
|
|
|
defaults
|
|
mode http
|
|
|
|
log global
|
|
|
|
retries 3
|
|
|
|
option forwardfor
|
|
option http-keep-alive
|
|
option httplog
|
|
option tcp-smart-connect
|
|
option tcpka
|
|
option abortonclose
|
|
|
|
balance roundrobin
|
|
|
|
compression algo gzip
|
|
|
|
timeout http-request 10s
|
|
timeout connect 10s
|
|
timeout client 60s
|
|
timeout server 240s
|
|
timeout http-keep-alive 240s
|
|
|
|
default-server resolvers local init-addr libc,none resolve-opts prevent-dup-ip check
|
|
|
|
errorfile 400 /etc/redxen/haproxy/errorpages/400.http
|
|
errorfile 403 /etc/redxen/haproxy/errorpages/403.http
|
|
errorfile 408 /etc/redxen/haproxy/errorpages/408.http
|
|
errorfile 500 /etc/redxen/haproxy/errorpages/500.http
|
|
errorfile 502 /etc/redxen/haproxy/errorpages/502.http
|
|
errorfile 503 /etc/redxen/haproxy/errorpages/503.http
|
|
errorfile 504 /etc/redxen/haproxy/errorpages/504.http
|
|
|
|
resolvers local
|
|
nameserver unbound 127.0.0.1:53
|
|
|
|
resolve_retries 2
|
|
|
|
timeout retry 300ms
|
|
|
|
hold other 100ms
|
|
hold refused 100ms
|
|
hold nx 100ms
|
|
hold timeout 3s
|
|
hold valid 60s
|
|
|
|
listen git-gitea
|
|
mode tcp
|
|
bind ipv4@*:2442,ipv6@*:2442
|
|
option tcp-check
|
|
server-template gitssh 1 _gitssh._tcp.routinginfo.internal
|
|
|
|
frontend metrics
|
|
mode http
|
|
bind ipv4@:7581,ipv6@:7581
|
|
|
|
http-request use-service prometheus-exporter if { path /metrics }
|
|
|
|
frontend http
|
|
mode http
|
|
bind ipv4@:443,ipv6@:443 ssl crt /etc/redxen/letsencrypt/full.crt alpn h2,http/1.1
|
|
bind ipv4@:80,ipv6@:80
|
|
|
|
http-response set-header X-Forwarded-Proto https
|
|
http-response set-header X-XSS-Protection 1;\ mode=block
|
|
http-response set-header X-Content-Type-Options nosniff
|
|
http-response set-header Referrer-Policy no-referrer-when-downgrade
|
|
http-response set-header Strict-Transport-Security max-age=31536000;\ includeSubDomains;\ preload
|
|
|
|
acl root path /
|
|
|
|
acl home hdr_beg(host) -i redxen
|
|
acl stats hdr_beg(host) -i stats.redxen
|
|
acl fedi hdr_beg(host) -i social.redxen
|
|
acl git hdr_beg(host) -i git.redxen
|
|
acl btdown hdr_beg(host) -i sd.redxen
|
|
acl btdaemon hdr_beg(host) -i seed.redxen
|
|
acl packs hdr_beg(host) -i packages.redxen
|
|
acl cal hdr_beg(host) -i cal.redxen
|
|
acl wssproxy hdr_beg(host) -i wssproxy.redxen
|
|
acl monerod hdr_beg(host) -i monerod.redxen
|
|
|
|
redirect location https://en.uncyclopedia.co/wiki/South_Africa code 302 if fedi
|
|
redirect prefix /web code 302 if btdaemon root
|
|
|
|
use_backend backend-home if home
|
|
use_backend backend-stats if stats
|
|
#use_backend backend-fedi if fedi
|
|
use_backend backend-git if git
|
|
use_backend backend-btdown if btdown
|
|
use_backend backend-btdaemon if btdaemon
|
|
use_backend backend-packages if packs
|
|
use_backend backend-radicale if cal
|
|
use_backend backend-wssproxy if wssproxy
|
|
#use_backend backend-monerod if monerod
|
|
|
|
backend backend-home
|
|
server-template root 1 _root._tcp.routinginfo.internal
|
|
option httpchk HEAD / HTTP/1.1
|
|
http-check send hdr Host redxen.eu
|
|
|
|
backend backend-stats
|
|
server-template grafana 2 _grafana._tcp.routinginfo.internal
|
|
option httpchk HEAD / HTTP/1.1
|
|
http-check send hdr Host stats.redxen.eu
|
|
|
|
#backend backend-fedi
|
|
# server-template pleroma 1 _pleroma._tcp.routinginfo.internal
|
|
# option httpchk HEAD / HTTP/1.1
|
|
# http-check send hdr Host social.redxen.eu
|
|
|
|
backend backend-git
|
|
server-template gitea 1 _gitea._tcp.routinginfo.internal
|
|
option httpchk HEAD / HTTP/1.1
|
|
http-check send hdr Host gitea.redxen.eu
|
|
|
|
backend backend-btdown
|
|
server-template seedown 1 _seedown._tcp.routinginfo.internal
|
|
option httpchk HEAD / HTTP/1.1
|
|
http-check send hdr Host sd.redxen.eu
|
|
|
|
backend backend-btdaemon
|
|
server-template transmission 1 _transmission._tcp.routinginfo.internal
|
|
|
|
backend backend-packages
|
|
server-template packages 1 _packages._tcp.routinginfo.internal
|
|
option httpchk HEAD / HTTP/1.1
|
|
http-check send hdr Host packages.redxen.eu
|
|
|
|
backend backend-radicale
|
|
server-template radicale 1 _radicale._tcp.routinginfo.internal
|
|
option httpchk HEAD / HTTP/1.1
|
|
http-check send hdr Host cal.redxen.eu
|
|
http-check expect status 401
|
|
|
|
backend backend-wssproxy
|
|
server-template wssproxy 1 _wssproxy._tcp.routinginfo.internal
|
|
option httpchk HEAD / HTTP/1.1
|
|
http-check send hdr Host wss-proxy.redxen.eu
|
|
|
|
#backend backend-monerod
|
|
# server-template monerod 1 _monerod._tcp.routinginfo.internal
|
|
# option httpchk POST /json_rpc HTTP/1.1
|
|
# http-check send body \{\"method\"\:\"get_version\"\} hdr Content-Type application/json
|