aports/software-configs/haproxy-redxen-config/main.cfg

global
  maxconn 2048
  maxconnrate 40

defaults
  mode http
  retries 1
  option forwardfor
  option http-keep-alive
  option tcp-smart-connect
  option tcpka
  balance roundrobin
  compression algo gzip
  timeout http-request 10s
  timeout connect 10s
  timeout client 60s
  timeout server 240s
  timeout http-keep-alive 240s
  default-server resolvers local init-addr libc,none resolve-opts prevent-dup-ip check

  #errorfile 400 /etc/haproxy/errors/400.http
  #errorfile 403 /etc/haproxy/errors/403.http
  #errorfile 408 /etc/haproxy/errors/408.http
  #errorfile 500 /etc/haproxy/errors/500.http
  #errorfile 502 /etc/haproxy/errors/502.http
  #errorfile 503 /etc/haproxy/errors/503.http
  #errorfile 504 /etc/haproxy/errors/504.http

resolvers local
  nameserver unbound 127.0.0.1:53
  resolve_retries 2
  timeout retry 300ms
  hold other           100ms
  hold refused         100ms
  hold nx              100ms
  hold timeout         3s
  hold valid           5s

listen murmur
  mode tcp
  bind ipv4@*:64738,ipv6@*:64738
  option tcp-check
  server-template murmur 1 _murmur._tcp.routinginfo.redxen.localhost

frontend http
  mode http
  bind ipv4@:443,ipv6@:443 ssl crt /etc/ssl/redxen/letsencrypt/fullchain.crt alpn h2,http/1.1

  acl root url /

  http-response add-header X-Forwarded-Proto https
  http-response set-header X-XSS-Protection 1;\ mode=block
  http-response set-header X-Content-Type-Options nosniff
  http-response set-header Referrer-Policy no-referrer-when-downgrade
  http-response set-header Strict-Transport-Security max-age=31536000;\ includeSubDomains;\ preload
Initial commit 2020-10-31 15:34:48 +00:00			`global`
			`maxconn 2048`
			`maxconnrate 40`

			`defaults`
			`mode http`
			`retries 1`
			`option forwardfor`
			`option http-keep-alive`
			`option tcp-smart-connect`
			`option tcpka`
			`balance roundrobin`
			`compression algo gzip`
			`timeout http-request 10s`
			`timeout connect 10s`
			`timeout client 60s`
			`timeout server 240s`
			`timeout http-keep-alive 240s`
			`default-server resolvers local init-addr libc,none resolve-opts prevent-dup-ip check`

			`#errorfile 400 /etc/haproxy/errors/400.http`
			`#errorfile 403 /etc/haproxy/errors/403.http`
			`#errorfile 408 /etc/haproxy/errors/408.http`
			`#errorfile 500 /etc/haproxy/errors/500.http`
			`#errorfile 502 /etc/haproxy/errors/502.http`
			`#errorfile 503 /etc/haproxy/errors/503.http`
			`#errorfile 504 /etc/haproxy/errors/504.http`

			`resolvers local`
			`nameserver unbound 127.0.0.1:53`
			`resolve_retries 2`
			`timeout retry 300ms`
			`hold other 100ms`
			`hold refused 100ms`
			`hold nx 100ms`
			`hold timeout 3s`
			`hold valid 5s`

Remove runfile for murmur and use upstream runfile, remove postgresql openrc configs, not required, add certs to haproxy and fix SRV records in haproxy, add required dep for config in murmur, fix hba and listen on the correct address for postgresql 2020-11-04 16:51:36 +00:00			`listen murmur`
Initial commit 2020-10-31 15:34:48 +00:00			`mode tcp`
			`bind ipv4@:64738,ipv6@:64738`
			`option tcp-check`
Remove runfile for murmur and use upstream runfile, remove postgresql openrc configs, not required, add certs to haproxy and fix SRV records in haproxy, add required dep for config in murmur, fix hba and listen on the correct address for postgresql 2020-11-04 16:51:36 +00:00			`server-template murmur 1 _murmur._tcp.routinginfo.redxen.localhost`
Initial commit 2020-10-31 15:34:48 +00:00
			`frontend http`
			`mode http`
Separate certificate distribution and update postgresql configs 2020-11-02 15:03:45 +00:00			`bind ipv4@:443,ipv6@:443 ssl crt /etc/ssl/redxen/letsencrypt/fullchain.crt alpn h2,http/1.1`
Initial commit 2020-10-31 15:34:48 +00:00
			`acl root url /`

			`http-response add-header X-Forwarded-Proto https`
			`http-response set-header X-XSS-Protection 1;\ mode=block`
			`http-response set-header X-Content-Type-Options nosniff`
			`http-response set-header Referrer-Policy no-referrer-when-downgrade`
			`http-response set-header Strict-Transport-Security max-age=31536000;\ includeSubDomains;\ preload`