aports/config/haproxy/main.cfg

global
	maxconn     2048
	maxconnrate 40

	log 127.0.0.1:514 local0 info

defaults
	mode                        http

	log                         global

	retries                     3

	option                      forwardfor
	option                      http-keep-alive
	option                      httplog
	option                      tcp-smart-connect
	option                      tcpka
	option                      abortonclose

	balance                     roundrobin

	compression algo            gzip

	timeout     http-request    10s
	timeout     connect         10s
	timeout     client          60s
	timeout     server          240s
	timeout     http-keep-alive 240s

	default-server resolvers local init-addr libc,none resolve-opts prevent-dup-ip check

	errorfile 400 /etc/redxen/haproxy/errorpages/400.http
	errorfile 403 /etc/redxen/haproxy/errorpages/403.http
	errorfile 408 /etc/redxen/haproxy/errorpages/408.http
	errorfile 500 /etc/redxen/haproxy/errorpages/500.http
	errorfile 502 /etc/redxen/haproxy/errorpages/502.http
	errorfile 503 /etc/redxen/haproxy/errorpages/503.http
	errorfile 504 /etc/redxen/haproxy/errorpages/504.http

resolvers local
	nameserver unbound   127.0.0.1:53

	resolve_retries      2

	timeout    retry     300ms

	hold       other     100ms
	hold       refused   100ms
	hold       nx        100ms
	hold       timeout   3s
	hold       valid     60s

listen git-gitea
	mode tcp
	bind ipv4@*:2442,ipv6@*:2442
	option tcp-check
	server-template gitssh 1 _gitssh._tcp.routinginfo.internal

frontend metrics
	mode http
	bind ipv4@:7581,ipv6@:7581

	http-request use-service prometheus-exporter if { path /metrics }

frontend http
	mode http
	bind ipv4@:443,ipv6@:443 ssl crt /etc/redxen/letsencrypt/full.crt alpn h2,http/1.1
	bind ipv4@:80,ipv6@:80

	http-response set-header X-Forwarded-Proto https
	http-response set-header X-XSS-Protection 1;\ mode=block
	http-response set-header X-Content-Type-Options nosniff
	http-response set-header Referrer-Policy no-referrer-when-downgrade
	http-response set-header Strict-Transport-Security max-age=31536000;\ includeSubDomains;\ preload

	acl root path /

	acl home      hdr_beg(host) -i          redxen
	acl stats     hdr_beg(host) -i    stats.redxen
	acl fedi      hdr_beg(host) -i   social.redxen
	acl git       hdr_beg(host) -i      git.redxen
	acl btdown    hdr_beg(host) -i       sd.redxen
	acl btdaemon  hdr_beg(host) -i     seed.redxen
	acl packs     hdr_beg(host) -i packages.redxen
	acl cal       hdr_beg(host) -i      cal.redxen
	acl monerod   hdr_beg(host) -i  monerod.redxen

	redirect location https://en.uncyclopedia.co/wiki/South_Africa code 302 if fedi
	redirect prefix /web code 302 if btdaemon root

	use_backend backend-home         if home
	use_backend backend-stats        if stats
	#use_backend backend-fedi        if fedi
	use_backend backend-git          if git
	use_backend backend-btdown       if btdown
	use_backend backend-btdaemon     if btdaemon
	use_backend backend-packages     if packs
	use_backend backend-radicale     if cal
	#use_backend backend-monerod     if monerod
	# Fallback to wssproxy to bypass SNI/domain filters
	use_backend backend-wssproxy

backend backend-home
	server-template root 1 _root._tcp.routinginfo.internal
	option httpchk HEAD / HTTP/1.1
	http-check send hdr Host redxen.eu

backend backend-stats
	server-template grafana 2 _grafana._tcp.routinginfo.internal
	option httpchk HEAD / HTTP/1.1
	http-check send hdr Host stats.redxen.eu

#backend backend-fedi
#	server-template pleroma 1 _pleroma._tcp.routinginfo.internal
#	option httpchk HEAD / HTTP/1.1
#	http-check send hdr Host social.redxen.eu

backend backend-git
	server-template gitea 1 _gitea._tcp.routinginfo.internal
	option httpchk HEAD / HTTP/1.1
	http-check send hdr Host gitea.redxen.eu

backend backend-btdown
	server-template seedown 1 _seedown._tcp.routinginfo.internal
	option httpchk HEAD / HTTP/1.1
	http-check send hdr Host sd.redxen.eu

backend backend-btdaemon
	server-template transmission 1 _transmission._tcp.routinginfo.internal

backend backend-packages
	server-template packages 1 _packages._tcp.routinginfo.internal
	option httpchk HEAD / HTTP/1.1
	http-check send hdr Host packages.redxen.eu

backend backend-radicale
	server-template radicale 1 _radicale._tcp.routinginfo.internal
	option httpchk HEAD / HTTP/1.1
	http-check send hdr Host cal.redxen.eu
	http-check expect status 401

backend backend-wssproxy
	server-template wssproxy 1 _wssproxy._tcp.routinginfo.internal
	option httpchk HEAD / HTTP/1.1
	http-check send hdr Host localhost
	http-check expect status 404

#backend backend-monerod
#	server-template monerod 1 _monerod._tcp.routinginfo.internal
#	option httpchk POST /json_rpc HTTP/1.1
#	http-check send body \{\"method\"\:\"get_version\"\} hdr Content-Type application/json
Initial commit 2020-10-31 15:34:48 +00:00			`global`
Enable syslog for services and reformat a few configs 2021-06-25 18:28:09 +00:00			`maxconn 2048`
			`maxconnrate 40`

			`log 127.0.0.1:514 local0 info`

Initial commit 2020-10-31 15:34:48 +00:00			`defaults`
Enable syslog for services and reformat a few configs 2021-06-25 18:28:09 +00:00			`mode http`

			`log global`

			`retries 3`

			`option forwardfor`
			`option http-keep-alive`
			`option httplog`
			`option tcp-smart-connect`
			`option tcpka`
			`option abortonclose`

			`balance roundrobin`

			`compression algo gzip`

			`timeout http-request 10s`
			`timeout connect 10s`
			`timeout client 60s`
			`timeout server 240s`
			`timeout http-keep-alive 240s`

			`default-server resolvers local init-addr libc,none resolve-opts prevent-dup-ip check`

			`errorfile 400 /etc/redxen/haproxy/errorpages/400.http`
			`errorfile 403 /etc/redxen/haproxy/errorpages/403.http`
			`errorfile 408 /etc/redxen/haproxy/errorpages/408.http`
			`errorfile 500 /etc/redxen/haproxy/errorpages/500.http`
			`errorfile 502 /etc/redxen/haproxy/errorpages/502.http`
			`errorfile 503 /etc/redxen/haproxy/errorpages/503.http`
			`errorfile 504 /etc/redxen/haproxy/errorpages/504.http`
Initial commit 2020-10-31 15:34:48 +00:00
			`resolvers local`
Enable syslog for services and reformat a few configs 2021-06-25 18:28:09 +00:00			`nameserver unbound 127.0.0.1:53`

			`resolve_retries 2`

			`timeout retry 300ms`

			`hold other 100ms`
			`hold refused 100ms`
			`hold nx 100ms`
			`hold timeout 3s`
			`hold valid 60s`
Initial commit 2020-10-31 15:34:48 +00:00
Add gitea 2020-12-22 22:14:01 +00:00			`listen git-gitea`
Enable syslog for services and reformat a few configs 2021-06-25 18:28:09 +00:00			`mode tcp`
			`bind ipv4@:2442,ipv6@:2442`
			`option tcp-check`
			`server-template gitssh 1 _gitssh._tcp.routinginfo.internal`
Add gitea 2020-12-22 22:14:01 +00:00
Switch monitoring of haproxy to prometheus 2022-02-19 16:12:44 +00:00			`frontend metrics`
			`mode http`
			`bind ipv4@:7581,ipv6@:7581`

			`http-request use-service prometheus-exporter if { path /metrics }`

Initial commit 2020-10-31 15:34:48 +00:00			`frontend http`
Enable syslog for services and reformat a few configs 2021-06-25 18:28:09 +00:00			`mode http`
			`bind ipv4@:443,ipv6@:443 ssl crt /etc/redxen/letsencrypt/full.crt alpn h2,http/1.1`
			`bind ipv4@:80,ipv6@:80`

			`http-response set-header X-Forwarded-Proto https`
			`http-response set-header X-XSS-Protection 1;\ mode=block`
			`http-response set-header X-Content-Type-Options nosniff`
			`http-response set-header Referrer-Policy no-referrer-when-downgrade`
			`http-response set-header Strict-Transport-Security max-age=31536000;\ includeSubDomains;\ preload`

Added a informational redirect for uneducated people 2021-08-04 17:00:05 +00:00			`acl root path /`

Fix colliding acls 2021-08-05 11:07:24 +00:00			`acl home hdr_beg(host) -i redxen`
Added a informational redirect for uneducated people 2021-08-04 17:00:05 +00:00			`acl stats hdr_beg(host) -i stats.redxen`
			`acl fedi hdr_beg(host) -i social.redxen`
			`acl git hdr_beg(host) -i git.redxen`
			`acl btdown hdr_beg(host) -i sd.redxen`
			`acl btdaemon hdr_beg(host) -i seed.redxen`
			`acl packs hdr_beg(host) -i packages.redxen`
Add radicale 2022-03-25 18:18:44 +00:00			`acl cal hdr_beg(host) -i cal.redxen`
Added a informational redirect for uneducated people 2021-08-04 17:00:05 +00:00			`acl monerod hdr_beg(host) -i monerod.redxen`

			`redirect location https://en.uncyclopedia.co/wiki/South_Africa code 302 if fedi`
			`redirect prefix /web code 302 if btdaemon root`

Fix colliding acls 2021-08-05 11:07:24 +00:00			`use_backend backend-home if home`
Added a informational redirect for uneducated people 2021-08-04 17:00:05 +00:00			`use_backend backend-stats if stats`
			`#use_backend backend-fedi if fedi`
			`use_backend backend-git if git`
			`use_backend backend-btdown if btdown`
			`use_backend backend-btdaemon if btdaemon`
			`use_backend backend-packages if packs`
Add radicale 2022-03-25 18:18:44 +00:00			`use_backend backend-radicale if cal`
Added a informational redirect for uneducated people 2021-08-04 17:00:05 +00:00			`#use_backend backend-monerod if monerod`
Fixup wssproxy 2023-05-30 20:16:56 +00:00			`# Fallback to wssproxy to bypass SNI/domain filters`
			`use_backend backend-wssproxy`
Enable syslog for services and reformat a few configs 2021-06-25 18:28:09 +00:00
Fix colliding acls 2021-08-05 11:07:24 +00:00			`backend backend-home`
Enable syslog for services and reformat a few configs 2021-06-25 18:28:09 +00:00			`server-template root 1 _root._tcp.routinginfo.internal`
			`option httpchk HEAD / HTTP/1.1`
			`http-check send hdr Host redxen.eu`

Added a informational redirect for uneducated people 2021-08-04 17:00:05 +00:00			`backend backend-stats`
Move gitea to new host and add backup for grafana 2021-08-27 21:49:50 +00:00			`server-template grafana 2 _grafana._tcp.routinginfo.internal`
Enable syslog for services and reformat a few configs 2021-06-25 18:28:09 +00:00			`option httpchk HEAD / HTTP/1.1`
			`http-check send hdr Host stats.redxen.eu`

Added a informational redirect for uneducated people 2021-08-04 17:00:05 +00:00			`#backend backend-fedi`
			`# server-template pleroma 1 _pleroma._tcp.routinginfo.internal`
			`# option httpchk HEAD / HTTP/1.1`
			`# http-check send hdr Host social.redxen.eu`

			`backend backend-git`
			`server-template gitea 1 _gitea._tcp.routinginfo.internal`
			`option httpchk HEAD / HTTP/1.1`
			`http-check send hdr Host gitea.redxen.eu`

			`backend backend-btdown`
Enable syslog for services and reformat a few configs 2021-06-25 18:28:09 +00:00			`server-template seedown 1 _seedown._tcp.routinginfo.internal`
			`option httpchk HEAD / HTTP/1.1`
			`http-check send hdr Host sd.redxen.eu`

Added a informational redirect for uneducated people 2021-08-04 17:00:05 +00:00			`backend backend-btdaemon`
			`server-template transmission 1 _transmission._tcp.routinginfo.internal`

Enable syslog for services and reformat a few configs 2021-06-25 18:28:09 +00:00			`backend backend-packages`
			`server-template packages 1 _packages._tcp.routinginfo.internal`
			`option httpchk HEAD / HTTP/1.1`
			`http-check send hdr Host packages.redxen.eu`

Add radicale 2022-03-25 18:18:44 +00:00			`backend backend-radicale`
			`server-template radicale 1 _radicale._tcp.routinginfo.internal`
			`option httpchk HEAD / HTTP/1.1`
			`http-check send hdr Host cal.redxen.eu`
			`http-check expect status 401`

Add vtun proxy 2022-03-26 19:00:15 +00:00			`backend backend-wssproxy`
			`server-template wssproxy 1 _wssproxy._tcp.routinginfo.internal`
			`option httpchk HEAD / HTTP/1.1`
Fixup wssproxy 2023-05-30 20:16:56 +00:00			`http-check send hdr Host localhost`
			`http-check expect status 404`
Add vtun proxy 2022-03-26 19:00:15 +00:00
Enable syslog for services and reformat a few configs 2021-06-25 18:28:09 +00:00			`#backend backend-monerod`
			`# server-template monerod 1 _monerod._tcp.routinginfo.internal`
			`# option httpchk POST /json_rpc HTTP/1.1`
			`# http-check send body \{\"method\"\:\"get_version\"\} hdr Content-Type application/json`