global maxconn 2048 maxconnrate 40 log local0 info defaults mode http log global retries 3 option forwardfor option http-keep-alive option httplog option tcp-smart-connect option tcpka option abortonclose balance roundrobin compression algo gzip timeout http-request 10s timeout connect 10s timeout client 60s timeout server 240s timeout http-keep-alive 240s default-server resolvers local init-addr libc,none resolve-opts prevent-dup-ip check errorfile 400 /etc/redxen/haproxy/errorpages/400.http errorfile 403 /etc/redxen/haproxy/errorpages/403.http errorfile 408 /etc/redxen/haproxy/errorpages/408.http errorfile 500 /etc/redxen/haproxy/errorpages/500.http errorfile 502 /etc/redxen/haproxy/errorpages/502.http errorfile 503 /etc/redxen/haproxy/errorpages/503.http errorfile 504 /etc/redxen/haproxy/errorpages/504.http resolvers local nameserver unbound resolve_retries 2 timeout retry 300ms hold other 100ms hold refused 100ms hold nx 100ms hold timeout 3s hold valid 60s listen git-gitea mode tcp bind ipv4@*:2442,ipv6@*:2442 option tcp-check server-template gitssh 1 _gitssh._tcp.routinginfo.internal frontend metrics mode http bind ipv4@:7581,ipv6@:7581 http-request use-service prometheus-exporter if { path /metrics } frontend http mode http bind ipv4@:443,ipv6@:443 ssl crt /etc/redxen/letsencrypt/full.crt alpn h2,http/1.1 bind ipv4@:80,ipv6@:80 http-response set-header X-Forwarded-Proto https http-response set-header X-XSS-Protection 1;\ mode=block http-response set-header X-Content-Type-Options nosniff http-response set-header Referrer-Policy no-referrer-when-downgrade http-response set-header Strict-Transport-Security max-age=31536000;\ includeSubDomains;\ preload acl root path / acl home hdr_beg(host) -i redxen acl stats hdr_beg(host) -i stats.redxen acl fedi hdr_beg(host) -i social.redxen acl git hdr_beg(host) -i git.redxen acl btdown hdr_beg(host) -i sd.redxen acl btdaemon hdr_beg(host) -i seed.redxen acl packs hdr_beg(host) -i packages.redxen acl cal hdr_beg(host) -i cal.redxen redirect location code 302 if fedi redirect prefix /web code 302 if btdaemon root use_backend backend-home if home use_backend backend-stats if stats #use_backend backend-fedi if fedi use_backend backend-git if git use_backend backend-btdown if btdown use_backend backend-btdaemon if btdaemon use_backend backend-packages if packs use_backend backend-radicale if cal # Fallback to wssproxy to bypass SNI/domain filters use_backend backend-wssproxy backend backend-home server-template root 1 _root._tcp.routinginfo.internal option httpchk HEAD / HTTP/1.1 http-check send hdr Host backend backend-stats server-template grafana 2 _grafana._tcp.routinginfo.internal option httpchk HEAD / HTTP/1.1 http-check send hdr Host #backend backend-fedi # server-template pleroma 1 _pleroma._tcp.routinginfo.internal # option httpchk HEAD / HTTP/1.1 # http-check send hdr Host backend backend-git server-template gitea 1 _gitea._tcp.routinginfo.internal option httpchk GET /caskd/corelibs HTTP/1.1 http-check send hdr Host backend backend-btdown server-template seedown 1 _seedown._tcp.routinginfo.internal option httpchk HEAD / HTTP/1.1 http-check send hdr Host backend backend-btdaemon server-template transmission 1 _transmission._tcp.routinginfo.internal backend backend-packages server-template packages 1 _packages._tcp.routinginfo.internal option httpchk HEAD / HTTP/1.1 http-check send hdr Host backend backend-radicale server-template radicale 1 _radicale._tcp.routinginfo.internal option httpchk HEAD / HTTP/1.1 http-check send hdr Host http-check expect status 401 backend backend-wssproxy server-template wssproxy 1 _wssproxy._tcp.routinginfo.internal option httpchk HEAD / HTTP/1.1 http-check send hdr Host localhost http-check expect status 404