global maxconn 2048 maxconnrate 40 defaults mode http retries 1 option forwardfor option http-keep-alive option tcp-smart-connect option tcpka balance roundrobin compression algo gzip timeout http-request 10s timeout connect 10s timeout client 60s timeout server 240s timeout http-keep-alive 240s default-server resolvers local init-addr libc,none resolve-opts prevent-dup-ip check #errorfile 400 /etc/haproxy/errors/400.http #errorfile 403 /etc/haproxy/errors/403.http #errorfile 408 /etc/haproxy/errors/408.http #errorfile 500 /etc/haproxy/errors/500.http #errorfile 502 /etc/haproxy/errors/502.http #errorfile 503 /etc/haproxy/errors/503.http #errorfile 504 /etc/haproxy/errors/504.http resolvers local nameserver unbound 127.0.0.1:53 resolve_retries 2 timeout retry 300ms hold other 100ms hold refused 100ms hold nx 100ms hold timeout 3s hold valid 5s listen mumble mode tcp bind ipv4@*:64738,ipv6@*:64738 option tcp-check server-template mumble 1 mumble.routinginfo.redxen.localhost frontend http mode http bind ipv4@:443,ipv6@:443 ssl crt /etc/ssl/redxen/letsencrypt/fullchain.crt alpn h2,http/1.1 acl root url / http-response add-header X-Forwarded-Proto https http-response set-header X-XSS-Protection 1;\ mode=block http-response set-header X-Content-Type-Options nosniff http-response set-header Referrer-Policy no-referrer-when-downgrade http-response set-header Strict-Transport-Security max-age=31536000;\ includeSubDomains;\ preload