56 lines
1.5 KiB
INI
56 lines
1.5 KiB
INI
global
|
|
maxconn 2048
|
|
maxconnrate 40
|
|
|
|
defaults
|
|
mode http
|
|
retries 1
|
|
option forwardfor
|
|
option http-keep-alive
|
|
option tcp-smart-connect
|
|
option tcpka
|
|
balance roundrobin
|
|
compression algo gzip
|
|
timeout http-request 10s
|
|
timeout connect 10s
|
|
timeout client 60s
|
|
timeout server 240s
|
|
timeout http-keep-alive 240s
|
|
default-server resolvers local init-addr libc,none resolve-opts prevent-dup-ip check
|
|
|
|
#errorfile 400 /etc/haproxy/errors/400.http
|
|
#errorfile 403 /etc/haproxy/errors/403.http
|
|
#errorfile 408 /etc/haproxy/errors/408.http
|
|
#errorfile 500 /etc/haproxy/errors/500.http
|
|
#errorfile 502 /etc/haproxy/errors/502.http
|
|
#errorfile 503 /etc/haproxy/errors/503.http
|
|
#errorfile 504 /etc/haproxy/errors/504.http
|
|
|
|
resolvers local
|
|
nameserver unbound 127.0.0.1:53
|
|
resolve_retries 2
|
|
timeout retry 300ms
|
|
hold other 100ms
|
|
hold refused 100ms
|
|
hold nx 100ms
|
|
hold timeout 3s
|
|
hold valid 5s
|
|
|
|
listen mumble
|
|
mode tcp
|
|
bind ipv4@*:64738,ipv6@*:64738
|
|
option tcp-check
|
|
server-template mumble 1 mumble.routinginfo.redxen.localhost
|
|
|
|
frontend http
|
|
mode http
|
|
bind ipv4@:443,ipv6@:443 ssl crt cert.pem alpn h2,http/1.1
|
|
|
|
acl root url /
|
|
|
|
http-response add-header X-Forwarded-Proto https
|
|
http-response set-header X-XSS-Protection 1;\ mode=block
|
|
http-response set-header X-Content-Type-Options nosniff
|
|
http-response set-header Referrer-Policy no-referrer-when-downgrade
|
|
http-response set-header Strict-Transport-Security max-age=31536000;\ includeSubDomains;\ preload
|