Remove nextcloud, adapt delays and add streaming

base.yml

@@ -39,7 +39,7 @@ services:
     image: localhost:5000/haproxy-rx
     deploy: *gt2 ## HAProxy really dislikes if it's overlapped
     logging: *json-log
-    enironment:
+    environment:
       HOSTNAME: "{{.Node.Hostname}}"
     volumes:
       - 'haproxysock:/haproxy:rw' ## Telegraf monitoring

build/HAProxy/haproxy.conf

@@ -5,7 +5,7 @@ global
   uid 65534
   gid 65533
   node "$HOSTNAME"
-  stats socket /haproxy/haproxy.sock mode 660 level admin show-node
+  stats socket /haproxy/haproxy.sock mode 660 level admin
 
 defaults
   mode http
@@ -38,7 +38,6 @@ frontend https
   bind *:80 defer-accept
 
   acl is_cf req.hdr_ip(x-forwarded-for) -m found
-  acl dav url_beg /.well-known/carddav /.well-known/caldav
   acl root url /
   acl discord-redirect url /discord
 
@@ -46,14 +45,12 @@ frontend https
   acl private_cache res.hdr(content-type) -i -m beg image/ -i -m beg audio/ -i -m beg video/ -i -m beg text/ -i -m beg application/
 
   acl grafana hdr_beg(host) -i stats.redxen.eu
-  acl nextcloud hdr_beg(host) -i cloud.redxen.eu
   acl git hdr_beg(host) -i git.redxen.eu
   acl transmission hdr_beg(host) -i seed.redxen.eu
   acl seedown hdr_beg(host) -i sd.redxen.eu
   acl homepage hdr_beg(host) -i redxen.eu
 
   http-request set-header X-Client-IP %[req.hdr_ip(x-forwarded-for)] if is_cf
-  redirect location /remote.php/dav code 301 if dav nextcloud
   redirect location /index.html code 301 if homepage root
   redirect location /web/ code 301 if transmission root
   redirect location https://discord.gg/CTFMzde code 301 if discord-redirect homepage
@@ -69,7 +66,6 @@ frontend https
   http-response set-header Referrer-Policy no-referrer-when-downgrade
   http-response set-header Strict-Transport-Security max-age=31536000;\ includeSubDomains;\ preload
 
-  use_backend nextcloud if nextcloud
   use_backend grafana if grafana
   use_backend git if git
   use_backend transmission if transmission
@@ -81,14 +77,6 @@ backend homepage
   http-request set-header Host rxhome.s3-website.eu-central-1.amazonaws.com
   http-request set-header Connection \"\"
 
-backend nextcloud
-  server nextcloud-docker cloud_nextcloud:80
-  option httpchk HEAD / HTTP/1.1\r\nHost:\ cloud.redxen.eu
-  http-response set-header Content-Security-Policy default-src\ \'self\';connect-src\ \'self\';font-src\ https:\ data:\ \'self\';script-src\ \'unsafe-inline\'\ \'self\';style-src\ \'self\'\ \'unsafe-inline\';media-src\ https:\ \'self\';img-src\ https:\ blob:\ data:\ \'self\';frame-src\ https://youtube.com\ \'self\';object-src\ \'none\';block-all-mixed-content;upgrade-insecure-requests
-  http-response set-header X-Robots-Tag none
-  http-response set-header X-Download-Options noopen
-  http-response set-header X-Permitted-Cross-Domain-Policies none
-
 backend grafana
   server grafana-docker tig_grafana:3000 check
   option httpchk HEAD / HTTP/1.1\r\nHost:\ stats.redxen.eu

build/Varnish/varnish.vcl

@@ -1,10 +1,18 @@
 vcl 4.0;
 
 backend default {
-  .host                   = "haproxy";
-  .port                   = "80";
-  .max_connections        = 300;
-  .first_byte_timeout     = 300s;
-  .connect_timeout        = 5s;
-  .between_bytes_timeout  = 2s;
+	.host			= "haproxy";
+	.port			= "80";
+	.max_connections	= 300;
+	.first_byte_timeout	= 240s;
+	.connect_timeout	= 10s;
+	.between_bytes_timeout	= 2s;
+}
+sub vcl_backend_response {
+	set beresp.ttl = 5m;
+	if (bereq.url ~ "^[^?]*\.(7z|avi|bz2|flac|flv|gz|mka|mkv|mov|mp3|mp4|mpeg|mpg|ogg|ogm|opus|rar|tar|tgz|tbz|txz|wav|webm|xz|zip)(\?.*)?$") {
+		unset beresp.http.set-cookie;
+		set beresp.do_stream = true;
+	}
+	return (deliver);
 }