diff --git a/base.yml b/base.yml index 904709d..46f2b31 100644 --- a/base.yml +++ b/base.yml @@ -39,7 +39,7 @@ services: image: localhost:5000/haproxy-rx deploy: *gt2 ## HAProxy really dislikes if it's overlapped logging: *json-log - enironment: + environment: HOSTNAME: "{{.Node.Hostname}}" volumes: - 'haproxysock:/haproxy:rw' ## Telegraf monitoring diff --git a/build/HAProxy/haproxy.conf b/build/HAProxy/haproxy.conf index 4e1d492..8477660 100644 --- a/build/HAProxy/haproxy.conf +++ b/build/HAProxy/haproxy.conf @@ -5,7 +5,7 @@ global uid 65534 gid 65533 node "$HOSTNAME" - stats socket /haproxy/haproxy.sock mode 660 level admin show-node + stats socket /haproxy/haproxy.sock mode 660 level admin defaults mode http @@ -38,7 +38,6 @@ frontend https bind *:80 defer-accept acl is_cf req.hdr_ip(x-forwarded-for) -m found - acl dav url_beg /.well-known/carddav /.well-known/caldav acl root url / acl discord-redirect url /discord @@ -46,14 +45,12 @@ frontend https acl private_cache res.hdr(content-type) -i -m beg image/ -i -m beg audio/ -i -m beg video/ -i -m beg text/ -i -m beg application/ acl grafana hdr_beg(host) -i stats.redxen.eu - acl nextcloud hdr_beg(host) -i cloud.redxen.eu acl git hdr_beg(host) -i git.redxen.eu acl transmission hdr_beg(host) -i seed.redxen.eu acl seedown hdr_beg(host) -i sd.redxen.eu acl homepage hdr_beg(host) -i redxen.eu http-request set-header X-Client-IP %[req.hdr_ip(x-forwarded-for)] if is_cf - redirect location /remote.php/dav code 301 if dav nextcloud redirect location /index.html code 301 if homepage root redirect location /web/ code 301 if transmission root redirect location https://discord.gg/CTFMzde code 301 if discord-redirect homepage @@ -69,7 +66,6 @@ frontend https http-response set-header Referrer-Policy no-referrer-when-downgrade http-response set-header Strict-Transport-Security max-age=31536000;\ includeSubDomains;\ preload - use_backend nextcloud if nextcloud use_backend grafana if grafana use_backend git if git use_backend transmission if transmission @@ -81,14 +77,6 @@ backend homepage http-request set-header Host rxhome.s3-website.eu-central-1.amazonaws.com http-request set-header Connection \"\" -backend nextcloud - server nextcloud-docker cloud_nextcloud:80 - option httpchk HEAD / HTTP/1.1\r\nHost:\ cloud.redxen.eu - http-response set-header Content-Security-Policy default-src\ \'self\';connect-src\ \'self\';font-src\ https:\ data:\ \'self\';script-src\ \'unsafe-inline\'\ \'self\';style-src\ \'self\'\ \'unsafe-inline\';media-src\ https:\ \'self\';img-src\ https:\ blob:\ data:\ \'self\';frame-src\ https://youtube.com\ \'self\';object-src\ \'none\';block-all-mixed-content;upgrade-insecure-requests - http-response set-header X-Robots-Tag none - http-response set-header X-Download-Options noopen - http-response set-header X-Permitted-Cross-Domain-Policies none - backend grafana server grafana-docker tig_grafana:3000 check option httpchk HEAD / HTTP/1.1\r\nHost:\ stats.redxen.eu diff --git a/build/Varnish/varnish.vcl b/build/Varnish/varnish.vcl index 65f6a68..673a49e 100644 --- a/build/Varnish/varnish.vcl +++ b/build/Varnish/varnish.vcl @@ -1,10 +1,18 @@ vcl 4.0; backend default { - .host = "haproxy"; - .port = "80"; - .max_connections = 300; - .first_byte_timeout = 300s; - .connect_timeout = 5s; - .between_bytes_timeout = 2s; + .host = "haproxy"; + .port = "80"; + .max_connections = 300; + .first_byte_timeout = 240s; + .connect_timeout = 10s; + .between_bytes_timeout = 2s; +} +sub vcl_backend_response { + set beresp.ttl = 5m; + if (bereq.url ~ "^[^?]*\.(7z|avi|bz2|flac|flv|gz|mka|mkv|mov|mp3|mp4|mpeg|mpg|ogg|ogm|opus|rar|tar|tgz|tbz|txz|wav|webm|xz|zip)(\?.*)?$") { + unset beresp.http.set-cookie; + set beresp.do_stream = true; + } + return (deliver); }