diff --git a/build/HAProxy/Dockerfile b/build/HAProxy/Dockerfile index d67c396..2d95727 100644 --- a/build/HAProxy/Dockerfile +++ b/build/HAProxy/Dockerfile @@ -1,4 +1,3 @@ FROM haproxy:alpine -COPY --chown=nobody:nogroup haproxy.conf /usr/local/etc/haproxy/haproxy.cfg -USER nobody:nogroup +COPY haproxy.conf /usr/local/etc/haproxy/haproxy.cfg diff --git a/build/HAProxy/haproxy.conf b/build/HAProxy/haproxy.conf index ce100c9..34523f2 100644 --- a/build/HAProxy/haproxy.conf +++ b/build/HAProxy/haproxy.conf @@ -6,7 +6,7 @@ global defaults mode http - retries 3 + retries 1 option forwardfor option http-keep-alive option tcp-smart-connect @@ -14,11 +14,10 @@ defaults option http-buffer-request compression offload timeout http-request 10s - timeout connect 5s - timeout client 20s + timeout connect 10s + timeout client 60s timeout server 240s - timeout http-keep-alive 300s - rate-limit sessions 100 + timeout http-keep-alive 240s default-server resolvers dockerdns resolvers dockerdns @@ -47,7 +46,6 @@ frontend https acl nextcloud hdr_beg(host) -i cloud.redxen.eu acl git hdr_beg(host) -i git.redxen.eu acl transmission hdr_beg(host) -i seed.redxen.eu - acl onlyoffice hdr_beg(host) -i office.redxen.eu acl seedown hdr_beg(host) -i sd.redxen.eu acl homepage hdr_beg(host) -i redxen.eu @@ -72,7 +70,6 @@ frontend https use_backend grafana if grafana use_backend git if git use_backend transmission if transmission - use_backend onlyoffice if onlyoffice use_backend homepage if homepage use_backend seedown if seedown @@ -84,7 +81,7 @@ backend homepage backend nextcloud server nextcloud-docker cloud_nextcloud:80 option httpchk HEAD / HTTP/1.1\r\nHost:\ cloud.redxen.eu - http-response set-header Content-Security-Policy default-src\ \'self\';connect-src\ \'self\';font-src\ https:\ data:\ \'self\';script-src\ \'unsafe-inline\'\ https://office.redxen.eu\ \'self\';style-src\ \'self\'\ \'unsafe-inline\';media-src\ https:\ \'self\';img-src\ https:\ blob:\ data:\ \'self\';frame-src\ https://office.redxen.eu\ https://youtube.com\ \'self\';object-src\ \'none\';block-all-mixed-content;upgrade-insecure-requests + http-response set-header Content-Security-Policy default-src\ \'self\';connect-src\ \'self\';font-src\ https:\ data:\ \'self\';script-src\ \'unsafe-inline\'\ \'self\';style-src\ \'self\'\ \'unsafe-inline\';media-src\ https:\ \'self\';img-src\ https:\ blob:\ data:\ \'self\';frame-src\ https://youtube.com\ \'self\';object-src\ \'none\';block-all-mixed-content;upgrade-insecure-requests http-response set-header X-Robots-Tag none http-response set-header X-Download-Options noopen http-response set-header X-Permitted-Cross-Domain-Policies none @@ -103,9 +100,5 @@ backend transmission server transmission-docker seedbox_transmission:9091 check http-response set-header Content-Security-Policy default-src\ \'self\';connect-src\ \'self\';font-src\ https:\ data:\ \'self\';script-src\ \'self\';style-src\ \'self\'\ \'unsafe-inline\';media-src\ https:\ \'self\';img-src\ https:\ blob:\ data:\ \'self\';frame-src\ \'self\';object-src\ \'none\';block-all-mixed-content;upgrade-insecure-requests -backend onlyoffice - server onlyoffice-docker cloud_documentserver:80 check - http-response set-header Content-Security-Policy default-src\ \'self\';connect-src\ \'self\';font-src\ https:\ data:\ \'self\';script-src\ \'unsafe-eval\'\ \'unsafe-inline\'\ \'self\';style-src\ \'self\'\ \'unsafe-inline\';media-src\ https:\ \'self\';img-src\ https:\ blob:\ data:\ \'self\';frame-src\ \'self\';object-src\ \'none\';block-all-mixed-content;upgrade-insecure-requests - backend seedown server httpd-seedown seedbox_httpd:80 check diff --git a/build/Varnish/Dockerfile b/build/Varnish/Dockerfile index b44a430..05bfb19 100644 --- a/build/Varnish/Dockerfile +++ b/build/Varnish/Dockerfile @@ -1,4 +1,3 @@ FROM varnish -COPY --chown=nobody:nogroup varnish.vcl /etc/varnish/default.vcl -USER nobody:nogroup +COPY varnish.vcl /etc/varnish/default.vcl