95 lines
3.8 KiB
Plaintext
95 lines
3.8 KiB
Plaintext
global
|
|
maxconn 2048
|
|
maxconnrate 40
|
|
uid 65534
|
|
gid 65533
|
|
node "$HOSTNAME"
|
|
stats socket /haproxy/haproxy.sock mode 660 level admin
|
|
|
|
defaults
|
|
mode http
|
|
retries 1
|
|
option forwardfor
|
|
option http-keep-alive
|
|
option tcp-smart-connect
|
|
option tcpka
|
|
option http-buffer-request
|
|
balance roundrobin
|
|
compression algo gzip
|
|
timeout http-request 10s
|
|
timeout connect 10s
|
|
timeout client 60s
|
|
timeout server 240s
|
|
timeout http-keep-alive 240s
|
|
default-server resolvers dockerdns init-addr libc,none resolve-opts prevent-dup-ip check
|
|
|
|
resolvers dockerdns
|
|
nameserver docker 127.0.0.11:53
|
|
resolve_retries 2
|
|
timeout retry 300ms
|
|
hold other 100ms
|
|
hold refused 100ms
|
|
hold nx 100ms
|
|
hold timeout 3s
|
|
hold valid 5s
|
|
|
|
frontend https
|
|
mode http
|
|
bind ipv6@:80 defer-accept accept-proxy
|
|
bind ipv4@:80 defer-accept accept-proxy
|
|
|
|
acl root url /
|
|
|
|
acl grafana hdr_beg(host) -i stats.redxen.eu
|
|
acl git hdr_beg(host) -i git.redxen.eu
|
|
acl transmission hdr_beg(host) -i seed.redxen.eu
|
|
acl seedown hdr_beg(host) -i sd.redxen.eu
|
|
acl fediver hdr_beg(host) -i social.redxen.eu
|
|
acl homepage hdr_beg(host) -i redxen.eu
|
|
|
|
redirect location /index.html code 301 if homepage root
|
|
redirect location /web/ code 301 if transmission root
|
|
|
|
http-response replace-header Set-Cookie (.*) \1;\ Secure
|
|
http-response add-header X-Forwarded-Proto https
|
|
|
|
http-response set-header Cache-Control public\ max-age=31536000 if homepage
|
|
|
|
http-response set-header X-XSS-Protection 1;\ mode=block
|
|
http-response set-header X-Content-Type-Options nosniff
|
|
http-response set-header Referrer-Policy no-referrer-when-downgrade
|
|
http-response set-header Strict-Transport-Security max-age=31536000;\ includeSubDomains;\ preload
|
|
|
|
use_backend grafana if grafana
|
|
use_backend git if git
|
|
use_backend transmission if transmission
|
|
use_backend homepage if homepage
|
|
use_backend seedown if seedown
|
|
use_backend fedi if fediver
|
|
|
|
backend homepage
|
|
server-template redxen-space 3 rxhome.s3-website.eu-central-1.amazonaws.com:80 no-check
|
|
http-request set-header Host rxhome.s3-website.eu-central-1.amazonaws.com
|
|
http-request set-header Connection \"\"
|
|
|
|
backend grafana
|
|
server-template grafana-docker 5 tasks.tig_grafana:3000
|
|
option httpchk HEAD / HTTP/1.1\r\nHost:\ stats.redxen.eu
|
|
http-response set-header Content-Security-Policy default-src\ \'self\';connect-src\ \'self\';font-src\ https:\ data:\ \'self\';script-src\ \'unsafe-inline\'\ \'unsafe-eval\'\ \'self\';style-src\ \'self\'\ \'unsafe-inline\';media-src\ https:\ \'self\';img-src\ https:\ blob:\ data:\ \'self\';frame-src\ \'self\';object-src\ \'none\';block-all-mixed-content;upgrade-insecure-requests
|
|
|
|
backend fedi
|
|
server pleroma-docker tasks.pleroma_server:4000
|
|
option httpchk HEAD / HTTP/1.1\r\nHost:\ social.redxen.eu
|
|
|
|
backend git
|
|
server git-docker tasks.git_gitea:3000
|
|
option httpchk HEAD / HTTP/1.1\r\nHost:\ git.redxen.eu
|
|
http-response set-header Content-Security-Policy default-src\ \'self\';connect-src\ https:\ \'self\';font-src\ https:\ data:\ \'self\';script-src\ \'unsafe-inline\'\ \'unsafe-eval\'\ \'self\';style-src\ \'self\'\ \'unsafe-inline\';media-src\ https:\ \'self\';img-src\ https:\ blob:\ data:\ \'self\';frame-src\ \'self\';object-src\ \'none\';block-all-mixed-content;upgrade-insecure-requests
|
|
|
|
backend transmission
|
|
server transmission-docker tasks.seedbox_transmission:9091
|
|
http-response set-header Content-Security-Policy default-src\ \'self\';connect-src\ \'self\';font-src\ https:\ data:\ \'self\';script-src\ \'self\';style-src\ \'self\'\ \'unsafe-inline\';media-src\ https:\ \'self\';img-src\ https:\ blob:\ data:\ \'self\';frame-src\ \'self\';object-src\ \'none\';block-all-mixed-content;upgrade-insecure-requests
|
|
|
|
backend seedown
|
|
server httpd-seedown tasks.seedbox_httpd:80
|