From 71eecf0c6eec5c7847f841e9c85845b677302ca1 Mon Sep 17 00:00:00 2001 From: ubuntu Date: Fri, 29 Jan 2021 16:41:29 +0000 Subject: matrix server update...almost working...WIP --- matrix-server/haproxy/haproxy.cfg | 44 +++++++++++++++++++++++---------------- 1 file changed, 26 insertions(+), 18 deletions(-) (limited to 'matrix-server/haproxy') diff --git a/matrix-server/haproxy/haproxy.cfg b/matrix-server/haproxy/haproxy.cfg index 2afa3fb..c619259 100644 --- a/matrix-server/haproxy/haproxy.cfg +++ b/matrix-server/haproxy/haproxy.cfg @@ -1,30 +1,38 @@ global - stats socket :9999 level admin expose-fd listeners - log stdout format raw local0 - ssl-default-bind-ciphers kEECDH+aRSA+AES:kRSA+AES:+AES256:RC4-SHA:!kEDH:!LOW:!EXP:!MD5:!aNULL:!eNULL +stats socket :9999 level admin expose-fd listeners +log stdout format raw local0 +ssl-default-bind-ciphers kEECDH+aRSA+AES:kRSA+AES:+AES256:RC4-SHA:!kEDH:!LOW:!EXP:!MD5:!aNULL:!eNULL + +defaults +timeout connect 5000ms +timeout client 50000ms +timeout server 50000ms +default-server init-addr last,libc,none frontend http - bind :80 - http-request redirect scheme https unless { ssl_fc } - acl certbot path_beg /.well-known/acme-challenge/ - use_backend certbot if certbot +bind *:80 +http-request redirect scheme https unless { ssl_fc } +acl certbot path_beg /.well-known/acme-challenge/ +use_backend certbot if certbot frontend https - bind :::443 v4v6 ssl crt /etc/certificates strict-sni alpn h2.http/1.1 - acl matrix-host hdr(host) -i matrix.example.com - acl matrix-path path_beg /_matrix - acl matrix-path path_beg /_synpase/client - use_backend matrix if matrix-host matrix-path +#uncomment this to get ssl certificate for the first run +bind *:443 v4v6 ssl crt /etc/certificates/terminaldweller.com.pem strict-sni alpn h2,http/1.1 +acl matrix-host hdr(host) -i terminaldweller.com +acl matrix-path path_beg /_matrix +acl matrix-path path_beg /_synpase/client +use_backend matrix if matrix-host matrix-path frontend matrix-federation - bind :::8448 v4v6 ssl crt /etc/certificates alpn h2.http/1.1 - default_backend matrix +#uncomment this to get ssl certificate for the first run +bind *:8448 v4v6 ssl crt /etc/certificates/terminaldweller.com.pem alpn h2,http/1.1 +default_backend matrix -resolvers docker_resolver - nameserver dns 127.0.0.11:53 +resolvers docker +nameserver dns1 127.0.0.11:53 backend matrix - server matrix synapse:8008 +server matrix synapse:8008 backend certbot - server certbot certbot:380 +server certbot certbot:380 -- cgit v1.2.3