path: root/terminaldweller.com/haproxy/haproxy.cfg

      

global
  log 127.0.0.1 local0
  ssl-default-bind-ciphers kEECDH+aRSA+AES:kRSA+AES:+AES256:RC4-SHA:!kEDH:!LOW:!EXP:!MD5:!aNULL:!eNULL

defaults
  timeout connect 5000ms
  timeout client 50000ms
  timeout server 50000ms
  mode tcp
  option tcplog
  option dontlognull

resolvers docker_resolver
  nameserver dns 127.0.0.11:53

#Frontends
frontend http
  bind *:80
  mode http
  #ACLs
  acl letsencrypt-acl path_beg /.well-known/acme-challenge/
  acl blog-host hdr_sub(host) -i blog.terminaldweller.com
  acl mail-host hdr_sub(host) -i mail.terminaldweller.com
  acl api-host hdr_sub(host) -i api.terminaldweller.com
  acl chat-host hdr_sub(host) -i chat.terminaldweller.com
  #Conditions
  #use_backend chat-cert-backend if letsencrypt-acl chat-host
  use_backend blog-backend-cert if letsencrypt-acl blog-host
  use_backend api-backend-cert if letsencrypt-acl api-host
  use_backend certbot-backend if letsencrypt-acl !chat-host !blog-host !api-host
  use_backend blog-backend if blog-host
  use_backend mail-backend if mail-host
  use_backend api-backend if api-host
  #use_backend chat-backend if chat-host
  default_backend blog-backend

frontend https
  bind *:443
  timeout client 60s
  mode tcp
  tcp-request inspect-delay 5s
  tcp-request content accept if { req.ssl_hello_type 1 }
  tcp-request content reject
  #ACLs
  acl mail-host-s req.ssl_sni -i mail.terminaldweller.com
  #acl chat-host-s req.ssl_sni -i chat.terminaldweller.com
  acl blog-host-s req.ssl_sni -i blog.terminaldweller.com
  acl api-host-s req.ssl_sni -i api.terminaldweller.com
  #Conditions
  use_backend mail-backend-s if mail-host-s
  #use_backend chat-backend-s if chat-host-s
  use_backend blog-backend-s if blog-host-s
  use_backend api-backend-s if api-host-s

frontend jabber5222
  bind *:5222
  timeout client 60s
  mode tcp
  tcp-request inspect-delay 5s
  tcp-request content accept if { req.ssl_hello_type 1 }
  tcp-request content reject
  acl chat-host-s req.ssl_sni -i chat.terminaldweller.com
  use_backend chat-backend-c2s if chat-host-s
frontend jabber5280
  bind *:5280
  mode http
  acl chat-host hdr_sub(host) -i chat.terminaldweller.com
  use_backend chat-backend-admin if chat-host
frontend jabber5443
  bind *:5443
  timeout client 60s
  mode tcp
  tcp-request inspect-delay 5s
  tcp-request content accept if { req.ssl_hello_type 1 }
  tcp-request content reject
  acl chat-host-s req.ssl_sni -i chat.terminaldweller.com
  use_backend chat-backend-s if chat-host-s

frontend mail-imap
  bind *:143
  mode http
  acl mail-host hdr_sub(host) -i mail.terminaldweller.com
  use_backend mail-backend-imap if mail-host
frontend mail-imaps
  bind *:993
  timeout client 60s
  mode tcp
  tcp-request inspect-delay 5s
  tcp-request content accept if { req.ssl_hello_type 1 }
  tcp-request content reject
  acl mail-host-s req.ssl_sni -i mail.terminaldweller.com
  use_backend mail-backend-imaps if mail-host-s
frontend mail-pop3
  bind *:110
  mode http
  acl mail-host hdr_sub(host) -i mail.terminalweller.com
  use_backend mail-backend-pop3 if mail-host
frontend mail-pop3s
  bind *:995
  timeout client 60s
  mode tcp
  tcp-request inspect-delay 5s
  tcp-request content accept if { req.ssl_hello_type 1 }
  tcp-request content reject
  acl mail-host-s req.ssl_sni -i mail.terminaldweller.com
  use_backend mail-backend-pop3s if mail-host-s
frontend mail-smtp
  bind *:25
  timeout client 60s
  mode tcp
  tcp-request inspect-delay 5s
  tcp-request content accept if { req.ssl_hello_type 1 }
  tcp-request content reject
  acl mail-host req.ssl_sni -i mail.terminaldweller.com
  use_backend mail-backend-smtp if mail-host
frontend mail-smtps
  bind *:465
  timeout client 60s
  mode tcp
  tcp-request inspect-delay 5s
  tcp-request content accept if { req.ssl_hello_type 1 }
  tcp-request content reject
  acl mail-host-s req.ssl_sni -i mail.terminaldweller.com
  use_backend mail-backend-smtps if mail-host-s
frontend mail-submission
  bind *:587
  timeout client 60s
  mode tcp
  tcp-request inspect-delay 5s
  tcp-request content accept if { req.ssl_hello_type 1 }
  tcp-request content reject
  acl mail-host-s req.ssl_sni -i mail.terminaldweller.com
  use_backend mail-backend-submission if mail-host-s

#Backends
backend certbot-backend
  mode http
  server nginx nginx:80 resolvers docker_resolver check init-addr none

backend blog-backend
  mode http
  option forwardfor
  server blog-host 192.99.102.52:9000 check
backend blog-backend-cert
  mode http
  option forwardfor
  server blog-host 192.99.102.52:80
backend blog-backend-s
  timeout server 60s
  timeout client 60s
  mode tcp
  option ssl-hello-chk
  server blog-host 192.99.102.52:9000 check

backend mail-backend
  mode http
  option forwardfor
  server mail-host 185.126.202.69:80
backend mail-backend-s
  timeout server 60s
  timeout client 60s
  mode tcp
  option ssl-hello-chk
  server mail-host 185.126.202.69:443 check
backend mail-backend-imap
  mode http
  option forwardfor
  server mail-host 185.126.202.69:143 check
backend mail-backend-imaps
  timeout server 60s
  timeout client 60s
  mode tcp
  option ssl-hello-chk
  server mail-host 185.126.202.69:993 check
backend mail-backend-pop3
  mode http
  option forwardfor
  server mail-host 185.126.202.69:110 check
backend mail-backend-pop3s
  timeout server 60s
  timeout client 60s
  mode tcp
  option ssl-hello-chk
  server mail-host 185.126.202.69:995 check
backend mail-backend-smtp
  timeout server 60s
  timeout client 60s
  mode tcp
  option ssl-hello-chk
  server mail-host 185.126.202.69:25 check
backend mail-backend-smtps
  timeout server 60s
  timeout client 60s
  mode tcp
  option ssl-hello-chk
  server mail-host 185.126.202.69:465 check
backend mail-backend-submission
  timeout server 60s
  timeout client 60s
  mode tcp
  option ssl-hello-chk
  server mail-host 185.126.202.69:587

backend api-backend
  mode http
  option forwardfor
  server api-host 192.99.102.52:8008 check
backend api-backend-s
  timeout server 60s
  timeout client 60s
  mode tcp
  option ssl-hello-chk
  server api-host 192.99.102.52:8008
backend api-backend-cert
  mode http
  option forwardfor
  server api-host 192.99.102.52:80

backend chat-backend-admin
  mode http
  server chat-host 130.185.121.80:5280 check
backend chat-backend-s
  timeout server 60s
  timeout client 60s
  mode tcp
  option ssl-hello-chk
  server chat-host 130.185.121.80:5443
backend chat-backend-c2s
  timeout server 60s
  timeout client 60s
  mode tcp
  option ssl-hello-chk
  server chat-host 130.185.121.80:5222
backend chat-cert-backend
  mode http
  server chat-cert-server 130.185.121.80:80
global
  log 127.0.0.1 local0
  ssl-default-bind-ciphers kEECDH+aRSA+AES:kRSA+AES:+AES256:RC4-SHA:!kEDH:!LOW:!EXP:!MD5:!aNULL:!eNULL

defaults
  timeout connect 5000ms
  timeout client 50000ms
  timeout server 50000ms
  mode tcp
  option tcplog
  option dontlognull

resolvers docker_resolver
  nameserver dns 127.0.0.11:53

#Frontends
frontend http
  bind *:80
  mode http
  #ACLs
  acl letsencrypt-acl path_beg /.well-known/acme-challenge/
  acl blog-host hdr_sub(host) -i blog.terminaldweller.com
  acl mail-host hdr_sub(host) -i mail.terminaldweller.com
  acl api-host hdr_sub(host) -i api.terminaldweller.com
  acl chat-host hdr_sub(host) -i chat.terminaldweller.com
  #Conditions
  #use_backend chat-cert-backend if letsencrypt-acl chat-host
  use_backend blog-backend-cert if letsencrypt-acl blog-host
  use_backend api-backend-cert if letsencrypt-acl api-host
  use_backend certbot-backend if letsencrypt-acl !chat-host !blog-host !api-host
  use_backend blog-backend if blog-host
  use_backend mail-backend if mail-host
  use_backend api-backend if api-host
  #use_backend chat-backend if chat-host
  default_backend blog-backend

frontend https
  bind *:443
  timeout client 60s
  mode tcp
  tcp-request inspect-delay 5s
  tcp-request content accept if { req.ssl_hello_type 1 }
  tcp-request content reject
  #ACLs
  acl mail-host-s req.ssl_sni -i mail.terminaldweller.com
  #acl chat-host-s req.ssl_sni -i chat.terminaldweller.com
  acl blog-host-s req.ssl_sni -i blog.terminaldweller.com
  acl api-host-s req.ssl_sni -i api.terminaldweller.com
  #Conditions
  use_backend mail-backend-s if mail-host-s
  #use_backend chat-backend-s if chat-host-s
  use_backend blog-backend-s if blog-host-s
  use_backend api-backend-s if api-host-s

frontend jabber5222
  bind *:5222
  timeout client 60s
  mode tcp
  tcp-request inspect-delay 5s
  tcp-request content accept if { req.ssl_hello_type 1 }
  tcp-request content reject
  acl chat-host-s req.ssl_sni -i chat.terminaldweller.com
  use_backend chat-backend-c2s if chat-host-s
frontend jabber5280
  bind *:5280
  mode http
  acl chat-host hdr_sub(host) -i chat.terminaldweller.com
  use_backend chat-backend-admin if chat-host
frontend jabber5443
  bind *:5443
  timeout client 60s
  mode tcp
  tcp-request inspect-delay 5s
  tcp-request content accept if { req.ssl_hello_type 1 }
  tcp-request content reject
  acl chat-host-s req.ssl_sni -i chat.terminaldweller.com
  use_backend chat-backend-s if chat-host-s

frontend mail-imap
  bind *:143
  mode http
  acl mail-host hdr_sub(host) -i mail.terminaldweller.com
  use_backend mail-backend-imap if mail-host
frontend mail-imaps
  bind *:993
  timeout client 60s
  mode tcp
  tcp-request inspect-delay 5s
  tcp-request content accept if { req.ssl_hello_type 1 }
  tcp-request content reject
  acl mail-host-s req.ssl_sni -i mail.terminaldweller.com
  use_backend mail-backend-imaps if mail-host-s
frontend mail-pop3
  bind *:110
  mode http
  acl mail-host hdr_sub(host) -i mail.terminalweller.com
  use_backend mail-backend-pop3 if mail-host
frontend mail-pop3s
  bind *:995
  timeout client 60s
  mode tcp
  tcp-request inspect-delay 5s
  tcp-request content accept if { req.ssl_hello_type 1 }
  tcp-request content reject
  acl mail-host-s req.ssl_sni -i mail.terminaldweller.com
  use_backend mail-backend-pop3s if mail-host-s
frontend mail-smtp
  bind *:25
  timeout client 60s
  mode tcp
  tcp-request inspect-delay 5s
  tcp-request content accept if { req.ssl_hello_type 1 }
  tcp-request content reject
  acl mail-host req.ssl_sni -i mail.terminaldweller.com
  use_backend mail-backend-smtp if mail-host
frontend mail-smtps
  bind *:465
  timeout client 60s
  mode tcp
  tcp-request inspect-delay 5s
  tcp-request content accept if { req.ssl_hello_type 1 }
  tcp-request content reject
  acl mail-host-s req.ssl_sni -i mail.terminaldweller.com
  use_backend mail-backend-smtps if mail-host-s
frontend mail-submission
  bind *:587
  timeout client 60s
  mode tcp
  tcp-request inspect-delay 5s
  tcp-request content accept if { req.ssl_hello_type 1 }
  tcp-request content reject
  acl mail-host-s req.ssl_sni -i mail.terminaldweller.com
  use_backend mail-backend-submission if mail-host-s

#Backends
backend certbot-backend
  mode http
  server nginx nginx:80 resolvers docker_resolver check init-addr none

backend blog-backend
  mode http
  option forwardfor
  server blog-host 192.99.102.52:9000 check
backend blog-backend-cert
  mode http
  option forwardfor
  server blog-host 192.99.102.52:80
backend blog-backend-s
  timeout server 60s
  timeout client 60s
  mode tcp
  option ssl-hello-chk
  server blog-host 192.99.102.52:9000 check

backend mail-backend
  mode http
  option forwardfor
  server mail-host 185.126.202.69:80
backend mail-backend-s
  timeout server 60s
  timeout client 60s
  mode tcp
  option ssl-hello-chk
  server mail-host 185.126.202.69:443 check
backend mail-backend-imap
  mode http
  option forwardfor
  server mail-host 185.126.202.69:143 check
backend mail-backend-imaps
  timeout server 60s
  timeout client 60s
  mode tcp
  option ssl-hello-chk
  server mail-host 185.126.202.69:993 check
backend mail-backend-pop3
  mode http
  option forwardfor
  server mail-host 185.126.202.69:110 check
backend mail-backend-pop3s
  timeout server 60s
  timeout client 60s
  mode tcp
  option ssl-hello-chk
  server mail-host 185.126.202.69:995 check
backend mail-backend-smtp
  timeout server 60s
  timeout client 60s
  mode tcp
  option ssl-hello-chk
  server mail-host 185.126.202.69:25 check
backend mail-backend-smtps
  timeout server 60s
  timeout client 60s
  mode tcp
  option ssl-hello-chk
  server mail-host 185.126.202.69:465 check
backend mail-backend-submission
  timeout server 60s
  timeout client 60s
  mode tcp
  option ssl-hello-chk
  server mail-host 185.126.202.69:587

backend api-backend
  mode http
  option forwardfor
  server api-host 192.99.102.52:8008 check
backend api-backend-s
  timeout server 60s
  timeout client 60s
  mode tcp
  option ssl-hello-chk
  server api-host 192.99.102.52:8008
backend api-backend-cert
  mode http
  option forwardfor
  server api-host 192.99.102.52:80

backend chat-backend-admin
  mode http
  server chat-host 130.185.121.80:5280 check
backend chat-backend-s
  timeout server 60s
  timeout client 60s
  mode tcp
  option ssl-hello-chk
  server chat-host 130.185.121.80:5443
backend chat-backend-c2s
  timeout server 60s
  timeout client 60s
  mode tcp
  option ssl-hello-chk
  server chat-host 130.185.121.80:5222
backend chat-cert-backend
  mode http
  server chat-cert-server 130.185.121.80:80