a slightly less crappy config

author: terminaldweller <thabogre@gmail.com> 2022-04-03 18:03:25 +0000
committer: terminaldweller <thabogre@gmail.com> 2022-04-03 18:03:25 +0000
commit: ebf7ada143ef91ddf51c207c8f25ceec1e4b414f (patch)
tree: 02a821427e0772a6c3038d89f4997c6f430bcf1d
parent: finally can send mail from my own email. (diff)
download: scripts-ebf7ada143ef91ddf51c207c8f25ceec1e4b414f.tar.gz
scripts-ebf7ada143ef91ddf51c207c8f25ceec1e4b414f.zip
1 files changed, 35 insertions, 36 deletions
diff --git a/terminaldweller.com/haproxy/haproxy.cfg b/terminaldweller.com/haproxy/haproxy.cfg
index 1ca1467..2063483 100644
--- a/terminaldweller.com/haproxy/haproxy.cfg
+++ b/terminaldweller.com/haproxy/haproxy.cfg
@@ -1,19 +1,32 @@
 global
+  maxconn 256
   log 127.0.0.1 local0
   ssl-default-bind-ciphers kEECDH+aRSA+AES:kRSA+AES:+AES256:RC4-SHA:!kEDH:!LOW:!EXP:!MD5:!aNULL:!eNULL
   ssl-default-bind-options no-sslv3
 
 defaults
+  log global
   timeout connect 5000ms
   timeout client 50000ms
   timeout server 50000ms
   mode tcp
   option tcplog
   option dontlognull
+  retries 3
+  timeout http-request 5000ms
+  timeout http-keep-alive 2000ms
+  timeout queue 5000ms
+  timeout tunnel 60000ms
+  timeout client-fin 1000ms
+  timeout server-fin 1000ms
 
 resolvers docker_resolver
-  nameserver dns 127.0.0.11:53
-
+  nameserver dns-0 127.0.0.11:53
+  hold valid 10000ms
+  resolve_retries 3
+  timeout retry 1000ms
+  timeout resolve 1000ms
+ 
 #Frontends
 frontend http
   bind *:80
@@ -25,22 +38,25 @@ frontend http
   acl api-host hdr_sub(host) -i api.terminaldweller.com
   acl chat-host hdr_sub(host) -i chat.terminaldweller.com
   acl searx-host hdr_sub(host) -i searx.terminaldweller.com
+  acl editor-host hdr_sub(host) -i editor.terminaldweller.com
   acl mila-api-acl url_beg /mila
   acl crypto-api-acl url_beg /crypto
   acl http ssl_fc,not
   #Conditions
+  #this will prevent any letsencrypt cert challenges from working
+  http-request redirect scheme https if http
   #use_backend chat-cert-backend if letsencrypt-acl chat-host
   use_backend blog-backend-cert if letsencrypt-acl blog-host
   use_backend api-crypto-backend-cert if letsencrypt-acl api-host
   use_backend api-mila-backend-cert if letsencrypt-acl api-host
   use_backend searx-backend-cert if letsencrypt-acl searx-host
+#  use_backend editor-backend-cert if letsencrypt-acl editor-host
   use_backend certbot-backend if letsencrypt-acl !chat-host !blog-host !api-host
   use_backend blog-backend if blog-host
   use_backend mail-backend if mail-host
   use_backend api-backend if api-host
   use_backend searx-backend if searx-host
   #use_backend chat-backend if chat-host
-  http-request redirect scheme https if http
   default_backend blog-backend
 
 frontend https
@@ -58,6 +74,7 @@ frontend https
   acl mila-api-host-s req.ssl_sni -i mila.terminaldweller.com
   acl searx-host-s req.ssl_sni -i searx.terminaldweller.com
   acl cargo-host-s req.ssl_sni -i cargo.terminaldweller.com
+  acl editor-host-s req.ssl_sni -i editor.terminaldweller.com
   #Conditions
   use_backend mail-backend-s if mail-host-s
   #use_backend chat-backend-s if chat-host-s
@@ -65,8 +82,9 @@ frontend https
   #use_backend api-crypto-backend-s if api-host-s crypto-api-acl
   use_backend api-crypto-backend-s if api-host-s
   use_backend api-mila-backend-s if mila-api-host-s
-  use_backend searx-backend-s if searx-host-s
+  #use_backend searx-backend-s if searx-host-s
   use_backend cargo-backend-s if cargo-host-s
+  use_backend editor-backend-s if editor-host-s
 
 frontend jabber5222
   bind *:5222
@@ -146,7 +164,9 @@ frontend mail-submission
   tcp-request content accept if { req.ssl_hello_type 1 }
   tcp-request content reject
   acl mail-host-s req.ssl_sni -i mail.terminaldweller.com
+  acl mail-host-ss req.ssl_sni -i terminaldweller.com
   use_backend mail-backend-submission if mail-host-s
+  use_backend mail-backend-submission if mail-host-ss
 
 #Backends
 backend certbot-backend
@@ -162,8 +182,6 @@ backend blog-backend-cert
   option forwardfor
   server blog-host 192.99.102.52:80
 backend blog-backend-s
-  timeout server 60s
-  timeout client 60s
   mode tcp
   option ssl-hello-chk
   server blog-host 192.99.102.52:9000 check
@@ -173,8 +191,6 @@ backend mail-backend
   option forwardfor
   server mail-host 185.126.202.69:80
 backend mail-backend-s
-  timeout server 60s
-  timeout client 60s
   mode tcp
   option ssl-hello-chk
   server mail-host 185.126.202.69:443 check
@@ -183,36 +199,26 @@ backend mail-backend-imap
   option forwardfor
   server mail-host 185.126.202.69:143 check
 backend mail-backend-imaps
-  timeout server 60s
-  timeout client 60s
   mode tcp
-  option ssl-hello-chk
+#option ssl-hello-chk
   server mail-host 185.126.202.69:993 check
 backend mail-backend-pop3
   mode http
   option forwardfor
   server mail-host 185.126.202.69:110 check
 backend mail-backend-pop3s
-  timeout server 60s
-  timeout client 60s
   mode tcp
-  option ssl-hello-chk
+#option ssl-hello-chk
   server mail-host 185.126.202.69:995 check
 backend mail-backend-smtp
-  timeout server 60s
-  timeout client 60s
   mode tcp
-  option ssl-hello-chk
+#option ssl-hello-chk
   server mail-host 185.126.202.69:25 check
 backend mail-backend-smtps
-  timeout server 60s
-  timeout client 60s
   mode tcp
   option ssl-hello-chk
   server mail-host 185.126.202.69:465 check
 backend mail-backend-submission
-  timeout server 60s
-  timeout client 60s
   mode tcp
   option ssl-hello-chk
   server mail-host 185.126.202.69:587
@@ -222,8 +228,6 @@ backend api-backend
   option forwardfor
   server api-host 192.99.102.52:8008 check
 backend api-crypto-backend-s
-  timeout server 60s
-  timeout client 60s
   mode tcp
   option ssl-hello-chk
   server api-host 192.99.102.52:8008
@@ -232,8 +236,6 @@ backend api-crypto-backend-cert
   option forwardfor
   server api-host 192.99.102.52:80
 backend api-mila-backend-s
-  timeout server 60s
-  timeout client 60s
   mode tcp
   option ssl-hello-chk
   server api-mila-host 130.185.121.80:19019
@@ -244,16 +246,12 @@ backend api-mila-backend-cert
 
 backend chat-backend-admin
   mode http
-  server chat-host 130.185.121.80:5280 check
+  server chat-host 130.185.121.80:5280
 backend chat-backend-s
-  timeout server 60s
-  timeout client 60s
   mode tcp
   option ssl-hello-chk
   server chat-host 130.185.121.80:5443
 backend chat-backend-c2s
-  timeout server 60s
-  timeout client 60s
   mode tcp
   option ssl-hello-chk
   server chat-host 130.185.121.80:5222
@@ -266,17 +264,18 @@ backend searx-backend-cert
   server searx-host-cert 130.185.121.80:80
 backend searx-backend
   mode http
-  server searx-host 130.185.121.80:8088
+  server searx-host 130.185.121.80:4040
 backend searx-backend-s
-  timeout server 60s
-  timeout client 60s
   mode tcp
   option ssl-hello-chk
-  server searx-host-s 130.185.121.80:8089
+  server searx-host-s 130.185.121.80:4040
 
 backend cargo-backend-s
-  timeout server 60s
-  timeout client 60s
   mode tcp
   option ssl-hello-chk
   server cargo-host-s 130.185.121.80:7777
+
+backend editor-backend-s
+  mode tcp
+  option ssl-hello-chk
+  server cargo-host-s 130.185.121.80:7080
author	terminaldweller <thabogre@gmail.com>	2022-04-03 18:03:25 +0000
committer	terminaldweller <thabogre@gmail.com>	2022-04-03 18:03:25 +0000
commit	ebf7ada143ef91ddf51c207c8f25ceec1e4b414f (patch)
tree	02a821427e0772a6c3038d89f4997c6f430bcf1d
parent	finally can send mail from my own email. (diff)
download	scripts-ebf7ada143ef91ddf51c207c8f25ceec1e4b414f.tar.gz scripts-ebf7ada143ef91ddf51c207c8f25ceec1e4b414f.zip