diff options
| author | terminaldweller <thabogre@gmail.com> | 2021-09-15 20:45:57 +0000 |
|---|---|---|
| committer | terminaldweller <thabogre@gmail.com> | 2021-09-15 20:45:57 +0000 |
| commit | 04b2675221972f2a3cf6d1c402f49406f16c6c25 (patch) | |
| tree | b296711e1a97ffac36676b5febf7ed445798ab06 /terminaldweller.com/haproxy | |
| parent | left-over (diff) | |
| download | scripts-04b2675221972f2a3cf6d1c402f49406f16c6c25.tar.gz scripts-04b2675221972f2a3cf6d1c402f49406f16c6c25.zip | |
haproxy,jabber,bitlbee
Diffstat (limited to 'terminaldweller.com/haproxy')
| -rw-r--r-- | terminaldweller.com/haproxy/haproxy.cfg | 196 |
1 files changed, 178 insertions, 18 deletions
diff --git a/terminaldweller.com/haproxy/haproxy.cfg b/terminaldweller.com/haproxy/haproxy.cfg index f1c288e..f406de4 100644 --- a/terminaldweller.com/haproxy/haproxy.cfg +++ b/terminaldweller.com/haproxy/haproxy.cfg @@ -14,64 +14,224 @@ resolvers docker_resolver nameserver dns 127.0.0.11:53 #Frontends -frontend front +frontend http bind *:80 - bind *:443 - mode tcp - timeout client 60s + mode http #ACLs acl letsencrypt-acl path_beg /.well-known/acme-challenge/ acl blog-host hdr_sub(host) -i blog.terminaldweller.com acl mail-host hdr_sub(host) -i mail.terminaldweller.com - acl mail-host-s req.ssl_sni -i mail.terminaldweller.com acl api-host hdr_sub(host) -i api.terminaldweller.com acl chat-host hdr_sub(host) -i chat.terminaldweller.com - acl chat-host-s req.ssl_sni -i chat.terminaldweller.com - #Consitions - use_backend certbot-backend if letsencrypt-acl + #Conditions + #use_backend chat-cert-backend if letsencrypt-acl chat-host + use_backend blog-backend-cert if letsencrypt-acl blog-host + use_backend api-backend-cert if letsencrypt-acl api-host + use_backend certbot-backend if letsencrypt-acl !chat-host !blog-host !api-host use_backend blog-backend if blog-host use_backend mail-backend if mail-host - use_backend mail-backend-s if mail-host-s use_backend api-backend if api-host - use_backend chat-backend-s if chat-host-s + #use_backend chat-backend if chat-host default_backend blog-backend +frontend https + bind *:443 + timeout client 60s + mode tcp + tcp-request inspect-delay 5s + tcp-request content accept if { req.ssl_hello_type 1 } + tcp-request content reject + #ACLs + acl mail-host-s req.ssl_sni -i mail.terminaldweller.com + #acl chat-host-s req.ssl_sni -i chat.terminaldweller.com + acl blog-host-s req.ssl_sni -i blog.terminaldweller.com + acl api-host-s req.ssl_sni -i api.terminaldweller.com + #Conditions + use_backend mail-backend-s if mail-host-s + #use_backend chat-backend-s if chat-host-s + use_backend blog-backend-s if blog-host-s + use_backend api-backend-s if api-host-s + +frontend jabber5222 + bind *:5222 + timeout client 60s + mode tcp + tcp-request inspect-delay 5s + tcp-request content accept if { req.ssl_hello_type 1 } + tcp-request content reject + acl chat-host-s req.ssl_sni -i chat.terminaldweller.com + use_backend chat-backend-c2s if chat-host-s +frontend jabber5280 + bind *:5280 + mode http + acl chat-host hdr_sub(host) -i chat.terminaldweller.com + use_backend chat-backend-admin if chat-host +frontend jabber5443 + bind *:5443 + timeout client 60s + mode tcp + tcp-request inspect-delay 5s + tcp-request content accept if { req.ssl_hello_type 1 } + tcp-request content reject + acl chat-host-s req.ssl_sni -i chat.terminaldweller.com + use_backend chat-backend-s if chat-host-s + +frontend mail-imap + bind *:143 + mode http + acl mail-host hdr_sub(host) -i mail.terminaldweller.com + use_backend mail-backend-imap if mail-host +frontend mail-imaps + bind *:993 + timeout client 60s + mode tcp + tcp-request inspect-delay 5s + tcp-request content accept if { req.ssl_hello_type 1 } + tcp-request content reject + acl mail-host-s req.ssl_sni -i mail.terminaldweller.com + use_backend mail-backend-imaps if mail-host-s +frontend mail-pop3 + bind *:110 + mode http + acl mail-host hdr_sub(host) -i mail.terminalweller.com + use_backend mail-backend-pop3 if mail-host +frontend mail-pop3s + bind *:995 + timeout client 60s + mode tcp + tcp-request inspect-delay 5s + tcp-request content accept if { req.ssl_hello_type 1 } + tcp-request content reject + acl mail-host-s req.ssl_sni -i mail.terminaldweller.com + use_backend mail-backend-pop3s if mail-host-s +frontend mail-smtp + bind *:25 + timeout client 60s + mode tcp + tcp-request inspect-delay 5s + tcp-request content accept if { req.ssl_hello_type 1 } + tcp-request content reject + acl mail-host req.ssl_sni -i mail.terminaldweller.com + use_backend mail-backend-smtp if mail-host +frontend mail-smtps + bind *:465 + timeout client 60s + mode tcp + tcp-request inspect-delay 5s + tcp-request content accept if { req.ssl_hello_type 1 } + tcp-request content reject + acl mail-host-s req.ssl_sni -i mail.terminaldweller.com + use_backend mail-backend-smtps if mail-host-s +frontend mail-submission + bind *:587 + timeout client 60s + mode tcp + tcp-request inspect-delay 5s + tcp-request content accept if { req.ssl_hello_type 1 } + tcp-request content reject + acl mail-host-s req.ssl_sni -i mail.terminaldweller.com + use_backend mail-backend-submission if mail-host-s + + #Backends backend certbot-backend + mode http server nginx nginx:80 resolvers docker_resolver check init-addr none backend blog-backend mode http option forwardfor server blog-host 192.99.102.52:9000 check +backend blog-backend-cert + mode http + option forwardfor + server blog-host 192.99.102.52:80 +backend blog-backend-s + timeout server 60s + timeout client 60s + mode tcp + option ssl-hello-chk + server blog-host 192.99.102.52:9000 check backend mail-backend mode http option forwardfor - server mail-host 185.126.202.69:80 check - + server mail-host 185.126.202.69:80 backend mail-backend-s timeout server 60s timeout client 60s mode tcp + option ssl-hello-chk + server mail-host 185.126.202.69:443 check +backend mail-backend-imap + mode http + option forwardfor + server mail-host 185.126.202.69:143 check +backend mail-backend-imaps + timeout server 60s + timeout client 60s + mode tcp + option ssl-hello-chk + server mail-host 185.126.202.69:993 check +backend mail-backend-pop3 + mode http option forwardfor + server mail-host 185.126.202.69:110 check +backend mail-backend-pop3s + timeout server 60s + timeout client 60s + mode tcp + option ssl-hello-chk + server mail-host 185.126.202.69:995 check +backend mail-backend-smtp + timeout server 60s + timeout client 60s + mode tcp + option ssl-hello-chk + server mail-host 185.126.202.69:25 check +backend mail-backend-smtps + timeout server 60s + timeout client 60s + mode tcp option ssl-hello-chk - server mail-host-s 185.126.202.69:443 check + server mail-host 185.126.202.69:465 check +backend mail-backend-submission + timeout server 60s + timeout client 60s + mode tcp + option ssl-hello-chk + server mail-host 185.126.202.69:587 backend api-backend mode http option forwardfor server api-host 192.99.102.52:8008 check - -backend chat-backend +backend api-backend-s + timeout server 60s + timeout client 60s + mode tcp + option ssl-hello-chk + server api-host 192.99.102.52:8008 +backend api-backend-cert mode http option forwardfor - server chat-host 87.236.209.206:5280 check + server api-host 192.99.102.52:80 +backend chat-backend-admin + mode http + server chat-host 130.185.121.80:5280 check backend chat-backend-s timeout server 60s timeout client 60s mode tcp - option forwardfor option ssl-hello-chk - server chat-host-s 87.236.209.206:5280 check + server chat-host 130.185.121.80:5443 +backend chat-backend-c2s + timeout server 60s + timeout client 60s + mode tcp + option ssl-hello-chk + server chat-host 130.185.121.80:5222 +backend chat-cert-backend + mode http + server chat-cert-server 130.185.121.80:80 |