aboutsummaryrefslogtreecommitdiffstats
path: root/terminaldweller.com/haproxy
diff options
context:
space:
mode:
authorterminaldweller <thabogre@gmail.com>2022-04-03 18:03:25 +0000
committerterminaldweller <thabogre@gmail.com>2022-04-03 18:03:25 +0000
commitebf7ada143ef91ddf51c207c8f25ceec1e4b414f (patch)
tree02a821427e0772a6c3038d89f4997c6f430bcf1d /terminaldweller.com/haproxy
parentfinally can send mail from my own email. (diff)
downloadscripts-ebf7ada143ef91ddf51c207c8f25ceec1e4b414f.tar.gz
scripts-ebf7ada143ef91ddf51c207c8f25ceec1e4b414f.zip
a slightly less crappy config
Diffstat (limited to 'terminaldweller.com/haproxy')
-rw-r--r--terminaldweller.com/haproxy/haproxy.cfg71
1 files changed, 35 insertions, 36 deletions
diff --git a/terminaldweller.com/haproxy/haproxy.cfg b/terminaldweller.com/haproxy/haproxy.cfg
index 1ca1467..2063483 100644
--- a/terminaldweller.com/haproxy/haproxy.cfg
+++ b/terminaldweller.com/haproxy/haproxy.cfg
@@ -1,19 +1,32 @@
global
+ maxconn 256
log 127.0.0.1 local0
ssl-default-bind-ciphers kEECDH+aRSA+AES:kRSA+AES:+AES256:RC4-SHA:!kEDH:!LOW:!EXP:!MD5:!aNULL:!eNULL
ssl-default-bind-options no-sslv3
defaults
+ log global
timeout connect 5000ms
timeout client 50000ms
timeout server 50000ms
mode tcp
option tcplog
option dontlognull
+ retries 3
+ timeout http-request 5000ms
+ timeout http-keep-alive 2000ms
+ timeout queue 5000ms
+ timeout tunnel 60000ms
+ timeout client-fin 1000ms
+ timeout server-fin 1000ms
resolvers docker_resolver
- nameserver dns 127.0.0.11:53
-
+ nameserver dns-0 127.0.0.11:53
+ hold valid 10000ms
+ resolve_retries 3
+ timeout retry 1000ms
+ timeout resolve 1000ms
+
#Frontends
frontend http
bind *:80
@@ -25,22 +38,25 @@ frontend http
acl api-host hdr_sub(host) -i api.terminaldweller.com
acl chat-host hdr_sub(host) -i chat.terminaldweller.com
acl searx-host hdr_sub(host) -i searx.terminaldweller.com
+ acl editor-host hdr_sub(host) -i editor.terminaldweller.com
acl mila-api-acl url_beg /mila
acl crypto-api-acl url_beg /crypto
acl http ssl_fc,not
#Conditions
+ #this will prevent any letsencrypt cert challenges from working
+ http-request redirect scheme https if http
#use_backend chat-cert-backend if letsencrypt-acl chat-host
use_backend blog-backend-cert if letsencrypt-acl blog-host
use_backend api-crypto-backend-cert if letsencrypt-acl api-host
use_backend api-mila-backend-cert if letsencrypt-acl api-host
use_backend searx-backend-cert if letsencrypt-acl searx-host
+# use_backend editor-backend-cert if letsencrypt-acl editor-host
use_backend certbot-backend if letsencrypt-acl !chat-host !blog-host !api-host
use_backend blog-backend if blog-host
use_backend mail-backend if mail-host
use_backend api-backend if api-host
use_backend searx-backend if searx-host
#use_backend chat-backend if chat-host
- http-request redirect scheme https if http
default_backend blog-backend
frontend https
@@ -58,6 +74,7 @@ frontend https
acl mila-api-host-s req.ssl_sni -i mila.terminaldweller.com
acl searx-host-s req.ssl_sni -i searx.terminaldweller.com
acl cargo-host-s req.ssl_sni -i cargo.terminaldweller.com
+ acl editor-host-s req.ssl_sni -i editor.terminaldweller.com
#Conditions
use_backend mail-backend-s if mail-host-s
#use_backend chat-backend-s if chat-host-s
@@ -65,8 +82,9 @@ frontend https
#use_backend api-crypto-backend-s if api-host-s crypto-api-acl
use_backend api-crypto-backend-s if api-host-s
use_backend api-mila-backend-s if mila-api-host-s
- use_backend searx-backend-s if searx-host-s
+ #use_backend searx-backend-s if searx-host-s
use_backend cargo-backend-s if cargo-host-s
+ use_backend editor-backend-s if editor-host-s
frontend jabber5222
bind *:5222
@@ -146,7 +164,9 @@ frontend mail-submission
tcp-request content accept if { req.ssl_hello_type 1 }
tcp-request content reject
acl mail-host-s req.ssl_sni -i mail.terminaldweller.com
+ acl mail-host-ss req.ssl_sni -i terminaldweller.com
use_backend mail-backend-submission if mail-host-s
+ use_backend mail-backend-submission if mail-host-ss
#Backends
backend certbot-backend
@@ -162,8 +182,6 @@ backend blog-backend-cert
option forwardfor
server blog-host 192.99.102.52:80
backend blog-backend-s
- timeout server 60s
- timeout client 60s
mode tcp
option ssl-hello-chk
server blog-host 192.99.102.52:9000 check
@@ -173,8 +191,6 @@ backend mail-backend
option forwardfor
server mail-host 185.126.202.69:80
backend mail-backend-s
- timeout server 60s
- timeout client 60s
mode tcp
option ssl-hello-chk
server mail-host 185.126.202.69:443 check
@@ -183,36 +199,26 @@ backend mail-backend-imap
option forwardfor
server mail-host 185.126.202.69:143 check
backend mail-backend-imaps
- timeout server 60s
- timeout client 60s
mode tcp
- option ssl-hello-chk
+#option ssl-hello-chk
server mail-host 185.126.202.69:993 check
backend mail-backend-pop3
mode http
option forwardfor
server mail-host 185.126.202.69:110 check
backend mail-backend-pop3s
- timeout server 60s
- timeout client 60s
mode tcp
- option ssl-hello-chk
+#option ssl-hello-chk
server mail-host 185.126.202.69:995 check
backend mail-backend-smtp
- timeout server 60s
- timeout client 60s
mode tcp
- option ssl-hello-chk
+#option ssl-hello-chk
server mail-host 185.126.202.69:25 check
backend mail-backend-smtps
- timeout server 60s
- timeout client 60s
mode tcp
option ssl-hello-chk
server mail-host 185.126.202.69:465 check
backend mail-backend-submission
- timeout server 60s
- timeout client 60s
mode tcp
option ssl-hello-chk
server mail-host 185.126.202.69:587
@@ -222,8 +228,6 @@ backend api-backend
option forwardfor
server api-host 192.99.102.52:8008 check
backend api-crypto-backend-s
- timeout server 60s
- timeout client 60s
mode tcp
option ssl-hello-chk
server api-host 192.99.102.52:8008
@@ -232,8 +236,6 @@ backend api-crypto-backend-cert
option forwardfor
server api-host 192.99.102.52:80
backend api-mila-backend-s
- timeout server 60s
- timeout client 60s
mode tcp
option ssl-hello-chk
server api-mila-host 130.185.121.80:19019
@@ -244,16 +246,12 @@ backend api-mila-backend-cert
backend chat-backend-admin
mode http
- server chat-host 130.185.121.80:5280 check
+ server chat-host 130.185.121.80:5280
backend chat-backend-s
- timeout server 60s
- timeout client 60s
mode tcp
option ssl-hello-chk
server chat-host 130.185.121.80:5443
backend chat-backend-c2s
- timeout server 60s
- timeout client 60s
mode tcp
option ssl-hello-chk
server chat-host 130.185.121.80:5222
@@ -266,17 +264,18 @@ backend searx-backend-cert
server searx-host-cert 130.185.121.80:80
backend searx-backend
mode http
- server searx-host 130.185.121.80:8088
+ server searx-host 130.185.121.80:4040
backend searx-backend-s
- timeout server 60s
- timeout client 60s
mode tcp
option ssl-hello-chk
- server searx-host-s 130.185.121.80:8089
+ server searx-host-s 130.185.121.80:4040
backend cargo-backend-s
- timeout server 60s
- timeout client 60s
mode tcp
option ssl-hello-chk
server cargo-host-s 130.185.121.80:7777
+
+backend editor-backend-s
+ mode tcp
+ option ssl-hello-chk
+ server cargo-host-s 130.185.121.80:7080