updated haproxy

updates

3 files changed, 89 insertions, 101 deletions

diff --git a/terminaldweller.com/haproxy/haproxy.cfg b/terminaldweller.com/haproxy/haproxy.cfg
index dcc7714..ddc8b82 100644
--- a/terminaldweller.com/haproxy/haproxy.cfg
+++ b/terminaldweller.com/haproxy/haproxy.cfg
@@ -50,11 +50,11 @@ frontend http
   #this will prevent any letsencrypt cert challenges from working
   #http-request redirect scheme https if http
   http-request redirect scheme https code 301 if http blog-host !letsencrypt-acl
-  http-request redirect scheme https code 301 if http editor-host
-  http-request redirect scheme https code 301 if http editorsave-host
-  http-request redirect scheme https code 301 if http api-host
-  http-request redirect scheme https code 301 if http devourer-host
-  #http-request redirect scheme https code 301 if http searx-host !letsencrypt-acl
+  http-request redirect scheme https code 301 if http editor-host !letsencrypt-acl
+  http-request redirect scheme https code 301 if http editorsave-host !letsencrypt-acl
+  http-request redirect scheme https code 301 if http api-host !letsencrypt-acl
+  http-request redirect scheme https code 301 if http devourer-host !letsencrypt-acl
+  http-request redirect scheme https code 301 if http searx-host !letsencrypt-acl
 
   #Conditions
   #use_backend chat-cert-backend if letsencrypt-acl chat-host
@@ -84,7 +84,7 @@ frontend https
   tcp-request content reject
   #ACLs
   acl mail-host-s req.ssl_sni -i mail.terminaldweller.com
-  #acl chat-host-s req.ssl_sni -i chat.terminaldweller.com
+  acl chat-host-s req.ssl_sni -i chat.terminaldweller.com
   acl blog-host-s req.ssl_sni -i blog.terminaldweller.com
   acl api-host-s req.ssl_sni -i api.terminaldweller.com
   acl mila-api-host-s req.ssl_sni -i mila.terminaldweller.com
@@ -105,10 +105,10 @@ frontend https
   use_backend editor-backend-s if editor-host-s
   use_backend editorsave-backend-s if editorsave-host-s
 
-frontend jabber5222
-  bind *:5222
-  mode tcp
-  use_backend chat-backend-c2s
+#frontend jabber5222
+#  bind *:5222
+#  mode tcp
+#  use_backend chat-backend-c2s
 #frontend jabber5222
 #  bind *:5222
 #  timeout client 60s
@@ -118,11 +118,11 @@ frontend jabber5222
 #  tcp-request content reject
 #  acl chat-host-s req.ssl_sni -i chat.terminaldweller.com
 #  use_backend chat-backend-c2s if chat-host-s
-#frontend jabbber5222
-#  bind *:5280
-#  mode http
-#  acl chat-host hdr_sub(host) -i chat.terminaldweller.com
-#  use_backend chat-backend if chat-host
+frontend jabbber5222
+  bind *:5222
+  mode http
+  acl chat-host hdr_sub(host) -i chat.terminaldweller.com
+  use_backend chat-backend-c2s if chat-host
 frontend jabber5280
   bind *:5280
   mode http
@@ -279,20 +279,21 @@ backend api-mila-backend-cert
 backend chat-backend-admin
   mode http
   server chat-host 130.185.121.80:5280
-backend chat-backend
-  mode http
-  server chat-host 130.185.121.80:5222
+#backend chat-backend
+#  mode http
+#  server chat-host 130.185.121.80:5222
 backend chat-backend-s
   mode tcp
   option ssl-hello-chk
   server chat-host 130.185.121.80:5443
 backend chat-backend-c2s
-  mode tcp
-  #option ssl-hello-chk
-  server chat-host 130.185.121.80:5222
-backend chat-cert-backend
+  #mode tcp
   mode http
-  server chat-cert-server 130.185.121.80:8880
+  option forwardfor
+  server chat-host 130.185.121.80:5222
+#backend chat-cert-backend
+#  mode http
+#  server chat-cert-server 130.185.121.80:8880
 
 backend searx-backend-cert
   mode http
diff --git a/terminaldweller.com/prosody/config/prosody.cfg.lua b/terminaldweller.com/prosody/config/prosody.cfg.lua
index d2c5e7d..ba67de7 100644
--- a/terminaldweller.com/prosody/config/prosody.cfg.lua
+++ b/terminaldweller.com/prosody/config/prosody.cfg.lua
@@ -12,7 +12,6 @@ daemonize = false;
 --
 -- Good luck, and happy Jabbering!
 
-
 ---------- Server-wide settings ----------
 -- Settings in this section apply to the whole server and are the default settings
 -- for any virtual hosts
@@ -25,70 +24,67 @@ admins = {"devi@chat.terminaldweller.com"}
 
 -- Enable use of libevent for better performance under high load
 -- For more information see: https://prosody.im/doc/libevent
---use_libevent = true
+-- use_libevent = true
 
 -- Prosody will always look in its source directory for modules, but
 -- this option allows you to specify additional locations where Prosody
 -- will look for modules first. For community modules, see https://modules.prosody.im/
---plugin_paths = {}
+-- plugin_paths = {}
 
 -- This is the list of modules Prosody will load on startup.
 -- It looks for mod_modulename.lua in the plugins folder, so make sure that exists too.
 -- Documentation for bundled modules can be found at: https://prosody.im/doc/modules
 modules_enabled = {
 
-        -- Generally required
-                "roster"; -- Allow users to have a roster. Recommended ;)
-                "saslauth"; -- Authentication for clients and servers. Recommended if you want to log in.
-                "tls"; -- Add support for secure TLS on c2s/s2s connections
-                "dialback"; -- s2s dialback support
-                "disco"; -- Service discovery
-
-        -- Not essential, but recommended
-                "carbons"; -- Keep multiple clients in sync
-                "pep"; -- Enables users to publish their avatar, mood, activity, playing music and more
-                "private"; -- Private XML storage (for room bookmarks, etc.)
-                "blocklist"; -- Allow users to block communications with other users
-                "vcard4"; -- User profiles (stored in PEP)
-                "vcard_legacy"; -- Conversion between legacy vCard and PEP Avatar, vcard
-                "limits"; -- Enable bandwidth limiting for XMPP connections
-
-        -- Nice to have
-                "version"; -- Replies to server version requests
-                "uptime"; -- Report how long server has been running
-                "time"; -- Let others know the time here on this server
-                "ping"; -- Replies to XMPP pings with pongs
-                --"register"; -- Allow users to register on this server using a client and change passwords
-                --"mam"; -- Store messages in an archive and allow users to access it
-                --"csi_simple"; -- Simple Mobile optimizations
-
-        -- Admin interfaces
-                "admin_adhoc"; -- Allows administration via an XMPP client that supports ad-hoc commands
-                --"admin_telnet"; -- Opens telnet console interface on localhost port 5582
-
-        -- HTTP modules
-                "bosh"; -- Enable BOSH clients, aka "Jabber over HTTP"
-                --"websocket"; -- XMPP over WebSockets
-                --"http_files"; -- Serve static files from a directory over HTTP
-
-        -- Other specific functionality
-                --"groups"; -- Shared roster support
-                --"server_contact_info"; -- Publish contact information for this service
-                --"announce"; -- Send announcement to all online users
-                --"welcome"; -- Welcome users who register accounts
-                --"watchregistrations"; -- Alert admins of registrations
-                --"motd"; -- Send a message to users when they log in
-                --"legacyauth"; -- Legacy authentication. Only used by some old clients and bots.
-                --"proxy65"; -- Enables a file transfer proxy service which clients behind NAT can use
+    -- Generally required
+    "roster", -- Allow users to have a roster. Recommended ;)
+    "saslauth", -- Authentication for clients and servers. Recommended if you want to log in.
+    "tls", -- Add support for secure TLS on c2s/s2s connections
+    "dialback", -- s2s dialback support
+    "disco", -- Service discovery
+    -- Not essential, but recommended
+    "carbons", -- Keep multiple clients in sync
+    "pep", -- Enables users to publish their avatar, mood, activity, playing music and more
+    "private", -- Private XML storage (for room bookmarks, etc.)
+    "blocklist", -- Allow users to block communications with other users
+    "vcard4", -- User profiles (stored in PEP)
+    "vcard_legacy", -- Conversion between legacy vCard and PEP Avatar, vcard
+    "limits", -- Enable bandwidth limiting for XMPP connections
+    -- Nice to have
+    "version", -- Replies to server version requests
+    "uptime", -- Report how long server has been running
+    "time", -- Let others know the time here on this server
+    "ping", -- Replies to XMPP pings with pongs
+    -- "register"; -- Allow users to register on this server using a client and change passwords
+    -- "mam"; -- Store messages in an archive and allow users to access it
+    -- "csi_simple"; -- Simple Mobile optimizations
+    -- Admin interfaces
+    "admin_adhoc", -- Allows administration via an XMPP client that supports ad-hoc commands
+    -- "admin_telnet"; -- Opens telnet console interface on localhost port 5582
+
+    -- HTTP modules
+    "bosh" -- Enable BOSH clients, aka "Jabber over HTTP"
+    -- "websocket"; -- XMPP over WebSockets
+    -- "http_files"; -- Serve static files from a directory over HTTP
+
+    -- Other specific functionality
+    -- "groups"; -- Shared roster support
+    -- "server_contact_info"; -- Publish contact information for this service
+    -- "announce"; -- Send announcement to all online users
+    -- "welcome"; -- Welcome users who register accounts
+    -- "watchregistrations"; -- Alert admins of registrations
+    -- "motd"; -- Send a message to users when they log in
+    -- "legacyauth"; -- Legacy authentication. Only used by some old clients and bots.
+    -- "proxy65"; -- Enables a file transfer proxy service which clients behind NAT can use
 }
 
 -- These modules are auto-loaded, but should you want
 -- to disable them then uncomment them here:
 modules_disabled = {
-        -- "offline"; -- Store offline messages
-        -- "c2s"; -- Handle client connections
-        -- "s2s"; -- Handle server-to-server connections
-        -- "posix"; -- POSIX functionality, sends server to background, enables syslog, etc.
+    -- "offline"; -- Store offline messages
+    "c2s" -- Handle client connections
+    -- "s2s"; -- Handle server-to-server connections
+    -- "posix"; -- POSIX functionality, sends server to background, enables syslog, etc.
 }
 
 -- Disable account creation by default, for security
@@ -114,23 +110,16 @@ s2s_secure_auth = false
 -- certificates. They will be authenticated using DNS instead, even
 -- when s2s_secure_auth is enabled.
 
---s2s_insecure_domains = { "insecure.example" }
+-- s2s_insecure_domains = { "insecure.example" }
 
 -- Even if you disable s2s_secure_auth, you can still require valid
 -- certificates for some domains by specifying a list here.
 
---s2s_secure_domains = { "jabber.org" }
+-- s2s_secure_domains = { "jabber.org" }
 
 -- Enable rate limits for incoming client and server connections
 
-limits = {
-  c2s = {
-    rate = "10kb/s";
-  };
-  s2sin = {
-    rate = "30kb/s";
-  };
-}
+limits = {c2s = {rate = "10kb/s"}, s2sin = {rate = "30kb/s"}}
 
 -- Required for init scripts and prosodyctl
 pidfile = "/var/run/prosody/prosody.pid"
@@ -145,13 +134,12 @@ authentication = "internal_hashed"
 -- through modules. An "sql" backend is included by default, but requires
 -- additional dependencies. See https://prosody.im/doc/storage for more info.
 
---storage = "sql" -- Default is "internal"
+-- storage = "sql" -- Default is "internal"
 
 -- For the "sql" backend, you can uncomment *one* of the below to configure:
---sql = { driver = "SQLite3", database = "prosody.sqlite" } -- Default. 'database' is the filename.
---sql = { driver = "MySQL", database = "prosody", username = "prosody", password = "secret", host = "localhost" }
---sql = { driver = "PostgreSQL", database = "prosody", username = "prosody", password = "secret", host = "localhost" }
-
+-- sql = { driver = "SQLite3", database = "prosody.sqlite" } -- Default. 'database' is the filename.
+-- sql = { driver = "MySQL", database = "prosody", username = "prosody", password = "secret", host = "localhost" }
+-- sql = { driver = "PostgreSQL", database = "prosody", username = "prosody", password = "secret", host = "localhost" }
 
 -- Archiving configuration
 -- If mod_mam is enabled, Prosody will store a copy of every message. This
@@ -166,9 +154,7 @@ archive_expires_after = "1w" -- Remove archived messages after 1 week
 
 -- Logging configuration
 -- For advanced logging see https://prosody.im/doc/logging
-log = {
-    {levels = {min = "info"}, to = "console"};
-}
+log = {{levels = {min = "info"}, to = "console"}}
 
 -- Uncomment to enable statistics
 -- For more info see https://prosody.im/doc/statistics
@@ -185,20 +171,20 @@ log = {
 certificates = "certs"
 
 -- HTTPS currently only supports a single certificate, specify it here:
---https_certificate = "/etc/prosody/certs/localhost.crt"
+-- https_certificate = "/etc/prosody/certs/localhost.crt"
 
 ----------- Virtual hosts -----------
 -- You need to add a VirtualHost entry for each domain you wish Prosody to serve.
 -- Settings under each VirtualHost entry apply *only* to that host.
 
 VirtualHost "chat.terminaldweller.com"
-        enabled = true
-        ssl = {
-                key = "/etc/letsencrypt/live/chat.terminaldweller.com/privkey.pem";
-                certificate = "/etc/letsencrypt/live/chat.terminaldweller.com/fullchain.pem";
-                }
+enabled = true
+ssl = {
+    key = "/etc/letsencrypt/live/chat.terminaldweller.com/privkey.pem",
+    certificate = "/etc/letsencrypt/live/chat.terminaldweller.com/fullchain.pem"
+}
 
---VirtualHost "example.com"
+-- VirtualHost "example.com"
 --      certificate = "/path/to/example.crt"
 
 ------ Components ------
@@ -208,9 +194,9 @@ VirtualHost "chat.terminaldweller.com"
 
 ---Set up a MUC (multi-user chat) room server on conference.example.com:
 Component "conference.chat.terminaldweller.com" "muc"
-        restrict_room_creationi = "admin"
+restrict_room_creationi = "admin"
 --- Store MUC messages in an archive and allow users to access it
---modules_enabled = { "muc_mam" }
+-- modules_enabled = { "muc_mam" }
 
 ---Set up an external component (default component port is 5347)
 --
@@ -218,5 +204,5 @@ Component "conference.chat.terminaldweller.com" "muc"
 -- transports to other networks like ICQ, MSN and Yahoo. For more info
 -- see: https://prosody.im/doc/components#adding_an_external_component
 --
---Component "gateway.example.com"
+-- Component "gateway.example.com"
 --      component_secret = "password"
diff --git a/terminaldweller.com/searxng/Caddyfile b/terminaldweller.com/searxng/Caddyfile
index be88221..7f16a1d 100644
--- a/terminaldweller.com/searxng/Caddyfile
+++ b/terminaldweller.com/searxng/Caddyfile
@@ -1,6 +1,7 @@
 {
   admin off
   https_port 8081
+  http_port 8082
 }
 
 {$SEARXNG_HOSTNAME} {