diff options
author | terminaldweller <thabogre@gmail.com> | 2022-07-06 14:54:38 +0000 |
---|---|---|
committer | terminaldweller <thabogre@gmail.com> | 2022-07-07 07:48:40 +0000 |
commit | ca6ee0f19a3bf1c31698505ecbdb48f06fb575bb (patch) | |
tree | 31c750c71bcfb3174288ee760e56c39e74a043f5 /terminaldweller.com | |
parent | searxng (diff) | |
download | scripts-ca6ee0f19a3bf1c31698505ecbdb48f06fb575bb.tar.gz scripts-ca6ee0f19a3bf1c31698505ecbdb48f06fb575bb.zip |
updated haproxy
updates
Diffstat (limited to 'terminaldweller.com')
-rw-r--r-- | terminaldweller.com/haproxy/haproxy.cfg | 47 | ||||
-rw-r--r-- | terminaldweller.com/prosody/config/prosody.cfg.lua | 142 | ||||
-rw-r--r-- | terminaldweller.com/searxng/Caddyfile | 1 |
3 files changed, 89 insertions, 101 deletions
diff --git a/terminaldweller.com/haproxy/haproxy.cfg b/terminaldweller.com/haproxy/haproxy.cfg index dcc7714..ddc8b82 100644 --- a/terminaldweller.com/haproxy/haproxy.cfg +++ b/terminaldweller.com/haproxy/haproxy.cfg @@ -50,11 +50,11 @@ frontend http #this will prevent any letsencrypt cert challenges from working #http-request redirect scheme https if http http-request redirect scheme https code 301 if http blog-host !letsencrypt-acl - http-request redirect scheme https code 301 if http editor-host - http-request redirect scheme https code 301 if http editorsave-host - http-request redirect scheme https code 301 if http api-host - http-request redirect scheme https code 301 if http devourer-host - #http-request redirect scheme https code 301 if http searx-host !letsencrypt-acl + http-request redirect scheme https code 301 if http editor-host !letsencrypt-acl + http-request redirect scheme https code 301 if http editorsave-host !letsencrypt-acl + http-request redirect scheme https code 301 if http api-host !letsencrypt-acl + http-request redirect scheme https code 301 if http devourer-host !letsencrypt-acl + http-request redirect scheme https code 301 if http searx-host !letsencrypt-acl #Conditions #use_backend chat-cert-backend if letsencrypt-acl chat-host @@ -84,7 +84,7 @@ frontend https tcp-request content reject #ACLs acl mail-host-s req.ssl_sni -i mail.terminaldweller.com - #acl chat-host-s req.ssl_sni -i chat.terminaldweller.com + acl chat-host-s req.ssl_sni -i chat.terminaldweller.com acl blog-host-s req.ssl_sni -i blog.terminaldweller.com acl api-host-s req.ssl_sni -i api.terminaldweller.com acl mila-api-host-s req.ssl_sni -i mila.terminaldweller.com @@ -105,10 +105,10 @@ frontend https use_backend editor-backend-s if editor-host-s use_backend editorsave-backend-s if editorsave-host-s -frontend jabber5222 - bind *:5222 - mode tcp - use_backend chat-backend-c2s +#frontend jabber5222 +# bind *:5222 +# mode tcp +# use_backend chat-backend-c2s #frontend jabber5222 # bind *:5222 # timeout client 60s @@ -118,11 +118,11 @@ frontend jabber5222 # tcp-request content reject # acl chat-host-s req.ssl_sni -i chat.terminaldweller.com # use_backend chat-backend-c2s if chat-host-s -#frontend jabbber5222 -# bind *:5280 -# mode http -# acl chat-host hdr_sub(host) -i chat.terminaldweller.com -# use_backend chat-backend if chat-host +frontend jabbber5222 + bind *:5222 + mode http + acl chat-host hdr_sub(host) -i chat.terminaldweller.com + use_backend chat-backend-c2s if chat-host frontend jabber5280 bind *:5280 mode http @@ -279,20 +279,21 @@ backend api-mila-backend-cert backend chat-backend-admin mode http server chat-host 130.185.121.80:5280 -backend chat-backend - mode http - server chat-host 130.185.121.80:5222 +#backend chat-backend +# mode http +# server chat-host 130.185.121.80:5222 backend chat-backend-s mode tcp option ssl-hello-chk server chat-host 130.185.121.80:5443 backend chat-backend-c2s - mode tcp - #option ssl-hello-chk - server chat-host 130.185.121.80:5222 -backend chat-cert-backend + #mode tcp mode http - server chat-cert-server 130.185.121.80:8880 + option forwardfor + server chat-host 130.185.121.80:5222 +#backend chat-cert-backend +# mode http +# server chat-cert-server 130.185.121.80:8880 backend searx-backend-cert mode http diff --git a/terminaldweller.com/prosody/config/prosody.cfg.lua b/terminaldweller.com/prosody/config/prosody.cfg.lua index d2c5e7d..ba67de7 100644 --- a/terminaldweller.com/prosody/config/prosody.cfg.lua +++ b/terminaldweller.com/prosody/config/prosody.cfg.lua @@ -12,7 +12,6 @@ daemonize = false; -- -- Good luck, and happy Jabbering! - ---------- Server-wide settings ---------- -- Settings in this section apply to the whole server and are the default settings -- for any virtual hosts @@ -25,70 +24,67 @@ admins = {"devi@chat.terminaldweller.com"} -- Enable use of libevent for better performance under high load -- For more information see: https://prosody.im/doc/libevent ---use_libevent = true +-- use_libevent = true -- Prosody will always look in its source directory for modules, but -- this option allows you to specify additional locations where Prosody -- will look for modules first. For community modules, see https://modules.prosody.im/ ---plugin_paths = {} +-- plugin_paths = {} -- This is the list of modules Prosody will load on startup. -- It looks for mod_modulename.lua in the plugins folder, so make sure that exists too. -- Documentation for bundled modules can be found at: https://prosody.im/doc/modules modules_enabled = { - -- Generally required - "roster"; -- Allow users to have a roster. Recommended ;) - "saslauth"; -- Authentication for clients and servers. Recommended if you want to log in. - "tls"; -- Add support for secure TLS on c2s/s2s connections - "dialback"; -- s2s dialback support - "disco"; -- Service discovery - - -- Not essential, but recommended - "carbons"; -- Keep multiple clients in sync - "pep"; -- Enables users to publish their avatar, mood, activity, playing music and more - "private"; -- Private XML storage (for room bookmarks, etc.) - "blocklist"; -- Allow users to block communications with other users - "vcard4"; -- User profiles (stored in PEP) - "vcard_legacy"; -- Conversion between legacy vCard and PEP Avatar, vcard - "limits"; -- Enable bandwidth limiting for XMPP connections - - -- Nice to have - "version"; -- Replies to server version requests - "uptime"; -- Report how long server has been running - "time"; -- Let others know the time here on this server - "ping"; -- Replies to XMPP pings with pongs - --"register"; -- Allow users to register on this server using a client and change passwords - --"mam"; -- Store messages in an archive and allow users to access it - --"csi_simple"; -- Simple Mobile optimizations - - -- Admin interfaces - "admin_adhoc"; -- Allows administration via an XMPP client that supports ad-hoc commands - --"admin_telnet"; -- Opens telnet console interface on localhost port 5582 - - -- HTTP modules - "bosh"; -- Enable BOSH clients, aka "Jabber over HTTP" - --"websocket"; -- XMPP over WebSockets - --"http_files"; -- Serve static files from a directory over HTTP - - -- Other specific functionality - --"groups"; -- Shared roster support - --"server_contact_info"; -- Publish contact information for this service - --"announce"; -- Send announcement to all online users - --"welcome"; -- Welcome users who register accounts - --"watchregistrations"; -- Alert admins of registrations - --"motd"; -- Send a message to users when they log in - --"legacyauth"; -- Legacy authentication. Only used by some old clients and bots. - --"proxy65"; -- Enables a file transfer proxy service which clients behind NAT can use + -- Generally required + "roster", -- Allow users to have a roster. Recommended ;) + "saslauth", -- Authentication for clients and servers. Recommended if you want to log in. + "tls", -- Add support for secure TLS on c2s/s2s connections + "dialback", -- s2s dialback support + "disco", -- Service discovery + -- Not essential, but recommended + "carbons", -- Keep multiple clients in sync + "pep", -- Enables users to publish their avatar, mood, activity, playing music and more + "private", -- Private XML storage (for room bookmarks, etc.) + "blocklist", -- Allow users to block communications with other users + "vcard4", -- User profiles (stored in PEP) + "vcard_legacy", -- Conversion between legacy vCard and PEP Avatar, vcard + "limits", -- Enable bandwidth limiting for XMPP connections + -- Nice to have + "version", -- Replies to server version requests + "uptime", -- Report how long server has been running + "time", -- Let others know the time here on this server + "ping", -- Replies to XMPP pings with pongs + -- "register"; -- Allow users to register on this server using a client and change passwords + -- "mam"; -- Store messages in an archive and allow users to access it + -- "csi_simple"; -- Simple Mobile optimizations + -- Admin interfaces + "admin_adhoc", -- Allows administration via an XMPP client that supports ad-hoc commands + -- "admin_telnet"; -- Opens telnet console interface on localhost port 5582 + + -- HTTP modules + "bosh" -- Enable BOSH clients, aka "Jabber over HTTP" + -- "websocket"; -- XMPP over WebSockets + -- "http_files"; -- Serve static files from a directory over HTTP + + -- Other specific functionality + -- "groups"; -- Shared roster support + -- "server_contact_info"; -- Publish contact information for this service + -- "announce"; -- Send announcement to all online users + -- "welcome"; -- Welcome users who register accounts + -- "watchregistrations"; -- Alert admins of registrations + -- "motd"; -- Send a message to users when they log in + -- "legacyauth"; -- Legacy authentication. Only used by some old clients and bots. + -- "proxy65"; -- Enables a file transfer proxy service which clients behind NAT can use } -- These modules are auto-loaded, but should you want -- to disable them then uncomment them here: modules_disabled = { - -- "offline"; -- Store offline messages - -- "c2s"; -- Handle client connections - -- "s2s"; -- Handle server-to-server connections - -- "posix"; -- POSIX functionality, sends server to background, enables syslog, etc. + -- "offline"; -- Store offline messages + "c2s" -- Handle client connections + -- "s2s"; -- Handle server-to-server connections + -- "posix"; -- POSIX functionality, sends server to background, enables syslog, etc. } -- Disable account creation by default, for security @@ -114,23 +110,16 @@ s2s_secure_auth = false -- certificates. They will be authenticated using DNS instead, even -- when s2s_secure_auth is enabled. ---s2s_insecure_domains = { "insecure.example" } +-- s2s_insecure_domains = { "insecure.example" } -- Even if you disable s2s_secure_auth, you can still require valid -- certificates for some domains by specifying a list here. ---s2s_secure_domains = { "jabber.org" } +-- s2s_secure_domains = { "jabber.org" } -- Enable rate limits for incoming client and server connections -limits = { - c2s = { - rate = "10kb/s"; - }; - s2sin = { - rate = "30kb/s"; - }; -} +limits = {c2s = {rate = "10kb/s"}, s2sin = {rate = "30kb/s"}} -- Required for init scripts and prosodyctl pidfile = "/var/run/prosody/prosody.pid" @@ -145,13 +134,12 @@ authentication = "internal_hashed" -- through modules. An "sql" backend is included by default, but requires -- additional dependencies. See https://prosody.im/doc/storage for more info. ---storage = "sql" -- Default is "internal" +-- storage = "sql" -- Default is "internal" -- For the "sql" backend, you can uncomment *one* of the below to configure: ---sql = { driver = "SQLite3", database = "prosody.sqlite" } -- Default. 'database' is the filename. ---sql = { driver = "MySQL", database = "prosody", username = "prosody", password = "secret", host = "localhost" } ---sql = { driver = "PostgreSQL", database = "prosody", username = "prosody", password = "secret", host = "localhost" } - +-- sql = { driver = "SQLite3", database = "prosody.sqlite" } -- Default. 'database' is the filename. +-- sql = { driver = "MySQL", database = "prosody", username = "prosody", password = "secret", host = "localhost" } +-- sql = { driver = "PostgreSQL", database = "prosody", username = "prosody", password = "secret", host = "localhost" } -- Archiving configuration -- If mod_mam is enabled, Prosody will store a copy of every message. This @@ -166,9 +154,7 @@ archive_expires_after = "1w" -- Remove archived messages after 1 week -- Logging configuration -- For advanced logging see https://prosody.im/doc/logging -log = { - {levels = {min = "info"}, to = "console"}; -} +log = {{levels = {min = "info"}, to = "console"}} -- Uncomment to enable statistics -- For more info see https://prosody.im/doc/statistics @@ -185,20 +171,20 @@ log = { certificates = "certs" -- HTTPS currently only supports a single certificate, specify it here: ---https_certificate = "/etc/prosody/certs/localhost.crt" +-- https_certificate = "/etc/prosody/certs/localhost.crt" ----------- Virtual hosts ----------- -- You need to add a VirtualHost entry for each domain you wish Prosody to serve. -- Settings under each VirtualHost entry apply *only* to that host. VirtualHost "chat.terminaldweller.com" - enabled = true - ssl = { - key = "/etc/letsencrypt/live/chat.terminaldweller.com/privkey.pem"; - certificate = "/etc/letsencrypt/live/chat.terminaldweller.com/fullchain.pem"; - } +enabled = true +ssl = { + key = "/etc/letsencrypt/live/chat.terminaldweller.com/privkey.pem", + certificate = "/etc/letsencrypt/live/chat.terminaldweller.com/fullchain.pem" +} ---VirtualHost "example.com" +-- VirtualHost "example.com" -- certificate = "/path/to/example.crt" ------ Components ------ @@ -208,9 +194,9 @@ VirtualHost "chat.terminaldweller.com" ---Set up a MUC (multi-user chat) room server on conference.example.com: Component "conference.chat.terminaldweller.com" "muc" - restrict_room_creationi = "admin" +restrict_room_creationi = "admin" --- Store MUC messages in an archive and allow users to access it ---modules_enabled = { "muc_mam" } +-- modules_enabled = { "muc_mam" } ---Set up an external component (default component port is 5347) -- @@ -218,5 +204,5 @@ Component "conference.chat.terminaldweller.com" "muc" -- transports to other networks like ICQ, MSN and Yahoo. For more info -- see: https://prosody.im/doc/components#adding_an_external_component -- ---Component "gateway.example.com" +-- Component "gateway.example.com" -- component_secret = "password" diff --git a/terminaldweller.com/searxng/Caddyfile b/terminaldweller.com/searxng/Caddyfile index be88221..7f16a1d 100644 --- a/terminaldweller.com/searxng/Caddyfile +++ b/terminaldweller.com/searxng/Caddyfile @@ -1,6 +1,7 @@ { admin off https_port 8081 + http_port 8082 } {$SEARXNG_HOSTNAME} { |