aboutsummaryrefslogtreecommitdiffstats
path: root/terminaldweller.com
diff options
context:
space:
mode:
authorterminaldweller <thabogre@gmail.com>2022-07-06 14:54:38 +0000
committerterminaldweller <thabogre@gmail.com>2022-07-07 07:48:40 +0000
commitca6ee0f19a3bf1c31698505ecbdb48f06fb575bb (patch)
tree31c750c71bcfb3174288ee760e56c39e74a043f5 /terminaldweller.com
parentsearxng (diff)
downloadscripts-ca6ee0f19a3bf1c31698505ecbdb48f06fb575bb.tar.gz
scripts-ca6ee0f19a3bf1c31698505ecbdb48f06fb575bb.zip
updated haproxy
updates
Diffstat (limited to 'terminaldweller.com')
-rw-r--r--terminaldweller.com/haproxy/haproxy.cfg47
-rw-r--r--terminaldweller.com/prosody/config/prosody.cfg.lua142
-rw-r--r--terminaldweller.com/searxng/Caddyfile1
3 files changed, 89 insertions, 101 deletions
diff --git a/terminaldweller.com/haproxy/haproxy.cfg b/terminaldweller.com/haproxy/haproxy.cfg
index dcc7714..ddc8b82 100644
--- a/terminaldweller.com/haproxy/haproxy.cfg
+++ b/terminaldweller.com/haproxy/haproxy.cfg
@@ -50,11 +50,11 @@ frontend http
#this will prevent any letsencrypt cert challenges from working
#http-request redirect scheme https if http
http-request redirect scheme https code 301 if http blog-host !letsencrypt-acl
- http-request redirect scheme https code 301 if http editor-host
- http-request redirect scheme https code 301 if http editorsave-host
- http-request redirect scheme https code 301 if http api-host
- http-request redirect scheme https code 301 if http devourer-host
- #http-request redirect scheme https code 301 if http searx-host !letsencrypt-acl
+ http-request redirect scheme https code 301 if http editor-host !letsencrypt-acl
+ http-request redirect scheme https code 301 if http editorsave-host !letsencrypt-acl
+ http-request redirect scheme https code 301 if http api-host !letsencrypt-acl
+ http-request redirect scheme https code 301 if http devourer-host !letsencrypt-acl
+ http-request redirect scheme https code 301 if http searx-host !letsencrypt-acl
#Conditions
#use_backend chat-cert-backend if letsencrypt-acl chat-host
@@ -84,7 +84,7 @@ frontend https
tcp-request content reject
#ACLs
acl mail-host-s req.ssl_sni -i mail.terminaldweller.com
- #acl chat-host-s req.ssl_sni -i chat.terminaldweller.com
+ acl chat-host-s req.ssl_sni -i chat.terminaldweller.com
acl blog-host-s req.ssl_sni -i blog.terminaldweller.com
acl api-host-s req.ssl_sni -i api.terminaldweller.com
acl mila-api-host-s req.ssl_sni -i mila.terminaldweller.com
@@ -105,10 +105,10 @@ frontend https
use_backend editor-backend-s if editor-host-s
use_backend editorsave-backend-s if editorsave-host-s
-frontend jabber5222
- bind *:5222
- mode tcp
- use_backend chat-backend-c2s
+#frontend jabber5222
+# bind *:5222
+# mode tcp
+# use_backend chat-backend-c2s
#frontend jabber5222
# bind *:5222
# timeout client 60s
@@ -118,11 +118,11 @@ frontend jabber5222
# tcp-request content reject
# acl chat-host-s req.ssl_sni -i chat.terminaldweller.com
# use_backend chat-backend-c2s if chat-host-s
-#frontend jabbber5222
-# bind *:5280
-# mode http
-# acl chat-host hdr_sub(host) -i chat.terminaldweller.com
-# use_backend chat-backend if chat-host
+frontend jabbber5222
+ bind *:5222
+ mode http
+ acl chat-host hdr_sub(host) -i chat.terminaldweller.com
+ use_backend chat-backend-c2s if chat-host
frontend jabber5280
bind *:5280
mode http
@@ -279,20 +279,21 @@ backend api-mila-backend-cert
backend chat-backend-admin
mode http
server chat-host 130.185.121.80:5280
-backend chat-backend
- mode http
- server chat-host 130.185.121.80:5222
+#backend chat-backend
+# mode http
+# server chat-host 130.185.121.80:5222
backend chat-backend-s
mode tcp
option ssl-hello-chk
server chat-host 130.185.121.80:5443
backend chat-backend-c2s
- mode tcp
- #option ssl-hello-chk
- server chat-host 130.185.121.80:5222
-backend chat-cert-backend
+ #mode tcp
mode http
- server chat-cert-server 130.185.121.80:8880
+ option forwardfor
+ server chat-host 130.185.121.80:5222
+#backend chat-cert-backend
+# mode http
+# server chat-cert-server 130.185.121.80:8880
backend searx-backend-cert
mode http
diff --git a/terminaldweller.com/prosody/config/prosody.cfg.lua b/terminaldweller.com/prosody/config/prosody.cfg.lua
index d2c5e7d..ba67de7 100644
--- a/terminaldweller.com/prosody/config/prosody.cfg.lua
+++ b/terminaldweller.com/prosody/config/prosody.cfg.lua
@@ -12,7 +12,6 @@ daemonize = false;
--
-- Good luck, and happy Jabbering!
-
---------- Server-wide settings ----------
-- Settings in this section apply to the whole server and are the default settings
-- for any virtual hosts
@@ -25,70 +24,67 @@ admins = {"devi@chat.terminaldweller.com"}
-- Enable use of libevent for better performance under high load
-- For more information see: https://prosody.im/doc/libevent
---use_libevent = true
+-- use_libevent = true
-- Prosody will always look in its source directory for modules, but
-- this option allows you to specify additional locations where Prosody
-- will look for modules first. For community modules, see https://modules.prosody.im/
---plugin_paths = {}
+-- plugin_paths = {}
-- This is the list of modules Prosody will load on startup.
-- It looks for mod_modulename.lua in the plugins folder, so make sure that exists too.
-- Documentation for bundled modules can be found at: https://prosody.im/doc/modules
modules_enabled = {
- -- Generally required
- "roster"; -- Allow users to have a roster. Recommended ;)
- "saslauth"; -- Authentication for clients and servers. Recommended if you want to log in.
- "tls"; -- Add support for secure TLS on c2s/s2s connections
- "dialback"; -- s2s dialback support
- "disco"; -- Service discovery
-
- -- Not essential, but recommended
- "carbons"; -- Keep multiple clients in sync
- "pep"; -- Enables users to publish their avatar, mood, activity, playing music and more
- "private"; -- Private XML storage (for room bookmarks, etc.)
- "blocklist"; -- Allow users to block communications with other users
- "vcard4"; -- User profiles (stored in PEP)
- "vcard_legacy"; -- Conversion between legacy vCard and PEP Avatar, vcard
- "limits"; -- Enable bandwidth limiting for XMPP connections
-
- -- Nice to have
- "version"; -- Replies to server version requests
- "uptime"; -- Report how long server has been running
- "time"; -- Let others know the time here on this server
- "ping"; -- Replies to XMPP pings with pongs
- --"register"; -- Allow users to register on this server using a client and change passwords
- --"mam"; -- Store messages in an archive and allow users to access it
- --"csi_simple"; -- Simple Mobile optimizations
-
- -- Admin interfaces
- "admin_adhoc"; -- Allows administration via an XMPP client that supports ad-hoc commands
- --"admin_telnet"; -- Opens telnet console interface on localhost port 5582
-
- -- HTTP modules
- "bosh"; -- Enable BOSH clients, aka "Jabber over HTTP"
- --"websocket"; -- XMPP over WebSockets
- --"http_files"; -- Serve static files from a directory over HTTP
-
- -- Other specific functionality
- --"groups"; -- Shared roster support
- --"server_contact_info"; -- Publish contact information for this service
- --"announce"; -- Send announcement to all online users
- --"welcome"; -- Welcome users who register accounts
- --"watchregistrations"; -- Alert admins of registrations
- --"motd"; -- Send a message to users when they log in
- --"legacyauth"; -- Legacy authentication. Only used by some old clients and bots.
- --"proxy65"; -- Enables a file transfer proxy service which clients behind NAT can use
+ -- Generally required
+ "roster", -- Allow users to have a roster. Recommended ;)
+ "saslauth", -- Authentication for clients and servers. Recommended if you want to log in.
+ "tls", -- Add support for secure TLS on c2s/s2s connections
+ "dialback", -- s2s dialback support
+ "disco", -- Service discovery
+ -- Not essential, but recommended
+ "carbons", -- Keep multiple clients in sync
+ "pep", -- Enables users to publish their avatar, mood, activity, playing music and more
+ "private", -- Private XML storage (for room bookmarks, etc.)
+ "blocklist", -- Allow users to block communications with other users
+ "vcard4", -- User profiles (stored in PEP)
+ "vcard_legacy", -- Conversion between legacy vCard and PEP Avatar, vcard
+ "limits", -- Enable bandwidth limiting for XMPP connections
+ -- Nice to have
+ "version", -- Replies to server version requests
+ "uptime", -- Report how long server has been running
+ "time", -- Let others know the time here on this server
+ "ping", -- Replies to XMPP pings with pongs
+ -- "register"; -- Allow users to register on this server using a client and change passwords
+ -- "mam"; -- Store messages in an archive and allow users to access it
+ -- "csi_simple"; -- Simple Mobile optimizations
+ -- Admin interfaces
+ "admin_adhoc", -- Allows administration via an XMPP client that supports ad-hoc commands
+ -- "admin_telnet"; -- Opens telnet console interface on localhost port 5582
+
+ -- HTTP modules
+ "bosh" -- Enable BOSH clients, aka "Jabber over HTTP"
+ -- "websocket"; -- XMPP over WebSockets
+ -- "http_files"; -- Serve static files from a directory over HTTP
+
+ -- Other specific functionality
+ -- "groups"; -- Shared roster support
+ -- "server_contact_info"; -- Publish contact information for this service
+ -- "announce"; -- Send announcement to all online users
+ -- "welcome"; -- Welcome users who register accounts
+ -- "watchregistrations"; -- Alert admins of registrations
+ -- "motd"; -- Send a message to users when they log in
+ -- "legacyauth"; -- Legacy authentication. Only used by some old clients and bots.
+ -- "proxy65"; -- Enables a file transfer proxy service which clients behind NAT can use
}
-- These modules are auto-loaded, but should you want
-- to disable them then uncomment them here:
modules_disabled = {
- -- "offline"; -- Store offline messages
- -- "c2s"; -- Handle client connections
- -- "s2s"; -- Handle server-to-server connections
- -- "posix"; -- POSIX functionality, sends server to background, enables syslog, etc.
+ -- "offline"; -- Store offline messages
+ "c2s" -- Handle client connections
+ -- "s2s"; -- Handle server-to-server connections
+ -- "posix"; -- POSIX functionality, sends server to background, enables syslog, etc.
}
-- Disable account creation by default, for security
@@ -114,23 +110,16 @@ s2s_secure_auth = false
-- certificates. They will be authenticated using DNS instead, even
-- when s2s_secure_auth is enabled.
---s2s_insecure_domains = { "insecure.example" }
+-- s2s_insecure_domains = { "insecure.example" }
-- Even if you disable s2s_secure_auth, you can still require valid
-- certificates for some domains by specifying a list here.
---s2s_secure_domains = { "jabber.org" }
+-- s2s_secure_domains = { "jabber.org" }
-- Enable rate limits for incoming client and server connections
-limits = {
- c2s = {
- rate = "10kb/s";
- };
- s2sin = {
- rate = "30kb/s";
- };
-}
+limits = {c2s = {rate = "10kb/s"}, s2sin = {rate = "30kb/s"}}
-- Required for init scripts and prosodyctl
pidfile = "/var/run/prosody/prosody.pid"
@@ -145,13 +134,12 @@ authentication = "internal_hashed"
-- through modules. An "sql" backend is included by default, but requires
-- additional dependencies. See https://prosody.im/doc/storage for more info.
---storage = "sql" -- Default is "internal"
+-- storage = "sql" -- Default is "internal"
-- For the "sql" backend, you can uncomment *one* of the below to configure:
---sql = { driver = "SQLite3", database = "prosody.sqlite" } -- Default. 'database' is the filename.
---sql = { driver = "MySQL", database = "prosody", username = "prosody", password = "secret", host = "localhost" }
---sql = { driver = "PostgreSQL", database = "prosody", username = "prosody", password = "secret", host = "localhost" }
-
+-- sql = { driver = "SQLite3", database = "prosody.sqlite" } -- Default. 'database' is the filename.
+-- sql = { driver = "MySQL", database = "prosody", username = "prosody", password = "secret", host = "localhost" }
+-- sql = { driver = "PostgreSQL", database = "prosody", username = "prosody", password = "secret", host = "localhost" }
-- Archiving configuration
-- If mod_mam is enabled, Prosody will store a copy of every message. This
@@ -166,9 +154,7 @@ archive_expires_after = "1w" -- Remove archived messages after 1 week
-- Logging configuration
-- For advanced logging see https://prosody.im/doc/logging
-log = {
- {levels = {min = "info"}, to = "console"};
-}
+log = {{levels = {min = "info"}, to = "console"}}
-- Uncomment to enable statistics
-- For more info see https://prosody.im/doc/statistics
@@ -185,20 +171,20 @@ log = {
certificates = "certs"
-- HTTPS currently only supports a single certificate, specify it here:
---https_certificate = "/etc/prosody/certs/localhost.crt"
+-- https_certificate = "/etc/prosody/certs/localhost.crt"
----------- Virtual hosts -----------
-- You need to add a VirtualHost entry for each domain you wish Prosody to serve.
-- Settings under each VirtualHost entry apply *only* to that host.
VirtualHost "chat.terminaldweller.com"
- enabled = true
- ssl = {
- key = "/etc/letsencrypt/live/chat.terminaldweller.com/privkey.pem";
- certificate = "/etc/letsencrypt/live/chat.terminaldweller.com/fullchain.pem";
- }
+enabled = true
+ssl = {
+ key = "/etc/letsencrypt/live/chat.terminaldweller.com/privkey.pem",
+ certificate = "/etc/letsencrypt/live/chat.terminaldweller.com/fullchain.pem"
+}
---VirtualHost "example.com"
+-- VirtualHost "example.com"
-- certificate = "/path/to/example.crt"
------ Components ------
@@ -208,9 +194,9 @@ VirtualHost "chat.terminaldweller.com"
---Set up a MUC (multi-user chat) room server on conference.example.com:
Component "conference.chat.terminaldweller.com" "muc"
- restrict_room_creationi = "admin"
+restrict_room_creationi = "admin"
--- Store MUC messages in an archive and allow users to access it
---modules_enabled = { "muc_mam" }
+-- modules_enabled = { "muc_mam" }
---Set up an external component (default component port is 5347)
--
@@ -218,5 +204,5 @@ Component "conference.chat.terminaldweller.com" "muc"
-- transports to other networks like ICQ, MSN and Yahoo. For more info
-- see: https://prosody.im/doc/components#adding_an_external_component
--
---Component "gateway.example.com"
+-- Component "gateway.example.com"
-- component_secret = "password"
diff --git a/terminaldweller.com/searxng/Caddyfile b/terminaldweller.com/searxng/Caddyfile
index be88221..7f16a1d 100644
--- a/terminaldweller.com/searxng/Caddyfile
+++ b/terminaldweller.com/searxng/Caddyfile
@@ -1,6 +1,7 @@
{
admin off
https_port 8081
+ http_port 8082
}
{$SEARXNG_HOSTNAME} {