diff options
| -rw-r--r-- | terminaldweller.com/haproxy/haproxy.cfg | 71 |
1 files changed, 35 insertions, 36 deletions
diff --git a/terminaldweller.com/haproxy/haproxy.cfg b/terminaldweller.com/haproxy/haproxy.cfg index 1ca1467..2063483 100644 --- a/terminaldweller.com/haproxy/haproxy.cfg +++ b/terminaldweller.com/haproxy/haproxy.cfg @@ -1,19 +1,32 @@ global + maxconn 256 log 127.0.0.1 local0 ssl-default-bind-ciphers kEECDH+aRSA+AES:kRSA+AES:+AES256:RC4-SHA:!kEDH:!LOW:!EXP:!MD5:!aNULL:!eNULL ssl-default-bind-options no-sslv3 defaults + log global timeout connect 5000ms timeout client 50000ms timeout server 50000ms mode tcp option tcplog option dontlognull + retries 3 + timeout http-request 5000ms + timeout http-keep-alive 2000ms + timeout queue 5000ms + timeout tunnel 60000ms + timeout client-fin 1000ms + timeout server-fin 1000ms resolvers docker_resolver - nameserver dns 127.0.0.11:53 - + nameserver dns-0 127.0.0.11:53 + hold valid 10000ms + resolve_retries 3 + timeout retry 1000ms + timeout resolve 1000ms + #Frontends frontend http bind *:80 @@ -25,22 +38,25 @@ frontend http acl api-host hdr_sub(host) -i api.terminaldweller.com acl chat-host hdr_sub(host) -i chat.terminaldweller.com acl searx-host hdr_sub(host) -i searx.terminaldweller.com + acl editor-host hdr_sub(host) -i editor.terminaldweller.com acl mila-api-acl url_beg /mila acl crypto-api-acl url_beg /crypto acl http ssl_fc,not #Conditions + #this will prevent any letsencrypt cert challenges from working + http-request redirect scheme https if http #use_backend chat-cert-backend if letsencrypt-acl chat-host use_backend blog-backend-cert if letsencrypt-acl blog-host use_backend api-crypto-backend-cert if letsencrypt-acl api-host use_backend api-mila-backend-cert if letsencrypt-acl api-host use_backend searx-backend-cert if letsencrypt-acl searx-host +# use_backend editor-backend-cert if letsencrypt-acl editor-host use_backend certbot-backend if letsencrypt-acl !chat-host !blog-host !api-host use_backend blog-backend if blog-host use_backend mail-backend if mail-host use_backend api-backend if api-host use_backend searx-backend if searx-host #use_backend chat-backend if chat-host - http-request redirect scheme https if http default_backend blog-backend frontend https @@ -58,6 +74,7 @@ frontend https acl mila-api-host-s req.ssl_sni -i mila.terminaldweller.com acl searx-host-s req.ssl_sni -i searx.terminaldweller.com acl cargo-host-s req.ssl_sni -i cargo.terminaldweller.com + acl editor-host-s req.ssl_sni -i editor.terminaldweller.com #Conditions use_backend mail-backend-s if mail-host-s #use_backend chat-backend-s if chat-host-s @@ -65,8 +82,9 @@ frontend https #use_backend api-crypto-backend-s if api-host-s crypto-api-acl use_backend api-crypto-backend-s if api-host-s use_backend api-mila-backend-s if mila-api-host-s - use_backend searx-backend-s if searx-host-s + #use_backend searx-backend-s if searx-host-s use_backend cargo-backend-s if cargo-host-s + use_backend editor-backend-s if editor-host-s frontend jabber5222 bind *:5222 @@ -146,7 +164,9 @@ frontend mail-submission tcp-request content accept if { req.ssl_hello_type 1 } tcp-request content reject acl mail-host-s req.ssl_sni -i mail.terminaldweller.com + acl mail-host-ss req.ssl_sni -i terminaldweller.com use_backend mail-backend-submission if mail-host-s + use_backend mail-backend-submission if mail-host-ss #Backends backend certbot-backend @@ -162,8 +182,6 @@ backend blog-backend-cert option forwardfor server blog-host 192.99.102.52:80 backend blog-backend-s - timeout server 60s - timeout client 60s mode tcp option ssl-hello-chk server blog-host 192.99.102.52:9000 check @@ -173,8 +191,6 @@ backend mail-backend option forwardfor server mail-host 185.126.202.69:80 backend mail-backend-s - timeout server 60s - timeout client 60s mode tcp option ssl-hello-chk server mail-host 185.126.202.69:443 check @@ -183,36 +199,26 @@ backend mail-backend-imap option forwardfor server mail-host 185.126.202.69:143 check backend mail-backend-imaps - timeout server 60s - timeout client 60s mode tcp - option ssl-hello-chk +#option ssl-hello-chk server mail-host 185.126.202.69:993 check backend mail-backend-pop3 mode http option forwardfor server mail-host 185.126.202.69:110 check backend mail-backend-pop3s - timeout server 60s - timeout client 60s mode tcp - option ssl-hello-chk +#option ssl-hello-chk server mail-host 185.126.202.69:995 check backend mail-backend-smtp - timeout server 60s - timeout client 60s mode tcp - option ssl-hello-chk +#option ssl-hello-chk server mail-host 185.126.202.69:25 check backend mail-backend-smtps - timeout server 60s - timeout client 60s mode tcp option ssl-hello-chk server mail-host 185.126.202.69:465 check backend mail-backend-submission - timeout server 60s - timeout client 60s mode tcp option ssl-hello-chk server mail-host 185.126.202.69:587 @@ -222,8 +228,6 @@ backend api-backend option forwardfor server api-host 192.99.102.52:8008 check backend api-crypto-backend-s - timeout server 60s - timeout client 60s mode tcp option ssl-hello-chk server api-host 192.99.102.52:8008 @@ -232,8 +236,6 @@ backend api-crypto-backend-cert option forwardfor server api-host 192.99.102.52:80 backend api-mila-backend-s - timeout server 60s - timeout client 60s mode tcp option ssl-hello-chk server api-mila-host 130.185.121.80:19019 @@ -244,16 +246,12 @@ backend api-mila-backend-cert backend chat-backend-admin mode http - server chat-host 130.185.121.80:5280 check + server chat-host 130.185.121.80:5280 backend chat-backend-s - timeout server 60s - timeout client 60s mode tcp option ssl-hello-chk server chat-host 130.185.121.80:5443 backend chat-backend-c2s - timeout server 60s - timeout client 60s mode tcp option ssl-hello-chk server chat-host 130.185.121.80:5222 @@ -266,17 +264,18 @@ backend searx-backend-cert server searx-host-cert 130.185.121.80:80 backend searx-backend mode http - server searx-host 130.185.121.80:8088 + server searx-host 130.185.121.80:4040 backend searx-backend-s - timeout server 60s - timeout client 60s mode tcp option ssl-hello-chk - server searx-host-s 130.185.121.80:8089 + server searx-host-s 130.185.121.80:4040 backend cargo-backend-s - timeout server 60s - timeout client 60s mode tcp option ssl-hello-chk server cargo-host-s 130.185.121.80:7777 + +backend editor-backend-s + mode tcp + option ssl-hello-chk + server cargo-host-s 130.185.121.80:7080 |