From 04b2675221972f2a3cf6d1c402f49406f16c6c25 Mon Sep 17 00:00:00 2001 From: terminaldweller Date: Thu, 16 Sep 2021 01:15:57 +0430 Subject: haproxy,jabber,bitlbee --- .gotty | 6 +- .tmux.conf | 13 +- .vimrc | 11 +- .zshrc | 2 + devi.zsh-theme | 49 ++++-- docker/bitlbee-purple/conf/bitlbee.conf | 132 +++++++++++++++ docker/bitlbee-purple/docker-compose.yaml | 14 ++ postit | 3 + terminaldweller.com/ejabberd/docker-compose.yaml | 9 +- terminaldweller.com/ejabberd/ejabberd.yml | 42 ++++- terminaldweller.com/haproxy/haproxy.cfg | 196 ++++++++++++++++++++--- 11 files changed, 422 insertions(+), 55 deletions(-) create mode 100644 docker/bitlbee-purple/conf/bitlbee.conf create mode 100644 docker/bitlbee-purple/docker-compose.yaml diff --git a/.gotty b/.gotty index e69fe13..a5e9c92 100644 --- a/.gotty +++ b/.gotty @@ -186,7 +186,7 @@ preferences { // True if we should use bold weight font for text with the bold/bright attribute. // False to use the normal weight font. // Null to autodetect. - enable_bold = false + enable_bold = true // [bool] True if we should use bright colors (8-15 on a 16 color palette) for any text with the bold attribute. // False otherwise. @@ -211,7 +211,7 @@ preferences { // font_size = 15 // [string] CSS font-smoothing property. - // font_smoothing = "antialiased" + font_smoothing = "antialiased" // [string] The foreground color for text with no other color attributes. // foreground_color = "rgb(240, 240, 240)" @@ -288,7 +288,7 @@ preferences { // scroll_on_output = false // [bool] The vertical scrollbar mode. - scrollbar_visible = true + // scrollbar_visible = true // [int] The multiplier for the pixel delta in mousewheel event caused by the scroll wheel. Alters how fast the page scrolls. // scroll_wheel_move_multiplier = 1 diff --git a/.tmux.conf b/.tmux.conf index f9485a2..7a824e4 100644 --- a/.tmux.conf +++ b/.tmux.conf @@ -1,14 +1,15 @@ set -g @plugin 'tmux-plugins/tpm' set -g @plugin 'tmux-plugins/tmux-resurrect' -set -g @plugin 'tmux-plugins/tmux-continuum' +set -g @plugin 'tmux-plugins/tmux-online-status' set -g @plugin 'soyuka/tmux-current-pane-hostname' set -g @plugin 'laktak/extrakto' set -g @plugin 'tmux-plugins/tmux-copycat' set -g @plugin 'schasse/tmux-jump' set -g @continuum-restore 'on' set -g @plugin 'tmux-plugins/tmux-prefix-highlight' -set -g @plugin 'tmux-plugins/tmux-online-status' +set -g @plugin 'tmux-plugins/tmux-continuum' # set -g @plugin 'tmux-plugins/tmux-sidebar' +# set -g @resurrect-processes `ranger ssh w3mlastsession k9s top cointop newsboat irssi neomutt` set-window-option -g automatic-rename on set-option -g set-titles on @@ -28,7 +29,7 @@ set -g display-time 1000 #prefix highlight settings set -g @prefix_highlight_show_copy_mode 'on' -set -g @prefix_highlight_copy_mode_attr 'fg=black,bg=yellow,bold' +set -g @prefix_highlight_copy_mode_attr 'fg=colour16,bg=yellow,bold' set -g @prefix_highlight_prefix_prompt 'Wait' set -g @prefix_highlight_copy_prompt 'Copy' set -g @prefix_highlight_output_suffix '' @@ -68,8 +69,7 @@ bind -T off F6 \ set -u key-table \;\ refresh-client -S -wg_is_keys_off="#[fg=colour15,bg=colour63,bold]#([ $(tmux show-option -qv key-table) = 'off' ] && echo 'OFF')#[fg=colour24] #{?#{pane_ssh_connected},#[fg=colour63 bg=colour31],#[fg=colour63 bg=colour24]}#[default]" - +wg_is_keys_off="#[fg=colour15,bg=colour63,bold]#([ $(tmux show-option -qv key-table) = 'off' ] && echo 'OFF')#[fg=colour24] #{?#{pane_ssh_connected},#[fg=colour63 bg=colour70],#[fg=colour63 bg=colour70]}#[default]" # from christoomey's vim-tmux-nivagator is_vim="ps -o state= -o comm= -t '#{pane_tty}' | grep -iqE '^[^TXZ ]+ +(\\S+\\/)?g?(view|n?vim?x?)(diff)?$'" #key bindings @@ -136,9 +136,10 @@ set-option -g status-justify "centre" set-option -g status-left-length 120 set-option -g status-right-length 170 +continuumStatus="#[fg=colour16 bg=colour70]#{continuum_status}#{?#{pane_ssh_connected},#[fg=colour70 bg=colour31],#[fg=colour70 bg=colour24]}" # set-option -g status-left "#{prefix_highlight}$wg_is_keys_off#[fg=colour15 bg=colour22]#U@#H#[fg=colour22 bg=colour148]#(/home/devi/tmux-powerline/powerline.sh left)" # set-option -g status-right "#(/home/devi/tmux-powerline/powerline.sh right)#{online_status}" -set-option -g status-left "#{prefix_highlight}$wg_is_keys_off#{?#{pane_ssh_connected},#[fg=colour15 bg=colour31],#[fg=colour15 bg=colour24]}#U@#H#{?#{pane_ssh_connected},:#{pane_ssh_port}#[fg=colour31 bg=colour26],#[fg=colour24 bg=colour26]}#(/home/devi/scripts/tmux/vcs_info.sh)" +set-option -g status-left "#{prefix_highlight}$wg_is_keys_off$continuumStatus#{?#{pane_ssh_connected},#[fg=colour15 bold],#[fg=colour15 nobold]}#U@#H#{?#{pane_ssh_connected},:#{pane_ssh_port}#[fg=colour31 bg=colour26],#[fg=colour24 bg=colour26]}#[nobold]#(/home/devi/scripts/tmux/vcs_info.sh)" # set-option -g status-left "#{prefix_highlight}$wg_is_keys_off#{?#{pane_ssh_connected},#[fg=colour15 bg=colour31],#[fg=colour15 bg=colour24]}#[fg=colour15 bg=colour31]#U@#H:#{pane_ssh_port}#[fg=colour31 bg=colour61]#(/home/devi/scripts/tmux/vcs_info.sh)" set-option -g status-right "#(/home/devi/scripts/tmux/date.sh)#{online_status}" diff --git a/.vimrc b/.vimrc index 6aa5ec4..aa0f17e 100644 --- a/.vimrc +++ b/.vimrc @@ -81,7 +81,7 @@ let g:is_posix = 1 set rtp+=/usr/bin/fzf " set rtp+=/home/bloodstalker/extra/llvm-clang-4/build/bin/clangd " set rtp+=/usr/local/bin/pyls -let g:polyglot_disabled = ['go.plugin', 'markdown.plugin', 'terraform.plugin'] +let g:polyglot_disabled = ['go.plugin', 'markdown.plugin', 'terraform.plugin', 'haproxy.plugin'] " call plug#begin('~/.vim/plugged') call plug#begin('~/.vim/bundle') @@ -193,6 +193,7 @@ if has('nvim') endif Plug 'dansomething/vim-hackernews' Plug 'andrewstuart/vim-kubernetes' +Plug 'Joorem/vim-haproxy' " Plug 'psliwka/vim-smoothie' " Plug 'lifepillar/pgsql.vim', {'for': ['sql','pqsl', 'pgsql']} " Plug 'tmux-plugins/vim-tmux' @@ -477,10 +478,10 @@ nnoremap nn :bn nnoremap pp :bp cnoremap cnoremap -nnoremap k gk -nnoremap gk k -nnoremap j gj -nnoremap gj j +" nnoremap k gk +" nnoremap gk k +" nnoremap j gj +" nnoremap gj j nmap [q :col nmap ]q :cnew diff --git a/.zshrc b/.zshrc index 06ebe57..cd7bb80 100644 --- a/.zshrc +++ b/.zshrc @@ -155,6 +155,8 @@ alias k9sskin="vim ~/scripts/.k9s/skin.yml" alias k9sconfig="vim ~/scripts/.k9s/config.yml" alias fixk9sskin="cp ~/scripts/.k9s/skin.yml ~/.k9s/skin.yml" alias fixk9sconfig="cp ~/scripts/.k9s/config.yml ~/.k9s/config.yml" +alias gottyrc="vim ~/scripts/.gotty" +alias fixgottyrc="cp ~/scripts/.gotty ~/.gotty" #autosuggest ZSH_AUTOSUGGEST_HIGHLIGHT_STYLE="fg=#5f5fff,bg=#000000,bold" diff --git a/devi.zsh-theme b/devi.zsh-theme index 4c4aa33..9926600 100644 --- a/devi.zsh-theme +++ b/devi.zsh-theme @@ -247,16 +247,46 @@ pwd_shortened() { echo $shortened_path } -PS1=$'%{$new2%}$(sudo_query)%{$reset_color%}%{$swampgreen%}%n%{$reset_color%} on %{$purblue%}%M%{$reset_color%} in %{$yagreen%}$(pwd_shortened)%{$reset_color%} at %{$muckgreen%}$(time_function)%{$reset_color%}$vcs_info_msg_0_%{$limblue%}%{$gnew%}$(gitadditions)%{$gnew2%}$(gitdeletions)%{$reset_color%}%{$deeppink%}$(virtualenv_info)%{$reset_color%}%{$teal%}$(node_version)%{$reset_color%}%{$gover%}$(goversion)%{$reset_color%}%{$rust%}$(rustversion)%{$reset_color%}%{$sneakyc%}$(sneaky)%{$reset_color%}%{$new%}$(rebuildquery)%{$reset_color%} %{$someblue%}<$ZSH_KUBECTL_PROMPT>%{$reset_color%}%{$batred%}$(dir_writeable)%{$reset_color%}' -PS2=$'\n%{$limblue%}--➜%{$reset_color%}' -PROMPT="$PS1$PS2" +rebuildquery() { + make -q > /dev/null 2>&1 + if [[ $? == 1 ]]; then + echo " ::rebuild::" + else + ; + fi +} + +PS1=$'%{$new2%}$(sudo_query)%{$reset_color%}%{$swampgreen%}%n%{$reset_color%} on %{$purblue%}%M%{$reset_color%} in %{$yagreen%}$(pwd_shortened)%{$reset_color%} at %{$muckgreen%}$(time_function)%{$reset_color%}$vcs_info_msg_0_%{$limblue%}%{$gnew%}$(gitadditions)%{$gnew2%}$(gitdeletions)%{$reset_color%}%{$deeppink%}$(virtualenv_info)%{$reset_color%}%{$teal%}$(node_version)%{$reset_color%}%{$gover%}$(goversion)%{$reset_color%}%{$rust%}$(rustversion)%{$reset_color%}%{$sneakyc%}$(sneaky)%{$reset_color%}%{$new%}$(rebuildquery)%{$reset_color%} %{$someblue%}<$ZSH_KUBECTL_PROMPT>%{$reset_color%}%{$batred%}$(dir_writeable)%{$reset_color%}' +PS2=$'' +PS3=$'\n%{$limblue%}--➜%{$reset_color%}' get_prompt_len() { local zero='%([BSUbfksu]|([FK]|){*})' - FOOLENGTH=${#${(S%%)PS1//$~zero/}} - # FOOLENGTH=$(($#1 * 3 - ${#${(ml[$#1 * 2])1}})) + local FOOLENGTH=${#${(S%%)PS1//$~zero/}} + echo $FOOLENGTH +} +get_prompt_len_2() { + local zero='%([BSUbfksu]|([FK]|){*})' + local FOOLENGTH=${#${(S%%)PS2//$~zero/}} echo $FOOLENGTH } + +get_enough_spaces(){ + ps1_len=$(get_prompt_len) + ps2_len=$(get_prompt_len_2) + term_len=$(tput cols) + diff_len=$(($term_len - $ps1_len - $ps2_len)) + echo $diff_len + for ((i=0;i<$diff_len;i++));do + echo -n " " + if [[ $i > $(tpul cols) ]];then break;fi + done +} +# PROMPT="$PS1$(get_enough_spaces)$PS2$PS3" +PROMPT="$PS1$PS2$PS3" + +# PROMPT="$PS1$PS3" + # function battery_charge { # upower -e > /dev/null 2>&1 @@ -290,15 +320,6 @@ get_prompt_len() { # echo $(if [ $(upower -i /org/freedesktop/UPower/devices/battery_BAT0 | grep state | gawk 'BEGIN{FS ~ ":"}{print $2}') = "charging" ]; then echo ++;else :;fi)$batcharge # } -rebuildquery() { - make -q > /dev/null 2>&1 - if [[ $? == 1 ]]; then - echo " ::rebuild::" - else - ; - fi -} - inranger() { local ranger_prompt=$(if [ -n "$RANGER_LEVEL" ];then echo " ";else echo "";fi) echo $ranger_prompt diff --git a/docker/bitlbee-purple/conf/bitlbee.conf b/docker/bitlbee-purple/conf/bitlbee.conf new file mode 100644 index 0000000..4a1540b --- /dev/null +++ b/docker/bitlbee-purple/conf/bitlbee.conf @@ -0,0 +1,132 @@ +## BitlBee default configuration file +## +## Comments are marked like this. The rest of the file is INI-style. The +## comments should tell you enough about what all settings mean. +## + +[settings] + +## RunMode: +## +## Inetd -- Run from inetd (default) +## Daemon -- Run as a stand-alone daemon, serving all users from one process. +## This saves memory if there are more users, the downside is that when one +## user hits a crash-bug, all other users will also lose their connection. +## ForkDaemon -- Run as a stand-alone daemon, but keep all clients in separate +## child processes. This should be pretty safe and reliable to use instead +## of inetd mode. +## +##RunMode = Daemon + +## User: +## +## If BitlBee is started by root as a daemon, it can drop root privileges, +## and change to the specified user. +## +##User = bitlbee + +## DaemonPort/DaemonInterface: +## +## For daemon mode, you can specify on what interface and port the daemon +## should be listening for connections. +## +##DaemonInterface = 127.0.0.1 +DaemonPort = 6667 + +## ClientInterface: +## +## If for any reason, you want BitlBee to use a specific address/interface +## for outgoing traffic (IM connections, HTTP(S), etc.), set it here. +## +# ClientInterface = 0.0.0.0 + +## AuthMode +## +## Open -- Accept connections from anyone, use NickServ for user authentication. +## (default) +## Closed -- Require authorization (using the PASS command during login) before +## allowing the user to connect at all. +## Registered -- Only allow registered users to use this server; this disables +## the register- and the account command until the user identifies himself. +## +# AuthMode = Open +## AuthPassword +## +## Password the user should enter when logging into a closed BitlBee server. +## You can also have an MD5-encrypted password here. Format: "md5:", followed +## by a hash as generated for the attribute in a BitlBee +## XML file (for now there's no easier way to generate the hash). +## +# AuthPassword = ItllBeBitlBee ## Heh.. Our slogan. ;-) +## or +# AuthPassword = md5:gzkK0Ox/1xh+1XTsQjXxBJ571Vgl + +## OperPassword +## +## Password that unlocks access to special operator commands. +## +# OperPassword = ChangeMe! +## or +# OperPassword = md5:I0mnZbn1t4R731zzRdDN2/pK7lRX + +## HostName +## +## Normally, BitlBee gets a hostname using getsockname(). If you have a nicer +## alias for your BitlBee daemon, you can set it here and BitlBee will identify +## itself with that name instead. +## +# HostName = localhost + +## MotdFile +## +## Specify an alternative MOTD (Message Of The Day) file. Default value depends +## on the --etcdir argument to configure. +## +# MotdFile = /etc/bitlbee/motd.txt + +## ConfigDir +## +## Specify an alternative directory to store all the per-user configuration +## files. (.nicks/.accounts) +## +ConfigDir = /var/lib/bitlbee + +## Ping settings +## +## BitlBee can send PING requests to the client to check whether it's still +## alive. This is not very useful on local servers, but it does make sense +## when most clients connect to the server over a real network interface. +## (Public servers) Pinging the client will make sure lost clients are +## detected and cleaned up sooner. +## +## PING requests are sent every PingInterval seconds. If no PONG reply has + +## been received for PingTimeOut seconds, BitlBee aborts the connection. +## +## To disable the pinging, set at least one of these to 0. +## +# PingInterval = 180 +# PingTimeOut = 300 + +## Using proxy servers for outgoing connections +## +## If you're running BitlBee on a host which is behind a restrictive firewall +## and a proxy server, you can tell BitlBee to use that proxy server here. +## The setting has to be a URL, formatted like one of these examples: +## +## (Obviously, the username and password are optional) +## +## Proxy = http://john:doe@proxy.localnet.com:8080 +## Proxy = socks4://socksproxy.localnet.com +## Proxy = socks5://socksproxy.localnet.com + + +[defaults] + +## Here you can override the defaults for some per-user settings. Users are +## still able to override your defaults, so this is not a way to restrict +## your users... + +## To enable private mode by default, for example: + +## private = 1 diff --git a/docker/bitlbee-purple/docker-compose.yaml b/docker/bitlbee-purple/docker-compose.yaml new file mode 100644 index 0000000..2006d88 --- /dev/null +++ b/docker/bitlbee-purple/docker-compose.yaml @@ -0,0 +1,14 @@ +version: "3.7" +services: + bitlbee: + # image: ezkrg/bitlbee-libpurple + image: luzifer/bitlbee + networks: + - bitlbeenet + ports: + - "127.0.0.1:6667:6667" + restart: unless-stopped + volumes: + - ./conf:/var/lib/bitlbee +networks: + bitlbeenet: diff --git a/postit b/postit index 764b653..ec94931 100644 --- a/postit +++ b/postit @@ -20,3 +20,6 @@ sudo ./irc-slack --port 6667 --host 0.0.0.0 --debug ssh -N -D 9999 -o ExitOnForwardFailure=yes -l pi 192.168.1.108 fall of hyperion--7:32:30 proot -r d11rootfs -0 +gotty tmux new-session -t 0 +docker run -p 6667:6667 ezkrg/bitlbee-libpurple +openssl s_client -connect chat.terminaldweller.com:5222 -starttls xmpp diff --git a/terminaldweller.com/ejabberd/docker-compose.yaml b/terminaldweller.com/ejabberd/docker-compose.yaml index cafe707..9b93896 100644 --- a/terminaldweller.com/ejabberd/docker-compose.yaml +++ b/terminaldweller.com/ejabberd/docker-compose.yaml @@ -5,14 +5,19 @@ services: networks: - ejabberdnet ports: + - "80:80" - "5222:5222" - "127.0.0.1:5269:5269" - "5280:5280" - - "127.0.0.1:5443:5443" + - "5443:5443" - "127.0.0.1:1883:1883" - - "5080:5080" + - "127.0.0.1:5080:5080" restart: unless-stopped volumes: - ./ejabberd.yml:/home/ejabberd/conf/ejabberd.yml + - ./acme:/var/lib/ejabberd/acme + - ./dh:/usr/local/etc/ejabberd networks: ejabberdnet: +# openssl dhparam -out dhparams.pem 4096 +# sudo certbot certonly --standalone --email devi@terminaldweller.com --non-interactive --agree-tos -d chat.terminaldweller.com --preferred-challenges http diff --git a/terminaldweller.com/ejabberd/ejabberd.yml b/terminaldweller.com/ejabberd/ejabberd.yml index 6257515..87eb940 100644 --- a/terminaldweller.com/ejabberd/ejabberd.yml +++ b/terminaldweller.com/ejabberd/ejabberd.yml @@ -3,9 +3,26 @@ hosts: loglevel: 4 log_rotate_size: 10485760 -log_rotate_date: '' log_rotate_count: 1 -log_rate_limit: 100 + +define_macro: + 'TLS_CIPHERS': "ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256" + 'TLS_OPTIONS': + - "no_sslv2, no_sslv3, no_tlsv1" + - "ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256" + - "no_compression" + 'DH_FILE': "/usr/local/etc/ejabberd/dhparams.pem" # generated with: openssl dhparam -out dhparams.pem 4096 + +c2s_dhfile: 'DH_FILE' +s2s_dhfile: 'DH_FILE' +c2s_ciphers: 'TLS_CIPHERS' +s2s_ciphers: 'TLS_CIPHERS' +c2s_protocol_options: 'TLS_OPTIONS' +s2s_protocol_options: 'TLS_OPTIONS' +certfiles: + - '/var/lib/ejabberd/acme/ejabberd.pem' + +auth_password_format: scram listen: - port: 5222 @@ -14,7 +31,13 @@ listen: max_stanza_size: 262144 shaper: c2s_shaper access: c2s + starttls: true starttls_required: true + protocol_options: 'TLS_OPTIONS' + ciphers: 'TLS_CIPHERS' + dhfile: 'DH_FILE' + zlib: false + tls_compression: false - port: 5269 ip: '::' module: ejabberd_s2s_in @@ -22,6 +45,10 @@ listen: - port: 5443 ip: '::' module: ejabberd_http + tls: true + protocol_options: 'TLS_OPTIONS' + ciphers: 'TLS_CIPHERS' + dhfile: 'DH_FILE' request_handlers: '/admin': ejabberd_web_admin '/api': mod_http_api @@ -45,7 +72,7 @@ listen: use_turn: true turn_min_port: 49152 turn_max_port: 65535 - turn_ip: 0.0.0.0 + turn_ipv4_address: 0.0.0.0 - port: 5349 transport: tcp module: ejabberd_stun @@ -54,8 +81,8 @@ listen: turn_min_port: 49152 turn_max_port: 65535 ip: 0.0.0.0 - turn_ip: 0.0.0.0 - - port: 5280 + turn_ipv4_address: 0.0.0.0 + - port: 80 module: ejabberd_http tls: false request_handlers: @@ -73,7 +100,7 @@ acl: - ::FFFF:127.0.0.1/128 admin: user: - - 'admin@localhost' + - 'admin@chat.terminaldweller.com' access_rules: local: @@ -152,8 +179,9 @@ shaper_rules: max_fsm_queue: 10000 acme: + auto: false contact: 'mailto:devi@terminaldweller.com' - ca_url: 'https://acme-v01.api.letsencrypt.org' + ca_url: 'https://acme-staging-v02.api.letsencrypt.org' oauth_expire: 31536000 oauth_access: all diff --git a/terminaldweller.com/haproxy/haproxy.cfg b/terminaldweller.com/haproxy/haproxy.cfg index f1c288e..f406de4 100644 --- a/terminaldweller.com/haproxy/haproxy.cfg +++ b/terminaldweller.com/haproxy/haproxy.cfg @@ -14,64 +14,224 @@ resolvers docker_resolver nameserver dns 127.0.0.11:53 #Frontends -frontend front +frontend http bind *:80 - bind *:443 - mode tcp - timeout client 60s + mode http #ACLs acl letsencrypt-acl path_beg /.well-known/acme-challenge/ acl blog-host hdr_sub(host) -i blog.terminaldweller.com acl mail-host hdr_sub(host) -i mail.terminaldweller.com - acl mail-host-s req.ssl_sni -i mail.terminaldweller.com acl api-host hdr_sub(host) -i api.terminaldweller.com acl chat-host hdr_sub(host) -i chat.terminaldweller.com - acl chat-host-s req.ssl_sni -i chat.terminaldweller.com - #Consitions - use_backend certbot-backend if letsencrypt-acl + #Conditions + #use_backend chat-cert-backend if letsencrypt-acl chat-host + use_backend blog-backend-cert if letsencrypt-acl blog-host + use_backend api-backend-cert if letsencrypt-acl api-host + use_backend certbot-backend if letsencrypt-acl !chat-host !blog-host !api-host use_backend blog-backend if blog-host use_backend mail-backend if mail-host - use_backend mail-backend-s if mail-host-s use_backend api-backend if api-host - use_backend chat-backend-s if chat-host-s + #use_backend chat-backend if chat-host default_backend blog-backend +frontend https + bind *:443 + timeout client 60s + mode tcp + tcp-request inspect-delay 5s + tcp-request content accept if { req.ssl_hello_type 1 } + tcp-request content reject + #ACLs + acl mail-host-s req.ssl_sni -i mail.terminaldweller.com + #acl chat-host-s req.ssl_sni -i chat.terminaldweller.com + acl blog-host-s req.ssl_sni -i blog.terminaldweller.com + acl api-host-s req.ssl_sni -i api.terminaldweller.com + #Conditions + use_backend mail-backend-s if mail-host-s + #use_backend chat-backend-s if chat-host-s + use_backend blog-backend-s if blog-host-s + use_backend api-backend-s if api-host-s + +frontend jabber5222 + bind *:5222 + timeout client 60s + mode tcp + tcp-request inspect-delay 5s + tcp-request content accept if { req.ssl_hello_type 1 } + tcp-request content reject + acl chat-host-s req.ssl_sni -i chat.terminaldweller.com + use_backend chat-backend-c2s if chat-host-s +frontend jabber5280 + bind *:5280 + mode http + acl chat-host hdr_sub(host) -i chat.terminaldweller.com + use_backend chat-backend-admin if chat-host +frontend jabber5443 + bind *:5443 + timeout client 60s + mode tcp + tcp-request inspect-delay 5s + tcp-request content accept if { req.ssl_hello_type 1 } + tcp-request content reject + acl chat-host-s req.ssl_sni -i chat.terminaldweller.com + use_backend chat-backend-s if chat-host-s + +frontend mail-imap + bind *:143 + mode http + acl mail-host hdr_sub(host) -i mail.terminaldweller.com + use_backend mail-backend-imap if mail-host +frontend mail-imaps + bind *:993 + timeout client 60s + mode tcp + tcp-request inspect-delay 5s + tcp-request content accept if { req.ssl_hello_type 1 } + tcp-request content reject + acl mail-host-s req.ssl_sni -i mail.terminaldweller.com + use_backend mail-backend-imaps if mail-host-s +frontend mail-pop3 + bind *:110 + mode http + acl mail-host hdr_sub(host) -i mail.terminalweller.com + use_backend mail-backend-pop3 if mail-host +frontend mail-pop3s + bind *:995 + timeout client 60s + mode tcp + tcp-request inspect-delay 5s + tcp-request content accept if { req.ssl_hello_type 1 } + tcp-request content reject + acl mail-host-s req.ssl_sni -i mail.terminaldweller.com + use_backend mail-backend-pop3s if mail-host-s +frontend mail-smtp + bind *:25 + timeout client 60s + mode tcp + tcp-request inspect-delay 5s + tcp-request content accept if { req.ssl_hello_type 1 } + tcp-request content reject + acl mail-host req.ssl_sni -i mail.terminaldweller.com + use_backend mail-backend-smtp if mail-host +frontend mail-smtps + bind *:465 + timeout client 60s + mode tcp + tcp-request inspect-delay 5s + tcp-request content accept if { req.ssl_hello_type 1 } + tcp-request content reject + acl mail-host-s req.ssl_sni -i mail.terminaldweller.com + use_backend mail-backend-smtps if mail-host-s +frontend mail-submission + bind *:587 + timeout client 60s + mode tcp + tcp-request inspect-delay 5s + tcp-request content accept if { req.ssl_hello_type 1 } + tcp-request content reject + acl mail-host-s req.ssl_sni -i mail.terminaldweller.com + use_backend mail-backend-submission if mail-host-s + + #Backends backend certbot-backend + mode http server nginx nginx:80 resolvers docker_resolver check init-addr none backend blog-backend mode http option forwardfor server blog-host 192.99.102.52:9000 check +backend blog-backend-cert + mode http + option forwardfor + server blog-host 192.99.102.52:80 +backend blog-backend-s + timeout server 60s + timeout client 60s + mode tcp + option ssl-hello-chk + server blog-host 192.99.102.52:9000 check backend mail-backend mode http option forwardfor - server mail-host 185.126.202.69:80 check - + server mail-host 185.126.202.69:80 backend mail-backend-s timeout server 60s timeout client 60s mode tcp + option ssl-hello-chk + server mail-host 185.126.202.69:443 check +backend mail-backend-imap + mode http + option forwardfor + server mail-host 185.126.202.69:143 check +backend mail-backend-imaps + timeout server 60s + timeout client 60s + mode tcp + option ssl-hello-chk + server mail-host 185.126.202.69:993 check +backend mail-backend-pop3 + mode http option forwardfor + server mail-host 185.126.202.69:110 check +backend mail-backend-pop3s + timeout server 60s + timeout client 60s + mode tcp + option ssl-hello-chk + server mail-host 185.126.202.69:995 check +backend mail-backend-smtp + timeout server 60s + timeout client 60s + mode tcp + option ssl-hello-chk + server mail-host 185.126.202.69:25 check +backend mail-backend-smtps + timeout server 60s + timeout client 60s + mode tcp option ssl-hello-chk - server mail-host-s 185.126.202.69:443 check + server mail-host 185.126.202.69:465 check +backend mail-backend-submission + timeout server 60s + timeout client 60s + mode tcp + option ssl-hello-chk + server mail-host 185.126.202.69:587 backend api-backend mode http option forwardfor server api-host 192.99.102.52:8008 check - -backend chat-backend +backend api-backend-s + timeout server 60s + timeout client 60s + mode tcp + option ssl-hello-chk + server api-host 192.99.102.52:8008 +backend api-backend-cert mode http option forwardfor - server chat-host 87.236.209.206:5280 check + server api-host 192.99.102.52:80 +backend chat-backend-admin + mode http + server chat-host 130.185.121.80:5280 check backend chat-backend-s timeout server 60s timeout client 60s mode tcp - option forwardfor option ssl-hello-chk - server chat-host-s 87.236.209.206:5280 check + server chat-host 130.185.121.80:5443 +backend chat-backend-c2s + timeout server 60s + timeout client 60s + mode tcp + option ssl-hello-chk + server chat-host 130.185.121.80:5222 +backend chat-cert-backend + mode http + server chat-cert-server 130.185.121.80:80 -- cgit v1.2.3