From 04b2675221972f2a3cf6d1c402f49406f16c6c25 Mon Sep 17 00:00:00 2001
From: terminaldweller <thabogre@gmail.com>
Date: Thu, 16 Sep 2021 01:15:57 +0430
Subject: haproxy,jabber,bitlbee

---
 terminaldweller.com/haproxy/haproxy.cfg | 196 +++++++++++++++++++++++++++++---
 1 file changed, 178 insertions(+), 18 deletions(-)

(limited to 'terminaldweller.com/haproxy')

diff --git a/terminaldweller.com/haproxy/haproxy.cfg b/terminaldweller.com/haproxy/haproxy.cfg
index f1c288e..f406de4 100644
--- a/terminaldweller.com/haproxy/haproxy.cfg
+++ b/terminaldweller.com/haproxy/haproxy.cfg
@@ -14,64 +14,224 @@ resolvers docker_resolver
   nameserver dns 127.0.0.11:53
 
 #Frontends
-frontend front
+frontend http
   bind *:80
-  bind *:443
-  mode tcp
-  timeout client 60s
+  mode http
   #ACLs
   acl letsencrypt-acl path_beg /.well-known/acme-challenge/
   acl blog-host hdr_sub(host) -i blog.terminaldweller.com
   acl mail-host hdr_sub(host) -i mail.terminaldweller.com
-  acl mail-host-s req.ssl_sni -i mail.terminaldweller.com
   acl api-host hdr_sub(host) -i api.terminaldweller.com
   acl chat-host hdr_sub(host) -i chat.terminaldweller.com
-  acl chat-host-s req.ssl_sni -i chat.terminaldweller.com
-  #Consitions
-  use_backend certbot-backend if letsencrypt-acl
+  #Conditions
+  #use_backend chat-cert-backend if letsencrypt-acl chat-host
+  use_backend blog-backend-cert if letsencrypt-acl blog-host
+  use_backend api-backend-cert if letsencrypt-acl api-host
+  use_backend certbot-backend if letsencrypt-acl !chat-host !blog-host !api-host
   use_backend blog-backend if blog-host
   use_backend mail-backend if mail-host
-  use_backend mail-backend-s if mail-host-s
   use_backend api-backend if api-host
-  use_backend chat-backend-s if chat-host-s
+  #use_backend chat-backend if chat-host
   default_backend blog-backend
 
+frontend https
+  bind *:443
+  timeout client 60s
+  mode tcp
+  tcp-request inspect-delay 5s
+  tcp-request content accept if { req.ssl_hello_type 1 }
+  tcp-request content reject
+  #ACLs
+  acl mail-host-s req.ssl_sni -i mail.terminaldweller.com
+  #acl chat-host-s req.ssl_sni -i chat.terminaldweller.com
+  acl blog-host-s req.ssl_sni -i blog.terminaldweller.com
+  acl api-host-s req.ssl_sni -i api.terminaldweller.com
+  #Conditions
+  use_backend mail-backend-s if mail-host-s
+  #use_backend chat-backend-s if chat-host-s
+  use_backend blog-backend-s if blog-host-s
+  use_backend api-backend-s if api-host-s
+
+frontend jabber5222
+  bind *:5222
+  timeout client 60s
+  mode tcp
+  tcp-request inspect-delay 5s
+  tcp-request content accept if { req.ssl_hello_type 1 }
+  tcp-request content reject
+  acl chat-host-s req.ssl_sni -i chat.terminaldweller.com
+  use_backend chat-backend-c2s if chat-host-s
+frontend jabber5280
+  bind *:5280
+  mode http
+  acl chat-host hdr_sub(host) -i chat.terminaldweller.com
+  use_backend chat-backend-admin if chat-host
+frontend jabber5443
+  bind *:5443
+  timeout client 60s
+  mode tcp
+  tcp-request inspect-delay 5s
+  tcp-request content accept if { req.ssl_hello_type 1 }
+  tcp-request content reject
+  acl chat-host-s req.ssl_sni -i chat.terminaldweller.com
+  use_backend chat-backend-s if chat-host-s
+
+frontend mail-imap
+  bind *:143
+  mode http
+  acl mail-host hdr_sub(host) -i mail.terminaldweller.com
+  use_backend mail-backend-imap if mail-host
+frontend mail-imaps
+  bind *:993
+  timeout client 60s
+  mode tcp
+  tcp-request inspect-delay 5s
+  tcp-request content accept if { req.ssl_hello_type 1 }
+  tcp-request content reject
+  acl mail-host-s req.ssl_sni -i mail.terminaldweller.com
+  use_backend mail-backend-imaps if mail-host-s
+frontend mail-pop3
+  bind *:110
+  mode http
+  acl mail-host hdr_sub(host) -i mail.terminalweller.com
+  use_backend mail-backend-pop3 if mail-host
+frontend mail-pop3s
+  bind *:995
+  timeout client 60s
+  mode tcp
+  tcp-request inspect-delay 5s
+  tcp-request content accept if { req.ssl_hello_type 1 }
+  tcp-request content reject
+  acl mail-host-s req.ssl_sni -i mail.terminaldweller.com
+  use_backend mail-backend-pop3s if mail-host-s
+frontend mail-smtp
+  bind *:25
+  timeout client 60s
+  mode tcp
+  tcp-request inspect-delay 5s
+  tcp-request content accept if { req.ssl_hello_type 1 }
+  tcp-request content reject
+  acl mail-host req.ssl_sni -i mail.terminaldweller.com
+  use_backend mail-backend-smtp if mail-host
+frontend mail-smtps
+  bind *:465
+  timeout client 60s
+  mode tcp
+  tcp-request inspect-delay 5s
+  tcp-request content accept if { req.ssl_hello_type 1 }
+  tcp-request content reject
+  acl mail-host-s req.ssl_sni -i mail.terminaldweller.com
+  use_backend mail-backend-smtps if mail-host-s
+frontend mail-submission
+  bind *:587
+  timeout client 60s
+  mode tcp
+  tcp-request inspect-delay 5s
+  tcp-request content accept if { req.ssl_hello_type 1 }
+  tcp-request content reject
+  acl mail-host-s req.ssl_sni -i mail.terminaldweller.com
+  use_backend mail-backend-submission if mail-host-s
+
+
 #Backends
 backend certbot-backend
+  mode http
   server nginx nginx:80 resolvers docker_resolver check init-addr none
 
 backend blog-backend
   mode http
   option forwardfor
   server blog-host 192.99.102.52:9000 check
+backend blog-backend-cert
+  mode http
+  option forwardfor
+  server blog-host 192.99.102.52:80
+backend blog-backend-s
+  timeout server 60s
+  timeout client 60s
+  mode tcp
+  option ssl-hello-chk
+  server blog-host 192.99.102.52:9000 check
 
 backend mail-backend
   mode http
   option forwardfor
-  server mail-host 185.126.202.69:80 check
-
+  server mail-host 185.126.202.69:80
 backend mail-backend-s
   timeout server 60s
   timeout client 60s
   mode tcp
+  option ssl-hello-chk
+  server mail-host 185.126.202.69:443 check
+backend mail-backend-imap
+  mode http
+  option forwardfor
+  server mail-host 185.126.202.69:143 check
+backend mail-backend-imaps
+  timeout server 60s
+  timeout client 60s
+  mode tcp
+  option ssl-hello-chk
+  server mail-host 185.126.202.69:993 check
+backend mail-backend-pop3
+  mode http
   option forwardfor
+  server mail-host 185.126.202.69:110 check
+backend mail-backend-pop3s
+  timeout server 60s
+  timeout client 60s
+  mode tcp
+  option ssl-hello-chk
+  server mail-host 185.126.202.69:995 check
+backend mail-backend-smtp
+  timeout server 60s
+  timeout client 60s
+  mode tcp
+  option ssl-hello-chk
+  server mail-host 185.126.202.69:25 check
+backend mail-backend-smtps
+  timeout server 60s
+  timeout client 60s
+  mode tcp
   option ssl-hello-chk
-  server mail-host-s 185.126.202.69:443 check
+  server mail-host 185.126.202.69:465 check
+backend mail-backend-submission
+  timeout server 60s
+  timeout client 60s
+  mode tcp
+  option ssl-hello-chk
+  server mail-host 185.126.202.69:587
 
 backend api-backend
   mode http
   option forwardfor
   server api-host 192.99.102.52:8008 check
-
-backend chat-backend
+backend api-backend-s
+  timeout server 60s
+  timeout client 60s
+  mode tcp
+  option ssl-hello-chk
+  server api-host 192.99.102.52:8008
+backend api-backend-cert
   mode http
   option forwardfor
-  server chat-host 87.236.209.206:5280 check
+  server api-host 192.99.102.52:80
 
+backend chat-backend-admin
+  mode http
+  server chat-host 130.185.121.80:5280 check
 backend chat-backend-s
   timeout server 60s
   timeout client 60s
   mode tcp
-  option forwardfor
   option ssl-hello-chk
-  server chat-host-s 87.236.209.206:5280 check
+  server chat-host 130.185.121.80:5443
+backend chat-backend-c2s
+  timeout server 60s
+  timeout client 60s
+  mode tcp
+  option ssl-hello-chk
+  server chat-host 130.185.121.80:5222
+backend chat-cert-backend
+  mode http
+  server chat-cert-server 130.185.121.80:80
-- 
cgit v1.2.3