global log 127.0.0.1 local0 ssl-default-bind-ciphers kEECDH+aRSA+AES:kRSA+AES:+AES256:RC4-SHA:!kEDH:!LOW:!EXP:!MD5:!aNULL:!eNULL defaults timeout connect 5000ms timeout client 50000ms timeout server 50000ms mode tcp option tcplog option dontlognull resolvers docker_resolver nameserver dns 127.0.0.11:53 #Frontends frontend http bind *:80 mode http #ACLs acl letsencrypt-acl path_beg /.well-known/acme-challenge/ acl blog-host hdr_sub(host) -i blog.terminaldweller.com acl mail-host hdr_sub(host) -i mail.terminaldweller.com acl api-host hdr_sub(host) -i api.terminaldweller.com acl chat-host hdr_sub(host) -i chat.terminaldweller.com acl mila-api-acl url_beg /mila acl crypto-api-acl url_beg /crypto #Conditions #use_backend chat-cert-backend if letsencrypt-acl chat-host use_backend blog-backend-cert if letsencrypt-acl blog-host use_backend api-crypto-backend-cert if letsencrypt-acl api-host crypto-api-acl use_backend api-mila-backend-cert if letsencrypt-acl api-host mila-api-acl use_backend certbot-backend if letsencrypt-acl !chat-host !blog-host !api-host use_backend blog-backend if blog-host use_backend mail-backend if mail-host use_backend api-backend if api-host #use_backend chat-backend if chat-host default_backend blog-backend frontend https bind *:443 timeout client 60s mode tcp tcp-request inspect-delay 5s tcp-request content accept if { req.ssl_hello_type 1 } tcp-request content reject #ACLs acl mail-host-s req.ssl_sni -i mail.terminaldweller.com #acl chat-host-s req.ssl_sni -i chat.terminaldweller.com acl blog-host-s req.ssl_sni -i blog.terminaldweller.com acl api-host-s req.ssl_sni -i api.terminaldweller.com acl mila-api-host-s req.ssl_sni -i mila.terminaldweller.com #Conditions use_backend mail-backend-s if mail-host-s #use_backend chat-backend-s if chat-host-s use_backend blog-backend-s if blog-host-s #use_backend api-crypto-backend-s if api-host-s crypto-api-acl use_backend api-crypto-backend-s if api-host-s use_backend api-mila-backend-s if mila-api-host-s frontend jabber5222 bind *:5222 timeout client 60s mode tcp tcp-request inspect-delay 5s tcp-request content accept if { req.ssl_hello_type 1 } tcp-request content reject acl chat-host-s req.ssl_sni -i chat.terminaldweller.com use_backend chat-backend-c2s if chat-host-s frontend jabber5280 bind *:5280 mode http acl chat-host hdr_sub(host) -i chat.terminaldweller.com use_backend chat-backend-admin if chat-host frontend jabber5443 bind *:5443 timeout client 60s mode tcp tcp-request inspect-delay 5s tcp-request content accept if { req.ssl_hello_type 1 } tcp-request content reject acl chat-host-s req.ssl_sni -i chat.terminaldweller.com use_backend chat-backend-s if chat-host-s frontend mail-imap bind *:143 mode http acl mail-host hdr_sub(host) -i mail.terminaldweller.com use_backend mail-backend-imap if mail-host frontend mail-imaps bind *:993 timeout client 60s mode tcp tcp-request inspect-delay 5s tcp-request content accept if { req.ssl_hello_type 1 } tcp-request content reject acl mail-host-s req.ssl_sni -i mail.terminaldweller.com use_backend mail-backend-imaps if mail-host-s frontend mail-pop3 bind *:110 mode http acl mail-host hdr_sub(host) -i mail.terminalweller.com use_backend mail-backend-pop3 if mail-host frontend mail-pop3s bind *:995 timeout client 60s mode tcp tcp-request inspect-delay 5s tcp-request content accept if { req.ssl_hello_type 1 } tcp-request content reject acl mail-host-s req.ssl_sni -i mail.terminaldweller.com use_backend mail-backend-pop3s if mail-host-s frontend mail-smtp bind *:25 timeout client 60s mode tcp tcp-request inspect-delay 5s tcp-request content accept if { req.ssl_hello_type 1 } tcp-request content reject acl mail-host req.ssl_sni -i mail.terminaldweller.com use_backend mail-backend-smtp if mail-host frontend mail-smtps bind *:465 timeout client 60s mode tcp tcp-request inspect-delay 5s tcp-request content accept if { req.ssl_hello_type 1 } tcp-request content reject acl mail-host-s req.ssl_sni -i mail.terminaldweller.com use_backend mail-backend-smtps if mail-host-s frontend mail-submission bind *:587 timeout client 60s mode tcp tcp-request inspect-delay 5s tcp-request content accept if { req.ssl_hello_type 1 } tcp-request content reject acl mail-host-s req.ssl_sni -i mail.terminaldweller.com use_backend mail-backend-submission if mail-host-s #Backends backend certbot-backend mode http server nginx nginx:80 resolvers docker_resolver check init-addr none backend blog-backend mode http option forwardfor server blog-host 192.99.102.52:9000 check backend blog-backend-cert mode http option forwardfor server blog-host 192.99.102.52:80 backend blog-backend-s timeout server 60s timeout client 60s mode tcp option ssl-hello-chk server blog-host 192.99.102.52:9000 check backend mail-backend mode http option forwardfor server mail-host 185.126.202.69:80 backend mail-backend-s timeout server 60s timeout client 60s mode tcp option ssl-hello-chk server mail-host 185.126.202.69:443 check backend mail-backend-imap mode http option forwardfor server mail-host 185.126.202.69:143 check backend mail-backend-imaps timeout server 60s timeout client 60s mode tcp option ssl-hello-chk server mail-host 185.126.202.69:993 check backend mail-backend-pop3 mode http option forwardfor server mail-host 185.126.202.69:110 check backend mail-backend-pop3s timeout server 60s timeout client 60s mode tcp option ssl-hello-chk server mail-host 185.126.202.69:995 check backend mail-backend-smtp timeout server 60s timeout client 60s mode tcp option ssl-hello-chk server mail-host 185.126.202.69:25 check backend mail-backend-smtps timeout server 60s timeout client 60s mode tcp option ssl-hello-chk server mail-host 185.126.202.69:465 check backend mail-backend-submission timeout server 60s timeout client 60s mode tcp option ssl-hello-chk server mail-host 185.126.202.69:587 backend api-backend mode http option forwardfor server api-host 192.99.102.52:8008 check backend api-crypto-backend-s timeout server 60s timeout client 60s mode tcp option ssl-hello-chk server api-host 192.99.102.52:8008 backend api-crypto-backend-cert mode http option forwardfor server api-host 192.99.102.52:80 backend api-mila-backend-s timeout server 60s timeout client 60s mode tcp option ssl-hello-chk server api-mila-host 130.185.121.80:19019 backend api-mila-backend-cert mode http option forwardfor server api-mila-host 130.185.121.80 backend chat-backend-admin mode http server chat-host 130.185.121.80:5280 check backend chat-backend-s timeout server 60s timeout client 60s mode tcp option ssl-hello-chk server chat-host 130.185.121.80:5443 backend chat-backend-c2s timeout server 60s timeout client 60s mode tcp option ssl-hello-chk server chat-host 130.185.121.80:5222 backend chat-cert-backend mode http server chat-cert-server 130.185.121.80:80