aboutsummaryrefslogtreecommitdiffstats
path: root/terminaldweller.com/haproxy/haproxy.cfg
blob: 6bec717e7d0c1ffeeb1410b59ac23c5a61fb3721 (plain) (blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
global
  log 127.0.0.1 local0
  ssl-default-bind-ciphers kEECDH+aRSA+AES:kRSA+AES:+AES256:RC4-SHA:!kEDH:!LOW:!EXP:!MD5:!aNULL:!eNULL

defaults
  timeout connect 5000ms
  timeout client 50000ms
  timeout server 50000ms
  mode tcp
  option tcplog
  option dontlognull

resolvers docker_resolver
  nameserver dns 127.0.0.11:53

#Frontends
frontend http
  bind *:80
  mode http
  #ACLs
  acl letsencrypt-acl path_beg /.well-known/acme-challenge/
  acl blog-host hdr_sub(host) -i blog.terminaldweller.com
  acl mail-host hdr_sub(host) -i mail.terminaldweller.com
  acl api-host hdr_sub(host) -i api.terminaldweller.com
  acl chat-host hdr_sub(host) -i chat.terminaldweller.com
  #Conditions
  #use_backend chat-cert-backend if letsencrypt-acl chat-host
  use_backend blog-backend-cert if letsencrypt-acl blog-host
  use_backend api-backend-cert if letsencrypt-acl api-host
  use_backend certbot-backend if letsencrypt-acl !chat-host !blog-host !api-host
  use_backend blog-backend if blog-host
  use_backend mail-backend if mail-host
  use_backend api-backend if api-host
  #use_backend chat-backend if chat-host
  default_backend blog-backend

frontend https
  bind *:443
  timeout client 60s
  mode tcp
  tcp-request inspect-delay 5s
  tcp-request content accept if { req.ssl_hello_type 1 }
  tcp-request content reject
  #ACLs
  acl mail-host-s req.ssl_sni -i mail.terminaldweller.com
  #acl chat-host-s req.ssl_sni -i chat.terminaldweller.com
  acl blog-host-s req.ssl_sni -i blog.terminaldweller.com
  acl api-host-s req.ssl_sni -i api.terminaldweller.com
  #Conditions
  use_backend mail-backend-s if mail-host-s
  #use_backend chat-backend-s if chat-host-s
  use_backend blog-backend-s if blog-host-s
  use_backend api-backend-s if api-host-s

frontend jabber5222
  bind *:5222
  timeout client 60s
  mode tcp
  tcp-request inspect-delay 5s
  tcp-request content accept if { req.ssl_hello_type 1 }
  tcp-request content reject
  acl chat-host-s req.ssl_sni -i chat.terminaldweller.com
  use_backend chat-backend-c2s if chat-host-s
frontend jabber5280
  bind *:5280
  mode http
  acl chat-host hdr_sub(host) -i chat.terminaldweller.com
  use_backend chat-backend-admin if chat-host
frontend jabber5443
  bind *:5443
  timeout client 60s
  mode tcp
  tcp-request inspect-delay 5s
  tcp-request content accept if { req.ssl_hello_type 1 }
  tcp-request content reject
  acl chat-host-s req.ssl_sni -i chat.terminaldweller.com
  use_backend chat-backend-s if chat-host-s

frontend mail-imap
  bind *:143
  mode http
  acl mail-host hdr_sub(host) -i mail.terminaldweller.com
  use_backend mail-backend-imap if mail-host
frontend mail-imaps
  bind *:993
  timeout client 60s
  mode tcp
  tcp-request inspect-delay 5s
  tcp-request content accept if { req.ssl_hello_type 1 }
  tcp-request content reject
  acl mail-host-s req.ssl_sni -i mail.terminaldweller.com
  use_backend mail-backend-imaps if mail-host-s
frontend mail-pop3
  bind *:110
  mode http
  acl mail-host hdr_sub(host) -i mail.terminalweller.com
  use_backend mail-backend-pop3 if mail-host
frontend mail-pop3s
  bind *:995
  timeout client 60s
  mode tcp
  tcp-request inspect-delay 5s
  tcp-request content accept if { req.ssl_hello_type 1 }
  tcp-request content reject
  acl mail-host-s req.ssl_sni -i mail.terminaldweller.com
  use_backend mail-backend-pop3s if mail-host-s
frontend mail-smtp
  bind *:25
  timeout client 60s
  mode tcp
  tcp-request inspect-delay 5s
  tcp-request content accept if { req.ssl_hello_type 1 }
  tcp-request content reject
  acl mail-host req.ssl_sni -i mail.terminaldweller.com
  use_backend mail-backend-smtp if mail-host
frontend mail-smtps
  bind *:465
  timeout client 60s
  mode tcp
  tcp-request inspect-delay 5s
  tcp-request content accept if { req.ssl_hello_type 1 }
  tcp-request content reject
  acl mail-host-s req.ssl_sni -i mail.terminaldweller.com
  use_backend mail-backend-smtps if mail-host-s
frontend mail-submission
  bind *:587
  timeout client 60s
  mode tcp
  tcp-request inspect-delay 5s
  tcp-request content accept if { req.ssl_hello_type 1 }
  tcp-request content reject
  acl mail-host-s req.ssl_sni -i mail.terminaldweller.com
  use_backend mail-backend-submission if mail-host-s

#Backends
backend certbot-backend
  mode http
  server nginx nginx:80 resolvers docker_resolver check init-addr none

backend blog-backend
  mode http
  option forwardfor
  server blog-host 192.99.102.52:9000 check
backend blog-backend-cert
  mode http
  option forwardfor
  server blog-host 192.99.102.52:80
backend blog-backend-s
  timeout server 60s
  timeout client 60s
  mode tcp
  option ssl-hello-chk
  server blog-host 192.99.102.52:9000 check

backend mail-backend
  mode http
  option forwardfor
  server mail-host 185.126.202.69:80
backend mail-backend-s
  timeout server 60s
  timeout client 60s
  mode tcp
  option ssl-hello-chk
  server mail-host 185.126.202.69:443 check
backend mail-backend-imap
  mode http
  option forwardfor
  server mail-host 185.126.202.69:143 check
backend mail-backend-imaps
  timeout server 60s
  timeout client 60s
  mode tcp
  option ssl-hello-chk
  server mail-host 185.126.202.69:993 check
backend mail-backend-pop3
  mode http
  option forwardfor
  server mail-host 185.126.202.69:110 check
backend mail-backend-pop3s
  timeout server 60s
  timeout client 60s
  mode tcp
  option ssl-hello-chk
  server mail-host 185.126.202.69:995 check
backend mail-backend-smtp
  timeout server 60s
  timeout client 60s
  mode tcp
  option ssl-hello-chk
  server mail-host 185.126.202.69:25 check
backend mail-backend-smtps
  timeout server 60s
  timeout client 60s
  mode tcp
  option ssl-hello-chk
  server mail-host 185.126.202.69:465 check
backend mail-backend-submission
  timeout server 60s
  timeout client 60s
  mode tcp
  option ssl-hello-chk
  server mail-host 185.126.202.69:587

backend api-backend
  mode http
  option forwardfor
  server api-host 192.99.102.52:8008 check
backend api-backend-s
  timeout server 60s
  timeout client 60s
  mode tcp
  option ssl-hello-chk
  server api-host 192.99.102.52:8008
backend api-backend-cert
  mode http
  option forwardfor
  server api-host 192.99.102.52:80

backend chat-backend-admin
  mode http
  server chat-host 130.185.121.80:5280 check
backend chat-backend-s
  timeout server 60s
  timeout client 60s
  mode tcp
  option ssl-hello-chk
  server chat-host 130.185.121.80:5443
backend chat-backend-c2s
  timeout server 60s
  timeout client 60s
  mode tcp
  option ssl-hello-chk
  server chat-host 130.185.121.80:5222
backend chat-cert-backend
  mode http
  server chat-cert-server 130.185.121.80:80