path: root/terminaldweller.com/haproxy/haproxy.cfg

global
  log 127.0.0.1 local0
  ssl-default-bind-ciphers kEECDH+aRSA+AES:kRSA+AES:+AES256:RC4-SHA:!kEDH:!LOW:!EXP:!MD5:!aNULL:!eNULL

defaults
  timeout connect 5000ms
  timeout client 50000ms
  timeout server 50000ms
  mode tcp
  option tcplog
  option dontlognull

resolvers docker_resolver
  nameserver dns 127.0.0.11:53

#Frontends
frontend front
  bind *:80
  bind *:443
  mode tcp
  timeout client 60s
  #ACLs
  acl letsencrypt-acl path_beg /.well-known/acme-challenge/
  acl blog-host hdr_sub(host) -i blog.terminaldweller.com
  acl mail-host hdr_sub(host) -i mail.terminaldweller.com
  acl mail-host-s req.ssl_sni -i mail.terminaldweller.com
  acl api-host hdr_sub(host) -i api.terminaldweller.com
  acl chat-host hdr_sub(host) -i chat.terminaldweller.com
  acl chat-host-s req.ssl_sni -i chat.terminaldweller.com
  #Consitions
  use_backend certbot-backend if letsencrypt-acl
  use_backend blog-backend if blog-host
  use_backend mail-backend if mail-host
  use_backend mail-backend-s if mail-host-s
  use_backend api-backend if api-host
  use_backend chat-backend-s if chat-host-s
  default_backend blog-backend

#Backends
backend certbot-backend
  server nginx nginx:80 resolvers docker_resolver check init-addr none

backend blog-backend
  mode http
  option forwardfor
  server blog-host 192.99.102.52:9000 check

backend mail-backend
  mode http
  option forwardfor
  server mail-host 185.126.202.69:80 check

backend mail-backend-s
  timeout server 60s
  timeout client 60s
  mode tcp
  option forwardfor
  option ssl-hello-chk
  server mail-host-s 185.126.202.69:443 check

backend api-backend
  mode http
  option forwardfor
  server api-host 192.99.102.52:8008 check

backend chat-backend
  mode http
  option forwardfor
  server chat-host 87.236.209.206:5280 check

backend chat-backend-s
  timeout server 60s
  timeout client 60s
  mode tcp
  option forwardfor
  option ssl-hello-chk
  server chat-host-s 87.236.209.206:5280 check