blob: 809456d52a810cefde7aa5aa186e993a77ff22f5 (
plain) (
blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
|
global
log 127.0.0.1 local0
ssl-default-bind-ciphers kEECDH+aRSA+AES:kRSA+AES:+AES256:RC4-SHA:!kEDH:!LOW:!EXP:!MD5:!aNULL:!eNULL
defaults
timeout connect 5000ms
timeout client 50000ms
timeout server 50000ms
mode tcp
option tcplog
option dontlognull
resolvers docker_resolver
nameserver dns 127.0.0.11:53
#Frontends
frontend http
bind *:80
mode http
#ACLs
acl letsencrypt-acl path_beg /.well-known/acme-challenge/
acl blog-host hdr_sub(host) -i blog.terminaldweller.com
acl mail-host hdr_sub(host) -i mail.terminaldweller.com
acl api-host hdr_sub(host) -i api.terminaldweller.com
acl chat-host hdr_sub(host) -i chat.terminaldweller.com
acl mila-api-acl url_beg /mila
acl crypto-api-acl url_beg /crypto
#Conditions
#use_backend chat-cert-backend if letsencrypt-acl chat-host
use_backend blog-backend-cert if letsencrypt-acl blog-host
use_backend api-crypto-backend-cert if letsencrypt-acl api-host crypto-api-acl
use_backend api-mila-backend-cert if letsencrypt-acl api-host mila-api-acl
use_backend certbot-backend if letsencrypt-acl !chat-host !blog-host !api-host
use_backend blog-backend if blog-host
use_backend mail-backend if mail-host
use_backend api-backend if api-host
#use_backend chat-backend if chat-host
default_backend blog-backend
frontend https
bind *:443
timeout client 60s
mode tcp
tcp-request inspect-delay 5s
tcp-request content accept if { req.ssl_hello_type 1 }
tcp-request content reject
#ACLs
acl mail-host-s req.ssl_sni -i mail.terminaldweller.com
#acl chat-host-s req.ssl_sni -i chat.terminaldweller.com
acl blog-host-s req.ssl_sni -i blog.terminaldweller.com
acl api-host-s req.ssl_sni -i api.terminaldweller.com
acl mila-api-host-s req.ssl_sni -i mila.terminaldweller.com
#Conditions
use_backend mail-backend-s if mail-host-s
#use_backend chat-backend-s if chat-host-s
use_backend blog-backend-s if blog-host-s
#use_backend api-crypto-backend-s if api-host-s crypto-api-acl
use_backend api-crypto-backend-s if api-host-s
use_backend api-mila-backend-s if mila-api-host-s
frontend jabber5222
bind *:5222
timeout client 60s
mode tcp
tcp-request inspect-delay 5s
tcp-request content accept if { req.ssl_hello_type 1 }
tcp-request content reject
acl chat-host-s req.ssl_sni -i chat.terminaldweller.com
use_backend chat-backend-c2s if chat-host-s
frontend jabber5280
bind *:5280
mode http
acl chat-host hdr_sub(host) -i chat.terminaldweller.com
use_backend chat-backend-admin if chat-host
frontend jabber5443
bind *:5443
timeout client 60s
mode tcp
tcp-request inspect-delay 5s
tcp-request content accept if { req.ssl_hello_type 1 }
tcp-request content reject
acl chat-host-s req.ssl_sni -i chat.terminaldweller.com
use_backend chat-backend-s if chat-host-s
frontend mail-imap
bind *:143
mode http
acl mail-host hdr_sub(host) -i mail.terminaldweller.com
use_backend mail-backend-imap if mail-host
frontend mail-imaps
bind *:993
timeout client 60s
mode tcp
tcp-request inspect-delay 5s
tcp-request content accept if { req.ssl_hello_type 1 }
tcp-request content reject
acl mail-host-s req.ssl_sni -i mail.terminaldweller.com
use_backend mail-backend-imaps if mail-host-s
frontend mail-pop3
bind *:110
mode http
acl mail-host hdr_sub(host) -i mail.terminalweller.com
use_backend mail-backend-pop3 if mail-host
frontend mail-pop3s
bind *:995
timeout client 60s
mode tcp
tcp-request inspect-delay 5s
tcp-request content accept if { req.ssl_hello_type 1 }
tcp-request content reject
acl mail-host-s req.ssl_sni -i mail.terminaldweller.com
use_backend mail-backend-pop3s if mail-host-s
frontend mail-smtp
bind *:25
timeout client 60s
mode tcp
tcp-request inspect-delay 5s
tcp-request content accept if { req.ssl_hello_type 1 }
tcp-request content reject
acl mail-host req.ssl_sni -i mail.terminaldweller.com
use_backend mail-backend-smtp if mail-host
frontend mail-smtps
bind *:465
timeout client 60s
mode tcp
tcp-request inspect-delay 5s
tcp-request content accept if { req.ssl_hello_type 1 }
tcp-request content reject
acl mail-host-s req.ssl_sni -i mail.terminaldweller.com
use_backend mail-backend-smtps if mail-host-s
frontend mail-submission
bind *:587
timeout client 60s
mode tcp
tcp-request inspect-delay 5s
tcp-request content accept if { req.ssl_hello_type 1 }
tcp-request content reject
acl mail-host-s req.ssl_sni -i mail.terminaldweller.com
use_backend mail-backend-submission if mail-host-s
#Backends
backend certbot-backend
mode http
server nginx nginx:80 resolvers docker_resolver check init-addr none
backend blog-backend
mode http
option forwardfor
server blog-host 192.99.102.52:9000 check
backend blog-backend-cert
mode http
option forwardfor
server blog-host 192.99.102.52:80
backend blog-backend-s
timeout server 60s
timeout client 60s
mode tcp
option ssl-hello-chk
server blog-host 192.99.102.52:9000 check
backend mail-backend
mode http
option forwardfor
server mail-host 185.126.202.69:80
backend mail-backend-s
timeout server 60s
timeout client 60s
mode tcp
option ssl-hello-chk
server mail-host 185.126.202.69:443 check
backend mail-backend-imap
mode http
option forwardfor
server mail-host 185.126.202.69:143 check
backend mail-backend-imaps
timeout server 60s
timeout client 60s
mode tcp
option ssl-hello-chk
server mail-host 185.126.202.69:993 check
backend mail-backend-pop3
mode http
option forwardfor
server mail-host 185.126.202.69:110 check
backend mail-backend-pop3s
timeout server 60s
timeout client 60s
mode tcp
option ssl-hello-chk
server mail-host 185.126.202.69:995 check
backend mail-backend-smtp
timeout server 60s
timeout client 60s
mode tcp
option ssl-hello-chk
server mail-host 185.126.202.69:25 check
backend mail-backend-smtps
timeout server 60s
timeout client 60s
mode tcp
option ssl-hello-chk
server mail-host 185.126.202.69:465 check
backend mail-backend-submission
timeout server 60s
timeout client 60s
mode tcp
option ssl-hello-chk
server mail-host 185.126.202.69:587
backend api-backend
mode http
option forwardfor
server api-host 192.99.102.52:8008 check
backend api-crypto-backend-s
timeout server 60s
timeout client 60s
mode tcp
option ssl-hello-chk
server api-host 192.99.102.52:8008
backend api-crypto-backend-cert
mode http
option forwardfor
server api-host 192.99.102.52:80
backend api-mila-backend-s
timeout server 60s
timeout client 60s
mode tcp
option ssl-hello-chk
server api-mila-host 130.185.121.80:19019
backend api-mila-backend-cert
mode http
option forwardfor
server api-mila-host 130.185.121.80
backend chat-backend-admin
mode http
server chat-host 130.185.121.80:5280 check
backend chat-backend-s
timeout server 60s
timeout client 60s
mode tcp
option ssl-hello-chk
server chat-host 130.185.121.80:5443
backend chat-backend-c2s
timeout server 60s
timeout client 60s
mode tcp
option ssl-hello-chk
server chat-host 130.185.121.80:5222
backend chat-cert-backend
mode http
server chat-cert-server 130.185.121.80:80
|
