bingen
/
rpi_docker_home_server
Bevaka 1
Stjärnmärk 0
Förgrening 0
Kod Ärenden 0 Pull-förfrågningar 0 Släpp 0 Wiki Aktiviteter
Du kan inte välja fler än 25 ämnen Ämnen måste starta med en bokstav eller siffra, kan innehålla bindestreck ('-') och vara max 35 tecken långa.
97 Incheckningar
6 Grenar
Träd: d08436827d
Grenar Taggar
${ item.name }
Skapa branchen ${ searchTerm }
från 'd08436827d'
${ noResults }
rpi_docker_home_server/images/haproxy/haproxy.cfg

96 lines
2.9KB
Blame Historik 

  1. global

  2.     maxconn 4096

  3.     #tune.ssl.default-dh-param 2048

  4. 

  5. defaults

  6.     mode http

  7.     timeout connect 5000ms

  8.     timeout client 50000ms

  9.     timeout server 50000ms

  10.     #log global

  11.     #log 127.0.0.1 local0 debug

  12.     #option tcplog

  13. 

  14. # https://www.haproxy.com/blog/how-to-get-ssl-with-haproxy-getting-rid-of-stunnel-stud-nginx-or-pound/

  15. frontend https-in

  16.     mode http

  17.     #bind *:443 ssl crt /etc/letsencrypt/haproxy/${NEXTCLOUD_URL}.pem crt /etc/letsencrypt/haproxy/${GITEA_URL}.pem

  18.     bind *:443 ssl ${HAPROXY_CERTS}

  19. 

  20.     acl letsencrypt-acl path_beg /.well-known/acme-challenge/

  21.     #acl nextcloud-acl ssl_fc_sni ${NEXTCLOUD_URL}

  22.     #acl gitea-acl ssl_fc_sni ${GITEA_URL}

  23.     acl nextcloud-acl ssl_fc_sni_reg ^${NEXTCLOUD_SERVER_NAME}\.

  24.     acl gitea-acl ssl_fc_sni_reg ^${GITEA_SERVER_NAME}\.

  25.     acl blog1-acl ssl_fc_sni_reg ^${BLOG_1_SERVER_NAME}\.

  26.     acl hauk-acl ssl_fc_sni_reg ^${HAUK_SERVER_NAME}\.

  27. 

  28.     use_backend letsencrypt-backend if letsencrypt-acl

  29.     use_backend nextcloud if nextcloud-acl

  30.     use_backend gitea if gitea-acl

  31.     use_backend blog1 if blog1-acl

  32.     use_backend hauk if hauk-acl

  33. 

  34.     default_backend nextcloud

  35. 

  36. backend nextcloud

  37.     # http://cbonte.github.io/haproxy-dconv/1.5/configuration.html#option%20http-server-close

  38.     #option http-server-close

  39.     #option forwardfor

  40. 

  41.     #redirect http to https

  42.     #redirect scheme https if !{ ssl_fc }

  43. 

  44.     server nextcloud nextcloud:443 maxconn 32 check ssl verify none

  45. 

  46. backend gitea

  47.     #redirect http to https

  48.     #redirect scheme https if !{ ssl_fc }

  49. 

  50.     server gitea gitea:2443 maxconn 32 check ssl verify none

  51. 

  52. backend blog1

  53.     # https://forum.ghost.org/t/cant-get-full-site-ssl/12478/6

  54.     # https://blog.woodenstake.se/starting-a-blog-again/

  55.     option forwardfor

  56.     http-request set-header X-Forwarded-Port %[dst_port]

  57.     http-request add-header X-Forwarded-Proto https if { ssl_fc }

  58.     server blog1 blog1:2368 maxconn 32

  59. 

  60. backend hauk

  61.     server hauk hauk:80 maxconn 32

  62. 

  63. frontend http-in

  64.     bind *:80

  65.     acl letsencrypt-acl path_beg /.well-known/acme-challenge/

  66.     #acl is_nextcloud hdr_end(host) -i ${NEXTCLOUD_URL}

  67.     #acl is_gitea hdr_end(host) -i ${GITEA_URL}

  68.     acl is_nextcloud hdr_reg(host) ^${NEXTCLOUD_SERVER_NAME}\.

  69.     acl is_gitea hdr_reg(host) ^${GITEA_SERVER_NAME}\.

  70.     acl is_hauk hdr_reg(host) ^${HAUK_SERVER_NAME}\.

  71. 

  72.     use_backend letsencrypt-backend if letsencrypt-acl

  73.     use_backend nextcloud-insecure if is_nextcloud

  74.     use_backend gitea-insecure if is_gitea

  75.     use_backend hauk-insecure if is_hauk

  76.     default_backend pihole-insecure

  77. 

  78. backend nextcloud-insecure

  79.     server nextcloud nextcloud:80 maxconn 32

  80. 

  81. backend gitea-insecure

  82.     server gitea gitea:3000 maxconn 32

  83. 

  84. backend hauk-insecure

  85.     server hauk hauk:80 maxconn 32

  86. 

  87. backend pihole-insecure

  88.     server pihole pihole:80 maxconn 32

  89. 

  90. # LE Backend

  91. backend letsencrypt-backend

  92.     server letsencrypt 127.0.0.1:8888

  93. 

  94. #listen admin

  95. #    bind 127.0.0.1:8080

  96. #        stats enable