nix-dotfiles/systems/palatine-hill/conf/haproxy.conf

global
#  stats socket /var/run/api.sock user haproxy group haproxy mode 660 level admin expose-fd listeners
 # log stdout format raw local0 info
  log stdout format raw local0
  crt-base /etc/ssl/certs/

defaults
  log global
  mode http
  timeout client 2000m
  timeout connect 200s
  timeout server 2000m
  timeout http-request 2000m

#Application Setup
frontend ContentSwitching
  bind *:80
 # bind *:443 ssl crt /etc/ssl/certs/cloudflare.pem
  bind *:443 ssl crt /ZFS/ZFS-primary/docker/haproxy/certs/origin_ca_ecc_root_new.pem
  mode  http
  option httplog

  # max-age is mandatory 
  # 16000000 seconds is a bit more than 6 months
  #http-response set-header Strict-Transport-Security "max-age=16000000; includeSubDomains; preload;"

  # Front-end acess control list
#  acl host_www hdr(host) -i www.alicehuston.xyz
#  acl host_www hdr(host) -i alicehuston.xyz
#  acl host_ldapui hdr(host) -i authui.alicehuston.xyz
  acl host_glances hdr(host) -i monit.alicehuston.xyz
  acl host_glances hdr(host) -i glances.alicehuston.xyz
#  acl host_netdata hdr(host) -i netdata.alicehuston.xyz
  #acl host_terraria hdr(host) -i terraria.alicehuston.xyz
  acl host_nextcloud hdr(host) -i nextcloud.alicehuston.xyz
  #acl host_nextcloud_vol hdr(host) -i nextcloud-vol.alicehuston.xyz
#  acl host_collabora hdr(host) -i collabora.alicehuston.xyz
  # Backend-forwarding
#  use_backend www_nodes if host_www
#  use_backend ldapui_nodes if host_ldapui
  use_backend glances_nodes if host_glances
#  use_backend netdata_nodes if host_netdata
 # use_backend terraria_nodes if host_terraria
  use_backend nextcloud_nodes if host_nextcloud
  #use_backend nextcloud_vol_nodes if host_nextcloud_vol
#  use_backend collabora_nodes if host_collabora

#frontend ldap
#  bind *:389
#  bind *:636 ssl crt /etc/ssl/certs/cloudflare.pem
#  mode tcp
#  option tcplog
#  acl host_ldap hdr(host) -i auth.alicehuston.xyz
#  use_backend ldap_nodes if host_ldap

backend nextcloud_nodes
  mode http
  server server 127.0.0.1:9999
  acl url_discovery path /.well-known/caldav /.well-known/carddav
  http-request redirect location /remote.php/dav/ code 301 if url_discovery
  acl h_xfh_exists req.hdr(X-Forwarded-Host) -m found
  http-request set-header X-Forwarded-Host %[req.hdr(host)] unless h_xfh_exists
  acl h_xfport_exists req.hdr(X-Forwarded-Port) -m found
  http-request set-header X-Forwarded-Port %[dst_port] unless h_xfport_exists
  acl h_xfproto_exists req.hdr(X-Forwarded-Proto) -m found
  http-request set-header X-Forwarded-Proto http if !{ ssl_fc } !h_xfproto_exists
  http-request set-header X-Forwarded-Proto https if { ssl_fc } !h_xfproto_exists

#backend nextcloud_nodes
#  mode http
#  server nxserver nextcloud:80
#  acl url_discovery path /.well-known/caldav /.well-known/carddav
#  http-request redirect location /remote.php/dav/ code 301 if url_discovery
#  http-request set-header X-Forwarded-Host %[req.hdr(Host)]

#backend nextcloud_vol_nodes
#  mode http
#  server server nextcloud-vol:80
#  acl url_discovery path /.well-known/caldav /.well-known/carddav
#  http-request redirect location /remote.php/dav/ code 301 if url_discovery
#  http-request set-header X-Forwarded-Host %[req.hdr(Host)]

#backend terraria_nodes
#  mode http
#  server server terraria:6526

#backend collabora_nodes
#  mode http
#  server server collabora:9980

#backend www_nodes
#  mode http
#  server server grafana:3000

#backend ldap_nodes
#  mode tcp
#  balance roundrobin
#  option ldap-check
#  server ldap1 192.168.76.2:1636 ssl ca-file /etc/ssl/certs/origin_ca_rsa_root.pem
#
#backend ldapui_nodes
#  mode http
#  server server 192.168.76.2:18081

backend glances_nodes
  mode http
  server server 127.0.0.1:61208

#backend netdata_nodes
#  mode http
#  server server 192.168.76.2:19999

# backend dnd_nodes
#   mode http
#   server server foundry:30000
#   acl host_www hdr(host) -i www.tmmworkshop.com


#frontend minecraft
#  mode tcp
#  bind :25565
#  default_backend router_nodes
  

#backend router_nodes
#   mode tcp
#   server s1 mc-router:25565
add system palatine-hill 2023-12-23 07:39:10 +01:00			`global`
			`# stats socket /var/run/api.sock user haproxy group haproxy mode 660 level admin expose-fd listeners`
			`# log stdout format raw local0 info`
			`log stdout format raw local0`
			`crt-base /etc/ssl/certs/`

			`defaults`
			`log global`
			`mode http`
			`timeout client 2000m`
			`timeout connect 200s`
			`timeout server 2000m`
			`timeout http-request 2000m`

			`#Application Setup`
			`frontend ContentSwitching`
			`bind *:80`
			`# bind *:443 ssl crt /etc/ssl/certs/cloudflare.pem`
			`bind *:443 ssl crt /ZFS/ZFS-primary/docker/haproxy/certs/origin_ca_ecc_root_new.pem`
			`mode http`
			`option httplog`

			`# max-age is mandatory`
			`# 16000000 seconds is a bit more than 6 months`
			`#http-response set-header Strict-Transport-Security "max-age=16000000; includeSubDomains; preload;"`

			`# Front-end acess control list`
			`# acl host_www hdr(host) -i www.alicehuston.xyz`
			`# acl host_www hdr(host) -i alicehuston.xyz`
			`# acl host_ldapui hdr(host) -i authui.alicehuston.xyz`
			`acl host_glances hdr(host) -i monit.alicehuston.xyz`
			`acl host_glances hdr(host) -i glances.alicehuston.xyz`
			`# acl host_netdata hdr(host) -i netdata.alicehuston.xyz`
			`#acl host_terraria hdr(host) -i terraria.alicehuston.xyz`
			`acl host_nextcloud hdr(host) -i nextcloud.alicehuston.xyz`
			`#acl host_nextcloud_vol hdr(host) -i nextcloud-vol.alicehuston.xyz`
			`# acl host_collabora hdr(host) -i collabora.alicehuston.xyz`
			`# Backend-forwarding`
			`# use_backend www_nodes if host_www`
			`# use_backend ldapui_nodes if host_ldapui`
			`use_backend glances_nodes if host_glances`
			`# use_backend netdata_nodes if host_netdata`
			`# use_backend terraria_nodes if host_terraria`
			`use_backend nextcloud_nodes if host_nextcloud`
			`#use_backend nextcloud_vol_nodes if host_nextcloud_vol`
			`# use_backend collabora_nodes if host_collabora`

			`#frontend ldap`
			`# bind *:389`
			`# bind *:636 ssl crt /etc/ssl/certs/cloudflare.pem`
			`# mode tcp`
			`# option tcplog`
			`# acl host_ldap hdr(host) -i auth.alicehuston.xyz`
			`# use_backend ldap_nodes if host_ldap`

			`backend nextcloud_nodes`
			`mode http`
			`server server 127.0.0.1:9999`
			`acl url_discovery path /.well-known/caldav /.well-known/carddav`
			`http-request redirect location /remote.php/dav/ code 301 if url_discovery`
			`acl h_xfh_exists req.hdr(X-Forwarded-Host) -m found`
			`http-request set-header X-Forwarded-Host %[req.hdr(host)] unless h_xfh_exists`
			`acl h_xfport_exists req.hdr(X-Forwarded-Port) -m found`
			`http-request set-header X-Forwarded-Port %[dst_port] unless h_xfport_exists`
			`acl h_xfproto_exists req.hdr(X-Forwarded-Proto) -m found`
			`http-request set-header X-Forwarded-Proto http if !{ ssl_fc } !h_xfproto_exists`
			`http-request set-header X-Forwarded-Proto https if { ssl_fc } !h_xfproto_exists`

			`#backend nextcloud_nodes`
			`# mode http`
			`# server nxserver nextcloud:80`
			`# acl url_discovery path /.well-known/caldav /.well-known/carddav`
			`# http-request redirect location /remote.php/dav/ code 301 if url_discovery`
			`# http-request set-header X-Forwarded-Host %[req.hdr(Host)]`

			`#backend nextcloud_vol_nodes`
			`# mode http`
			`# server server nextcloud-vol:80`
			`# acl url_discovery path /.well-known/caldav /.well-known/carddav`
			`# http-request redirect location /remote.php/dav/ code 301 if url_discovery`
			`# http-request set-header X-Forwarded-Host %[req.hdr(Host)]`

			`#backend terraria_nodes`
			`# mode http`
			`# server server terraria:6526`

			`#backend collabora_nodes`
			`# mode http`
			`# server server collabora:9980`

			`#backend www_nodes`
			`# mode http`
			`# server server grafana:3000`

			`#backend ldap_nodes`
			`# mode tcp`
			`# balance roundrobin`
			`# option ldap-check`
			`# server ldap1 192.168.76.2:1636 ssl ca-file /etc/ssl/certs/origin_ca_rsa_root.pem`
			`#`
			`#backend ldapui_nodes`
			`# mode http`
			`# server server 192.168.76.2:18081`

			`backend glances_nodes`
			`mode http`
			`server server 127.0.0.1:61208`

			`#backend netdata_nodes`
			`# mode http`
			`# server server 192.168.76.2:19999`

			`# backend dnd_nodes`
			`# mode http`
			`# server server foundry:30000`
			`# acl host_www hdr(host) -i www.tmmworkshop.com`


			`#frontend minecraft`
			`# mode tcp`
			`# bind :25565`
			`# default_backend router_nodes`


			`#backend router_nodes`
			`# mode tcp`
			`# server s1 mc-router:25565`