.github
.vscode
docs
hydra
keys
lib
modules
pkgs
systems
artemision
palatine-hill
attic
docker
archiveteam.nix
books.nix
default.nix
firefly.nix
foundry.nix
glances.nix
haproxy.cfg
haproxy.nix
minecraft.nix
nextcloud.nix
postgres.nix
restic.nix
torr.nix
unifi.nix
haproxy
configuration.nix
default.nix
gitea.nix
hardware-changes.nix
hardware.nix
hydra.nix
minio.nix
networking.nix
nextcloud.nix
secrets.yaml
vars.nix
zfs.nix
users
utils
.envrc
.gitconfig
.gitignore
.sops.yaml
CONTRIBUTING.md
README.md
checks.nix
flake.lock
flake.nix
shell.nix
statix.toml
treefmt.toml
194 lines
6.3 KiB
INI
Executable File
194 lines
6.3 KiB
INI
Executable File
global
|
|
# stats socket /var/run/api.sock user haproxy group haproxy mode 660 level admin expose-fd listeners
|
|
# log stdout format raw local0 info
|
|
log stdout format raw local0
|
|
crt-base /etc/ssl/certs/
|
|
maxconn 120000
|
|
|
|
defaults
|
|
log global
|
|
mode http
|
|
timeout client 2000m
|
|
timeout connect 200s
|
|
timeout server 2000m
|
|
timeout http-request 2000m
|
|
|
|
frontend stats # you can call this whatever you want
|
|
mode http
|
|
bind *:9000 # default port, but you can pick any port
|
|
stats enable # turns on stats module
|
|
stats refresh 10s # set auto-refresh rate
|
|
|
|
#Application Setup
|
|
frontend ContentSwitching
|
|
bind *:80
|
|
# bind *:443 ssl crt /etc/ssl/certs/cloudflare.pem
|
|
bind *:443 ssl crt /etc/ssl/certs/origin_ca_ecc_root_new.pem
|
|
mode http
|
|
option httplog
|
|
|
|
# max-age is mandatory
|
|
# 16000000 seconds is a bit more than 6 months
|
|
http-response set-header Strict-Transport-Security "max-age=16000000; includeSubDomains; preload;"
|
|
|
|
# Front-end acess control list
|
|
acl host_www hdr(host) -i www.alicehuston.xyz
|
|
acl host_www hdr(host) -i alicehuston.xyz
|
|
# acl host_ldapui hdr(host) -i authui.alicehuston.xyz
|
|
acl host_glances hdr(host) -i monit.alicehuston.xyz
|
|
acl host_glances hdr(host) -i glances.alicehuston.xyz
|
|
acl host_foundry hdr(host) -i dnd.alicehuston.xyz
|
|
# acl host_netdata hdr(host) -i netdata.alicehuston.xyz
|
|
#acl host_terraria hdr(host) -i terraria.alicehuston.xyz
|
|
acl host_nextcloud hdr(host) -i nextcloud.alicehuston.xyz
|
|
acl host_nextcloud hdr(host) -i nayeonie.com
|
|
acl host_hydra hdr(host) -i hydra.alicehuston.xyz
|
|
acl host_nix_serve hdr(host) -i cache.alicehuston.xyz
|
|
acl host_attic hdr(host) -i attic.alicehuston.xyz
|
|
acl host_nix_serve hdr(host) -i nixsrv.alicehuston.xyz
|
|
acl host_minio hdr(host) -i minio.alicehuston.xyz
|
|
acl host_minio_console hdr(host) -i minio-console.alicehuston.xyz
|
|
#acl host_nextcloud_vol hdr(host) -i nextcloud-vol.alicehuston.xyz
|
|
# acl host_collabora hdr(host) -i collabora.alicehuston.xyz
|
|
acl host_prometheus hdr(host) -i prom.alicehuston.xyz
|
|
# Backend-forwarding
|
|
use_backend www_nodes if host_www
|
|
# use_backend ldapui_nodes if host_ldapui
|
|
use_backend glances_nodes if host_glances
|
|
use_backend foundry_nodes if host_foundry
|
|
# use_backend netdata_nodes if host_netdata
|
|
# use_backend terraria_nodes if host_terraria
|
|
use_backend nextcloud_nodes if host_nextcloud
|
|
use_backend hydra_nodes if host_hydra
|
|
use_backend nix_serve_nodes if host_nix_serve
|
|
use_backend attic_nodes if host_attic
|
|
#use_backend nextcloud_vol_nodes if host_nextcloud_vol
|
|
# use_backend collabora_nodes if host_collabora
|
|
use_backend prometheus_nodes if host_prometheus
|
|
use_backend minio_nodes if host_minio
|
|
use_backend minio_console_nodes if host_minio_console
|
|
|
|
#frontend ldap
|
|
# bind *:389
|
|
# bind *:636 ssl crt /etc/ssl/certs/cloudflare.pem
|
|
# mode tcp
|
|
# option tcplog
|
|
# acl host_ldap hdr(host) -i auth.alicehuston.xyz
|
|
# use_backend ldap_nodes if host_ldap
|
|
|
|
backend nextcloud_nodes
|
|
mode http
|
|
server server nextcloud:80
|
|
acl url_discovery path /.well-known/caldav /.well-known/carddav
|
|
http-request redirect location /remote.php/dav/ code 301 if url_discovery
|
|
acl h_xfh_exists req.hdr(X-Forwarded-Host) -m found
|
|
http-request set-header X-Forwarded-Host %[req.hdr(host)] unless h_xfh_exists
|
|
acl h_xfport_exists req.hdr(X-Forwarded-Port) -m found
|
|
http-request set-header X-Forwarded-Port %[dst_port] unless h_xfport_exists
|
|
acl h_xfproto_exists req.hdr(X-Forwarded-Proto) -m found
|
|
http-request set-header X-Forwarded-Proto http if !{ ssl_fc } !h_xfproto_exists
|
|
http-request set-header X-Forwarded-Proto https if { ssl_fc } !h_xfproto_exists
|
|
|
|
#backend nextcloud_nodes
|
|
# mode http
|
|
# server nxserver nextcloud:80
|
|
# acl url_discovery path /.well-known/caldav /.well-known/carddav
|
|
# http-request redirect location /remote.php/dav/ code 301 if url_discovery
|
|
# http-request set-header X-Forwarded-Host %[req.hdr(Host)]
|
|
|
|
#backend nextcloud_vol_nodes
|
|
# mode http
|
|
# server server nextcloud-vol:80
|
|
# acl url_discovery path /.well-known/caldav /.well-known/carddav
|
|
# http-request redirect location /remote.php/dav/ code 301 if url_discovery
|
|
# acl h_xfh_exists req.hdr(X-Forwarded-Host) -m found
|
|
# http-request set-header X-Forwarded-Host %[req.hdr(host)] unless h_xfh_exists
|
|
# acl h_xfport_exists req.hdr(X-Forwarded-Port) -m found
|
|
# http-request set-header X-Forwarded-Port %[dst_port] unless h_xfport_exists
|
|
# acl h_xfproto_exists req.hdr(X-Forwarded-Proto) -m found
|
|
# http-request set-header X-Forwarded-Proto http if !{ ssl_fc } !h_xfproto_exists
|
|
# http-request set-header X-Forwarded-Proto https if { ssl_fc } !h_xfproto_exists
|
|
|
|
#backend terraria_nodes
|
|
# mode http
|
|
# server server terraria:6526
|
|
|
|
#backend collabora_nodes
|
|
# mode http
|
|
# server server collabora:9980
|
|
|
|
backend www_nodes
|
|
mode http
|
|
server server grafana:3000
|
|
|
|
backend minio_nodes
|
|
mode http
|
|
server server 192.168.76.2:8500
|
|
# acl h_xfh_exists req.hdr(X-Forwarded-Host) -m found
|
|
# http-request set-header X-Forwarded-Host %[req.hdr(host)] unless h_xfh_exists
|
|
# acl h_xfport_exists req.hdr(X-Forwarded-Port) -m found
|
|
# http-request set-header X-Forwarded-Port %[dst_port] unless h_xfport_exists
|
|
# acl h_xfproto_exists req.hdr(X-Forwarded-Proto) -m found
|
|
# http-request set-header X-Forwarded-Proto http if !{ ssl_fc } !h_xfproto_exists
|
|
# http-request set-header X-Forwarded-Proto https if { ssl_fc } !h_xfproto_exists
|
|
|
|
backend minio_console_nodes
|
|
mode http
|
|
server server 192.168.76.2:8501
|
|
|
|
backend foundry_nodes
|
|
timeout tunnel 50s
|
|
mode http
|
|
server server foundryvtt:30000
|
|
|
|
#backend ldap_nodes
|
|
# mode tcp
|
|
# balance roundrobin
|
|
# option ldap-check
|
|
# server ldap1 192.168.76.2:1636 ssl ca-file /etc/ssl/certs/origin_ca_rsa_root.pem
|
|
#
|
|
#backend ldapui_nodes
|
|
# mode http
|
|
# server server 192.168.76.2:18081
|
|
|
|
backend glances_nodes
|
|
mode http
|
|
server server glances:61208
|
|
|
|
backend hydra_nodes
|
|
mode http
|
|
server server 192.168.76.2:3000
|
|
|
|
backend nix_serve_nodes
|
|
mode http
|
|
server server 192.168.76.2:5000
|
|
|
|
backend attic_nodes
|
|
mode http
|
|
server server 192.168.76.2:8183
|
|
|
|
backend prometheus_nodes
|
|
mode http
|
|
server server 192.168.76.2:9001
|
|
|
|
#backend netdata_nodes
|
|
# mode http
|
|
# server server 192.168.76.2:19999
|
|
|
|
# backend dnd_nodes
|
|
# mode http
|
|
# server server foundry:30000
|
|
# acl host_www hdr(host) -i www.tmmworkshop.com
|
|
|
|
|
|
frontend minecraft
|
|
mode tcp
|
|
bind :25565
|
|
default_backend router_nodes
|
|
|
|
|
|
backend router_nodes
|
|
mode tcp
|
|
server s1 mc-router:25565
|
|
|