ahuston-0/nix-dotfiles
1
0
Fork 0
Code Issues Pull Requests 3 Actions Packages Projects Releases Wiki Activity
Files
8304da1ab309f22a9a99fa45fd1b389d8cff827f
nix-dotfiles/systems/palatine-hill/docker/haproxy.cfg
ahuston-0 6a6eddb517
Some checks failed
Check flake.lock / Check health of `flake.lock` (pull_request) Successful in 21s
Details
Check Nix formatting / Perform Nix format checks (pull_request) Successful in 2m37s
Details
Check Nix flake / Perform Nix flake checks (ubuntu-latest) (pull_request) Failing after 11m13s
Details
Check flake.lock / Check health of `flake.lock` (push) Successful in 18s
Details
Check Nix formatting / Perform Nix format checks (push) Successful in 2m48s
Details
Check Nix flake / Perform Nix flake checks (ubuntu-latest) (push) Failing after 11m35s
Details
move minio and attic to nayeonie.com 
Signed-off-by: ahuston-0 <aliceghuston@gmail.com>
2025-02-13 23:57:16 -05:00

208 lines
6.9 KiB
INI
Executable File
Raw Blame History

global
# stats socket /var/run/api.sock user haproxy group haproxy mode 660 level admin expose-fd listeners
# log stdout format raw local0 info
log stdout format raw local0
crt-base /etc/ssl/certs/
maxconn 120000
defaults
log global
mode http
timeout client 2000m
timeout connect 200s
timeout server 2000m
timeout http-request 2000m
frontend stats # you can call this whatever you want
mode http
bind *:9000 # default port, but you can pick any port
stats enable # turns on stats module
stats refresh 10s # set auto-refresh rate
#Application Setup
frontend ContentSwitching
bind *:80
# bind *:443 ssl crt /etc/ssl/certs/cloudflare.pem
bind *:443 ssl crt /etc/ssl/certs/origin_ca_ecc_root_new.pem crt /var/lib/acme/nayeonie.com/full.pem strict-sni
mode http
option httplog
# max-age is mandatory
# 16000000 seconds is a bit more than 6 months
http-response set-header Strict-Transport-Security "max-age=16000000; includeSubDomains; preload;"
# Front-end acess control list
http-request return status 200 content-type text/plain lf-string "%[path,field(-1,/)].${ACCOUNT_THUMBPRINT}\n" if { path_beg '/.well-known/acme-challenge/' }
# Front-end acess control list
acl host_www hdr(host) -i www.alicehuston.xyz
acl host_www hdr(host) -i alicehuston.xyz
# acl host_ldapui hdr(host) -i authui.alicehuston.xyz
acl host_glances hdr(host) -i monit.alicehuston.xyz
acl host_glances hdr(host) -i glances.alicehuston.xyz
# acl host_foundry hdr(host) -i dnd.alicehuston.xyz
# acl host_netdata hdr(host) -i netdata.alicehuston.xyz
#acl host_terraria hdr(host) -i terraria.alicehuston.xyz
acl host_nextcloud hdr(host) -i nextcloud.alicehuston.xyz
acl host_nextcloud hdr(host) -i nayeonie.com
acl host_hydra hdr(host) -i hydra.alicehuston.xyz
acl host_attic hdr(host) -i attic.alicehuston.xyz
acl host_minio hdr(host) -i minio.alicehuston.xyz
acl host_minio_console hdr(host) -i minio-console.alicehuston.xyz
acl host_attic hdr(host) -i attic.nayeonie.com
acl host_minio hdr(host) -i minio.nayeonie.com
acl host_minio_console hdr(host) -i minio-console.nayeonie.com
#acl host_nextcloud_vol hdr(host) -i nextcloud-vol.alicehuston.xyz
# acl host_collabora hdr(host) -i collabora.alicehuston.xyz
acl host_prometheus hdr(host) -i prom.alicehuston.xyz
acl host_gitea hdr(host) -i git.alicehuston.xyz
acl host_gitea hdr(host) -i nayeonie.com
# Backend-forwarding
use_backend www_nodes if host_www
# use_backend ldapui_nodes if host_ldapui
use_backend glances_nodes if host_glances
use_backend foundry_nodes if host_foundry
# use_backend netdata_nodes if host_netdata
# use_backend terraria_nodes if host_terraria
use_backend nextcloud_nodes if host_nextcloud
use_backend hydra_nodes if host_hydra
use_backend attic_nodes if host_attic
#use_backend nextcloud_vol_nodes if host_nextcloud_vol
# use_backend collabora_nodes if host_collabora
use_backend prometheus_nodes if host_prometheus
use_backend minio_nodes if host_minio
use_backend minio_console_nodes if host_minio_console
use_backend gitea_nodes if host_gitea
#frontend ldap
# bind *:389
# bind *:636 ssl crt /etc/ssl/certs/cloudflare.pem
# mode tcp
# option tcplog
# acl host_ldap hdr(host) -i auth.alicehuston.xyz
# use_backend ldap_nodes if host_ldap
backend nextcloud_nodes
mode http
server server nextcloud:80
acl url_discovery path /.well-known/caldav /.well-known/carddav
http-request redirect location /remote.php/dav/ code 301 if url_discovery
acl h_xfh_exists req.hdr(X-Forwarded-Host) -m found
http-request set-header X-Forwarded-Host %[req.hdr(host)] unless h_xfh_exists
acl h_xfport_exists req.hdr(X-Forwarded-Port) -m found
http-request set-header X-Forwarded-Port %[dst_port] unless h_xfport_exists
acl h_xfproto_exists req.hdr(X-Forwarded-Proto) -m found
http-request set-header X-Forwarded-Proto http if !{ ssl_fc } !h_xfproto_exists
http-request set-header X-Forwarded-Proto https if { ssl_fc } !h_xfproto_exists
#backend nextcloud_nodes
# mode http
# server nxserver nextcloud:80
# acl url_discovery path /.well-known/caldav /.well-known/carddav
# http-request redirect location /remote.php/dav/ code 301 if url_discovery
# http-request set-header X-Forwarded-Host %[req.hdr(Host)]
#backend nextcloud_vol_nodes
# mode http
# server server nextcloud-vol:80
# acl url_discovery path /.well-known/caldav /.well-known/carddav
# http-request redirect location /remote.php/dav/ code 301 if url_discovery
# acl h_xfh_exists req.hdr(X-Forwarded-Host) -m found
# http-request set-header X-Forwarded-Host %[req.hdr(host)] unless h_xfh_exists
# acl h_xfport_exists req.hdr(X-Forwarded-Port) -m found
# http-request set-header X-Forwarded-Port %[dst_port] unless h_xfport_exists
# acl h_xfproto_exists req.hdr(X-Forwarded-Proto) -m found
# http-request set-header X-Forwarded-Proto http if !{ ssl_fc } !h_xfproto_exists
# http-request set-header X-Forwarded-Proto https if { ssl_fc } !h_xfproto_exists
#backend terraria_nodes
# mode http
# server server terraria:6526
#backend collabora_nodes
# mode http
# server server collabora:9980
backend www_nodes
mode http
server server grafana:3000
backend minio_nodes
mode http
server server 192.168.76.2:8500
# acl h_xfh_exists req.hdr(X-Forwarded-Host) -m found
# http-request set-header X-Forwarded-Host %[req.hdr(host)] unless h_xfh_exists
# acl h_xfport_exists req.hdr(X-Forwarded-Port) -m found
# http-request set-header X-Forwarded-Port %[dst_port] unless h_xfport_exists
# acl h_xfproto_exists req.hdr(X-Forwarded-Proto) -m found
# http-request set-header X-Forwarded-Proto http if !{ ssl_fc } !h_xfproto_exists
# http-request set-header X-Forwarded-Proto https if { ssl_fc } !h_xfproto_exists
backend minio_console_nodes
mode http
server server 192.168.76.2:8501
# backend foundry_nodes
# timeout tunnel 50s
# mode http
# server server foundryvtt:30000
#backend ldap_nodes
# mode tcp
# balance roundrobin
# option ldap-check
# server ldap1 192.168.76.2:1636 ssl ca-file /etc/ssl/certs/origin_ca_rsa_root.pem
#
#backend ldapui_nodes
# mode http
# server server 192.168.76.2:18081
backend glances_nodes
mode http
server server glances:61208
backend hydra_nodes
mode http
server server 192.168.76.2:3000
backend attic_nodes
mode http
server server 192.168.76.2:8183
backend prometheus_nodes
mode http
server server 192.168.76.2:9001
backend gitea_nodes
mode http
server server 192.168.76.2:6443
#backend netdata_nodes
# mode http
# server server 192.168.76.2:19999
# backend dnd_nodes
# mode http
# server server foundry:30000
# acl host_www hdr(host) -i www.tmmworkshop.com
frontend giteassh
mode tcp
bind :2222
default_backend giteassh_nodes
backend giteassh_nodes
mode tcp
server s1 192.168.76.2:2223
frontend minecraft
mode tcp
bind :25565
default_backend router_nodes
backend router_nodes
mode tcp
server s1 mc-router:25565
Reference in New Issue View Git Blame Copy Permalink