HAProxy/05backends.cfg

# Backends
backend default
  tcp-request content reject

backend letsencrypt
  server certbot 127.0.0.1:8899

backend laminar
  # set HSTS for one year after all responses
  http-response set-header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload"
  # add some Security headers
  http-response set-header X-Frame-Options "SAMEORIGIN"
  http-response set-header X-Content-Type-Options "nosniff"
  http-response set-header Referrer-Policy "strict-origin-when-cross-origin"
  http-response set-header Cross-Origin-Resource-Policy "cross-origin"
  http-response set-header Cache-Control max-age=31536000
  server laminar laminar.incus:8080 check

backend forgejo
  # set HSTS for one year after all responses
  http-response set-header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload"
  # add some Security headers
  http-response set-header X-Frame-Options "SAMEORIGIN"
  http-response set-header X-Content-Type-Options "nosniff"
  http-response set-header Referrer-Policy "strict-origin-when-cross-origin"
  http-response set-header Cross-Origin-Resource-Policy "same-origin"
  server forgejo forgejo.incus:3000 check

backend mastodon
  # set HSTS for one year after all responses
  http-response set-header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload"
  # add some Security headers
  http-response set-header X-Frame-Options "SAMEORIGIN"
  http-response set-header X-Content-Type-Options "nosniff"
  http-response set-header Referrer-Policy "strict-origin-when-cross-origin"
  http-response set-header Cross-Origin-Resource-Policy "same-origin"
  server mastodon mastodon2.incus:80 send-proxy check

backend linkding
  # set HSTS for one year after all responses
  http-response set-header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload"
  # add some Security headers
  http-response set-header X-Frame-Options "SAMEORIGIN"
  http-response set-header X-Content-Type-Options "nosniff"
  http-response set-header Referrer-Policy "strict-origin-when-cross-origin"
  http-response set-header Cross-Origin-Resource-Policy "same-origin"
  server linkding linkding.incus:9090 check

backend archive
  # set HSTS for one year after all responses
  http-response set-header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload"
  # add some Security headers
  http-response set-header X-Frame-Options "SAMEORIGIN"
  http-response set-header X-Content-Type-Options "nosniff"
  http-response set-header Referrer-Policy "strict-origin-when-cross-origin"
  http-response set-header Cross-Origin-Resource-Policy "same-origin"
  http-response set-header Cache-Control max-age=31536000
  server archive archive.incus:80 check

backend adguard
  # set HSTS for one year after all responses
  http-response set-header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload"
  # add some Security headers
  http-response set-header X-Frame-Options "SAMEORIGIN"
  http-response set-header X-Content-Type-Options "nosniff"
  http-response set-header Referrer-Policy "strict-origin-when-cross-origin"
  http-response set-header Cross-Origin-Resource-Policy "same-origin"
  server adguard adguard.incus:3000 check

backend vaultwarden
  # set HSTS for one year after all responses
  http-response set-header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload"
  # add some Security headers
  http-response set-header X-Frame-Options "SAMEORIGIN"
  http-response set-header X-Content-Type-Options "nosniff"
  http-response set-header Referrer-Policy "strict-origin-when-cross-origin"
  http-response set-header Cross-Origin-Resource-Policy "same-origin"
  server vaultwarden vaultwarden.incus:80 check

backend kanboard
  # set HSTS for one year after all responses
  http-response set-header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload"
  # add some Security headers
  http-response set-header X-Frame-Options "SAMEORIGIN"
  http-response set-header X-Content-Type-Options "nosniff"
  http-response set-header Referrer-Policy "strict-origin-when-cross-origin"
  http-response set-header Cross-Origin-Resource-Policy "same-origin"
  server kanboard kanboard.incus:80 check

backend photoprism
  # set HSTS for one year after all responses
  http-response set-header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload"
  # add some Security headers
  http-response set-header X-Frame-Options "SAMEORIGIN"
  http-response set-header X-Content-Type-Options "nosniff"
  http-response set-header Referrer-Policy "strict-origin-when-cross-origin"
  http-response set-header Cross-Origin-Resource-Policy "same-origin"
  server photoprism photoprism.incus:2342 check

backend miniflux
  # set HSTS for one year after all responses
  http-response set-header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload"
  # add some Security headers
  http-response set-header X-Frame-Options "SAMEORIGIN"
  http-response set-header X-Content-Type-Options "nosniff"
  http-response set-header Referrer-Policy "strict-origin-when-cross-origin"
  http-response set-header Cross-Origin-Resource-Policy "same-origin"
  server miniflux miniflux.incus:8080 check

backend www
  # set HSTS for one year after all responses
  http-response set-header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload"
  # add some Security headers
  http-response set-header X-Frame-Options "SAMEORIGIN"
  http-response set-header X-Content-Type-Options "nosniff"
  http-response set-header Referrer-Policy "strict-origin-when-cross-origin"
  http-response set-header Cross-Origin-Resource-Policy "same-origin"
  http-response set-header Cache-Control max-age=31536000
  server www www.incus:80 check

backend navidrome
  # set HSTS for one year after all responses
  http-response set-header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload"
  # add some Security headers
  http-response set-header X-Frame-Options "SAMEORIGIN"
  http-response set-header X-Content-Type-Options "nosniff"
  http-response set-header Referrer-Policy "strict-origin-when-cross-origin"
  http-response set-header Cross-Origin-Resource-Policy "same-origin"
  server navidrome navidrome.incus:4533 check
Import conf 2024-10-08 19:25:39 +09:00			`# Backends`
			`backend default`
			`tcp-request content reject`

			`backend letsencrypt`
			`server certbot 127.0.0.1:8899`

			`backend laminar`
			`# set HSTS for one year after all responses`
			`http-response set-header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload"`
			`# add some Security headers`
			`http-response set-header X-Frame-Options "SAMEORIGIN"`
			`http-response set-header X-Content-Type-Options "nosniff"`
			`http-response set-header Referrer-Policy "strict-origin-when-cross-origin"`
Laminar: allow cross-origin 2025-02-14 23:13:04 +09:00			`http-response set-header Cross-Origin-Resource-Policy "cross-origin"`
Add set-header Cache-Control 2025-02-14 23:24:44 +09:00			`http-response set-header Cache-Control max-age=31536000`
Import conf 2024-10-08 19:25:39 +09:00			`server laminar laminar.incus:8080 check`

			`backend forgejo`
			`# set HSTS for one year after all responses`
			`http-response set-header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload"`
			`# add some Security headers`
			`http-response set-header X-Frame-Options "SAMEORIGIN"`
			`http-response set-header X-Content-Type-Options "nosniff"`
			`http-response set-header Referrer-Policy "strict-origin-when-cross-origin"`
			`http-response set-header Cross-Origin-Resource-Policy "same-origin"`
Add mastodon 2024-10-11 20:09:51 +09:00			`server forgejo forgejo.incus:3000 check`

Fix backend name 2024-10-11 20:11:54 +09:00			`backend mastodon`
Add mastodon 2024-10-11 20:09:51 +09:00			`# set HSTS for one year after all responses`
			`http-response set-header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload"`
			`# add some Security headers`
			`http-response set-header X-Frame-Options "SAMEORIGIN"`
			`http-response set-header X-Content-Type-Options "nosniff"`
			`http-response set-header Referrer-Policy "strict-origin-when-cross-origin"`
			`http-response set-header Cross-Origin-Resource-Policy "same-origin"`
Use mastodon2 backend server 2025-01-20 21:11:27 +09:00			`server mastodon mastodon2.incus:80 send-proxy check`
Add Linkding 2024-11-14 21:38:15 +09:00
			`backend linkding`
			`# set HSTS for one year after all responses`
			`http-response set-header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload"`
			`# add some Security headers`
			`http-response set-header X-Frame-Options "SAMEORIGIN"`
			`http-response set-header X-Content-Type-Options "nosniff"`
			`http-response set-header Referrer-Policy "strict-origin-when-cross-origin"`
			`http-response set-header Cross-Origin-Resource-Policy "same-origin"`
			`server linkding linkding.incus:9090 check`
Add archive 2024-11-20 20:18:51 +09:00
			`backend archive`
			`# set HSTS for one year after all responses`
			`http-response set-header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload"`
			`# add some Security headers`
			`http-response set-header X-Frame-Options "SAMEORIGIN"`
			`http-response set-header X-Content-Type-Options "nosniff"`
			`http-response set-header Referrer-Policy "strict-origin-when-cross-origin"`
			`http-response set-header Cross-Origin-Resource-Policy "same-origin"`
Add set-header Cache-Control 2025-02-14 23:24:44 +09:00			`http-response set-header Cache-Control max-age=31536000`
Add archive 2024-11-20 20:18:51 +09:00			`server archive archive.incus:80 check`
Add adguard 2024-11-27 21:28:44 +09:00
			`backend adguard`
			`# set HSTS for one year after all responses`
			`http-response set-header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload"`
			`# add some Security headers`
			`http-response set-header X-Frame-Options "SAMEORIGIN"`
			`http-response set-header X-Content-Type-Options "nosniff"`
			`http-response set-header Referrer-Policy "strict-origin-when-cross-origin"`
			`http-response set-header Cross-Origin-Resource-Policy "same-origin"`
			`server adguard adguard.incus:3000 check`
Add vaultwarden 2025-02-11 15:27:53 +09:00
			`backend vaultwarden`
			`# set HSTS for one year after all responses`
			`http-response set-header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload"`
			`# add some Security headers`
			`http-response set-header X-Frame-Options "SAMEORIGIN"`
			`http-response set-header X-Content-Type-Options "nosniff"`
			`http-response set-header Referrer-Policy "strict-origin-when-cross-origin"`
			`http-response set-header Cross-Origin-Resource-Policy "same-origin"`
			`server vaultwarden vaultwarden.incus:80 check`
Add Kanboard 2025-02-11 18:05:28 +09:00
			`backend kanboard`
			`# set HSTS for one year after all responses`
			`http-response set-header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload"`
			`# add some Security headers`
			`http-response set-header X-Frame-Options "SAMEORIGIN"`
			`http-response set-header X-Content-Type-Options "nosniff"`
			`http-response set-header Referrer-Policy "strict-origin-when-cross-origin"`
			`http-response set-header Cross-Origin-Resource-Policy "same-origin"`
			`server kanboard kanboard.incus:80 check`
Add photoprism 2025-02-12 22:40:12 +09:00
			`backend photoprism`
			`# set HSTS for one year after all responses`
			`http-response set-header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload"`
			`# add some Security headers`
			`http-response set-header X-Frame-Options "SAMEORIGIN"`
			`http-response set-header X-Content-Type-Options "nosniff"`
			`http-response set-header Referrer-Policy "strict-origin-when-cross-origin"`
			`http-response set-header Cross-Origin-Resource-Policy "same-origin"`
			`server photoprism photoprism.incus:2342 check`
Add miniflux 2025-02-14 21:15:43 +09:00
			`backend miniflux`
			`# set HSTS for one year after all responses`
			`http-response set-header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload"`
			`# add some Security headers`
			`http-response set-header X-Frame-Options "SAMEORIGIN"`
			`http-response set-header X-Content-Type-Options "nosniff"`
			`http-response set-header Referrer-Policy "strict-origin-when-cross-origin"`
			`http-response set-header Cross-Origin-Resource-Policy "same-origin"`
			`server miniflux miniflux.incus:8080 check`
Add www 2025-02-14 22:36:42 +09:00
			`backend www`
			`# set HSTS for one year after all responses`
			`http-response set-header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload"`
			`# add some Security headers`
			`http-response set-header X-Frame-Options "SAMEORIGIN"`
			`http-response set-header X-Content-Type-Options "nosniff"`
			`http-response set-header Referrer-Policy "strict-origin-when-cross-origin"`
			`http-response set-header Cross-Origin-Resource-Policy "same-origin"`
Add set-header Cache-Control 2025-02-14 23:24:44 +09:00			`http-response set-header Cache-Control max-age=31536000`
Add www 2025-02-14 22:36:42 +09:00			`server www www.incus:80 check`
Add navidrome 2025-02-15 08:39:30 +09:00
			`backend navidrome`
			`# set HSTS for one year after all responses`
			`http-response set-header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload"`
			`# add some Security headers`
			`http-response set-header X-Frame-Options "SAMEORIGIN"`
			`http-response set-header X-Content-Type-Options "nosniff"`
			`http-response set-header Referrer-Policy "strict-origin-when-cross-origin"`
			`http-response set-header Cross-Origin-Resource-Policy "same-origin"`
			`server navidrome navidrome.incus:4533 check`