Benoit/HAProxy
Benoit/HAProxy
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Add resolvers

Browse source
This commit is contained in:
Benoit 2025-02-21 19:52:34 +09:00
parent 064b145bad
commit 667aa55136
Signed by: Benoit
SSH key fingerprint: SHA256:kFsX94Kq6z/6CY0dX+7/FpAeJC0QlMhJVY+B7NYrOmA
1 changed files with 47 additions and 19 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

66
05backends.cfg
View file

@ -1,3 +1,31 @@
resolvers incus
nameserver incus 10.10.10.1:53
# Maximum size of a DNS answer allowed, in bytes
accepted_payload_size 512
# Whether to add nameservers found in /etc/resolv.conf
parse-resolv-conf
# How long to "hold" a backend server's up/down status depending on the name resolution status.
# For example, if an NXDOMAIN response is returned, keep the backend server in its current state (up) for
# at least another 30 seconds before marking it as down due to DNS not having a record for it.
hold valid 10s
hold other 30s
hold refused 30s
hold nx 30s
hold timeout 30s
hold obsolete 30s
# How many times to retry a query
resolve_retries 3
# How long to wait between retries when no valid response has been received
timeout retry 1s
# How long to wait for a successful resolution
timeout resolve 1s
# Backends # Backends
backend default backend default
tcp-request content reject tcp-request content reject
@ -14,7 +42,7 @@ backend laminar
http-response set-header Referrer-Policy "strict-origin-when-cross-origin" http-response set-header Referrer-Policy "strict-origin-when-cross-origin"
http-response set-header Cross-Origin-Resource-Policy "cross-origin" http-response set-header Cross-Origin-Resource-Policy "cross-origin"
http-response set-header Cache-Control max-age=31536000 http-response set-header Cache-Control max-age=31536000
server laminar laminar.incus:8080 check server laminar laminar.incus:8080 check resolvers incus init-addr last,libc,none
backend forgejo backend forgejo
# set HSTS for one year after all responses # set HSTS for one year after all responses
@ -24,7 +52,7 @@ backend forgejo
http-response set-header X-Content-Type-Options "nosniff" http-response set-header X-Content-Type-Options "nosniff"
http-response set-header Referrer-Policy "strict-origin-when-cross-origin" http-response set-header Referrer-Policy "strict-origin-when-cross-origin"
http-response set-header Cross-Origin-Resource-Policy "same-origin" http-response set-header Cross-Origin-Resource-Policy "same-origin"
server forgejo forgejo.incus:3000 check server forgejo forgejo.incus:3000 check resolvers incus init-addr last,libc,none
backend mastodon backend mastodon
# set HSTS for one year after all responses # set HSTS for one year after all responses
@ -34,7 +62,7 @@ backend mastodon
http-response set-header X-Content-Type-Options "nosniff" http-response set-header X-Content-Type-Options "nosniff"
http-response set-header Referrer-Policy "strict-origin-when-cross-origin" http-response set-header Referrer-Policy "strict-origin-when-cross-origin"
http-response set-header Cross-Origin-Resource-Policy "same-origin" http-response set-header Cross-Origin-Resource-Policy "same-origin"
server mastodon mastodon2.incus:80 send-proxy check server mastodon mastodon2.incus:80 send-proxy check resolvers incus init-addr last,libc,none
backend linkding backend linkding
# set HSTS for one year after all responses # set HSTS for one year after all responses
@ -44,7 +72,7 @@ backend linkding
http-response set-header X-Content-Type-Options "nosniff" http-response set-header X-Content-Type-Options "nosniff"
http-response set-header Referrer-Policy "strict-origin-when-cross-origin" http-response set-header Referrer-Policy "strict-origin-when-cross-origin"
http-response set-header Cross-Origin-Resource-Policy "same-origin" http-response set-header Cross-Origin-Resource-Policy "same-origin"
server linkding linkding.incus:9090 check server linkding linkding.incus:9090 check resolvers incus init-addr last,libc,none
backend archive backend archive
# set HSTS for one year after all responses # set HSTS for one year after all responses
@ -55,7 +83,7 @@ backend archive
http-response set-header Referrer-Policy "strict-origin-when-cross-origin" http-response set-header Referrer-Policy "strict-origin-when-cross-origin"
http-response set-header Cross-Origin-Resource-Policy "same-origin" http-response set-header Cross-Origin-Resource-Policy "same-origin"
http-response set-header Cache-Control max-age=31536000 http-response set-header Cache-Control max-age=31536000
server archive archive.incus:80 check server archive archive.incus:80 check resolvers incus init-addr last,libc,none
backend adguard backend adguard
# set HSTS for one year after all responses # set HSTS for one year after all responses
@ -65,7 +93,7 @@ backend adguard
http-response set-header X-Content-Type-Options "nosniff" http-response set-header X-Content-Type-Options "nosniff"
http-response set-header Referrer-Policy "strict-origin-when-cross-origin" http-response set-header Referrer-Policy "strict-origin-when-cross-origin"
http-response set-header Cross-Origin-Resource-Policy "same-origin" http-response set-header Cross-Origin-Resource-Policy "same-origin"
server adguard adguard.incus:443 check ssl verify none server adguard adguard.incus:443 check ssl verify none resolvers incus init-addr last,libc,none
backend vaultwarden backend vaultwarden
# set HSTS for one year after all responses # set HSTS for one year after all responses
@ -75,7 +103,7 @@ backend vaultwarden
http-response set-header X-Content-Type-Options "nosniff" http-response set-header X-Content-Type-Options "nosniff"
http-response set-header Referrer-Policy "strict-origin-when-cross-origin" http-response set-header Referrer-Policy "strict-origin-when-cross-origin"
http-response set-header Cross-Origin-Resource-Policy "same-origin" http-response set-header Cross-Origin-Resource-Policy "same-origin"
server vaultwarden vaultwarden.incus:80 check server vaultwarden vaultwarden.incus:80 check resolvers incus init-addr last,libc,none
backend kanboard backend kanboard
# set HSTS for one year after all responses # set HSTS for one year after all responses
@ -85,7 +113,7 @@ backend kanboard
http-response set-header X-Content-Type-Options "nosniff" http-response set-header X-Content-Type-Options "nosniff"
http-response set-header Referrer-Policy "strict-origin-when-cross-origin" http-response set-header Referrer-Policy "strict-origin-when-cross-origin"
http-response set-header Cross-Origin-Resource-Policy "same-origin" http-response set-header Cross-Origin-Resource-Policy "same-origin"
server kanboard kanboard.incus:80 check server kanboard kanboard.incus:80 check resolvers incus init-addr last,libc,none
backend photoprism backend photoprism
# set HSTS for one year after all responses # set HSTS for one year after all responses
@ -95,7 +123,7 @@ backend photoprism
http-response set-header X-Content-Type-Options "nosniff" http-response set-header X-Content-Type-Options "nosniff"
http-response set-header Referrer-Policy "strict-origin-when-cross-origin" http-response set-header Referrer-Policy "strict-origin-when-cross-origin"
http-response set-header Cross-Origin-Resource-Policy "same-origin" http-response set-header Cross-Origin-Resource-Policy "same-origin"
server photoprism photoprism.incus:2342 check server photoprism photoprism.incus:2342 check resolvers incus init-addr last,libc,none
backend miniflux backend miniflux
# set HSTS for one year after all responses # set HSTS for one year after all responses
@ -105,7 +133,7 @@ backend miniflux
http-response set-header X-Content-Type-Options "nosniff" http-response set-header X-Content-Type-Options "nosniff"
http-response set-header Referrer-Policy "strict-origin-when-cross-origin" http-response set-header Referrer-Policy "strict-origin-when-cross-origin"
http-response set-header Cross-Origin-Resource-Policy "same-origin" http-response set-header Cross-Origin-Resource-Policy "same-origin"
server miniflux miniflux.incus:8080 check server miniflux miniflux.incus:8080 check resolvers incus init-addr last,libc,none
backend www backend www
# set HSTS for one year after all responses # set HSTS for one year after all responses
@ -116,7 +144,7 @@ backend www
http-response set-header Referrer-Policy "strict-origin-when-cross-origin" http-response set-header Referrer-Policy "strict-origin-when-cross-origin"
http-response set-header Cross-Origin-Resource-Policy "same-origin" http-response set-header Cross-Origin-Resource-Policy "same-origin"
http-response set-header Cache-Control max-age=31536000 http-response set-header Cache-Control max-age=31536000
server www www.incus:80 check server www www.incus:80 check resolvers incus init-addr last,libc,none
backend navidrome backend navidrome
# set HSTS for one year after all responses # set HSTS for one year after all responses
@ -126,7 +154,7 @@ backend navidrome
http-response set-header X-Content-Type-Options "nosniff" http-response set-header X-Content-Type-Options "nosniff"
http-response set-header Referrer-Policy "strict-origin-when-cross-origin" http-response set-header Referrer-Policy "strict-origin-when-cross-origin"
http-response set-header Cross-Origin-Resource-Policy "same-origin" http-response set-header Cross-Origin-Resource-Policy "same-origin"
server navidrome navidrome.incus:4533 check server navidrome navidrome.incus:4533 check resolvers incus init-addr last,libc,none
backend mailcow backend mailcow
# set HSTS for one year after all responses # set HSTS for one year after all responses
@ -136,7 +164,7 @@ backend mailcow
http-response set-header X-Content-Type-Options "nosniff" http-response set-header X-Content-Type-Options "nosniff"
http-response set-header Referrer-Policy "strict-origin-when-cross-origin" http-response set-header Referrer-Policy "strict-origin-when-cross-origin"
http-response set-header Cross-Origin-Resource-Policy "same-origin" http-response set-header Cross-Origin-Resource-Policy "same-origin"
server mailcow mailcow.incus:80 check server mailcow mailcow.incus:80 check resolvers incus init-addr last,libc,none
backend beszel backend beszel
# set HSTS for one year after all responses # set HSTS for one year after all responses
@ -146,7 +174,7 @@ backend beszel
http-response set-header X-Content-Type-Options "nosniff" http-response set-header X-Content-Type-Options "nosniff"
http-response set-header Referrer-Policy "strict-origin-when-cross-origin" http-response set-header Referrer-Policy "strict-origin-when-cross-origin"
http-response set-header Cross-Origin-Resource-Policy "same-origin" http-response set-header Cross-Origin-Resource-Policy "same-origin"
server beszel beszel.incus:8090 check server beszel beszel.incus:8090 check resolvers incus init-addr last,libc,none
backend uptime-kuma backend uptime-kuma
# set HSTS for one year after all responses # set HSTS for one year after all responses
@ -156,24 +184,24 @@ backend uptime-kuma
http-response set-header X-Content-Type-Options "nosniff" http-response set-header X-Content-Type-Options "nosniff"
http-response set-header Referrer-Policy "strict-origin-when-cross-origin" http-response set-header Referrer-Policy "strict-origin-when-cross-origin"
http-response set-header Cross-Origin-Resource-Policy "cross-origin" http-response set-header Cross-Origin-Resource-Policy "cross-origin"
server uptime-kuma mxmon:3001 check server uptime-kuma mxmon:3001 check resolvers incus init-addr last,libc,none
backend nefarious backend nefarious
# set HSTS for one year after all responses # set HSTS for one year after all responses
http-response set-header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" http-response set-header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload"
server nefarious nefarious.incus:8000 check server nefarious nefarious.incus:8000 check resolvers incus init-addr last,libc,none
backend nefarious-jackett backend nefarious-jackett
# set HSTS for one year after all responses # set HSTS for one year after all responses
http-response set-header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" http-response set-header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload"
server nefarious-jackett nefarious.incus:9117 check server nefarious-jackett nefarious.incus:9117 check resolvers incus init-addr last,libc,none
backend nefarious-transmission backend nefarious-transmission
# set HSTS for one year after all responses # set HSTS for one year after all responses
http-response set-header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" http-response set-header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload"
server nefarious-transmission nefarious.incus:9091 check server nefarious-transmission nefarious.incus:9091 check resolvers incus init-addr last,libc,none
backend jellyfin backend jellyfin
# set HSTS for one year after all responses # set HSTS for one year after all responses
http-response set-header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" http-response set-header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload"
server jellyfin 10.10.10.97:8096 check server jellyfin jellyfin.incus:8096 check resolvers incus init-addr last,libc,none