Add resolvers
This commit is contained in:
parent
064b145bad
commit
667aa55136
SSH key fingerprint:
SHA256:kFsX94Kq6z/6CY0dX+7/FpAeJC0QlMhJVY+B7NYrOmA
1 changed files with 47 additions and 19 deletions
|
|
@ -1,3 +1,31 @@
|
|||
resolvers incus
|
||||
nameserver incus 10.10.10.1:53
|
||||
|
||||
# Maximum size of a DNS answer allowed, in bytes
|
||||
accepted_payload_size 512
|
||||
|
||||
# Whether to add nameservers found in /etc/resolv.conf
|
||||
parse-resolv-conf
|
||||
|
||||
# How long to "hold" a backend server's up/down status depending on the name resolution status.
|
||||
# For example, if an NXDOMAIN response is returned, keep the backend server in its current state (up) for
|
||||
# at least another 30 seconds before marking it as down due to DNS not having a record for it.
|
||||
hold valid 10s
|
||||
hold other 30s
|
||||
hold refused 30s
|
||||
hold nx 30s
|
||||
hold timeout 30s
|
||||
hold obsolete 30s
|
||||
|
||||
# How many times to retry a query
|
||||
resolve_retries 3
|
||||
|
||||
# How long to wait between retries when no valid response has been received
|
||||
timeout retry 1s
|
||||
|
||||
# How long to wait for a successful resolution
|
||||
timeout resolve 1s
|
||||
|
||||
# Backends
|
||||
backend default
|
||||
tcp-request content reject
|
||||
|
|
@ -14,7 +42,7 @@ backend laminar
|
|||
http-response set-header Referrer-Policy "strict-origin-when-cross-origin"
|
||||
http-response set-header Cross-Origin-Resource-Policy "cross-origin"
|
||||
http-response set-header Cache-Control max-age=31536000
|
||||
server laminar laminar.incus:8080 check
|
||||
server laminar laminar.incus:8080 check resolvers incus init-addr last,libc,none
|
||||
|
||||
backend forgejo
|
||||
# set HSTS for one year after all responses
|
||||
|
|
@ -24,7 +52,7 @@ backend forgejo
|
|||
http-response set-header X-Content-Type-Options "nosniff"
|
||||
http-response set-header Referrer-Policy "strict-origin-when-cross-origin"
|
||||
http-response set-header Cross-Origin-Resource-Policy "same-origin"
|
||||
server forgejo forgejo.incus:3000 check
|
||||
server forgejo forgejo.incus:3000 check resolvers incus init-addr last,libc,none
|
||||
|
||||
backend mastodon
|
||||
# set HSTS for one year after all responses
|
||||
|
|
@ -34,7 +62,7 @@ backend mastodon
|
|||
http-response set-header X-Content-Type-Options "nosniff"
|
||||
http-response set-header Referrer-Policy "strict-origin-when-cross-origin"
|
||||
http-response set-header Cross-Origin-Resource-Policy "same-origin"
|
||||
server mastodon mastodon2.incus:80 send-proxy check
|
||||
server mastodon mastodon2.incus:80 send-proxy check resolvers incus init-addr last,libc,none
|
||||
|
||||
backend linkding
|
||||
# set HSTS for one year after all responses
|
||||
|
|
@ -44,7 +72,7 @@ backend linkding
|
|||
http-response set-header X-Content-Type-Options "nosniff"
|
||||
http-response set-header Referrer-Policy "strict-origin-when-cross-origin"
|
||||
http-response set-header Cross-Origin-Resource-Policy "same-origin"
|
||||
server linkding linkding.incus:9090 check
|
||||
server linkding linkding.incus:9090 check resolvers incus init-addr last,libc,none
|
||||
|
||||
backend archive
|
||||
# set HSTS for one year after all responses
|
||||
|
|
@ -55,7 +83,7 @@ backend archive
|
|||
http-response set-header Referrer-Policy "strict-origin-when-cross-origin"
|
||||
http-response set-header Cross-Origin-Resource-Policy "same-origin"
|
||||
http-response set-header Cache-Control max-age=31536000
|
||||
server archive archive.incus:80 check
|
||||
server archive archive.incus:80 check resolvers incus init-addr last,libc,none
|
||||
|
||||
backend adguard
|
||||
# set HSTS for one year after all responses
|
||||
|
|
@ -65,7 +93,7 @@ backend adguard
|
|||
http-response set-header X-Content-Type-Options "nosniff"
|
||||
http-response set-header Referrer-Policy "strict-origin-when-cross-origin"
|
||||
http-response set-header Cross-Origin-Resource-Policy "same-origin"
|
||||
server adguard adguard.incus:443 check ssl verify none
|
||||
server adguard adguard.incus:443 check ssl verify none resolvers incus init-addr last,libc,none
|
||||
|
||||
backend vaultwarden
|
||||
# set HSTS for one year after all responses
|
||||
|
|
@ -75,7 +103,7 @@ backend vaultwarden
|
|||
http-response set-header X-Content-Type-Options "nosniff"
|
||||
http-response set-header Referrer-Policy "strict-origin-when-cross-origin"
|
||||
http-response set-header Cross-Origin-Resource-Policy "same-origin"
|
||||
server vaultwarden vaultwarden.incus:80 check
|
||||
server vaultwarden vaultwarden.incus:80 check resolvers incus init-addr last,libc,none
|
||||
|
||||
backend kanboard
|
||||
# set HSTS for one year after all responses
|
||||
|
|
@ -85,7 +113,7 @@ backend kanboard
|
|||
http-response set-header X-Content-Type-Options "nosniff"
|
||||
http-response set-header Referrer-Policy "strict-origin-when-cross-origin"
|
||||
http-response set-header Cross-Origin-Resource-Policy "same-origin"
|
||||
server kanboard kanboard.incus:80 check
|
||||
server kanboard kanboard.incus:80 check resolvers incus init-addr last,libc,none
|
||||
|
||||
backend photoprism
|
||||
# set HSTS for one year after all responses
|
||||
|
|
@ -95,7 +123,7 @@ backend photoprism
|
|||
http-response set-header X-Content-Type-Options "nosniff"
|
||||
http-response set-header Referrer-Policy "strict-origin-when-cross-origin"
|
||||
http-response set-header Cross-Origin-Resource-Policy "same-origin"
|
||||
server photoprism photoprism.incus:2342 check
|
||||
server photoprism photoprism.incus:2342 check resolvers incus init-addr last,libc,none
|
||||
|
||||
backend miniflux
|
||||
# set HSTS for one year after all responses
|
||||
|
|
@ -105,7 +133,7 @@ backend miniflux
|
|||
http-response set-header X-Content-Type-Options "nosniff"
|
||||
http-response set-header Referrer-Policy "strict-origin-when-cross-origin"
|
||||
http-response set-header Cross-Origin-Resource-Policy "same-origin"
|
||||
server miniflux miniflux.incus:8080 check
|
||||
server miniflux miniflux.incus:8080 check resolvers incus init-addr last,libc,none
|
||||
|
||||
backend www
|
||||
# set HSTS for one year after all responses
|
||||
|
|
@ -116,7 +144,7 @@ backend www
|
|||
http-response set-header Referrer-Policy "strict-origin-when-cross-origin"
|
||||
http-response set-header Cross-Origin-Resource-Policy "same-origin"
|
||||
http-response set-header Cache-Control max-age=31536000
|
||||
server www www.incus:80 check
|
||||
server www www.incus:80 check resolvers incus init-addr last,libc,none
|
||||
|
||||
backend navidrome
|
||||
# set HSTS for one year after all responses
|
||||
|
|
@ -126,7 +154,7 @@ backend navidrome
|
|||
http-response set-header X-Content-Type-Options "nosniff"
|
||||
http-response set-header Referrer-Policy "strict-origin-when-cross-origin"
|
||||
http-response set-header Cross-Origin-Resource-Policy "same-origin"
|
||||
server navidrome navidrome.incus:4533 check
|
||||
server navidrome navidrome.incus:4533 check resolvers incus init-addr last,libc,none
|
||||
|
||||
backend mailcow
|
||||
# set HSTS for one year after all responses
|
||||
|
|
@ -136,7 +164,7 @@ backend mailcow
|
|||
http-response set-header X-Content-Type-Options "nosniff"
|
||||
http-response set-header Referrer-Policy "strict-origin-when-cross-origin"
|
||||
http-response set-header Cross-Origin-Resource-Policy "same-origin"
|
||||
server mailcow mailcow.incus:80 check
|
||||
server mailcow mailcow.incus:80 check resolvers incus init-addr last,libc,none
|
||||
|
||||
backend beszel
|
||||
# set HSTS for one year after all responses
|
||||
|
|
@ -146,7 +174,7 @@ backend beszel
|
|||
http-response set-header X-Content-Type-Options "nosniff"
|
||||
http-response set-header Referrer-Policy "strict-origin-when-cross-origin"
|
||||
http-response set-header Cross-Origin-Resource-Policy "same-origin"
|
||||
server beszel beszel.incus:8090 check
|
||||
server beszel beszel.incus:8090 check resolvers incus init-addr last,libc,none
|
||||
|
||||
backend uptime-kuma
|
||||
# set HSTS for one year after all responses
|
||||
|
|
@ -156,24 +184,24 @@ backend uptime-kuma
|
|||
http-response set-header X-Content-Type-Options "nosniff"
|
||||
http-response set-header Referrer-Policy "strict-origin-when-cross-origin"
|
||||
http-response set-header Cross-Origin-Resource-Policy "cross-origin"
|
||||
server uptime-kuma mxmon:3001 check
|
||||
server uptime-kuma mxmon:3001 check resolvers incus init-addr last,libc,none
|
||||
|
||||
backend nefarious
|
||||
# set HSTS for one year after all responses
|
||||
http-response set-header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload"
|
||||
server nefarious nefarious.incus:8000 check
|
||||
server nefarious nefarious.incus:8000 check resolvers incus init-addr last,libc,none
|
||||
|
||||
backend nefarious-jackett
|
||||
# set HSTS for one year after all responses
|
||||
http-response set-header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload"
|
||||
server nefarious-jackett nefarious.incus:9117 check
|
||||
server nefarious-jackett nefarious.incus:9117 check resolvers incus init-addr last,libc,none
|
||||
|
||||
backend nefarious-transmission
|
||||
# set HSTS for one year after all responses
|
||||
http-response set-header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload"
|
||||
server nefarious-transmission nefarious.incus:9091 check
|
||||
server nefarious-transmission nefarious.incus:9091 check resolvers incus init-addr last,libc,none
|
||||
|
||||
backend jellyfin
|
||||
# set HSTS for one year after all responses
|
||||
http-response set-header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload"
|
||||
server jellyfin 10.10.10.97:8096 check
|
||||
server jellyfin jellyfin.incus:8096 check resolvers incus init-addr last,libc,none
|
||||
|
|
|
|||
Loading…
Add table
Reference in a new issue