From f4d9881d297cc132b8c5bd44de52b0e3b7ac73eb Mon Sep 17 00:00:00 2001 From: Benoit Date: Wed, 27 Nov 2024 22:12:21 +0900 Subject: [PATCH] Fix letsencrypt acls --- 03frontends.cfg | 12 ++++++++---- 1 file changed, 8 insertions(+), 4 deletions(-) diff --git a/03frontends.cfg b/03frontends.cfg index e773458..2788a4a 100644 --- a/03frontends.cfg +++ b/03frontends.cfg @@ -285,19 +285,25 @@ frontend frontend_default acl ZM src -f /etc/haproxy/country/ZM.txt acl ZW src -f /etc/haproxy/country/ZW.txt + # Let's Encrypt + acl letsencrypt path_beg /.well-known/acme-challenge/ + use_backend letsencrypt if letsencrypt + # Redirect www to non-www domains http-request redirect prefix https://%[hdr(host),regsub(^www\.,,i)] code 301 if { hdr_beg(host) -i www. } + # Mastodon # ACL to match requests for /.well-known/webfinger acl webfinger_request path_beg /.well-known/webfinger # ACL to check if the host is not mastodon.benoit.jp.net acl not_mastodon hdr(host) !mastodon.benoit.jp.net - # Redirect if it's a webfinger request and the host is not mastodon.benoit.jp.net http-request redirect location https://mastodon.benoit.jp.net%[capture.req.uri] if webfinger_request not_mastodon - acl letsencrypt path_beg /.well-known/acme-challenge/ + # Filtering + http-request deny if adguard !JP !SG !letsencrypt + # Everything else acl adguard hdr(host) -i adguard.benoit.jp.net acl archive hdr(host) -i blog.benpro.fr.archive.benoit.jp.net acl archive hdr(host) -i lekernelpanique.fr.archive.benoit.jp.net @@ -307,8 +313,6 @@ frontend frontend_default acl linkding hdr(host) -i linkding.benoit.jp.net acl mastodon hdr(host) -i mastodon.benoit.jp.net - http-request deny if adguard !JP !letsencrypt - use_backend adguard if adguard use_backend archive if archive use_backend forgejo if forgejo