Benoit/HAProxy
Benoit/HAProxy
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
HAProxy/05backends.cfg
Benoit 60486018ef
Use FQDN for mxmon
2025-02-21 19:54:48 +09:00

207 lines
10 KiB
INI
Raw Blame History

resolvers incus
nameserver incus 10.10.10.1:53
# Maximum size of a DNS answer allowed, in bytes
accepted_payload_size 512
# Whether to add nameservers found in /etc/resolv.conf
parse-resolv-conf
# How long to "hold" a backend server's up/down status depending on the name resolution status.
# For example, if an NXDOMAIN response is returned, keep the backend server in its current state (up) for
# at least another 30 seconds before marking it as down due to DNS not having a record for it.
hold valid 10s
hold other 30s
hold refused 30s
hold nx 30s
hold timeout 30s
hold obsolete 30s
# How many times to retry a query
resolve_retries 3
# How long to wait between retries when no valid response has been received
timeout retry 1s
# How long to wait for a successful resolution
timeout resolve 1s
# Backends
backend default
tcp-request content reject
backend letsencrypt
server certbot 127.0.0.1:8899
backend laminar
# set HSTS for one year after all responses
http-response set-header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload"
# add some Security headers
http-response set-header X-Frame-Options "SAMEORIGIN"
http-response set-header X-Content-Type-Options "nosniff"
http-response set-header Referrer-Policy "strict-origin-when-cross-origin"
http-response set-header Cross-Origin-Resource-Policy "cross-origin"
http-response set-header Cache-Control max-age=31536000
server laminar laminar.incus:8080 check resolvers incus init-addr last,libc,none
backend forgejo
# set HSTS for one year after all responses
http-response set-header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload"
# add some Security headers
http-response set-header X-Frame-Options "SAMEORIGIN"
http-response set-header X-Content-Type-Options "nosniff"
http-response set-header Referrer-Policy "strict-origin-when-cross-origin"
http-response set-header Cross-Origin-Resource-Policy "same-origin"
server forgejo forgejo.incus:3000 check resolvers incus init-addr last,libc,none
backend mastodon
# set HSTS for one year after all responses
http-response set-header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload"
# add some Security headers
http-response set-header X-Frame-Options "SAMEORIGIN"
http-response set-header X-Content-Type-Options "nosniff"
http-response set-header Referrer-Policy "strict-origin-when-cross-origin"
http-response set-header Cross-Origin-Resource-Policy "same-origin"
server mastodon mastodon2.incus:80 send-proxy check resolvers incus init-addr last,libc,none
backend linkding
# set HSTS for one year after all responses
http-response set-header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload"
# add some Security headers
http-response set-header X-Frame-Options "SAMEORIGIN"
http-response set-header X-Content-Type-Options "nosniff"
http-response set-header Referrer-Policy "strict-origin-when-cross-origin"
http-response set-header Cross-Origin-Resource-Policy "same-origin"
server linkding linkding.incus:9090 check resolvers incus init-addr last,libc,none
backend archive
# set HSTS for one year after all responses
http-response set-header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload"
# add some Security headers
http-response set-header X-Frame-Options "SAMEORIGIN"
http-response set-header X-Content-Type-Options "nosniff"
http-response set-header Referrer-Policy "strict-origin-when-cross-origin"
http-response set-header Cross-Origin-Resource-Policy "same-origin"
http-response set-header Cache-Control max-age=31536000
server archive archive.incus:80 check resolvers incus init-addr last,libc,none
backend adguard
# set HSTS for one year after all responses
http-response set-header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload"
# add some Security headers
http-response set-header X-Frame-Options "SAMEORIGIN"
http-response set-header X-Content-Type-Options "nosniff"
http-response set-header Referrer-Policy "strict-origin-when-cross-origin"
http-response set-header Cross-Origin-Resource-Policy "same-origin"
server adguard adguard.incus:443 check ssl verify none resolvers incus init-addr last,libc,none
backend vaultwarden
# set HSTS for one year after all responses
http-response set-header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload"
# add some Security headers
http-response set-header X-Frame-Options "SAMEORIGIN"
http-response set-header X-Content-Type-Options "nosniff"
http-response set-header Referrer-Policy "strict-origin-when-cross-origin"
http-response set-header Cross-Origin-Resource-Policy "same-origin"
server vaultwarden vaultwarden.incus:80 check resolvers incus init-addr last,libc,none
backend kanboard
# set HSTS for one year after all responses
http-response set-header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload"
# add some Security headers
http-response set-header X-Frame-Options "SAMEORIGIN"
http-response set-header X-Content-Type-Options "nosniff"
http-response set-header Referrer-Policy "strict-origin-when-cross-origin"
http-response set-header Cross-Origin-Resource-Policy "same-origin"
server kanboard kanboard.incus:80 check resolvers incus init-addr last,libc,none
backend photoprism
# set HSTS for one year after all responses
http-response set-header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload"
# add some Security headers
http-response set-header X-Frame-Options "SAMEORIGIN"
http-response set-header X-Content-Type-Options "nosniff"
http-response set-header Referrer-Policy "strict-origin-when-cross-origin"
http-response set-header Cross-Origin-Resource-Policy "same-origin"
server photoprism photoprism.incus:2342 check resolvers incus init-addr last,libc,none
backend miniflux
# set HSTS for one year after all responses
http-response set-header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload"
# add some Security headers
http-response set-header X-Frame-Options "SAMEORIGIN"
http-response set-header X-Content-Type-Options "nosniff"
http-response set-header Referrer-Policy "strict-origin-when-cross-origin"
http-response set-header Cross-Origin-Resource-Policy "same-origin"
server miniflux miniflux.incus:8080 check resolvers incus init-addr last,libc,none
backend www
# set HSTS for one year after all responses
http-response set-header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload"
# add some Security headers
http-response set-header X-Frame-Options "SAMEORIGIN"
http-response set-header X-Content-Type-Options "nosniff"
http-response set-header Referrer-Policy "strict-origin-when-cross-origin"
http-response set-header Cross-Origin-Resource-Policy "same-origin"
http-response set-header Cache-Control max-age=31536000
server www www.incus:80 check resolvers incus init-addr last,libc,none
backend navidrome
# set HSTS for one year after all responses
http-response set-header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload"
# add some Security headers
http-response set-header X-Frame-Options "SAMEORIGIN"
http-response set-header X-Content-Type-Options "nosniff"
http-response set-header Referrer-Policy "strict-origin-when-cross-origin"
http-response set-header Cross-Origin-Resource-Policy "same-origin"
server navidrome navidrome.incus:4533 check resolvers incus init-addr last,libc,none
backend mailcow
# set HSTS for one year after all responses
http-response set-header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload"
# add some Security headers
http-response set-header X-Frame-Options "SAMEORIGIN"
http-response set-header X-Content-Type-Options "nosniff"
http-response set-header Referrer-Policy "strict-origin-when-cross-origin"
http-response set-header Cross-Origin-Resource-Policy "same-origin"
server mailcow mailcow.incus:80 check resolvers incus init-addr last,libc,none
backend beszel
# set HSTS for one year after all responses
http-response set-header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload"
# add some Security headers
http-response set-header X-Frame-Options "SAMEORIGIN"
http-response set-header X-Content-Type-Options "nosniff"
http-response set-header Referrer-Policy "strict-origin-when-cross-origin"
http-response set-header Cross-Origin-Resource-Policy "same-origin"
server beszel beszel.incus:8090 check resolvers incus init-addr last,libc,none
backend uptime-kuma
# set HSTS for one year after all responses
http-response set-header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload"
# add some Security headers
http-response set-header X-Frame-Options "SAMEORIGIN"
http-response set-header X-Content-Type-Options "nosniff"
http-response set-header Referrer-Policy "strict-origin-when-cross-origin"
http-response set-header Cross-Origin-Resource-Policy "cross-origin"
server uptime-kuma mxmon.taile088c7.ts.net:3001 check resolvers incus init-addr last,libc,none
backend nefarious
# set HSTS for one year after all responses
http-response set-header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload"
server nefarious nefarious.incus:8000 check resolvers incus init-addr last,libc,none
backend nefarious-jackett
# set HSTS for one year after all responses
http-response set-header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload"
server nefarious-jackett nefarious.incus:9117 check resolvers incus init-addr last,libc,none
backend nefarious-transmission
# set HSTS for one year after all responses
http-response set-header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload"
server nefarious-transmission nefarious.incus:9091 check resolvers incus init-addr last,libc,none
backend jellyfin
# set HSTS for one year after all responses
http-response set-header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload"
server jellyfin jellyfin.incus:8096 check resolvers incus init-addr last,libc,none
Reference in a new issue View git blame Copy permalink