344 lines
14 KiB
INI
344 lines
14 KiB
INI
frontend stats
|
|
mode http
|
|
bind *:8404
|
|
stats enable
|
|
stats uri /stats
|
|
stats refresh 10s
|
|
stats admin if LOCALHOST
|
|
|
|
frontend frontend_default
|
|
bind :80 name http
|
|
bind :::80 name httpv6 v6only
|
|
# Sadly we can't use strict-sni because of Let's Encrypt challenge on https
|
|
bind :443 name https ssl crt /etc/haproxy/crt alpn h2,http/1.1
|
|
bind :::443 name httpsv6 v6only ssl crt /etc/haproxy/crt alpn h2,http/1.1
|
|
|
|
# silently ignore connect probes and pre-connect without request
|
|
option http-ignore-probes
|
|
|
|
# pass client's IP address to the server and prevent against attempts
|
|
# to inject bad contents
|
|
http-request del-header x-forwarded-for
|
|
option forwardfor
|
|
|
|
# enable HTTP compression of text contents
|
|
compression algo deflate gzip
|
|
compression type text/ application/javascript application/xhtml+xml image/x-icon
|
|
|
|
# enable HTTP caching of any cacheable content
|
|
http-request cache-use cache
|
|
http-response cache-store cache
|
|
|
|
# Redirect to HTTPS
|
|
http-request redirect scheme https unless { ssl_fc }
|
|
|
|
# ACLs
|
|
# ACL for country blocks
|
|
acl AD src -f /etc/haproxy/country/AD.txt
|
|
acl AE src -f /etc/haproxy/country/AE.txt
|
|
acl AF src -f /etc/haproxy/country/AF.txt
|
|
acl AG src -f /etc/haproxy/country/AG.txt
|
|
acl AI src -f /etc/haproxy/country/AI.txt
|
|
acl AL src -f /etc/haproxy/country/AL.txt
|
|
acl AM src -f /etc/haproxy/country/AM.txt
|
|
acl AO src -f /etc/haproxy/country/AO.txt
|
|
acl AQ src -f /etc/haproxy/country/AQ.txt
|
|
acl AR src -f /etc/haproxy/country/AR.txt
|
|
acl AS src -f /etc/haproxy/country/AS.txt
|
|
acl AT src -f /etc/haproxy/country/AT.txt
|
|
acl AU src -f /etc/haproxy/country/AU.txt
|
|
acl AW src -f /etc/haproxy/country/AW.txt
|
|
acl AX src -f /etc/haproxy/country/AX.txt
|
|
acl AZ src -f /etc/haproxy/country/AZ.txt
|
|
acl BA src -f /etc/haproxy/country/BA.txt
|
|
acl BB src -f /etc/haproxy/country/BB.txt
|
|
acl BD src -f /etc/haproxy/country/BD.txt
|
|
acl BE src -f /etc/haproxy/country/BE.txt
|
|
acl BF src -f /etc/haproxy/country/BF.txt
|
|
acl BG src -f /etc/haproxy/country/BG.txt
|
|
acl BH src -f /etc/haproxy/country/BH.txt
|
|
acl BI src -f /etc/haproxy/country/BI.txt
|
|
acl BJ src -f /etc/haproxy/country/BJ.txt
|
|
acl BL src -f /etc/haproxy/country/BL.txt
|
|
acl BM src -f /etc/haproxy/country/BM.txt
|
|
acl BN src -f /etc/haproxy/country/BN.txt
|
|
acl BO src -f /etc/haproxy/country/BO.txt
|
|
acl BQ src -f /etc/haproxy/country/BQ.txt
|
|
acl BR src -f /etc/haproxy/country/BR.txt
|
|
acl BS src -f /etc/haproxy/country/BS.txt
|
|
acl BT src -f /etc/haproxy/country/BT.txt
|
|
acl BV src -f /etc/haproxy/country/BV.txt
|
|
acl BW src -f /etc/haproxy/country/BW.txt
|
|
acl BY src -f /etc/haproxy/country/BY.txt
|
|
acl BZ src -f /etc/haproxy/country/BZ.txt
|
|
acl CA src -f /etc/haproxy/country/CA.txt
|
|
acl CC src -f /etc/haproxy/country/CC.txt
|
|
acl CD src -f /etc/haproxy/country/CD.txt
|
|
acl CF src -f /etc/haproxy/country/CF.txt
|
|
acl CG src -f /etc/haproxy/country/CG.txt
|
|
acl CH src -f /etc/haproxy/country/CH.txt
|
|
acl CI src -f /etc/haproxy/country/CI.txt
|
|
acl CK src -f /etc/haproxy/country/CK.txt
|
|
acl CL src -f /etc/haproxy/country/CL.txt
|
|
acl CM src -f /etc/haproxy/country/CM.txt
|
|
acl CN src -f /etc/haproxy/country/CN.txt
|
|
acl CO src -f /etc/haproxy/country/CO.txt
|
|
acl CR src -f /etc/haproxy/country/CR.txt
|
|
acl CU src -f /etc/haproxy/country/CU.txt
|
|
acl CV src -f /etc/haproxy/country/CV.txt
|
|
acl CW src -f /etc/haproxy/country/CW.txt
|
|
acl CX src -f /etc/haproxy/country/CX.txt
|
|
acl CY src -f /etc/haproxy/country/CY.txt
|
|
acl CZ src -f /etc/haproxy/country/CZ.txt
|
|
acl DE src -f /etc/haproxy/country/DE.txt
|
|
acl DJ src -f /etc/haproxy/country/DJ.txt
|
|
acl DK src -f /etc/haproxy/country/DK.txt
|
|
acl DM src -f /etc/haproxy/country/DM.txt
|
|
acl DO src -f /etc/haproxy/country/DO.txt
|
|
acl DZ src -f /etc/haproxy/country/DZ.txt
|
|
acl EC src -f /etc/haproxy/country/EC.txt
|
|
acl EE src -f /etc/haproxy/country/EE.txt
|
|
acl EG src -f /etc/haproxy/country/EG.txt
|
|
acl EH src -f /etc/haproxy/country/EH.txt
|
|
acl ER src -f /etc/haproxy/country/ER.txt
|
|
acl ES src -f /etc/haproxy/country/ES.txt
|
|
acl ET src -f /etc/haproxy/country/ET.txt
|
|
acl FI src -f /etc/haproxy/country/FI.txt
|
|
acl FJ src -f /etc/haproxy/country/FJ.txt
|
|
acl FK src -f /etc/haproxy/country/FK.txt
|
|
acl FM src -f /etc/haproxy/country/FM.txt
|
|
acl FO src -f /etc/haproxy/country/FO.txt
|
|
acl FR src -f /etc/haproxy/country/FR.txt
|
|
acl GA src -f /etc/haproxy/country/GA.txt
|
|
acl GB src -f /etc/haproxy/country/GB.txt
|
|
acl GD src -f /etc/haproxy/country/GD.txt
|
|
acl GE src -f /etc/haproxy/country/GE.txt
|
|
acl GF src -f /etc/haproxy/country/GF.txt
|
|
acl GG src -f /etc/haproxy/country/GG.txt
|
|
acl GH src -f /etc/haproxy/country/GH.txt
|
|
acl GI src -f /etc/haproxy/country/GI.txt
|
|
acl GL src -f /etc/haproxy/country/GL.txt
|
|
acl GM src -f /etc/haproxy/country/GM.txt
|
|
acl GN src -f /etc/haproxy/country/GN.txt
|
|
acl GP src -f /etc/haproxy/country/GP.txt
|
|
acl GQ src -f /etc/haproxy/country/GQ.txt
|
|
acl GR src -f /etc/haproxy/country/GR.txt
|
|
acl GS src -f /etc/haproxy/country/GS.txt
|
|
acl GT src -f /etc/haproxy/country/GT.txt
|
|
acl GU src -f /etc/haproxy/country/GU.txt
|
|
acl GW src -f /etc/haproxy/country/GW.txt
|
|
acl GY src -f /etc/haproxy/country/GY.txt
|
|
acl HK src -f /etc/haproxy/country/HK.txt
|
|
acl HM src -f /etc/haproxy/country/HM.txt
|
|
acl HN src -f /etc/haproxy/country/HN.txt
|
|
acl HR src -f /etc/haproxy/country/HR.txt
|
|
acl HT src -f /etc/haproxy/country/HT.txt
|
|
acl HU src -f /etc/haproxy/country/HU.txt
|
|
acl ID src -f /etc/haproxy/country/ID.txt
|
|
acl IE src -f /etc/haproxy/country/IE.txt
|
|
acl IL src -f /etc/haproxy/country/IL.txt
|
|
acl IM src -f /etc/haproxy/country/IM.txt
|
|
acl IN src -f /etc/haproxy/country/IN.txt
|
|
acl IO src -f /etc/haproxy/country/IO.txt
|
|
acl IQ src -f /etc/haproxy/country/IQ.txt
|
|
acl IR src -f /etc/haproxy/country/IR.txt
|
|
acl IS src -f /etc/haproxy/country/IS.txt
|
|
acl IT src -f /etc/haproxy/country/IT.txt
|
|
acl JE src -f /etc/haproxy/country/JE.txt
|
|
acl JM src -f /etc/haproxy/country/JM.txt
|
|
acl JO src -f /etc/haproxy/country/JO.txt
|
|
acl JP src -f /etc/haproxy/country/JP.txt
|
|
acl KE src -f /etc/haproxy/country/KE.txt
|
|
acl KG src -f /etc/haproxy/country/KG.txt
|
|
acl KH src -f /etc/haproxy/country/KH.txt
|
|
acl KI src -f /etc/haproxy/country/KI.txt
|
|
acl KM src -f /etc/haproxy/country/KM.txt
|
|
acl KN src -f /etc/haproxy/country/KN.txt
|
|
acl KP src -f /etc/haproxy/country/KP.txt
|
|
acl KR src -f /etc/haproxy/country/KR.txt
|
|
acl KW src -f /etc/haproxy/country/KW.txt
|
|
acl KY src -f /etc/haproxy/country/KY.txt
|
|
acl KZ src -f /etc/haproxy/country/KZ.txt
|
|
acl LA src -f /etc/haproxy/country/LA.txt
|
|
acl LB src -f /etc/haproxy/country/LB.txt
|
|
acl LC src -f /etc/haproxy/country/LC.txt
|
|
acl LI src -f /etc/haproxy/country/LI.txt
|
|
acl LK src -f /etc/haproxy/country/LK.txt
|
|
acl LR src -f /etc/haproxy/country/LR.txt
|
|
acl LS src -f /etc/haproxy/country/LS.txt
|
|
acl LT src -f /etc/haproxy/country/LT.txt
|
|
acl LU src -f /etc/haproxy/country/LU.txt
|
|
acl LV src -f /etc/haproxy/country/LV.txt
|
|
acl LY src -f /etc/haproxy/country/LY.txt
|
|
acl MA src -f /etc/haproxy/country/MA.txt
|
|
acl MC src -f /etc/haproxy/country/MC.txt
|
|
acl MD src -f /etc/haproxy/country/MD.txt
|
|
acl ME src -f /etc/haproxy/country/ME.txt
|
|
acl MF src -f /etc/haproxy/country/MF.txt
|
|
acl MG src -f /etc/haproxy/country/MG.txt
|
|
acl MH src -f /etc/haproxy/country/MH.txt
|
|
acl MK src -f /etc/haproxy/country/MK.txt
|
|
acl ML src -f /etc/haproxy/country/ML.txt
|
|
acl MM src -f /etc/haproxy/country/MM.txt
|
|
acl MN src -f /etc/haproxy/country/MN.txt
|
|
acl MO src -f /etc/haproxy/country/MO.txt
|
|
acl MP src -f /etc/haproxy/country/MP.txt
|
|
acl MQ src -f /etc/haproxy/country/MQ.txt
|
|
acl MR src -f /etc/haproxy/country/MR.txt
|
|
acl MS src -f /etc/haproxy/country/MS.txt
|
|
acl MT src -f /etc/haproxy/country/MT.txt
|
|
acl MU src -f /etc/haproxy/country/MU.txt
|
|
acl MV src -f /etc/haproxy/country/MV.txt
|
|
acl MW src -f /etc/haproxy/country/MW.txt
|
|
acl MX src -f /etc/haproxy/country/MX.txt
|
|
acl MY src -f /etc/haproxy/country/MY.txt
|
|
acl MZ src -f /etc/haproxy/country/MZ.txt
|
|
acl NA src -f /etc/haproxy/country/NA.txt
|
|
acl NC src -f /etc/haproxy/country/NC.txt
|
|
acl NE src -f /etc/haproxy/country/NE.txt
|
|
acl NF src -f /etc/haproxy/country/NF.txt
|
|
acl NG src -f /etc/haproxy/country/NG.txt
|
|
acl NI src -f /etc/haproxy/country/NI.txt
|
|
acl NL src -f /etc/haproxy/country/NL.txt
|
|
acl NO src -f /etc/haproxy/country/NO.txt
|
|
acl NP src -f /etc/haproxy/country/NP.txt
|
|
acl NR src -f /etc/haproxy/country/NR.txt
|
|
acl NU src -f /etc/haproxy/country/NU.txt
|
|
acl NZ src -f /etc/haproxy/country/NZ.txt
|
|
acl OM src -f /etc/haproxy/country/OM.txt
|
|
acl PA src -f /etc/haproxy/country/PA.txt
|
|
acl PE src -f /etc/haproxy/country/PE.txt
|
|
acl PF src -f /etc/haproxy/country/PF.txt
|
|
acl PG src -f /etc/haproxy/country/PG.txt
|
|
acl PH src -f /etc/haproxy/country/PH.txt
|
|
acl PK src -f /etc/haproxy/country/PK.txt
|
|
acl PL src -f /etc/haproxy/country/PL.txt
|
|
acl PM src -f /etc/haproxy/country/PM.txt
|
|
acl PN src -f /etc/haproxy/country/PN.txt
|
|
acl PR src -f /etc/haproxy/country/PR.txt
|
|
acl PS src -f /etc/haproxy/country/PS.txt
|
|
acl PT src -f /etc/haproxy/country/PT.txt
|
|
acl PW src -f /etc/haproxy/country/PW.txt
|
|
acl PY src -f /etc/haproxy/country/PY.txt
|
|
acl QA src -f /etc/haproxy/country/QA.txt
|
|
acl RE src -f /etc/haproxy/country/RE.txt
|
|
acl RO src -f /etc/haproxy/country/RO.txt
|
|
acl RS src -f /etc/haproxy/country/RS.txt
|
|
acl RU src -f /etc/haproxy/country/RU.txt
|
|
acl RW src -f /etc/haproxy/country/RW.txt
|
|
acl SA src -f /etc/haproxy/country/SA.txt
|
|
acl SB src -f /etc/haproxy/country/SB.txt
|
|
acl SC src -f /etc/haproxy/country/SC.txt
|
|
acl SD src -f /etc/haproxy/country/SD.txt
|
|
acl SE src -f /etc/haproxy/country/SE.txt
|
|
acl SG src -f /etc/haproxy/country/SG.txt
|
|
acl SH src -f /etc/haproxy/country/SH.txt
|
|
acl SI src -f /etc/haproxy/country/SI.txt
|
|
acl SJ src -f /etc/haproxy/country/SJ.txt
|
|
acl SK src -f /etc/haproxy/country/SK.txt
|
|
acl SL src -f /etc/haproxy/country/SL.txt
|
|
acl SM src -f /etc/haproxy/country/SM.txt
|
|
acl SN src -f /etc/haproxy/country/SN.txt
|
|
acl SO src -f /etc/haproxy/country/SO.txt
|
|
acl SR src -f /etc/haproxy/country/SR.txt
|
|
acl SS src -f /etc/haproxy/country/SS.txt
|
|
acl ST src -f /etc/haproxy/country/ST.txt
|
|
acl SV src -f /etc/haproxy/country/SV.txt
|
|
acl SX src -f /etc/haproxy/country/SX.txt
|
|
acl SY src -f /etc/haproxy/country/SY.txt
|
|
acl SZ src -f /etc/haproxy/country/SZ.txt
|
|
acl TC src -f /etc/haproxy/country/TC.txt
|
|
acl TD src -f /etc/haproxy/country/TD.txt
|
|
acl TF src -f /etc/haproxy/country/TF.txt
|
|
acl TG src -f /etc/haproxy/country/TG.txt
|
|
acl TH src -f /etc/haproxy/country/TH.txt
|
|
acl TJ src -f /etc/haproxy/country/TJ.txt
|
|
acl TK src -f /etc/haproxy/country/TK.txt
|
|
acl TL src -f /etc/haproxy/country/TL.txt
|
|
acl TM src -f /etc/haproxy/country/TM.txt
|
|
acl TN src -f /etc/haproxy/country/TN.txt
|
|
acl TO src -f /etc/haproxy/country/TO.txt
|
|
acl TR src -f /etc/haproxy/country/TR.txt
|
|
acl TT src -f /etc/haproxy/country/TT.txt
|
|
acl TV src -f /etc/haproxy/country/TV.txt
|
|
acl TW src -f /etc/haproxy/country/TW.txt
|
|
acl TZ src -f /etc/haproxy/country/TZ.txt
|
|
acl UA src -f /etc/haproxy/country/UA.txt
|
|
acl UG src -f /etc/haproxy/country/UG.txt
|
|
acl UM src -f /etc/haproxy/country/UM.txt
|
|
acl US src -f /etc/haproxy/country/US.txt
|
|
acl UY src -f /etc/haproxy/country/UY.txt
|
|
acl UZ src -f /etc/haproxy/country/UZ.txt
|
|
acl VA src -f /etc/haproxy/country/VA.txt
|
|
acl VC src -f /etc/haproxy/country/VC.txt
|
|
acl VE src -f /etc/haproxy/country/VE.txt
|
|
acl VG src -f /etc/haproxy/country/VG.txt
|
|
acl VI src -f /etc/haproxy/country/VI.txt
|
|
acl VN src -f /etc/haproxy/country/VN.txt
|
|
acl VU src -f /etc/haproxy/country/VU.txt
|
|
acl WF src -f /etc/haproxy/country/WF.txt
|
|
acl WS src -f /etc/haproxy/country/WS.txt
|
|
acl XK src -f /etc/haproxy/country/XK.txt
|
|
acl YE src -f /etc/haproxy/country/YE.txt
|
|
acl YT src -f /etc/haproxy/country/YT.txt
|
|
acl ZA src -f /etc/haproxy/country/ZA.txt
|
|
acl ZM src -f /etc/haproxy/country/ZM.txt
|
|
acl ZW src -f /etc/haproxy/country/ZW.txt
|
|
|
|
# Let's Encrypt
|
|
acl letsencrypt path_beg /.well-known/acme-challenge/
|
|
use_backend letsencrypt if letsencrypt
|
|
|
|
# Redirect www to non-www domains
|
|
http-request redirect prefix https://%[hdr(host),regsub(^www\.,,i)] code 301 if { hdr_beg(host) -i www. }
|
|
|
|
# Mastodon
|
|
# ACL to match requests for /.well-known/webfinger
|
|
acl webfinger_request path_beg /.well-known/webfinger
|
|
# ACL to check if the host is not mastodon.benoit.jp.net
|
|
acl not_mastodon hdr(host) !mastodon.benoit.jp.net
|
|
# Redirect if it's a webfinger request and the host is not mastodon.benoit.jp.net
|
|
http-request redirect location https://mastodon.benoit.jp.net%[capture.req.uri] if webfinger_request not_mastodon
|
|
|
|
# Everything else
|
|
acl adguard hdr(host) -i adguard.benoit.jp.net
|
|
acl archive hdr(host) -i blog.benpro.fr.archive.benoit.jp.net
|
|
acl archive hdr(host) -i lekernelpanique.fr.archive.benoit.jp.net
|
|
acl archive hdr(host) -i sysadmin-bookmarks.archive.benoit.jp.net
|
|
acl forgejo hdr(host) -i forgejo.benoit.jp.net
|
|
acl kanboard hdr(host) -i kanboard.benoit.jp.net
|
|
acl laminar hdr(host) -i laminar.benoit.jp.net
|
|
acl linkding hdr(host) -i linkding.benoit.jp.net
|
|
acl mailcow hdr(host) -i mail.benoit.jp.net
|
|
acl mastodon hdr(host) -i mastodon.benoit.jp.net
|
|
acl miniflux hdr(host) -i miniflux.benoit.jp.net
|
|
acl navidrome hdr(host) -i navidrome.benoit.jp.net
|
|
acl photoprism hdr(host) -i photoprism.benoit.jp.net
|
|
acl vaultwarden hdr(host) -i vaultwarden.benoit.jp.net
|
|
acl www hdr(host) -i benoit.jp.net
|
|
acl www hdr(host) -i www.benoit.jp.net
|
|
|
|
http-request deny if adguard !JP !SG !letsencrypt
|
|
http-request deny if kanboard !JP !SG !letsencrypt
|
|
http-request deny if mailcow !JP !SG !letsencrypt
|
|
http-request deny if miniflux !JP !SG !letsencrypt
|
|
http-request deny if navidrome !JP !SG !letsencrypt
|
|
http-request deny if photoprism !JP !SG !letsencrypt
|
|
http-request deny if vaultwarden !JP !SG !letsencrypt
|
|
|
|
use_backend adguard if adguard
|
|
use_backend archive if archive
|
|
use_backend forgejo if forgejo
|
|
use_backend kanboard if kanboard
|
|
use_backend laminar if laminar
|
|
use_backend letsencrypt if letsencrypt
|
|
use_backend linkding if linkding
|
|
use_backend mailcow if mailcow
|
|
use_backend mastodon if mastodon
|
|
use_backend miniflux if miniflux
|
|
use_backend navidrome if navidrome
|
|
use_backend photoprism if photoprism
|
|
use_backend vaultwarden if vaultwarden
|
|
use_backend www if www
|
|
|
|
default_backend default
|