add config for haproxy
This commit is contained in:
parent
d82651dce9
commit
21878db44f
|
@ -0,0 +1,101 @@
|
|||
defaults
|
||||
log stdout format raw local0 info
|
||||
option tcplog
|
||||
timeout connect 5s
|
||||
timeout client 30s
|
||||
timeout server 30s
|
||||
|
||||
listen haproxy-monitoring
|
||||
bind *:1936
|
||||
mode http
|
||||
stats enable
|
||||
stats hide-version
|
||||
stats realm Haproxy\ Statistics
|
||||
stats uri /
|
||||
stats auth admin:password
|
||||
|
||||
frontend http
|
||||
bind *:80
|
||||
mode http
|
||||
use_backend http_bookstack_server if { hdr(host) -i www.2li.ch }
|
||||
use_backend http_bookstack_server if { hdr(host) -i 2li.ch }
|
||||
use_backend http_mail_server if { hdr(host) -i mail.zweili.org }
|
||||
#redirect scheme https code 301
|
||||
#redirect scheme https code 301 if !{ hdr(Host) -i mail.zweili.org }
|
||||
redirect scheme https code 301 if { hdr(host) -i git.2li.ch } !{ ssl_fc }
|
||||
redirect scheme https code 301 if { hdr(host) -i heimdall.2li.ch } !{ ssl_fc }
|
||||
redirect scheme https code 301 if { hdr(host) -i jitsi.2li.ch } !{ ssl_fc }
|
||||
redirect scheme https code 301 if { hdr(host) -i nextcloud.2li.ch } !{ ssl_fc }
|
||||
redirect scheme https code 301 if { hdr(host) -i plattform.2li.ch } !{ ssl_fc }
|
||||
redirect scheme https code 301 if { hdr(host) -i shaarli-andreas.2li.ch } !{ ssl_fc }
|
||||
redirect scheme https code 301 if { hdr(host) -i shaarli-gecko.2li.ch } !{ ssl_fc }
|
||||
redirect scheme https code 301 if { hdr(host) -i ttrss.2li.ch } !{ ssl_fc }
|
||||
redirect scheme https code 301 if { hdr(host) -i wallabag.2li.ch } !{ ssl_fc }
|
||||
redirect scheme https code 301 if { hdr(host) -i webmail.2li.ch } !{ ssl_fc }
|
||||
|
||||
backend http_mail_server
|
||||
mode http
|
||||
server server1 10.7.89.123:80 check
|
||||
backend http_bookstack_server
|
||||
mode http
|
||||
server server1 10.7.89.119:80 check
|
||||
|
||||
frontend https
|
||||
# Listen on port 443
|
||||
bind *:443
|
||||
mode tcp
|
||||
|
||||
tcp-request inspect-delay 5s
|
||||
tcp-request content accept if { req_ssl_hello_type 1 }
|
||||
|
||||
# Figure out which backend (= VM) to use
|
||||
use_backend git_server if { req_ssl_sni -i git.2li.ch }
|
||||
use_backend heimdall_server if { req_ssl_sni -i heimdall.2li.ch }
|
||||
use_backend jitsi_server if { req_ssl_sni -i jitsi.zweili.org }
|
||||
use_backend mail_server if { req_ssl_sni -i mail.zweili.org }
|
||||
use_backend nextcloud_server if { req_ssl_sni -i nextcloud.2li.ch }
|
||||
use_backend fw-nextcloud_server if { req_ssl_sni -i plattform.2li.ch }
|
||||
use_backend shaarli-andreas_server if { req_ssl_sni -i shaarli-andreas.2li.ch }
|
||||
use_backend shaarli-gecko_server if { req_ssl_sni -i shaarli-gecko.2li.ch }
|
||||
use_backend ttrss_server if { req_ssl_sni -i ttrss.2li.ch }
|
||||
use_backend wallabag_server if { req_ssl_sni -i wallabag.2li.ch }
|
||||
use_backend webmail_server if { req_ssl_sni -i webmail.2li.ch }
|
||||
use_backend bookstack_server if { req_ssl_sni -i www.2li.ch }
|
||||
use_backend bookstack_server if { req_ssl_sni -i 2li.ch }
|
||||
|
||||
backend bookstack_server
|
||||
mode tcp
|
||||
server server1 10.7.89.119:443 check
|
||||
backend fw-nextcloud_server
|
||||
mode tcp
|
||||
server server1 10.7.89.114:443 check
|
||||
backend git_server
|
||||
mode tcp
|
||||
server server1 10.7.89.109:443 check
|
||||
backend heimdall_server
|
||||
mode tcp
|
||||
server server1 10.7.89.121:443 check
|
||||
backend jitsi_server
|
||||
mode tcp
|
||||
server server1 10.7.89.105:4433 check
|
||||
backend mail_server
|
||||
mode tcp
|
||||
server server1 10.7.89.123:443 check
|
||||
backend nextcloud_server
|
||||
mode tcp
|
||||
server server1 10.7.89.103:443 check
|
||||
backend shaarli-andreas_server
|
||||
mode tcp
|
||||
server server1 10.7.89.116:443 check
|
||||
backend shaarli-gecko_server
|
||||
mode tcp
|
||||
server server1 10.7.89.116:443 check
|
||||
backend ttrss_server
|
||||
mode tcp
|
||||
server server1 10.7.89.115:443 check
|
||||
backend wallabag_server
|
||||
mode tcp
|
||||
server server1 10.7.89.118:443 check
|
||||
backend webmail_server
|
||||
mode tcp
|
||||
server server1 10.7.89.110:443 check
|
|
@ -0,0 +1,10 @@
|
|||
version: "3.3"
|
||||
services:
|
||||
gateway:
|
||||
image: haproxy
|
||||
volumes:
|
||||
- ./config:/usr/local/etc/haproxy:ro
|
||||
ports:
|
||||
- 80:80
|
||||
- 443:443
|
||||
network_mode: "host"
|
Reference in New Issue