defaults log stdout format raw local0 info option tcplog timeout connect 5s timeout client 30s timeout server 30s listen haproxy-monitoring bind *:1936 mode http stats enable stats hide-version stats realm Haproxy\ Statistics stats uri / stats auth admin:password frontend http bind *:80 mode http use_backend http_bookstack_server if { hdr(host) -i www.2li.ch } use_backend http_bookstack_server if { hdr(host) -i 2li.ch } use_backend http_mail_server if { hdr(host) -i mail.zweili.org } redirect scheme https code 301 if { hdr(host) -i git.2li.ch } !{ ssl_fc } redirect scheme https code 301 if { hdr(host) -i heimdall.2li.ch } !{ ssl_fc } redirect scheme https code 301 if { hdr(host) -i jitsi.2li.ch } !{ ssl_fc } redirect scheme https code 301 if { hdr(host) -i nextcloud.2li.ch } !{ ssl_fc } redirect scheme https code 301 if { hdr(host) -i plattform.2li.ch } !{ ssl_fc } redirect scheme https code 301 if { hdr(host) -i shaarli-andreas.2li.ch } !{ ssl_fc } redirect scheme https code 301 if { hdr(host) -i shaarli-gecko.2li.ch } !{ ssl_fc } redirect scheme https code 301 if { hdr(host) -i ttrss.2li.ch } !{ ssl_fc } redirect scheme https code 301 if { hdr(host) -i wallabag.2li.ch } !{ ssl_fc } redirect scheme https code 301 if { hdr(host) -i webmail.2li.ch } !{ ssl_fc } redirect scheme https code 301 if { hdr(host) -i rss-bridge.2li.ch } !{ ssl_fc } backend http_mail_server mode http server server1 10.7.89.123:80 check backend http_bookstack_server mode http server server1 10.7.89.119:80 check frontend https # Listen on port 443 bind *:443 mode tcp tcp-request inspect-delay 5s tcp-request content accept if { req_ssl_hello_type 1 } # Figure out which backend (= VM) to use use_backend git_server if { req_ssl_sni -i git.2li.ch } use_backend heimdall_server if { req_ssl_sni -i heimdall.2li.ch } use_backend jitsi_server if { req_ssl_sni -i jitsi.zweili.org } use_backend mail_server if { req_ssl_sni -i mail.zweili.org } use_backend nextcloud_server if { req_ssl_sni -i nextcloud.2li.ch } use_backend fw-nextcloud_server if { req_ssl_sni -i plattform.2li.ch } use_backend shaarli-andreas_server if { req_ssl_sni -i shaarli-andreas.2li.ch } use_backend shaarli-gecko_server if { req_ssl_sni -i shaarli-gecko.2li.ch } use_backend ttrss_server if { req_ssl_sni -i ttrss.2li.ch } use_backend wallabag_server if { req_ssl_sni -i wallabag.2li.ch } use_backend webmail_server if { req_ssl_sni -i webmail.2li.ch } use_backend rss-bridge_server if { req_ssl_sni -i rss-bridge.2li.ch } use_backend bookstack_server if { req_ssl_sni -i www.2li.ch } use_backend bookstack_server if { req_ssl_sni -i 2li.ch } backend bookstack_server mode tcp server server1 10.7.89.119:443 check backend fw-nextcloud_server mode tcp server server1 10.7.89.114:443 check backend git_server mode tcp server server1 10.7.89.109:443 check backend heimdall_server mode tcp server server1 10.7.89.121:443 check backend jitsi_server mode tcp server server1 10.7.89.105:443 check backend mail_server mode tcp server server1 10.7.89.123:443 check backend nextcloud_server mode tcp server server1 10.7.89.103:443 check backend shaarli-andreas_server mode tcp server server1 10.7.89.116:443 check backend shaarli-gecko_server mode tcp server server1 10.7.89.116:443 check backend ttrss_server mode tcp server server1 10.7.89.115:443 check backend wallabag_server mode tcp server server1 10.7.89.118:443 check backend webmail_server mode tcp server server1 10.7.89.110:443 check backend rss-bridge_server mode tcp server server1 10.7.89.111:443 check