Merge the haproxy and raspi-haproxy config

This commit is contained in:
Andreas Zweili 2022-05-18 20:57:00 +02:00
parent 50730b024a
commit 6dcb525a6f
3 changed files with 13 additions and 101 deletions

View File

@ -35,6 +35,7 @@
redirect scheme https code 301 if { hdr(host) -i wallabag.2li.ch } !{ ssl_fc }
redirect scheme https code 301 if { hdr(host) -i webmail.2li.ch } !{ ssl_fc }
redirect scheme https code 301 if { hdr(host) -i rss-bridge.2li.ch } !{ ssl_fc }
redirect scheme https code 301 if { hdr(host) -i test.2li.ch } !{ ssl_fc }
redirect scheme https code 301 if { hdr(host) -i www.2li.ch } !{ ssl_fc }
redirect scheme https code 301 if { hdr_dom(host) -i 2li.ch } !{ ssl_fc }
@ -48,16 +49,17 @@
# Figure out which backend (= VM) to use
use_backend git_server if { req_ssl_sni -i git.2li.ch }
use_backend heimdall_server if { req_ssl_sni -i heimdall.2li.ch }
use_backend raspi if { req_ssl_sni -i heimdall.2li.ch }
use_backend webmail_server if { req_ssl_sni -i mail.zweili.org }
use_backend nextcloud_server if { req_ssl_sni -i nextcloud.2li.ch }
use_backend nextcloud_server if { req_ssl_sni -i photos.zweili.org }
use_backend ttrss_server if { req_ssl_sni -i ttrss.2li.ch }
use_backend wallabag_server if { req_ssl_sni -i wallabag.2li.ch }
use_backend webmail_server if { req_ssl_sni -i webmail.2li.ch }
use_backend rss-bridge_server if { req_ssl_sni -i rss-bridge.2li.ch }
use_backend grav_server if { req_ssl_sni -i www.2li.ch }
use_backend grav_server if { req_ssl_sni -i 2li.ch }
use_backend raspi if { req_ssl_sni -i rss-bridge.2li.ch }
use_backend test_server if { req_ssl_sni -i test.2li.ch }
use_backend raspi if { req_ssl_sni -i www.2li.ch }
use_backend raspi if { req_ssl_sni -i 2li.ch }
backend grav_server
mode tcp
@ -83,6 +85,12 @@
backend rss-bridge_server
mode tcp
server server1 10.7.89.111:443 check
backend raspi
mode tcp
server server1 127.0.0.1:4433 check
backend test_server
mode tcp
server server1 10.7.89.142:443 check
'';
};
}

View File

@ -1,96 +0,0 @@
{ ... }:
{
networking = {
enableIPv6 = false;
firewall.allowedTCPPorts = [ 80 443 1936 ];
};
services.haproxy = {
enable = true;
config = ''
defaults
log stdout format raw local0 info
option tcplog
timeout connect 5s
timeout client 30s
timeout server 30s
listen haproxy-monitoring
bind *:1936
mode http
stats enable
stats hide-version
stats realm Haproxy\ Statistics
stats uri /
stats auth admin:password
frontend http
bind *:80
mode http
redirect scheme https code 301 if { hdr(host) -i mail.zweili.org ! {ssl_fc }
redirect scheme https code 301 if { hdr(host) -i git.2li.ch } !{ ssl_fc }
redirect scheme https code 301 if { hdr(host) -i heimdall.2li.ch } !{ ssl_fc }
redirect scheme https code 301 if { hdr(host) -i nextcloud.2li.ch } !{ ssl_fc }
redirect scheme https code 301 if { hdr(host) -i photos.zweili.org ! {ssl_fc }
redirect scheme https code 301 if { hdr(host) -i ttrss.2li.ch } !{ ssl_fc }
redirect scheme https code 301 if { hdr(host) -i wallabag.2li.ch } !{ ssl_fc }
redirect scheme https code 301 if { hdr(host) -i webmail.2li.ch } !{ ssl_fc }
redirect scheme https code 301 if { hdr(host) -i rss-bridge.2li.ch } !{ ssl_fc }
redirect scheme https code 301 if { hdr(host) -i test.2li.ch } !{ ssl_fc }
redirect scheme https code 301 if { hdr(host) -i www.2li.ch } !{ ssl_fc }
redirect scheme https code 301 if { hdr_dom(host) -i 2li.ch } !{ ssl_fc }
frontend https
# Listen on port 443
bind *:443
mode tcp
tcp-request inspect-delay 5s
tcp-request content accept if { req_ssl_hello_type 1 }
# Figure out which backend (= VM) to use
use_backend git_server if { req_ssl_sni -i git.2li.ch }
use_backend raspi if { req_ssl_sni -i heimdall.2li.ch }
use_backend webmail_server if { req_ssl_sni -i mail.zweili.org }
use_backend nextcloud_server if { req_ssl_sni -i nextcloud.2li.ch }
use_backend nextcloud_server if { req_ssl_sni -i photos.zweili.org }
use_backend ttrss_server if { req_ssl_sni -i ttrss.2li.ch }
use_backend wallabag_server if { req_ssl_sni -i wallabag.2li.ch }
use_backend webmail_server if { req_ssl_sni -i webmail.2li.ch }
use_backend raspi if { req_ssl_sni -i rss-bridge.2li.ch }
use_backend test_server if { req_ssl_sni -i test.2li.ch }
use_backend raspi if { req_ssl_sni -i www.2li.ch }
use_backend raspi if { req_ssl_sni -i 2li.ch }
backend grav_server
mode tcp
server server1 10.7.89.102:443 check
backend git_server
mode tcp
server server1 10.7.89.109:443 check
backend heimdall_server
mode tcp
server server1 10.7.89.121:443 check
backend nextcloud_server
mode tcp
server server1 10.7.89.103:443 check
backend ttrss_server
mode tcp
server server1 10.7.89.115:443 check
backend wallabag_server
mode tcp
server server1 10.7.89.118:443 check
backend webmail_server
mode tcp
server server1 10.7.89.123:4430 check
backend rss-bridge_server
mode tcp
server server1 10.7.89.111:443 check
backend raspi
mode tcp
server server1 127.0.0.1:4433 check
backend test_server
mode tcp
server server1 10.7.89.142:443 check
'';
};
}

View File

@ -10,7 +10,7 @@
time = "11:30"; inherit config custom inputs pkgs;
})
"${inputs.self}/modules/docker"
"${inputs.self}/modules/raspi-haproxy"
"${inputs.self}/modules/haproxy"
];
security.acme = {