From 6dcb525a6f80a5d50795a7de1dc42253d69c4222 Mon Sep 17 00:00:00 2001 From: Andreas Zweili Date: Wed, 18 May 2022 20:57:00 +0200 Subject: [PATCH] Merge the haproxy and raspi-haproxy config --- modules/haproxy/default.nix | 16 ++++-- modules/raspi-haproxy/default.nix | 96 ------------------------------- systems/raspi-test/default.nix | 2 +- 3 files changed, 13 insertions(+), 101 deletions(-) delete mode 100644 modules/raspi-haproxy/default.nix diff --git a/modules/haproxy/default.nix b/modules/haproxy/default.nix index 47229df..0f24455 100644 --- a/modules/haproxy/default.nix +++ b/modules/haproxy/default.nix @@ -35,6 +35,7 @@ redirect scheme https code 301 if { hdr(host) -i wallabag.2li.ch } !{ ssl_fc } redirect scheme https code 301 if { hdr(host) -i webmail.2li.ch } !{ ssl_fc } redirect scheme https code 301 if { hdr(host) -i rss-bridge.2li.ch } !{ ssl_fc } + redirect scheme https code 301 if { hdr(host) -i test.2li.ch } !{ ssl_fc } redirect scheme https code 301 if { hdr(host) -i www.2li.ch } !{ ssl_fc } redirect scheme https code 301 if { hdr_dom(host) -i 2li.ch } !{ ssl_fc } @@ -48,16 +49,17 @@ # Figure out which backend (= VM) to use use_backend git_server if { req_ssl_sni -i git.2li.ch } - use_backend heimdall_server if { req_ssl_sni -i heimdall.2li.ch } + use_backend raspi if { req_ssl_sni -i heimdall.2li.ch } use_backend webmail_server if { req_ssl_sni -i mail.zweili.org } use_backend nextcloud_server if { req_ssl_sni -i nextcloud.2li.ch } use_backend nextcloud_server if { req_ssl_sni -i photos.zweili.org } use_backend ttrss_server if { req_ssl_sni -i ttrss.2li.ch } use_backend wallabag_server if { req_ssl_sni -i wallabag.2li.ch } use_backend webmail_server if { req_ssl_sni -i webmail.2li.ch } - use_backend rss-bridge_server if { req_ssl_sni -i rss-bridge.2li.ch } - use_backend grav_server if { req_ssl_sni -i www.2li.ch } - use_backend grav_server if { req_ssl_sni -i 2li.ch } + use_backend raspi if { req_ssl_sni -i rss-bridge.2li.ch } + use_backend test_server if { req_ssl_sni -i test.2li.ch } + use_backend raspi if { req_ssl_sni -i www.2li.ch } + use_backend raspi if { req_ssl_sni -i 2li.ch } backend grav_server mode tcp @@ -83,6 +85,12 @@ backend rss-bridge_server mode tcp server server1 10.7.89.111:443 check + backend raspi + mode tcp + server server1 127.0.0.1:4433 check + backend test_server + mode tcp + server server1 10.7.89.142:443 check ''; }; } diff --git a/modules/raspi-haproxy/default.nix b/modules/raspi-haproxy/default.nix deleted file mode 100644 index 0f24455..0000000 --- a/modules/raspi-haproxy/default.nix +++ /dev/null @@ -1,96 +0,0 @@ -{ ... }: -{ - networking = { - enableIPv6 = false; - firewall.allowedTCPPorts = [ 80 443 1936 ]; - }; - services.haproxy = { - enable = true; - config = '' - defaults - log stdout format raw local0 info - option tcplog - timeout connect 5s - timeout client 30s - timeout server 30s - - listen haproxy-monitoring - bind *:1936 - mode http - stats enable - stats hide-version - stats realm Haproxy\ Statistics - stats uri / - stats auth admin:password - - frontend http - bind *:80 - mode http - redirect scheme https code 301 if { hdr(host) -i mail.zweili.org ! {ssl_fc } - redirect scheme https code 301 if { hdr(host) -i git.2li.ch } !{ ssl_fc } - redirect scheme https code 301 if { hdr(host) -i heimdall.2li.ch } !{ ssl_fc } - redirect scheme https code 301 if { hdr(host) -i nextcloud.2li.ch } !{ ssl_fc } - redirect scheme https code 301 if { hdr(host) -i photos.zweili.org ! {ssl_fc } - redirect scheme https code 301 if { hdr(host) -i ttrss.2li.ch } !{ ssl_fc } - redirect scheme https code 301 if { hdr(host) -i wallabag.2li.ch } !{ ssl_fc } - redirect scheme https code 301 if { hdr(host) -i webmail.2li.ch } !{ ssl_fc } - redirect scheme https code 301 if { hdr(host) -i rss-bridge.2li.ch } !{ ssl_fc } - redirect scheme https code 301 if { hdr(host) -i test.2li.ch } !{ ssl_fc } - redirect scheme https code 301 if { hdr(host) -i www.2li.ch } !{ ssl_fc } - redirect scheme https code 301 if { hdr_dom(host) -i 2li.ch } !{ ssl_fc } - - frontend https - # Listen on port 443 - bind *:443 - mode tcp - - tcp-request inspect-delay 5s - tcp-request content accept if { req_ssl_hello_type 1 } - - # Figure out which backend (= VM) to use - use_backend git_server if { req_ssl_sni -i git.2li.ch } - use_backend raspi if { req_ssl_sni -i heimdall.2li.ch } - use_backend webmail_server if { req_ssl_sni -i mail.zweili.org } - use_backend nextcloud_server if { req_ssl_sni -i nextcloud.2li.ch } - use_backend nextcloud_server if { req_ssl_sni -i photos.zweili.org } - use_backend ttrss_server if { req_ssl_sni -i ttrss.2li.ch } - use_backend wallabag_server if { req_ssl_sni -i wallabag.2li.ch } - use_backend webmail_server if { req_ssl_sni -i webmail.2li.ch } - use_backend raspi if { req_ssl_sni -i rss-bridge.2li.ch } - use_backend test_server if { req_ssl_sni -i test.2li.ch } - use_backend raspi if { req_ssl_sni -i www.2li.ch } - use_backend raspi if { req_ssl_sni -i 2li.ch } - - backend grav_server - mode tcp - server server1 10.7.89.102:443 check - backend git_server - mode tcp - server server1 10.7.89.109:443 check - backend heimdall_server - mode tcp - server server1 10.7.89.121:443 check - backend nextcloud_server - mode tcp - server server1 10.7.89.103:443 check - backend ttrss_server - mode tcp - server server1 10.7.89.115:443 check - backend wallabag_server - mode tcp - server server1 10.7.89.118:443 check - backend webmail_server - mode tcp - server server1 10.7.89.123:4430 check - backend rss-bridge_server - mode tcp - server server1 10.7.89.111:443 check - backend raspi - mode tcp - server server1 127.0.0.1:4433 check - backend test_server - mode tcp - server server1 10.7.89.142:443 check - ''; - }; -} diff --git a/systems/raspi-test/default.nix b/systems/raspi-test/default.nix index c459f96..6088ff7 100644 --- a/systems/raspi-test/default.nix +++ b/systems/raspi-test/default.nix @@ -10,7 +10,7 @@ time = "11:30"; inherit config custom inputs pkgs; }) "${inputs.self}/modules/docker" - "${inputs.self}/modules/raspi-haproxy" + "${inputs.self}/modules/haproxy" ]; security.acme = {