DEVELOPMENT ENVIRONMENT

~liljamo/nix-arta

ref: dd44a2951441424e46a286a5866e03239e9306f7 nix-arta/systems/hosts/proxy/haproxy.conf -rw-r--r-- 2.6 KiB
dd44a295Jonni Liljamo chore: update nixpkgs-unstable 2 months ago 
                                                                                
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106

global
  log /dev/log local0
  daemon
  maxconn 512

defaults
  log global
  mode http
  option httplog
  timeout connect 5s
  timeout client 1m
  timeout server 1m

frontend stats
  bind *:8404
  http-request capture req.fhdr(User-Agent) len 512
  log-format "client_ip=\"%ci\" client_port=\"%cp\" time=\"%t\" frontend_name=\"%f\" backend_name=\"%b\" request=\"%r\" request_headers=\"%hr\""

  http-request use-service prometheus-exporter if { path /metrics }
  stats enable
  stats uri /stats
  stats refresh 10s

frontend http-in
  bind 0.0.0.0:80
  http-request capture req.fhdr(User-Agent) len 512
  log-format "client_ip=\"%ci\" client_port=\"%cp\" time=\"%t\" frontend_name=\"%f\" backend_name=\"%b\" request=\"%r\" request_headers=\"%hr\""

  acl host_media req.hdr(Host) media.liljamo.com
  acl allow_media_metrics src 10.1.2.5
  acl media_metrics path_beg /metrics
  http-request deny if media_metrics !allow_media_metrics
  use_backend be_jellyfin if host_media

  acl host_liljamocom req.hdr(Host) liljamo.com
  acl liljamocom_webfinger path_beg /.well-known/webfinger
  use_backend be_liljamocom_webfinger if host_liljamocom liljamocom_webfinger
  use_backend be_liljamocom if host_liljamocom

  acl host_alderaanfi req.hdr(Host) alderaan.fi
  acl alderaanfi_matrix path_beg /_matrix
  use_backend be_alderaan_matrix if host_alderaanfi alderaanfi_matrix

  use_backend be_%[req.hdr(Host),map(/etc/haproxy/domainstobackends.map,caddy-http)]

frontend https-in
  bind 0.0.0.0:443
  mode tcp
  option tcplog
  log-format "client_ip=\"%ci\" client_port=\"%cp\" time=\"%t\" frontend_name=\"%f\" backend_name=\"%b\" request_headers=\"%hr\""

  default_backend be_caddy-https

backend be_caddy-http
  server caddy localhost:8080

backend be_caddy-https
  mode tcp
  server caddy localhost:8443

# liljamo.com
backend be_liljamocom
  server liljamocom 10.1.1.10:8100

backend be_liljamocom_webfinger
  server liljamocomwebfinger 10.1.2.12:80

backend be_autheliamain
  server autheliamain 10.1.2.12:3001

backend be_outline
  server outline 10.1.2.15:3000

backend be_miniflux
  server miniflux 10.1.1.10:8600

backend be_nextcloud
  server nextcloud 10.1.2.15:80

backend be_jellyfin
  option httpchk
  option forwardfor
  http-check send meth GET uri /health
  http-check expect string Healthy
  server jellyfin 10.1.2.30:8096

# lothlorien.social
backend be_akkoma
  server akkoma 10.1.2.17:4000

backend be_akkomamedia
  server akkoma 10.1.2.17:4000

# liljamo.dev
backend be_liljamodev
  server liljamodev 10.1.1.10:8110

backend be_registry
  server registry 10.1.1.10:5000

backend be_umami
  server umami 10.1.1.10:8700

# alderaan.fi
backend be_alderaan_matrix
  server conduit 10.1.2.16:6167