diyIT/FreeBSD
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

.

Browse Source
This commit is contained in:
Sharad Ahlawat
2021-04-01 01:23:14 -07:00
parent 5cee123a3c
commit 90c5709862
64 changed files with 802 additions and 140 deletions
Download Patch File Download Diff File Expand all files Collapse all files

36
jails/config/proxy/haproxy.conf
View File

@ -66,7 +66,7 @@ frontend ft
# prevent browser from using non-secure
http-response add-header Strict-Transport-Security: max-age=15768000
acl network_allowed src 192.168.0.0/24 192.168.100.0/24 2603:3024:3f6:e1::/64
acl network_allowed src 192.168.0.0/24 fd01::/64
acl restricted_page path -i -m sub /wp-admin
acl restricted_page path -i -m sub /wp-login
http-request deny if restricted_page !network_allowed
@ -80,7 +80,6 @@ frontend ft
use_backend bk_ahlawat-nivi if { ssl_fc_sni nivedita.ahlawat.com }
use_backend bk_ahlawat-rishabh if { ssl_fc_sni rishabh.ahlawat.com }
# use_backend bk_ahlawat-book if { ssl_fc_sni book.ahlawat.com }
use_backend bk_ahlawat-book-443 if { ssl_fc_sni book.ahlawat.com }
use_backend bk_ahlawat-book-444 if { ssl_fc_sni book1.ahlawat.com }
use_backend bk_ahlawat-book-445 if { ssl_fc_sni book2.ahlawat.com }
@ -93,6 +92,7 @@ frontend ft
use_backend bk_ahlawat-meet if { ssl_fc_sni meet.ahlawat.com }
use_backend bk_ahlawat-monitor if { ssl_fc_sni monitor.ahlawat.com }
use_backend bk_ahlawat-jump if { ssl_fc_sni jump.ahlawat.com }
use_backend bk_ahlawat-hass if { ssl_fc_sni hass.ahlawat.com }
use_backend bk_diyit if { ssl_fc_sni diyit.org }
use_backend bk_diyit if { ssl_fc_sni www.diyit.org }
@ -113,6 +113,7 @@ frontend ft
use_backend bk_beyondbell-ci if { ssl_fc_sni ci.beyondbell.com }
use_backend bk_beyondbell-git if { ssl_fc_sni git.beyondbell.com }
use_backend bk_beyondbell-repo if { ssl_fc_sni repo.beyondbell.com }
use_backend bk_beyondbell-dashboard if { ssl_fc_sni dashboard.beyondbell.com }
use_backend bk_beyondbell-web-moonglade if { ssl_fc_sni moonglade.beyondbell.com }
use_backend bk_beyondbell-web-moonglade-private if { ssl_fc_sni moonglade-private.beyondbell.com }
use_backend bk_beyondbell-r-windows if { ssl_fc_sni moonglade-server.beyondbell.com }
@ -131,7 +132,7 @@ backend bk_ahlawat
http-response add-header X-Frame-Options: SAMEORIGIN
backend bk_ahlawat-sharad
balance roundrobin
# balance roundrobin
server srv1 sharadx.ahlawat.com:443 check ssl ca-file /mnt/certs/cacert.pem alpn h2
server srv2 web.ahlawat.com:443 backup check ssl ca-file /mnt/certs/cacert.pem alpn h2
http-response add-header X-Frame-Options: SAMEORIGIN
@ -154,26 +155,24 @@ backend bk_ahlawat-rishabh
#backend bk_ahlawat-book
# server srv1 bookx.ahlawat.com:443 check ssl verify none
backend bk_ahlawat-book-443
# server srv1 2603:3024:3f6:e1::57:443 check ssl ca-file /mnt/certs/cacert.pem alpn h2
server srv1 bookx.ahlawat.com:443 check ssl ca-file /mnt/certs/cacert.pem alpn h2
server srv2 sharadx.ahlawat.com:443 backup check ssl ca-file /mnt/certs/cacert.pem alpn h2
http-response add-header X-Frame-Options: SAMEORIGIN
backend bk_ahlawat-book-444
# server srv1 2603:3024:3f6:e1::57:444 check ssl ca-file /mnt/certs/cacert.pem alpn h2
server srv1 bookx.ahlawat.com:444 check ssl ca-file /mnt/certs/cacert.pem alpn h2
server srv2 sharadx.ahlawat.com:443 backup check ssl ca-file /mnt/certs/cacert.pem alpn h2
http-response add-header X-Frame-Options: SAMEORIGIN
backend bk_ahlawat-book-445
# server srv1 2603:3024:3f6:e1::57:445 check ssl ca-file /mnt/certs/cacert.pem alpn h2
server srv1 bookx.ahlawat.com:445 check ssl ca-file /mnt/certs/cacert.pem alpn h2
server srv2 sharadx.ahlawat.com:443 backup check ssl ca-file /mnt/certs/cacert.pem alpn h2
http-response add-header X-Frame-Options: SAMEORIGIN
backend bk_ahlawat-cam
server srv1 192.168.0.54:8765 check
server srv2 sharadx.ahlawat.com:443 backup check ssl ca-file /mnt/certs/cacert.pem alpn h2
http-response add-header X-Frame-Options: SAMEORIGIN
backend bk_ahlawat-ci
@ -215,6 +214,12 @@ backend bk_ahlawat-monitor
backend bk_ahlawat-jump
server srv1 jumpx.ahlawat.com:8080 check
server srv2 sharadx.ahlawat.com:443 backup check ssl ca-file /mnt/certs/cacert.pem alpn h2
http-response add-header X-Frame-Options: SAMEORIGIN
backend bk_ahlawat-hass
server srv1 hassx.ahlawat.com:8123 check
server srv2 sharadx.ahlawat.com:443 backup check ssl ca-file /mnt/certs/cacert.pem alpn h2
http-response add-header X-Frame-Options: SAMEORIGIN
@ -239,9 +244,6 @@ backend bk_diyit-kibana
backend bk_diyit-maps
server srv1 mapsx.diyit.org:443 ssl ca-file /mnt/certs/cacert.pem alpn h2
# server srv2 web.diyit.org:443 backup check ssl ca-file /mnt/certs/cacert.pem alpn h2
# server srv1 mapsx.diyit.org:443 check ssl ca-file /mnt/certs/cacert.pem alpn h2
# server srv2 web.diyit.org:443 backup check ssl ca-file /mnt/certs/cacert.pem alpn h2
# http-response add-header X-Frame-Options: SAMEORIGIN
@ -281,6 +283,12 @@ backend bk_beyondbell-repo
# http-response del-header Strict-Transport-Security
# http-response add-header Content-Security-Policy: upgrade-insecure-requests
backend bk_beyondbell-dashboard
http-request replace-header Host ^([^\ \t:]*:)\ https://dashboardx.beyondbell.com/(.*) \1\ http://192.168.0.92:8080/\2
http-response replace-header Host ^([^\ \t:]*:)\ http://192.168.0.92:8080/(.*) \1\ https://dashboardx.beyondbell.com/\2
server srv1 192.168.0.92:8080
http-response add-header X-Frame-Options: SAMEORIGIN
backend bk_beyondbell-web-moonglade
server srv1 192.168.0.74:8000
# server srv2 rishabhx.ahlawat.com:443 backup check ssl ca-file /mnt/certs/cacert.pem alpn h2
@ -297,6 +305,6 @@ backend bk_beyondbell-r-windows
http-response add-header X-Frame-Options: SAMEORIGIN
backend bk_beyondbell-windows
server srv1 192.168.0.81:26900 check
server srv2 rishabhx.ahlawat.com:443 backup check ssl ca-file /mnt/certs/cacert.pem alpn h2
server srv1 192.168.0.81:26900
# server srv2 rishabhx.ahlawat.com:443 backup check ssl ca-file /mnt/certs/cacert.pem alpn h2
http-response add-header X-Frame-Options: SAMEORIGIN