diyIT/FreeBSD
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

May 1, 2025 update

Browse Source
This commit is contained in:
Sharad Ahlawat
2025-05-01 21:19:17 -07:00
parent a2cdf26594
commit b33d54d723
261 changed files with 2451 additions and 12859 deletions
Download Patch File Download Diff File Expand all files Collapse all files

266
jails/config/proxy/haproxy.conf
View File

@ -13,25 +13,25 @@ global
daemon
maxconn 4096
# limited-quic
ca-base /mnt/certs
crt-base /mnt/certs
# modern configuration # twilio is one of the sites that cannot handle the modern config
# ssl-default-bind-ciphersuites TLS_AES_128_GCM_SHA256:TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256
# ssl-default-bind-options prefer-client-ciphers no-sslv3 no-tlsv10 no-tlsv11 no-tlsv12 no-tls-tickets
# ssl-default-server-ciphersuites TLS_AES_128_GCM_SHA256:TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256
# ssl-default-server-options no-sslv3 no-tlsv10 no-tlsv11 no-tlsv12 no-tls-tickets
# generated 2025-04-25, Mozilla Guideline v5.7, HAProxy 3.0, OpenSSL 3.1.0, intermediate config
# https://ssl-config.mozilla.org/#server=haproxy&version=3.0&config=intermediate&openssl=3.1.0&guideline=5.7
# intermediate configuration
ssl-default-bind-ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384
ssl-default-bind-ciphersuites TLS_AES_128_GCM_SHA256:TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256
# ssl-default-bind-options prefer-client-ciphers no-sslv3 no-tlsv10 no-tlsv11 no-tls-tickets
ssl-default-bind-options no-sslv3 no-tlsv10 no-tlsv11 no-tls-tickets
ssl-default-bind-curves X25519:prime256v1:secp384r1
ssl-default-bind-ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-CHACHA20-POLY1305
ssl-default-bind-ciphersuites TLS_AES_128_GCM_SHA256:TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256
ssl-default-bind-options prefer-client-ciphers ssl-min-ver TLSv1.2 no-tls-tickets
ssl-default-server-ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384
ssl-default-server-ciphersuites TLS_AES_128_GCM_SHA256:TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256
ssl-default-server-options no-sslv3 no-tlsv10 no-tlsv11 no-tls-tickets
ssl-default-server-curves X25519:prime256v1:secp384r1
ssl-default-server-ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-CHACHA20-POLY1305
ssl-default-server-ciphersuites TLS_AES_128_GCM_SHA256:TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256
ssl-default-server-options ssl-min-ver TLSv1.2 no-tls-tickets
# curl https://ssl-config.mozilla.org/ffdhe4096.txt > /mnt/certs/dhparam4096.pem
ssl-dh-param-file /mnt/certs/dhparam4096.pem
@ -52,7 +52,7 @@ defaults
option forwardfor
option redispatch
option http-keep-alive
option http-server-close
# option http-server-close # this would force target rotation and recommended for websockets
option httplog
option dontlognull
retries 3
@ -66,6 +66,14 @@ defaults
timeout tunnel 3600s
timeout tarpit 60s
errorfile 400 /usr/local/share/examples/haproxy/errorfiles/400.http
errorfile 403 /usr/local/share/examples/haproxy/errorfiles/403.http
errorfile 408 /usr/local/share/examples/haproxy/errorfiles/408.http
errorfile 500 /usr/local/share/examples/haproxy/errorfiles/500.http
errorfile 502 /usr/local/share/examples/haproxy/errorfiles/502.http
errorfile 503 /usr/local/share/examples/haproxy/errorfiles/503.http
errorfile 504 /usr/local/share/examples/haproxy/errorfiles/504.http
unique-id-format %{+X}o\ %[hostname,field(1,.),upper]-%Ts%rt
default-server init-addr none resolvers mydns
@ -85,14 +93,17 @@ frontend stats
frontend ft
bind :::80 v4v6
# ssl-min-ver TLSv1.2 ssl-max-ver TLSv1.2
bind :::443 v4v6 strict-sni alpn h2,http/1.1 ssl crt haproxy.pem crt diyhaproxy.pem crt xflowhaproxy.pem crt dvpchaproxy.pem crt rwehaproxy.pem crt scvcchaproxy.pem
bind :::443 v4v6 strict-sni alpn h2,http/1.1 ssl crt haproxy.pem crt diyhaproxy.pem crt rwehaproxy.pem
redirect scheme https code 301 if !{ ssl_fc }
http-request redirect scheme https unless { ssl_fc }
# enables HTTP/3 over QUIC
# bind quic4@:443 alpn h3 ssl crt haproxy.pem crt diyhaproxy.pem crt xflowhaproxy.pem crt dvpchaproxy.pem crt rwehaproxy.pem crt scvcchaproxy.pem
bind quic4@:443 strict-sni alpn h3 allow-0rtt ssl crt haproxy.pem crt diyhaproxy.pem crt rwehaproxy.pem
bind quic6@:443 strict-sni alpn h3 allow-0rtt ssl crt haproxy.pem crt diyhaproxy.pem crt rwehaproxy.pem
# Switches to the QUIC protocol
# http-response set-header alt-svc "h3=\":443\";ma=2592000;"
http-response set-header alt-svc 'h3=":443";ma=86400;h3-27=":443";ma=86400,h3-28=":443";ma=86400,h3-29=":443";ma=86400'
log-format %ci:%cp\ [%t]\ %ft\ %b/%s\ %Tq/%Tw/%Tc/%Tr/%Tt\ %ST\ %B\ %CC\ %CS\ %tsc\ %ac/%fc/%bc/%sc/%rc\ %sq/%bq\ %hr\ %hs\ %{+Q}r\ ssl_version:%sslv\ ssl_cipher:%sslc
@ -108,8 +119,11 @@ frontend ft
http-request set-header X-Client-IP "%[src]"
http-request set-header X-Client-Port "%[src_port]"
http-request set-header X-Forwarded-Proto https if { ssl_fc }
http-request set-header X-Forwarded-Proto http if !{ ssl_fc }
http-request set-header X-Forwarded-Ssl on if { ssl_fc }
http-response set-header Strict-Transport-Security max-age=63072000
# https://hstspreload.org
http-response set-header Strict-Transport-Security "max-age=63072000; includeSubDomains"
# http-response set-header Content-Security-Policy "script-src 'self'"
@ -123,19 +137,24 @@ frontend ft
use_backend bk_ahlawat if { req.hdr(host) ahlawat.com }
use_backend bk_ahlawat if { req.hdr(host) www.ahlawat.com }
use_backend bk_ahlawat if { req.hdr(host) www2.ahlawat.com }
use_backend bk_ahlawat if { req.hdr(host) www-backup.ahlawat.com }
use_backend bk_ahlawat if { req.hdr(host) mta-sts.ahlawat.com }
use_backend bk_ahlawat-sharad if { req.hdr(host) sharad.ahlawat.com }
use_backend bk_ahlawat-sharad if { req.hdr(host) sharad2.ahlawat.com }
use_backend bk_ahlawat-rachna if { req.hdr(host) rachna.ahlawat.com }
use_backend bk_ahlawat-nivi if { req.hdr(host) nivi.ahlawat.com }
use_backend bk_ahlawat-nivi if { req.hdr(host) nivedita.ahlawat.com }
use_backend bk_ahlawat-rishabh if { req.hdr(host) rishabh.ahlawat.com }
use_backend bk_ahlawat-rishabh if { req.hdr(host) rish.ahlawat.com }
# big / 1-fiction / 2-movie / 3-art / 4-home / 5-general
use_backend bk_ahlawat-book-443 if { req.hdr(host) books.ahlawat.com }
use_backend bk_ahlawat-book-444 if { req.hdr(host) book1.ahlawat.com }
use_backend bk_ahlawat-book-445 if { req.hdr(host) book2.ahlawat.com }
use_backend bk_ahlawat-book-446 if { req.hdr(host) book3.ahlawat.com }
use_backend bk_ahlawat-book-447 if { req.hdr(host) book4.ahlawat.com }
use_backend bk_ahlawat-book-448 if { req.hdr(host) book5.ahlawat.com }
use_backend bk_ahlawat-cam if { req.hdr(host) cam.ahlawat.com }
use_backend bk_ahlawat-cam if { req.hdr(host) cam2.ahlawat.com }
use_backend bk_ahlawat-ci if { req.hdr(host) ci.ahlawat.com }
@ -154,29 +173,17 @@ frontend ft
use_backend bk_diyit if { req.hdr(host) diyit.org }
use_backend bk_diyit if { req.hdr(host) www.diyit.org }
use_backend bk_diyit if { req.hdr(host) www2.diyit.org }
use_backend bk_diyit if { req.hdr(host) xflow.org }
use_backend bk_diyit if { req.hdr(host) www.xflow.org }
use_backend bk_diyit if { req.hdr(host) www-backup.diyit.org }
use_backend bk_diyit-grafana if { req.hdr(host) grafana.diyit.org }
use_backend bk_diyit-prometheus if { req.hdr(host) prometheus.diyit.org }
use_backend bk_diyit-kibana if { req.hdr(host) kibana.diyit.org }
use_backend bk_diyit-maps if { req.hdr(host) maps.diyit.org }
use_backend bk_dvpc if { req.hdr(host) datavpc.com }
use_backend bk_dvpc if { req.hdr(host) www.datavpc.com }
use_backend bk_dvpc if { req.hdr(host) www2.datavpc.com }
use_backend bk_dvpc if { req.hdr(host) mydatavpc.com }
use_backend bk_dvpc if { req.hdr(host) www.mydatavpc.com }
# use_backend bk_diyit-kibana if { req.hdr(host) kibana.diyit.org }
# use_backend bk_diyit-maps if { req.hdr(host) maps.diyit.org }
use_backend bk_rwe if { req.hdr(host) rockwoodestates.org }
use_backend bk_rwe if { req.hdr(host) www.rockwoodestates.org }
use_backend bk_rwe if { req.hdr(host) www2.rockwoodestates.org }
use_backend bk_rwe if { req.hdr(host) sms1.rockwoodestates.org }
use_backend bk_rwe if { req.hdr(host) sms2.rockwoodestates.org }
use_backend bk_scvcc if { req.hdr(host) scvcc-rental.com }
use_backend bk_scvcc if { req.hdr(host) www.scvcc-rental.com }
use_backend bk_scvcc if { req.hdr(host) www2.scvcc-rental.com }
use_backend bk_rwe if { req.hdr(host) www-backup.rockwoodestates.org }
use_backend bk_rwe if { req.hdr(host) sms-alt.rockwoodestates.org }
use_backend bk_rwe if { req.hdr(host) sms-alt-backup.rockwoodestates.org }
# use_backend bk_beyondbell if { req.hdr(host) beyondbell.com }
# use_backend bk_beyondbell if { req.hdr(host) www.beyondbell.com }
@ -197,12 +204,12 @@ frontend ft
# Fallback for non-SNI clients
acl is-ahlawat hdr(host) -i ahlawat.com
acl is-ahlawat hdr(host) -i www.ahlawat.com
acl is-ahlawat hdr(host) -i www2.ahlawat.com
acl is-ahlawat hdr(host) -i www-backup.ahlawat.com
use_backend bk_ahlawat if is-ahlawat
acl is-diyit hdr(host) -i diyit.org
acl is-diyit hdr(host) -i www.diyit.org
acl is-diyit hdr(host) -i www2.diyit.org
acl is-diyit hdr(host) -i www-backup.diyit.org
use_backend bk_diyit if is-diyit
default_backend bk_ahlawat
@ -215,7 +222,6 @@ backend bk_ahlawat
http-response set-header X-Frame-Options SAMEORIGIN
backend bk_ahlawat-sharad
# balance roundrobin
server srv1 sharadx.ahlawat.com:443 check ssl ca-file /mnt/certs/cacert.pem alpn h2
server srv2 web.ahlawat.com:443 backup check ssl ca-file /mnt/certs/cacert.pem alpn h2
http-response set-header X-Frame-Options SAMEORIGIN
@ -253,16 +259,42 @@ backend bk_ahlawat-book-445
server srv2 sharadx.ahlawat.com:443 backup check ssl ca-file /mnt/certs/cacert.pem alpn h2
http-response set-header X-Frame-Options SAMEORIGIN
backend bk_ahlawat-book-446
server srv1 bookx.ahlawat.com:446 check ssl ca-file /mnt/certs/cacert.pem alpn h2
server srv2 sharadx.ahlawat.com:443 backup check ssl ca-file /mnt/certs/cacert.pem alpn h2
http-response set-header X-Frame-Options SAMEORIGIN
backend bk_ahlawat-book-447
server srv1 bookx.ahlawat.com:447 check ssl ca-file /mnt/certs/cacert.pem alpn h2
server srv2 sharadx.ahlawat.com:443 backup check ssl ca-file /mnt/certs/cacert.pem alpn h2
http-response set-header X-Frame-Options SAMEORIGIN
backend bk_ahlawat-book-448
server srv1 bookx.ahlawat.com:448 check ssl ca-file /mnt/certs/cacert.pem alpn h2
server srv2 sharadx.ahlawat.com:443 backup check ssl ca-file /mnt/certs/cacert.pem alpn h2
http-response set-header X-Frame-Options SAMEORIGIN
backend bk_ahlawat-cam
server srv1 192.168.0.54:8765 check
server srv2 sharadx.ahlawat.com:443 backup check ssl ca-file /mnt/certs/cacert.pem alpn h2
http-response set-header X-Frame-Options SAMEORIGIN
backend bk_ahlawat-ci
# http-request set-header Host cix.ahlawat.com:8080
http-request replace-header Host ^([^\ \t:]*:)\ https://ci.ahlawat.com/(.*) \1\ http://cix.ahlawat.com:8080/\2
http-response replace-header Host ^([^\ \t:]*:)\ http://cix.ahlawat.com:8080/(.*) \1\ https://ci.ahlawat.com/\2
server srv1 cix.ahlawat.com:8080 check
# http-request replace-header Host ^([^\ \t:]*:)\ https://ci.ahlawat.com/(.*) \1\ http://cix.ahlawat.com:8080/(.*)\2
# http-response replace-header Host ^([^\ \t:]*:)\ http://cix.ahlawat.com:8080/(.*) \1\ https://ci.ahlawat.com/(.*)\2
# http-request replace-header Host ^https://ci.ahlawat.com/(.*) http://cix.ahlawat.com:8080/\1
# http-response replace-header Host ^http://cix.ahlawat.com:8080/(.*) https://ci.ahlawat.com/\1
# http-request set-header X-Forwarded-Port 443
# http-request add-header X-Forwarded-Proto https
# http-request set-header X-Forwarded-Host ci.ahlawat.com
# server srv1 cix.ahlawat.com:8080 check
# roundrobin or leastconn or iphash
balance roundrobin
server srv1 cix.ahlawat.com:443 check ssl ca-file /mnt/certs/cacert.pem alpn h2
server srv2 ci1.ahlawat.com:443 backup check ssl ca-file /mnt/certs/cacert.pem alpn h2
server srv3 ci2.ahlawat.com:443 backup check ssl ca-file /mnt/certs/cacert.pem alpn h2
server srv4 ci3.ahlawat.com:443 backup check ssl ca-file /mnt/certs/cacert.pem alpn h2
http-response set-header X-Frame-Options SAMEORIGIN
backend bk_ahlawat-cloud
@ -302,7 +334,7 @@ backend bk_ahlawat-jump
http-response set-header X-Frame-Options SAMEORIGIN
backend bk_ahlawat-hass
server srv1 hassx.ahlawat.com:8123 check
server srv1 192.168.0.7:8123 check
server srv2 sharadx.ahlawat.com:443 backup check ssl ca-file /mnt/certs/cacert.pem alpn h2
http-response set-header X-Frame-Options SAMEORIGIN
@ -322,100 +354,88 @@ backend bk_diyit-prometheus
# ssl ca-file /mnt/certs/cacert.pem alpn h2
http-response set-header X-Frame-Options SAMEORIGIN
backend bk_diyit-kibana
server srv1 elk.diyit.org:5601 check ssl ca-file /mnt/certs/cacert.pem alpn h2
http-response set-header X-Frame-Options SAMEORIGIN
#backend bk_diyit-kibana
# server srv1 elk.diyit.org:5601 check ssl ca-file /mnt/certs/cacert.pem alpn h2
# http-response set-header X-Frame-Options SAMEORIGIN
backend bk_diyit-maps
server srv1 mapsx.diyit.org:443 ssl ca-file /mnt/certs/cacert.pem alpn h2
http-response set-header Content-Security-Policy "frame-ancestors 'self' https://diyit.org;"
#backend bk_diyit-maps
# server srv1 mapsx.diyit.org:443 ssl ca-file /mnt/certs/cacert.pem alpn h2
# http-response set-header Content-Security-Policy "frame-ancestors 'self' https://diyit.org;"
backend bk_dvpc
server srv1 web.datavpc.com:443 check ssl ca-file /mnt/certs/cacert.pem alpn h2
server srv2 sharadx.ahlawat.com:443 backup check ssl ca-file /mnt/certs/cacert.pem alpn h2
http-response set-header X-Frame-Options SAMEORIGIN
backend bk_rwe
server srv1 web.rockwoodestates.org:443 check ssl ca-file /mnt/certs/cacert.pem alpn h2
server srv2 sharadx.ahlawat.com:443 backup check ssl ca-file /mnt/certs/cacert.pem alpn h2
http-response set-header X-Frame-Options SAMEORIGIN
backend bk_scvcc
server srv1 web.scvcc-rental.com:443 check ssl ca-file /mnt/certs/cacert.pem alpn h2
server srv2 sharadx.ahlawat.com:443 backup check ssl ca-file /mnt/certs/cacert.pem alpn h2
http-response set-header X-Frame-Options SAMEORIGIN
#backend bk_beyondbell
## server srv1 192.168.0.77:8080
# server srv1 rishabhx.ahlawat.com:443 backup check ssl ca-file /mnt/certs/cacert.pem alpn h2
# http-response set-header X-Frame-Options SAMEORIGIN
backend bk_beyondbell
# server srv1 192.168.0.77:8080
server srv1 rishabhx.ahlawat.com:443 backup check ssl ca-file /mnt/certs/cacert.pem alpn h2
http-response set-header X-Frame-Options SAMEORIGIN
#backend bk_beyondbell-ci
## http-request set-header Host cix.beyondbell.com:8111
# http-request replace-header Host ^([^\ \t:]*:)\ https://ci.beyondbell.com/(.*) \1\ http://192.168.0.73:8111/\2
# http-response replace-header Host ^([^\ \t:]*:)\ http://192.168.0.73:8111/(.*) \1\ https://ci.beyondbell.com/\2
# server srv1 192.168.0.73:8111
# http-response set-header X-Frame-Options SAMEORIGIN
backend bk_beyondbell-ci
# http-request set-header Host cix.beyondbell.com:8111
http-request replace-header Host ^([^\ \t:]*:)\ https://ci.beyondbell.com/(.*) \1\ http://192.168.0.73:8111/\2
http-response replace-header Host ^([^\ \t:]*:)\ http://192.168.0.73:8111/(.*) \1\ https://ci.beyondbell.com/\2
server srv1 192.168.0.73:8111
http-response set-header X-Frame-Options SAMEORIGIN
#backend bk_beyondbell-git
# server srv1 gitx.beyondbell.com:3000 check ssl ca-file /mnt/certs/cacert.pem alpn h2
## server srv2 rishabhx.ahlawat.com:443 backup check ssl ca-file /mnt/certs/cacert.pem alpn h2
# http-response set-header X-Frame-Options SAMEORIGIN
backend bk_beyondbell-git
server srv1 gitx.beyondbell.com:3000 check ssl ca-file /mnt/certs/cacert.pem alpn h2
#backend bk_beyondbell-repo
## http-request set-header Host 192.168.0.75:8081
## http-request replace-header Host ^([^\ \t:]*:)\ https://repo.beyondbell.com/(.*) \1\ http://192.168.0.75:8081/\2
## http-response replace-header Host ^([^\ \t:]*:)\ http://192.168.0.75:8081/(.*) \1\ https://repo.beyondbell.com/\2
# server srv1 192.168.0.75:8081
# http-response set-header X-Frame-Options SAMEORIGIN
## http-response del-header Strict-Transport-Security
## http-response add-header Content-Security-Policy: upgrade-insecure-requests
#backend bk_beyondbell-dashboard
# http-request replace-header Host ^([^\ \t:]*:)\ https://dashboardx.beyondbell.com/(.*) \1\ http://192.168.0.92:8080/\2
# http-response replace-header Host ^([^\ \t:]*:)\ http://192.168.0.92:8080/(.*) \1\ https://dashboardx.beyondbell.com/\2
# server srv1 192.168.0.92:8080
# http-response set-header X-Frame-Options SAMEORIGIN
#backend bk_beyondbell-vault
# http-request replace-header Host ^([^\ \t:]*:)\ https://vault.beyondbell.com/(.*) \1\ http://192.168.0.93:8200/\2
# http-response replace-header Host ^([^\ \t:]*:)\ http://192.168.0.93:8200/(.*) \1\ https://vault.beyondbell.com/\2
# server srv1 192.168.0.93:8200
## server srv2 rishabhx.ahlawat.com:443 backup check ssl ca-file /mnt/certs/cacert.pem alpn h2
# http-response set-header X-Frame-Options SAMEORIGIN
#backend bk_beyondbell-web-moonglade
# server srv1 192.168.0.74:8000
## server srv2 rishabhx.ahlawat.com:443 backup check ssl ca-file /mnt/certs/cacert.pem alpn h2
# http-response set-header X-Frame-Options SAMEORIGIN
#backend bk_beyondbell-web-moonglade-private
# server srv1 192.168.0.74:4000
## server srv2 rishabhx.ahlawat.com:443 backup check ssl ca-file /mnt/certs/cacert.pem alpn h2
# http-response set-header X-Frame-Options SAMEORIGIN
#backend bk_beyondbell-r-windows
# server srv1 192.168.0.85:4000
# server srv2 rishabhx.ahlawat.com:443 backup check ssl ca-file /mnt/certs/cacert.pem alpn h2
http-response set-header X-Frame-Options SAMEORIGIN
# http-response set-header X-Frame-Options SAMEORIGIN
backend bk_beyondbell-repo
# http-request set-header Host 192.168.0.75:8081
# http-request replace-header Host ^([^\ \t:]*:)\ https://repo.beyondbell.com/(.*) \1\ http://192.168.0.75:8081/\2
# http-response replace-header Host ^([^\ \t:]*:)\ http://192.168.0.75:8081/(.*) \1\ https://repo.beyondbell.com/\2
server srv1 192.168.0.75:8081
http-response set-header X-Frame-Options SAMEORIGIN
# http-response del-header Strict-Transport-Security
# http-response add-header Content-Security-Policy: upgrade-insecure-requests
backend bk_beyondbell-dashboard
http-request replace-header Host ^([^\ \t:]*:)\ https://dashboardx.beyondbell.com/(.*) \1\ http://192.168.0.92:8080/\2
http-response replace-header Host ^([^\ \t:]*:)\ http://192.168.0.92:8080/(.*) \1\ https://dashboardx.beyondbell.com/\2
server srv1 192.168.0.92:8080
http-response set-header X-Frame-Options SAMEORIGIN
backend bk_beyondbell-vault
http-request replace-header Host ^([^\ \t:]*:)\ https://vault.beyondbell.com/(.*) \1\ http://192.168.0.93:8200/\2
http-response replace-header Host ^([^\ \t:]*:)\ http://192.168.0.93:8200/(.*) \1\ https://vault.beyondbell.com/\2
server srv1 192.168.0.93:8200
#backend bk_beyondbell-windows
# server srv1 192.168.0.81:26900
# server srv2 rishabhx.ahlawat.com:443 backup check ssl ca-file /mnt/certs/cacert.pem alpn h2
http-response set-header X-Frame-Options SAMEORIGIN
# http-response set-header X-Frame-Options SAMEORIGIN
backend bk_beyondbell-web-moonglade
server srv1 192.168.0.74:8000
# server srv2 rishabhx.ahlawat.com:443 backup check ssl ca-file /mnt/certs/cacert.pem alpn h2
http-response set-header X-Frame-Options SAMEORIGIN
#backend bk_beyondbell-mazes
# server srv1 192.168.0.171:8080
## server srv2 rishabhx.ahlawat.com:443 backup check ssl ca-file /mnt/certs/cacert.pem alpn h2
# http-response set-header X-Frame-Options SAMEORIGIN
backend bk_beyondbell-web-moonglade-private
server srv1 192.168.0.74:4000
# server srv2 rishabhx.ahlawat.com:443 backup check ssl ca-file /mnt/certs/cacert.pem alpn h2
http-response set-header X-Frame-Options SAMEORIGIN
backend bk_beyondbell-r-windows
server srv1 192.168.0.85:4000
server srv2 rishabhx.ahlawat.com:443 backup check ssl ca-file /mnt/certs/cacert.pem alpn h2
http-response set-header X-Frame-Options SAMEORIGIN
backend bk_beyondbell-windows
server srv1 192.168.0.81:26900
server srv2 rishabhx.ahlawat.com:443 backup check ssl ca-file /mnt/certs/cacert.pem alpn h2
http-response set-header X-Frame-Options SAMEORIGIN
backend bk_beyondbell-mazes
server srv1 192.168.0.171:8080
# server srv2 rishabhx.ahlawat.com:443 backup check ssl ca-file /mnt/certs/cacert.pem alpn h2
http-response set-header X-Frame-Options SAMEORIGIN
backend bk_beyondbell-mazes-backend
server srv1 192.168.0.172:8080
# server srv2 rishabhx.ahlawat.com:443 backup check ssl ca-file /mnt/certs/cacert.pem alpn h2
http-response set-header X-Frame-Options SAMEORIGIN
#backend bk_beyondbell-mazes-backend
# server srv1 192.168.0.172:8080
## server srv2 rishabhx.ahlawat.com:443 backup check ssl ca-file /mnt/certs/cacert.pem alpn h2
# http-response set-header X-Frame-Options SAMEORIGIN

15
jails/config/proxy/pkg-list-details-old.txt
View File

@ -1,9 +1,8 @@
pkgp123____haproxy-2.6.6
pkgp123____pkg-1.18.4
pkgp-freebsd-pkg____base64-1.5_1
pkgp-freebsd-pkg____bash-5.2.9
pkgp-freebsd-pkg____bash-completion-2.11_1,2
pkgp-freebsd-pkg____nano-6.4
pkgp123____haproxy-3.0.9
pkgp123____pkg-2.1.2
pkgp-freebsd-pkg____base64-1.5_2
pkgp-freebsd-pkg____bash-5.2.37
pkgp-freebsd-pkg____bash-completion-2.14.0,2
pkgp-freebsd-pkg____nano-8.4
pkgp-freebsd-pkg____pidof-20050501
pkgp-freebsd-pkg____socat-1.7.4.4
pkgp-freebsd-pkg____turnserver-4.5.2
pkgp-freebsd-pkg____socat-1.8.0.3

15
jails/config/proxy/pkg-list-details.txt
View File

@ -1,9 +1,8 @@
pkgp123____haproxy-2.6.7
pkgp123____pkg-1.18.4
pkgp-freebsd-pkg____base64-1.5_1
pkgp-freebsd-pkg____bash-5.2.12
pkgp-freebsd-pkg____bash-completion-2.11_2,2
pkgp-freebsd-pkg____nano-7.0
pkgp123____haproxy-3.0.9
pkgp123____pkg-2.1.2
pkgp-freebsd-pkg____base64-1.5_2
pkgp-freebsd-pkg____bash-5.2.37
pkgp-freebsd-pkg____bash-completion-2.14.0,2
pkgp-freebsd-pkg____nano-8.4
pkgp-freebsd-pkg____pidof-20050501
pkgp-freebsd-pkg____socat-1.7.4.4
pkgp-freebsd-pkg____turnserver-4.5.2
pkgp-freebsd-pkg____socat-1.8.0.3

2
jails/config/proxy/pkg-list-old.txt
View File

@ -1 +1 @@
base64 bash bash-completion haproxy nano pidof pkg socat turnserver
base64 bash bash-completion haproxy nano pidof pkg socat

2
jails/config/proxy/pkg-list.txt
View File

@ -1 +1 @@
base64 bash bash-completion haproxy nano pidof pkg socat turnserver
base64 bash bash-completion haproxy nano pidof pkg socat

2
jails/config/proxy/pkgp.conf
View File

@ -5,14 +5,12 @@ FreeBSD: {
pkgp-freebsd-pkg: {
url: "http://pkgp-freebsd-pkg.ahlawat.com/${ABI}/latest",
mirror_type: "http",
enabled: yes,
priority: 10
}
pkgp123: {
url: "http://pkgp.ahlawat.com/packages/pj123-default",
mirror_type: "http",
signature_type: "pubkey",
pubkey: "/mnt/certs/poudriere.cert",
enabled: yes,

5
jails/config/proxy/syslog.conf
View File

@ -1,4 +1,4 @@
# $FreeBSD: releng/12.2/usr.sbin/syslogd/syslog.conf 338146 2018-08-21 17:01:47Z brd $
# $FreeBSD$
#
# Spaces ARE valid field separators in this file. However,
# other *nix-like systems still insist on using tabs as field
@ -14,10 +14,9 @@ cron.* /var/log/cron
!-devd
*.=debug /var/log/debug.log
*.emerg *
daemon.info /var/log/daemon.log
local0.* /var/log/haproxy-traffic.log
local0.notice /var/log/haproxy-admin.log
# uncomment this to log all writes to /dev/console to /var/log/console.log
# touch /var/log/console.log and chmod it to mode 600 before it will work
#console.info /var/log/console.log