400 lines
18 KiB
Plaintext
400 lines
18 KiB
Plaintext
# Copyright (c) 2018-2022, diyIT.org
|
|
# All rights reserved.
|
|
#
|
|
# BSD 2-Clause License ("Simplified BSD License" or "FreeBSD License")
|
|
# https://diyit.org/license/
|
|
#
|
|
#
|
|
|
|
# https://ssl-config.mozilla.org/#server=haproxy
|
|
# Need to use Intermediate setting for Twilio and Jetpack
|
|
|
|
global
|
|
daemon
|
|
|
|
# modern configuration # twilio is one of the sites that cannot handle the modern config
|
|
# ssl-default-bind-ciphersuites TLS_AES_128_GCM_SHA256:TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256
|
|
# ssl-default-bind-options prefer-client-ciphers no-sslv3 no-tlsv10 no-tlsv11 no-tlsv12 no-tls-tickets
|
|
|
|
# ssl-default-server-ciphersuites TLS_AES_128_GCM_SHA256:TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256
|
|
# ssl-default-server-options no-sslv3 no-tlsv10 no-tlsv11 no-tlsv12 no-tls-tickets
|
|
|
|
# intermediate configuration
|
|
ssl-default-bind-ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384
|
|
ssl-default-bind-ciphersuites TLS_AES_128_GCM_SHA256:TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256
|
|
ssl-default-bind-options prefer-client-ciphers no-sslv3 no-tlsv10 no-tlsv11 no-tls-tickets
|
|
|
|
ssl-default-server-ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384
|
|
ssl-default-server-ciphersuites TLS_AES_128_GCM_SHA256:TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256
|
|
ssl-default-server-options no-sslv3 no-tlsv10 no-tlsv11 no-tls-tickets
|
|
|
|
# curl https://ssl-config.mozilla.org/ffdhe2048.txt > /mnt/certs/dhparam2048.pem
|
|
ssl-dh-param-file /mnt/certs/dhparam2048.pem
|
|
|
|
tune.ssl.default-dh-param 2048
|
|
|
|
#testing
|
|
#tune.idle-pool.shared off
|
|
|
|
log 127.0.0.1 local0
|
|
|
|
defaults
|
|
log global
|
|
mode http
|
|
# option http-use-htx #not supported in 2.5
|
|
option forwardfor
|
|
option redispatch
|
|
option http-keep-alive
|
|
option http-server-close
|
|
option httplog
|
|
option dontlognull
|
|
retries 3
|
|
maxconn 4096
|
|
timeout http-request 10s
|
|
timeout http-keep-alive 10s
|
|
timeout queue 1m
|
|
timeout connect 5s
|
|
timeout client 90s
|
|
timeout server 90s
|
|
timeout check 10s
|
|
timeout tunnel 3600s
|
|
timeout tarpit 60s
|
|
|
|
unique-id-format %{+X}o\ %[hostname,field(1,.),upper]-%Ts%rt
|
|
default-server init-addr none resolvers mydns
|
|
|
|
resolvers mydns
|
|
nameserver ns1 192.168.0.5:53
|
|
|
|
frontend stats
|
|
bind :::8404 v4v6
|
|
http-request use-service prometheus-exporter if { path /metrics }
|
|
stats enable
|
|
stats uri /stats
|
|
stats refresh 10s
|
|
stats show-node
|
|
stats realm Haproxy\ Statistics
|
|
stats auth infra:infra
|
|
|
|
frontend ft
|
|
bind :::80 v4v6
|
|
# bind :::443 v4v6 strict-sni alpn http/1.1 ssl crt /mnt/certs/haproxy.pem crt /mnt/certs/bbhaproxy.pem crt /mnt/certs/diyhaproxy.pem crt /mnt/certs/xflowhaproxy.pem crt /mnt/certs/dvpchaproxy.pem crt /mnt/certs/mdvpchaproxy.pem crt /mnt/certs/rwehaproxy.pem crt /mnt/certs/rwrhaproxy.pem crt /mnt/certs/scvcchaproxy.pem
|
|
bind :::443 v4v6 strict-sni alpn h2,http/1.1 ssl crt /mnt/certs/haproxy.pem crt /mnt/certs/bbhaproxy.pem crt /mnt/certs/diyhaproxy.pem crt /mnt/certs/xflowhaproxy.pem crt /mnt/certs/dvpchaproxy.pem crt /mnt/certs/mdvpchaproxy.pem crt /mnt/certs/rwehaproxy.pem crt /mnt/certs/rwrhaproxy.pem crt /mnt/certs/scvcchaproxy.pem
|
|
|
|
redirect scheme https code 301 if !{ ssl_fc }
|
|
|
|
log-format %ci:%cp\ [%t]\ %ft\ %b/%s\ %Tq/%Tw/%Tc/%Tr/%Tt\ %ST\ %B\ %CC\ %CS\ %tsc\ %ac/%fc/%bc/%sc/%rc\ %sq/%bq\ %hr\ %hs\ %{+Q}r\ ssl_version:%sslv\ ssl_cipher:%sslc
|
|
|
|
# acl is_websocket hdr(Upgrade) -i WebSocket
|
|
# acl is_websocket hdr_beg(Host) -i ws
|
|
# use_backend bk_ahlawat-hass if is_websocket
|
|
|
|
acl network_allowed src 192.168.0.0/24 192.168.8.0/24 192.168.50.0/24 192.168.51.0/24 fd01::/64 fd08::/64 fd50::/64 fd51::/64
|
|
# acl restricted_page path -i -m sub /wp-admin ## rockwood needs external access
|
|
acl restricted_page path -i -m sub /wp-login
|
|
http-request deny if restricted_page !network_allowed
|
|
|
|
http-request set-header X-Client-IP "%[src]"
|
|
http-request set-header X-Client-Port "%[src_port]"
|
|
http-request set-header X-Forwarded-Proto https if { ssl_fc }
|
|
http-request set-header X-Forwarded-Ssl on if { ssl_fc }
|
|
http-response set-header Strict-Transport-Security max-age=63072000
|
|
|
|
# for Clickjacking - added to individual backends
|
|
# http-response set-header X-Frame-Options SAMEORIGIN
|
|
|
|
# https://github.com/haproxy/haproxy/issues/1353
|
|
# use req.hdr(host) instead of ssl_fc_sni
|
|
# use_backend bk_ahlawat if { ssl_fc_sni ahlawat.com }
|
|
# use_backend bk_ahlawat if { ssl_fc_sni www.ahlawat.com }
|
|
|
|
use_backend bk_ahlawat if { req.hdr(host) ahlawat.com }
|
|
use_backend bk_ahlawat if { req.hdr(host) www.ahlawat.com }
|
|
|
|
use_backend bk_ahlawat-sharad if { req.hdr(host) sharad.ahlawat.com }
|
|
use_backend bk_ahlawat-rachna if { req.hdr(host) rachna.ahlawat.com }
|
|
use_backend bk_ahlawat-nivi if { req.hdr(host) nivi.ahlawat.com }
|
|
use_backend bk_ahlawat-nivi if { req.hdr(host) nivedita.ahlawat.com }
|
|
use_backend bk_ahlawat-rishabh if { req.hdr(host) rishabh.ahlawat.com }
|
|
|
|
use_backend bk_ahlawat-book-443 if { req.hdr(host) books.ahlawat.com }
|
|
use_backend bk_ahlawat-book-444 if { req.hdr(host) book1.ahlawat.com }
|
|
use_backend bk_ahlawat-book-445 if { req.hdr(host) book2.ahlawat.com }
|
|
use_backend bk_ahlawat-cam if { req.hdr(host) cam.ahlawat.com }
|
|
use_backend bk_ahlawat-ci if { req.hdr(host) ci.ahlawat.com }
|
|
use_backend bk_ahlawat-cloud if { req.hdr(host) cloud.ahlawat.com }
|
|
use_backend bk_ahlawat-git if { req.hdr(host) git.ahlawat.com }
|
|
use_backend bk_ahlawat-hub if { req.hdr(host) hub.ahlawat.com }
|
|
use_backend bk_ahlawat-matrix if { req.hdr(host) matrix.ahlawat.com }
|
|
use_backend bk_ahlawat-meet if { req.hdr(host) meet.ahlawat.com }
|
|
use_backend bk_ahlawat-monitor if { req.hdr(host) monitor.ahlawat.com }
|
|
use_backend bk_ahlawat-jump if { req.hdr(host) jump.ahlawat.com }
|
|
use_backend bk_ahlawat-hass if { req.hdr(host) hass.ahlawat.com }
|
|
|
|
use_backend bk_diyit if { req.hdr(host) diyit.org }
|
|
use_backend bk_diyit if { req.hdr(host) www.diyit.org }
|
|
use_backend bk_diyit if { req.hdr(host) xflow.org }
|
|
use_backend bk_diyit if { req.hdr(host) www.xflow.org }
|
|
use_backend bk_diyit-grafana if { req.hdr(host) grafana.diyit.org }
|
|
use_backend bk_diyit-prometheus if { req.hdr(host) prometheus.diyit.org }
|
|
use_backend bk_diyit-kibana if { req.hdr(host) kibana.diyit.org }
|
|
use_backend bk_diyit-maps if { req.hdr(host) maps.diyit.org }
|
|
|
|
use_backend bk_dvpc if { req.hdr(host) datavpc.com }
|
|
use_backend bk_dvpc if { req.hdr(host) www.datavpc.com }
|
|
use_backend bk_dvpc if { req.hdr(host) mydatavpc.com }
|
|
use_backend bk_dvpc if { req.hdr(host) www.mydatavpc.com }
|
|
|
|
use_backend bk_rwe if { req.hdr(host) rockwoodestates.org }
|
|
use_backend bk_rwe if { req.hdr(host) www.rockwoodestates.org }
|
|
|
|
use_backend bk_rwr if { req.hdr(host) rockwoodranch.org }
|
|
use_backend bk_rwr if { req.hdr(host) www.rockwoodranch.org }
|
|
|
|
use_backend bk_scvcc if { req.hdr(host) scvcc-rental.com }
|
|
use_backend bk_scvcc if { req.hdr(host) www.scvcc-rental.com }
|
|
|
|
use_backend bk_beyondbell if { req.hdr(host) beyondbell.com }
|
|
use_backend bk_beyondbell if { req.hdr(host) www.beyondbell.com }
|
|
use_backend bk_beyondbell-ci if { req.hdr(host) ci.beyondbell.com }
|
|
use_backend bk_beyondbell-git if { req.hdr(host) git.beyondbell.com }
|
|
use_backend bk_beyondbell-repo if { req.hdr(host) repo.beyondbell.com }
|
|
use_backend bk_beyondbell-dashboard if { req.hdr(host) dashboard.beyondbell.com }
|
|
use_backend bk_beyondbell-vault if { req.hdr(host) vault.beyondbell.com }
|
|
|
|
use_backend bk_beyondbell-web-moonglade if { req.hdr(host) moonglade.beyondbell.com }
|
|
use_backend bk_beyondbell-web-moonglade-private if { req.hdr(host) moonglade-private.beyondbell.com }
|
|
use_backend bk_beyondbell-r-windows if { req.hdr(host) moonglade-server.beyondbell.com }
|
|
use_backend bk_beyondbell-windows if { req.hdr(host) gs.beyondbell.com }
|
|
|
|
use_backend bk_beyondbell-mazes if { req.hdr(host) mazes.beyondbell.com }
|
|
use_backend bk_beyondbell-mazes-backend if { req.hdr(host) mazes-backend.beyondbell.com }
|
|
|
|
# Fallback for non-SNI clients
|
|
acl is-ahlawat hdr(host) -i ahlawat.com
|
|
acl is-ahlawat hdr(host) -i www.ahlawat.com
|
|
use_backend bk_ahlawat if is-ahlawat
|
|
|
|
acl is-diyit hdr(host) -i diyit.org
|
|
acl is-diyit hdr(host) -i www.diyit.org
|
|
use_backend bk_diyit if is-diyit
|
|
|
|
default_backend bk_ahlawat
|
|
|
|
|
|
|
|
backend bk_ahlawat
|
|
server srv1 web.ahlawat.com:443 check ssl ca-file /mnt/certs/cacert.pem alpn h2
|
|
server srv2 sharadx.ahlawat.com:443 backup check ssl ca-file /mnt/certs/cacert.pem alpn h2
|
|
http-response set-header X-Frame-Options SAMEORIGIN
|
|
|
|
backend bk_ahlawat-sharad
|
|
# balance roundrobin
|
|
server srv1 sharadx.ahlawat.com:443 check ssl ca-file /mnt/certs/cacert.pem alpn h2
|
|
server srv2 web.ahlawat.com:443 backup check ssl ca-file /mnt/certs/cacert.pem alpn h2
|
|
http-response set-header X-Frame-Options SAMEORIGIN
|
|
# http-response set-header Content-Security-Policy "default-src 'self' *.ahlawat.com"
|
|
|
|
backend bk_ahlawat-rachna
|
|
server srv1 rachnax.ahlawat.com:443 check ssl ca-file /mnt/certs/cacert.pem alpn h2
|
|
server srv2 web.ahlawat.com:443 backup check ssl ca-file /mnt/certs/cacert.pem alpn h2
|
|
http-response set-header X-Frame-Options SAMEORIGIN
|
|
|
|
backend bk_ahlawat-nivi
|
|
server srv1 nivix.ahlawat.com:443 check ssl ca-file /mnt/certs/cacert.pem alpn h2
|
|
server srv2 web.ahlawat.com:443 backup check ssl ca-file /mnt/certs/cacert.pem alpn h2
|
|
http-response set-header X-Frame-Options SAMEORIGIN
|
|
|
|
backend bk_ahlawat-rishabh
|
|
server srv1 rishabhx.ahlawat.com:443 check ssl ca-file /mnt/certs/cacert.pem alpn h2
|
|
server srv2 web.ahlawat.com:443 backup check ssl ca-file /mnt/certs/cacert.pem alpn h2
|
|
http-response set-header X-Frame-Options SAMEORIGIN
|
|
|
|
|
|
|
|
backend bk_ahlawat-book-443
|
|
server srv1 book.ahlawat.com:443 check ssl ca-file /mnt/certs/cacert.pem alpn h2
|
|
server srv2 sharadx.ahlawat.com:443 backup check ssl ca-file /mnt/certs/cacert.pem alpn h2
|
|
http-response set-header X-Frame-Options SAMEORIGIN
|
|
|
|
backend bk_ahlawat-book-444
|
|
server srv1 book.ahlawat.com:444 check ssl ca-file /mnt/certs/cacert.pem alpn h2
|
|
server srv2 sharadx.ahlawat.com:443 backup check ssl ca-file /mnt/certs/cacert.pem alpn h2
|
|
http-response set-header X-Frame-Options SAMEORIGIN
|
|
|
|
backend bk_ahlawat-book-445
|
|
server srv1 book.ahlawat.com:445 check ssl ca-file /mnt/certs/cacert.pem alpn h2
|
|
server srv2 sharadx.ahlawat.com:443 backup check ssl ca-file /mnt/certs/cacert.pem alpn h2
|
|
http-response set-header X-Frame-Options SAMEORIGIN
|
|
|
|
backend bk_ahlawat-cam
|
|
server srv1 192.168.0.54:8765 check
|
|
server srv2 sharadx.ahlawat.com:443 backup check ssl ca-file /mnt/certs/cacert.pem alpn h2
|
|
http-response set-header X-Frame-Options SAMEORIGIN
|
|
|
|
backend bk_ahlawat-ci
|
|
# http-request set-header Host cix.ahlawat.com:8080
|
|
http-request replace-header Host ^([^\ \t:]*:)\ https://ci.ahlawat.com/(.*) \1\ http://cix.ahlawat.com:8080/\2
|
|
http-response replace-header Host ^([^\ \t:]*:)\ http://cix.ahlawat.com:8080/(.*) \1\ https://ci.ahlawat.com/\2
|
|
server srv1 cix.ahlawat.com:8080 check
|
|
http-response set-header X-Frame-Options SAMEORIGIN
|
|
|
|
backend bk_ahlawat-cloud
|
|
server srv1 cloudx.ahlawat.com:443 check ssl ca-file /mnt/certs/cacert.pem alpn h2
|
|
server srv2 web.ahlawat.com:443 backup check ssl ca-file /mnt/certs/cacert.pem alpn h2
|
|
http-response set-header X-Frame-Options SAMEORIGIN
|
|
|
|
backend bk_ahlawat-git
|
|
# timeout queue 8s
|
|
server srv1 gitx.ahlawat.com:3000 check ssl maxconn 32 ca-file /mnt/certs/cacert.pem alpn h2
|
|
# server srv2 web.ahlawat.com:443 backup check ssl ca-file /mnt/certs/cacert.pem alpn h2
|
|
http-response set-header X-Frame-Options "ALLOW-FROM *.diyit.org"
|
|
# http-response set-header X-Frame-Options SAMEORIGIN
|
|
|
|
backend bk_ahlawat-hub
|
|
server srv1 hubx.ahlawat.com:443 check ssl ca-file /mnt/certs/cacert.pem alpn h2
|
|
server srv2 web.ahlawat.com:443 backup check ssl ca-file /mnt/certs/cacert.pem alpn h2
|
|
http-response set-header X-Frame-Options SAMEORIGIN
|
|
|
|
backend bk_ahlawat-matrix
|
|
server srv1 matrix.ahlawat.com:443 check ssl ca-file /mnt/certs/cacert.pem alpn h2
|
|
server srv2 web.ahlawat.com:443 backup check ssl ca-file /mnt/certs/cacert.pem alpn h2
|
|
http-response set-header X-Frame-Options SAMEORIGIN
|
|
|
|
backend bk_ahlawat-meet
|
|
server srv1 meet.ahlawat.com:443 check ssl ca-file /mnt/certs/cacert.pem alpn h2
|
|
server srv2 web.ahlawat.com:443 backup check ssl ca-file /mnt/certs/cacert.pem alpn h2
|
|
http-response set-header X-Frame-Options SAMEORIGIN
|
|
|
|
backend bk_ahlawat-monitor
|
|
server srv1 monitorx.ahlawat.com:443 check ssl ca-file /mnt/certs/cacert.pem alpn h2
|
|
# http-response set-header X-Frame-Options SAMEORIGIN
|
|
|
|
backend bk_ahlawat-jump
|
|
server srv1 jumpx.ahlawat.com:8080 check
|
|
server srv2 sharadx.ahlawat.com:443 backup check ssl ca-file /mnt/certs/cacert.pem alpn h2
|
|
http-response set-header X-Frame-Options SAMEORIGIN
|
|
|
|
backend bk_ahlawat-hass
|
|
server srv1 hassx.ahlawat.com:8123 check
|
|
server srv2 sharadx.ahlawat.com:443 backup check ssl ca-file /mnt/certs/cacert.pem alpn h2
|
|
http-response set-header X-Frame-Options SAMEORIGIN
|
|
|
|
|
|
|
|
backend bk_diyit
|
|
server srv1 web.diyit.org:443 check ssl ca-file /mnt/certs/cacert.pem alpn h2
|
|
server srv2 sharadx.ahlawat.com:443 backup check ssl ca-file /mnt/certs/cacert.pem alpn h2
|
|
http-response set-header X-Frame-Options SAMEORIGIN
|
|
|
|
backend bk_diyit-grafana
|
|
server srv1 grafanax.diyit.org:3000 check ssl ca-file /mnt/certs/cacert.pem alpn h2
|
|
http-response set-header X-Frame-Options SAMEORIGIN
|
|
|
|
backend bk_diyit-prometheus
|
|
server srv1 prometheusx.diyit.org:9090 check
|
|
# ssl ca-file /mnt/certs/cacert.pem alpn h2
|
|
http-response set-header X-Frame-Options SAMEORIGIN
|
|
|
|
backend bk_diyit-kibana
|
|
server srv1 elk.diyit.org:5601 check ssl ca-file /mnt/certs/cacert.pem alpn h2
|
|
http-response set-header X-Frame-Options SAMEORIGIN
|
|
|
|
backend bk_diyit-maps
|
|
server srv1 mapsx.diyit.org:443 ssl ca-file /mnt/certs/cacert.pem alpn h2
|
|
# http-response set-header X-Frame-Options SAMEORIGIN
|
|
|
|
|
|
|
|
backend bk_dvpc
|
|
server srv1 web.datavpc.com:443 check ssl ca-file /mnt/certs/cacert.pem alpn h2
|
|
server srv2 sharadx.ahlawat.com:443 backup check ssl ca-file /mnt/certs/cacert.pem alpn h2
|
|
http-response set-header X-Frame-Options SAMEORIGIN
|
|
|
|
backend bk_rwe
|
|
server srv1 web.rockwoodestates.org:443 check ssl ca-file /mnt/certs/cacert.pem alpn h2
|
|
server srv2 sharadx.ahlawat.com:443 backup check ssl ca-file /mnt/certs/cacert.pem alpn h2
|
|
http-response set-header X-Frame-Options SAMEORIGIN
|
|
backend bk_rwr
|
|
server srv1 web.rockwoodranch.org:443 check ssl ca-file /mnt/certs/cacert.pem alpn h2
|
|
server srv2 sharadx.ahlawat.com:443 backup check ssl ca-file /mnt/certs/cacert.pem alpn h2
|
|
http-response set-header X-Frame-Options SAMEORIGIN
|
|
|
|
backend bk_scvcc
|
|
server srv1 web.scvcc-rental.com:443 check ssl ca-file /mnt/certs/cacert.pem alpn h2
|
|
server srv2 sharadx.ahlawat.com:443 backup check ssl ca-file /mnt/certs/cacert.pem alpn h2
|
|
http-response set-header X-Frame-Options SAMEORIGIN
|
|
|
|
|
|
|
|
backend bk_beyondbell
|
|
# server srv1 192.168.0.77:8080
|
|
server srv1 rishabhx.ahlawat.com:443 backup check ssl ca-file /mnt/certs/cacert.pem alpn h2
|
|
http-response set-header X-Frame-Options SAMEORIGIN
|
|
|
|
backend bk_beyondbell-ci
|
|
# http-request set-header Host cix.beyondbell.com:8111
|
|
http-request replace-header Host ^([^\ \t:]*:)\ https://ci.beyondbell.com/(.*) \1\ http://192.168.0.73:8111/\2
|
|
http-response replace-header Host ^([^\ \t:]*:)\ http://192.168.0.73:8111/(.*) \1\ https://ci.beyondbell.com/\2
|
|
server srv1 192.168.0.73:8111
|
|
http-response set-header X-Frame-Options SAMEORIGIN
|
|
|
|
backend bk_beyondbell-git
|
|
server srv1 gitx.beyondbell.com:3000 check ssl ca-file /mnt/certs/cacert.pem alpn h2
|
|
# server srv2 rishabhx.ahlawat.com:443 backup check ssl ca-file /mnt/certs/cacert.pem alpn h2
|
|
http-response set-header X-Frame-Options SAMEORIGIN
|
|
|
|
backend bk_beyondbell-repo
|
|
# http-request set-header Host 192.168.0.75:8081
|
|
# http-request replace-header Host ^([^\ \t:]*:)\ https://repo.beyondbell.com/(.*) \1\ http://192.168.0.75:8081/\2
|
|
# http-response replace-header Host ^([^\ \t:]*:)\ http://192.168.0.75:8081/(.*) \1\ https://repo.beyondbell.com/\2
|
|
|
|
server srv1 192.168.0.75:8081
|
|
http-response set-header X-Frame-Options SAMEORIGIN
|
|
|
|
# http-response del-header Strict-Transport-Security
|
|
# http-response add-header Content-Security-Policy: upgrade-insecure-requests
|
|
|
|
backend bk_beyondbell-dashboard
|
|
http-request replace-header Host ^([^\ \t:]*:)\ https://dashboardx.beyondbell.com/(.*) \1\ http://192.168.0.92:8080/\2
|
|
http-response replace-header Host ^([^\ \t:]*:)\ http://192.168.0.92:8080/(.*) \1\ https://dashboardx.beyondbell.com/\2
|
|
server srv1 192.168.0.92:8080
|
|
http-response set-header X-Frame-Options SAMEORIGIN
|
|
|
|
backend bk_beyondbell-vault
|
|
http-request replace-header Host ^([^\ \t:]*:)\ https://vault.beyondbell.com/(.*) \1\ http://192.168.0.93:8200/\2
|
|
http-response replace-header Host ^([^\ \t:]*:)\ http://192.168.0.93:8200/(.*) \1\ https://vault.beyondbell.com/\2
|
|
server srv1 192.168.0.93:8200
|
|
# server srv2 rishabhx.ahlawat.com:443 backup check ssl ca-file /mnt/certs/cacert.pem alpn h2
|
|
http-response set-header X-Frame-Options SAMEORIGIN
|
|
|
|
backend bk_beyondbell-web-moonglade
|
|
server srv1 192.168.0.74:8000
|
|
# server srv2 rishabhx.ahlawat.com:443 backup check ssl ca-file /mnt/certs/cacert.pem alpn h2
|
|
http-response set-header X-Frame-Options SAMEORIGIN
|
|
|
|
backend bk_beyondbell-web-moonglade-private
|
|
server srv1 192.168.0.74:4000
|
|
# server srv2 rishabhx.ahlawat.com:443 backup check ssl ca-file /mnt/certs/cacert.pem alpn h2
|
|
http-response set-header X-Frame-Options SAMEORIGIN
|
|
|
|
backend bk_beyondbell-r-windows
|
|
server srv1 192.168.0.85:4000
|
|
server srv2 rishabhx.ahlawat.com:443 backup check ssl ca-file /mnt/certs/cacert.pem alpn h2
|
|
http-response set-header X-Frame-Options SAMEORIGIN
|
|
|
|
backend bk_beyondbell-windows
|
|
server srv1 192.168.0.81:26900
|
|
server srv2 rishabhx.ahlawat.com:443 backup check ssl ca-file /mnt/certs/cacert.pem alpn h2
|
|
http-response set-header X-Frame-Options SAMEORIGIN
|
|
|
|
backend bk_beyondbell-mazes
|
|
server srv1 192.168.0.171:8080
|
|
# server srv2 rishabhx.ahlawat.com:443 backup check ssl ca-file /mnt/certs/cacert.pem alpn h2
|
|
http-response set-header X-Frame-Options SAMEORIGIN
|
|
|
|
backend bk_beyondbell-mazes-backend
|
|
server srv1 192.168.0.172:8080
|
|
# server srv2 rishabhx.ahlawat.com:443 backup check ssl ca-file /mnt/certs/cacert.pem alpn h2
|
|
http-response set-header X-Frame-Options SAMEORIGIN
|