Add haproxy config for a home server
This commit is contained in:
parent
ffcfb085ee
commit
3c9584f6f6
|
@ -5,4 +5,5 @@
|
|||
- searx_server
|
||||
- matrix_server
|
||||
- media_server
|
||||
- haproxy_server
|
||||
# - traccar_server
|
||||
|
|
|
@ -1,7 +1,6 @@
|
|||
server_packages:
|
||||
- curl
|
||||
- git
|
||||
- haproxy
|
||||
- letsencrypt
|
||||
- lsof
|
||||
- net-tools
|
||||
|
|
94
.ansible/roles/haproxy_server/files/haproxy.cfg
Normal file
94
.ansible/roles/haproxy_server/files/haproxy.cfg
Normal file
|
@ -0,0 +1,94 @@
|
|||
global
|
||||
ssl-default-bind-options force-tlsv12
|
||||
ssl-default-bind-options ssl-min-ver TLSv1.2
|
||||
ssl-default-bind-ciphers EECDH+AESGCM:EDH+AESGCM
|
||||
|
||||
ssl-default-server-options force-tlsv12
|
||||
ssl-default-server-options ssl-min-ver TLSv1.2
|
||||
ssl-default-server-ciphers EECDH+AESGCM:EDH+AESGCM
|
||||
|
||||
tune.ssl.default-dh-param 2048
|
||||
tune.ssl.cachesize 50000
|
||||
|
||||
maxconn 256
|
||||
|
||||
|
||||
defaults
|
||||
mode http
|
||||
option dontlognull
|
||||
option forwardfor
|
||||
option httpchk
|
||||
option httpclose
|
||||
option abortonclose
|
||||
timeout server 30s
|
||||
timeout client 30s
|
||||
timeout connect 5s
|
||||
|
||||
|
||||
frontend stats
|
||||
bind :1936
|
||||
|
||||
maxconn 10
|
||||
|
||||
stats enable
|
||||
stats hide-version
|
||||
stats refresh 30s
|
||||
stats show-node
|
||||
stats uri /
|
||||
|
||||
|
||||
frontend home.suborbit.com
|
||||
bind :443 v4v6 ssl crt /etc/letsencrypt/live/home.suborbit.com/fullchain+key.pem
|
||||
|
||||
http-response set-header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload"
|
||||
|
||||
http-request set-header Host home.suborbit.com
|
||||
|
||||
http-request redirect code 301 location https://%[hdr(host)]/jackett%[capture.req.uri] if { path_beg /UI/ }
|
||||
|
||||
use_backend qbittorrent-backend if { path_beg /bt/ }
|
||||
use_backend sonarr-backend if { path_beg /sonarr/ }
|
||||
use_backend radarr-backend if { path_beg /radarr/ }
|
||||
use_backend sabnzbd-backend if { path_beg /sabnzbd/ }
|
||||
use_backend jackett-backend if { path_beg /jackett/ }
|
||||
use_backend matrix-backend if { path_beg /_matrix/ }
|
||||
use_backend share-backend if { path_beg / }
|
||||
|
||||
|
||||
frontend search.lan
|
||||
bind :80 v4v6
|
||||
|
||||
acl network_allowed src 10.0.9.0/24 2a02:8010:652f::/48
|
||||
acl host_search hdr(host) -i search.lan
|
||||
|
||||
block if !network_allowed
|
||||
|
||||
use_backend searx-backend if host_search
|
||||
|
||||
|
||||
backend qbittorrent-backend
|
||||
server jupiter 10.0.9.110:8181
|
||||
reqrep ^([^\ :]*)\ /bt/(.*) \1\ /\2
|
||||
|
||||
backend sonarr-backend
|
||||
server jupiter 10.0.9.110:8989
|
||||
|
||||
backend radarr-backend
|
||||
server jupiter 10.0.9.110:7878
|
||||
|
||||
backend sabnzbd-backend
|
||||
server jupiter 10.0.9.110:8080
|
||||
|
||||
backend jackett-backend
|
||||
server jupiter 10.0.9.110:9117
|
||||
reqrep ^([^\ :]*)\ /jackett/(.*) \1\ /\2
|
||||
|
||||
backend matrix-backend
|
||||
server localhost 127.0.0.1:8008 maxconn 64
|
||||
|
||||
backend searx-backend
|
||||
server localhost 127.0.0.1:8888
|
||||
acl network_allowed src 10.0.9.0/24
|
||||
|
||||
backend share-backend
|
||||
server jupiter 10.0.9.110:8182
|
23
.ansible/roles/haproxy_server/tasks/main.yaml
Normal file
23
.ansible/roles/haproxy_server/tasks/main.yaml
Normal file
|
@ -0,0 +1,23 @@
|
|||
- name: 'HAProxy'
|
||||
tags:
|
||||
- install
|
||||
- haproxy
|
||||
block:
|
||||
- name: 'HAProxy: package'
|
||||
package:
|
||||
name: 'haproxy'
|
||||
state: latest
|
||||
become: yes
|
||||
|
||||
- name: 'HAProxy: Config'
|
||||
copy:
|
||||
dest: '/etc/haproxy/haproxy.cfg'
|
||||
src: 'files/haproxy.cfg'
|
||||
become: yes
|
||||
|
||||
- name: 'HAProxy: Service'
|
||||
systemd:
|
||||
name: 'haproxy'
|
||||
state: started
|
||||
enabled: yes
|
||||
become: yes
|
Loading…
Reference in a new issue