dotfiles/.ansible/roles/haproxy_server/files/haproxy.cfg

95 lines
2.3 KiB
INI

global
ssl-default-bind-options force-tlsv12
ssl-default-bind-options ssl-min-ver TLSv1.2
ssl-default-bind-ciphers EECDH+AESGCM:EDH+AESGCM
ssl-default-server-options force-tlsv12
ssl-default-server-options ssl-min-ver TLSv1.2
ssl-default-server-ciphers EECDH+AESGCM:EDH+AESGCM
tune.ssl.default-dh-param 2048
tune.ssl.cachesize 50000
maxconn 256
defaults
mode http
option dontlognull
option forwardfor
option httpchk
option httpclose
option abortonclose
timeout server 30s
timeout client 30s
timeout connect 5s
frontend stats
bind :1936
maxconn 10
stats enable
stats hide-version
stats refresh 30s
stats show-node
stats uri /
frontend home.suborbit.com
bind :443 v4v6 ssl crt /etc/letsencrypt/live/home.suborbit.com/fullchain+key.pem
http-response set-header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload"
http-request set-header Host home.suborbit.com
http-request redirect code 301 location https://%[hdr(host)]/jackett%[capture.req.uri] if { path_beg /UI/ }
use_backend qbittorrent-backend if { path_beg /bt/ }
use_backend sonarr-backend if { path_beg /sonarr/ }
use_backend radarr-backend if { path_beg /radarr/ }
use_backend sabnzbd-backend if { path_beg /sabnzbd/ }
use_backend jackett-backend if { path_beg /jackett/ }
use_backend matrix-backend if { path_beg /_matrix/ }
use_backend share-backend if { path_beg / }
frontend search.lan
bind :80 v4v6
acl network_allowed src 10.0.9.0/24 2a02:8010:652f::/48
acl host_search hdr(host) -i search.lan
block if !network_allowed
use_backend searx-backend if host_search
backend qbittorrent-backend
server jupiter 10.0.9.111:8181
reqrep ^([^\ :]*)\ /bt/(.*) \1\ /\2
backend sonarr-backend
server jupiter 10.0.9.111:8989
backend radarr-backend
server jupiter 10.0.9.111:7878
backend sabnzbd-backend
server jupiter 10.0.9.111:8080
backend jackett-backend
server jupiter 10.0.9.111:9117
reqrep ^([^\ :]*)\ /jackett/(.*) \1\ /\2
backend matrix-backend
server localhost 10.0.9.111:8008 maxconn 64
backend searx-backend
server localhost 10.0.9.111:8888
acl network_allowed src 10.0.9.0/24
backend share-backend
server jupiter 10.0.9.111:8182