From 0326ac234efd30965a21d50f338ddf7ed3696a16 Mon Sep 17 00:00:00 2001 From: billisdead Date: Sat, 17 Jan 2026 14:19:32 +0100 Subject: [PATCH] un peu de nettoyage --- haproxy.cfg | 65 ----------------------------------------------------- 1 file changed, 65 deletions(-) diff --git a/haproxy.cfg b/haproxy.cfg index 46bd5e8..a31b7bc 100644 --- a/haproxy.cfg +++ b/haproxy.cfg @@ -71,22 +71,12 @@ userlist admin-ghost # # redirect scheme https if !acl_letsencrypt !{ ssl_fc } # use_backend be_letsencrypt if acl_letsencrypt -#frontend smtp_front -# bind *:587 -# mode tcp -# option tcplog -# default_backend smtp_back - -#backend smtp_back -# mode tcp -# server postfix_server 192.168.1.17:587 check frontend https bind *:443,[::]:443 ssl crt /etc/haproxy/ssl/ strict-sni alpn http/1.1 #bind *:443,[::]:443 ssl crt /etc/haproxy/ssl/ strict-sni alpn h2,http/1.1 # headers - #http-request set-header Host homegit.gyozamancave.fr #http-request set-header Host %[req.hdr(Host)] #http-request set-header X-Real-IP %[src] http-request set-header X-Forwarded-Proto https if { ssl_fc } @@ -157,9 +147,6 @@ frontend https acl stats-host hdr(host) -i stats.gyozamancave.fr acl stats-api hdr(host) -i api.stats.gyozamancave.fr acl n8n-host hdr(host) -i n8n.gyozamancave.fr - #acl homegit-host hdr(host) -i homegit.gyozamancave.fr - #acl boudoir-assets path_beg /assets/ - #acl path_og path_beg /og/ acl boudoir-host hdr(host) -i ledigitalboudoir.com #acl is_api path -m beg -i /api @@ -177,38 +164,8 @@ frontend https use_backend stats-backend if stats-host use_backend n8n-backend if n8n-host use_backend homegit-backend if homegit-host - #use_backend boudoir-assets-backend if path_og - #use_backend boudoir-assets-backend if boudoir-assets use_backend boudoir-backend if boudoir-host -#backend boudoir-assets-backend -# mode http - - # En-têtes HTTPS corrects pour Directus -# http-request set-header X-Forwarded-Proto https -# http-request set-header X-Forwarded-Host ledigitalboudoir.com -# http-request set-header X-Forwarded-For %[src] - - # Route principale OG : - # https://ledigitalboudoir.com/og/.jpg - # → /assets/?format=jpg&width=1200&height=630&fit=contain&bg=black -# http-request replace-path ^/og/(.*)\.jpg$ /assets/\1?format=jpg&width=1200&height=630&fit=contain&bg=black - - # Variante cache-busting (ex: .../og/-v2.jpg) - # http-request replace-path ^/og/(.*)-v[0-9]+\.jpg$ /assets/\1?format=jpg&width=1200&height=630&fit=contain&bg=black - - # Cache long (1 semaine) -# http-response set-header Cache-Control public,max-age=604800,immutable - - # Autoriser uniquement assets/uploads -# acl allowed_assets path_beg /assets/ /uploads/ -# http-request deny unless allowed_assets - - # Serveur Directus interne -# server directus 192.168.1.107:8055 check - -#backend boudoir-backend -# server boudoir 192.168.1.57:2368 backend boudoir-backend acl ghost_path path_beg /ghost/ acl is_whitelisted src 82.67.3.126/32 @@ -221,10 +178,6 @@ backend boudoir-backend http-request deny if ghost_path !is_whitelisted_full server boudoir 192.168.1.57:2368 check - -#backend boudoir-backend -# server boudoir 192.168.1.107:31723 check - backend homegit-backend mode http # S'assurer que le header n'est pas supprimé @@ -245,22 +198,14 @@ backend n8n-backend server n8n 192.168.1.56:5678 backend links-mtb - #http-request set-header X-Forwarded-Proto https if { ssl_fc } - #http-request set-header X-Forwarded-Proto http if !{ ssl_fc } - #http-request set-header X-Forwarded-For %[src] mode http - #option forwardfor server links 192.168.1.18:32508 check ssl verify none backend hass-backend server hass 192.168.1.18:30250 mode http -# option forwardfor -# http-request add-header X-Forwarded-Proto https -# http-request add-header X-Forwarded-Port 443 backend cms - #server cms 192.168.1.101:80 acl ghost_path path_beg /ghost/ acl is_whitelisted src 82.67.3.126/32 acl is_lan src 192.168.1.0/24 # Plage LAN (adaptez 192.168.1.0/24 si précis) @@ -273,7 +218,6 @@ backend cms server cms 192.168.1.250:2369 backend cms2 - #mode http acl ghost_path path_beg /ghost/ acl is_whitelisted src 82.67.3.126/32 acl is_lan src 192.168.1.0/24 # Plage LAN (adaptez 192.168.1.0/24 si précis) @@ -292,7 +236,6 @@ backend mattermost backend be_letsencrypt server letsencrypt 127.0.0.1:9080 - #server letsencrypt 127.0.0.1:10001 backend wiki server wiki 192.168.1.18:32149 @@ -345,16 +288,9 @@ backend funkwhale http-request set-header X-Forwarded-Proto http if !{ ssl_fc } http-request set-header X-Forwarded-For %[src] option forwardfor - #http-request set-header X-Forwarded-Port %[dst_port] - #http-request add-header X-Forwarded-Proto https if { ssl_fc } - #http-response add-header Content-Security-Policy "default-src 'self'; script-src 'self'; style-src 'self' 'unsafe-inline': img-src 'self' data:; font-src 'self' data:; object-src 'none'; media-src 'self' data:; worker-src 'self';" - #http-response add-header Referrer-Policy strict-origin-when-cross-origin - #http-response add-header X-Frame-Options SAMEORIGIN - #server funkwhale 192.168.1.12:5002 server funkwhale 192.168.1.108:5002 backend per_ip_rates - #stick-table type ip size 1m expire 10m store http_req_rate(10s) # Define a stick-table to track request rates per IP stick-table type ip size 1m expire 10m store http_req_rate(10s) @@ -370,5 +306,4 @@ backend per_ip_rates acl is_whitelisted_domain hdr_end(host) -i gyozamancave.fr # Apply rate limiting (10 req/10s) unless whitelisted - #http-request deny deny_status 429 if !is_whitelisted_ip !is_whitelisted_domain { sc0_http_req_rate(per_ip_rates) gt 10 } http-request deny deny_status 429 if !is_whitelisted_ip !is_whitelisted_lan1 !is_whitelisted_lan2 !is_whitelisted_domain { sc0_http_req_rate gt 10 }