un peu de nettoyage

haproxy.cfg

@@ -71,22 +71,12 @@ userlist admin-ghost
 #
 #	redirect scheme https if !acl_letsencrypt !{ ssl_fc }
 #	use_backend be_letsencrypt if acl_letsencrypt
-#frontend smtp_front
-#    bind *:587
-#    mode tcp
-#    option tcplog
-#    default_backend smtp_back
-
-#backend smtp_back
-#    mode tcp
-#    server postfix_server 192.168.1.17:587 check
 
 
 frontend https
  	bind *:443,[::]:443 ssl crt /etc/haproxy/ssl/ strict-sni alpn http/1.1
  	#bind *:443,[::]:443 ssl crt /etc/haproxy/ssl/ strict-sni alpn h2,http/1.1
   	# headers
-	#http-request set-header Host homegit.gyozamancave.fr
 	#http-request set-header Host %[req.hdr(Host)]
     	#http-request set-header X-Real-IP %[src]
 	http-request set-header X-Forwarded-Proto https if { ssl_fc }
@@ -157,9 +147,6 @@ frontend https
 	acl stats-host hdr(host) -i stats.gyozamancave.fr
 	acl stats-api hdr(host) -i api.stats.gyozamancave.fr
 	acl n8n-host hdr(host) -i n8n.gyozamancave.fr
-	#acl homegit-host hdr(host) -i homegit.gyozamancave.fr
-	#acl boudoir-assets path_beg /assets/
-	#acl path_og path_beg /og/
     	acl boudoir-host hdr(host) -i ledigitalboudoir.com
   
 	#acl is_api path -m beg -i /api
@@ -177,38 +164,8 @@ frontend https
 	use_backend stats-backend if stats-host
 	use_backend n8n-backend if n8n-host
 	use_backend homegit-backend if homegit-host
-	#use_backend boudoir-assets-backend if path_og	
-	#use_backend boudoir-assets-backend if boudoir-assets
 	use_backend boudoir-backend if boudoir-host
 	
-#backend boudoir-assets-backend
-#    mode http
-
-    # En-têtes HTTPS corrects pour Directus
-#    http-request set-header X-Forwarded-Proto https
-#    http-request set-header X-Forwarded-Host ledigitalboudoir.com
-#    http-request set-header X-Forwarded-For %[src]
-
-    # Route principale OG :
-    # https://ledigitalboudoir.com/og/<id>.jpg
-    # → /assets/<id>?format=jpg&width=1200&height=630&fit=contain&bg=black
-#    http-request replace-path ^/og/(.*)\.jpg$ /assets/\1?format=jpg&width=1200&height=630&fit=contain&bg=black
-
-    # Variante cache-busting (ex: .../og/<id>-v2.jpg)
- #   http-request replace-path ^/og/(.*)-v[0-9]+\.jpg$ /assets/\1?format=jpg&width=1200&height=630&fit=contain&bg=black
-
-    # Cache long (1 semaine)
-#    http-response set-header Cache-Control public,max-age=604800,immutable
-
-    # Autoriser uniquement assets/uploads
-#    acl allowed_assets path_beg /assets/ /uploads/
-#    http-request deny unless allowed_assets
-
-    # Serveur Directus interne
-#    server directus 192.168.1.107:8055 check
-
-#backend boudoir-backend
-#	server boudoir 192.168.1.57:2368
 backend boudoir-backend
   	acl ghost_path path_beg /ghost/
   	acl is_whitelisted src 82.67.3.126/32
@@ -221,10 +178,6 @@ backend boudoir-backend
   	http-request deny if ghost_path !is_whitelisted_full
   	server boudoir 192.168.1.57:2368 check
 
-
-#backend boudoir-backend
-#	server boudoir 192.168.1.107:31723 check
-
 backend homegit-backend
 	mode http
 	# S'assurer que le header n'est pas supprimé
@@ -245,22 +198,14 @@ backend n8n-backend
 	server n8n 192.168.1.56:5678
 
 backend links-mtb
-        #http-request set-header X-Forwarded-Proto https if { ssl_fc }
-        #http-request set-header X-Forwarded-Proto http if !{ ssl_fc }
-        #http-request set-header X-Forwarded-For %[src]
         mode http
-	#option forwardfor	
 	server links 192.168.1.18:32508 check ssl verify none
 
 backend hass-backend
 	server hass 192.168.1.18:30250
 	mode http
-#	option forwardfor
-#	http-request add-header X-Forwarded-Proto https
-#	http-request add-header X-Forwarded-Port 443	
 
 backend cms 
-	#server cms 192.168.1.101:80
 	acl ghost_path path_beg /ghost/
         acl is_whitelisted src 82.67.3.126/32
         acl is_lan src 192.168.1.0/24  # Plage LAN (adaptez 192.168.1.0/24 si précis)
@@ -273,7 +218,6 @@ backend cms
 	server cms 192.168.1.250:2369
 
 backend cms2 
-	#mode http
   	acl ghost_path path_beg /ghost/
   	acl is_whitelisted src 82.67.3.126/32
   	acl is_lan src 192.168.1.0/24  # Plage LAN (adaptez 192.168.1.0/24 si précis)
@@ -292,7 +236,6 @@ backend mattermost
 
 backend be_letsencrypt
 	server letsencrypt 127.0.0.1:9080
-	#server letsencrypt 127.0.0.1:10001
 
 backend wiki
 	server wiki 192.168.1.18:32149
@@ -345,16 +288,9 @@ backend funkwhale
         http-request set-header X-Forwarded-Proto http if !{ ssl_fc }
         http-request set-header X-Forwarded-For %[src]
 	option forwardfor
-	#http-request set-header X-Forwarded-Port %[dst_port]
-        #http-request add-header X-Forwarded-Proto https if { ssl_fc }
-	#http-response add-header Content-Security-Policy "default-src 'self'; script-src 'self'; style-src 'self' 'unsafe-inline': img-src 'self' data:; font-src 'self' data:; object-src 'none'; media-src 'self' data:; worker-src 'self';"
-	#http-response add-header Referrer-Policy strict-origin-when-cross-origin
-	#http-response add-header X-Frame-Options SAMEORIGIN
-	#server funkwhale 192.168.1.12:5002
 	server funkwhale 192.168.1.108:5002
 
 backend per_ip_rates
-        #stick-table type ip size 1m expire 10m store http_req_rate(10s)
     	# Define a stick-table to track request rates per IP
     	stick-table type ip size 1m expire 10m store http_req_rate(10s)
 
@@ -370,5 +306,4 @@ backend per_ip_rates
     	acl is_whitelisted_domain hdr_end(host) -i gyozamancave.fr
 
     # Apply rate limiting (10 req/10s) unless whitelisted
-    	#http-request deny deny_status 429 if !is_whitelisted_ip !is_whitelisted_domain { sc0_http_req_rate(per_ip_rates) gt 10 }
     	http-request deny deny_status 429 if !is_whitelisted_ip !is_whitelisted_lan1 !is_whitelisted_lan2 !is_whitelisted_domain { sc0_http_req_rate gt 10 }