changement de config : -umami +swetrix

haproxy.cfg

@@ -86,14 +86,15 @@ frontend https
  	bind *:443,[::]:443 ssl crt /etc/haproxy/ssl/ strict-sni alpn http/1.1
  	#bind *:443,[::]:443 ssl crt /etc/haproxy/ssl/ strict-sni alpn h2,http/1.1
   	# headers
-	http-request set-header Host %[req.hdr(Host)]
-    	http-request set-header X-Real-IP %[src]
+	#http-request set-header Host homegit.gyozamancave.fr
+	#http-request set-header Host %[req.hdr(Host)]
+    	#http-request set-header X-Real-IP %[src]
 	http-request set-header X-Forwarded-Proto https if { ssl_fc }
   	http-request set-header X-Forwarded-Proto http if !{ ssl_fc }
   	http-request set-header X-Forwarded-For %[src]	
 	http-request track-sc0 src table per_ip_rates
         http-request silent-drop if { sc_http_req_rate(0) gt 100 }
-
+   
 	# config httpcats
 	errorfiles kitties
 	http-response return status 400 default-errorfiles if { status 400 }
@@ -106,10 +107,17 @@ frontend https
 	http-response return status 503 default-errorfiles if { status 503 }
 	http-response return status 504 default-errorfiles if { status 504 }	
 
+	# Redirection 301 pour links.billisdead.com
+    	acl is_billisdead hdr(host) -i links.billisdead.com
+    	http-request redirect code 301 location https://links.mrteddybear.fr/@billisdead.com if is_billisdead
+
+
+
 	## config antiDDOS
- 	# Suivi du taux de requêtes par IP
+ 	acl homegit-host hdr(host) -i homegit.gyozamancave.fr
+	# Suivi du taux de requêtes par IP
     	stick-table type ip size 1m expire 10m store http_req_rate(10s)
-    	http-request track-sc0 src
+    	http-request track-sc0 src unless homegit-host
 
     	# ACL pour whitelister ton domaine n8n
     	acl n8n_domain hdr_end(host) -i gyozamancave.fr
@@ -124,26 +132,19 @@ frontend https
     	http-request allow if my_ip
     	http-request allow if my_lan1
     	http-request allow if my_lan2
-    	
-		#bloquer le reste
-#	http-request deny deny_status 403
-	
+    
 	# Appliquer la rate-limit globale pour le reste
     	http-request deny deny_status 429 if { sc0_http_req_rate gt 100 }
 
 	# BEGIN CORS
 	#capture request header origin len 128
-	#chttp-response set-header Access-Control-Allow-Origin "*"
-    	#chttp-response set-header Access-Control-Allow-Headers "Origin, X-Requested-With, Content-Type, Accept, Authorization, JSNLog-RequestId, activityId, applicationId, applicationUserId, channelId, senderId, sessionId"
-    	#chttp-response set-header Access-Control-Max-Age 3628800
-    	#chttp-response set-header Access-Control-Allow-Methods "GET, DELETE, OPTIONS, POST, PUT"
+	#http-response set-header Access-Control-Allow-Origin "*"
+    	#http-response set-header Access-Control-Allow-Headers "Origin, X-Requested-With, Content-Type, Accept, Authorization, JSNLog-RequestId, activityId, applicationId, applicationUserId, channelId, senderId, sessionId"
+    	#http-response set-header Access-Control-Max-Age 3628800
+    	#http-response set-header Access-Control-Allow-Methods "GET, DELETE, OPTIONS, POST, PUT"
     	# END CORS
 
 
-	# Redirection 301 pour links.billisdead.com
-    	acl is_billisdead hdr(host) -i links.billisdead.com
-    	http-request redirect code 301 location https://links.mrteddybear.fr/@billisdead.com if is_billisdead
-
 	acl cms-host hdr(host) -i mrteddybear.fr
 	acl links-host hdr(host) -i links.mrteddybear.fr
 	acl cms2-host hdr(host) -i billisdead.com
@@ -154,12 +155,15 @@ frontend https
 	acl hass-host hdr(host) -i hass.gyozamancave.fr
 	acl postiz-host hdr(host) -i postiz.gyozamancave.fr
 	acl stats-host hdr(host) -i stats.gyozamancave.fr
+	acl stats-api hdr(host) -i api.stats.gyozamancave.fr
 	acl n8n-host hdr(host) -i n8n.gyozamancave.fr
-	acl homegit-host hdr(host) -i homegit.gyozamancave.fr
+	#acl homegit-host hdr(host) -i homegit.gyozamancave.fr
 	#acl boudoir-assets path_beg /assets/
 	#acl path_og path_beg /og/
     	acl boudoir-host hdr(host) -i ledigitalboudoir.com
   
+	#acl is_api path -m beg -i /api
+
 	use_backend cms if cms-host
 	use_backend links-mtb if links-host
 	use_backend cms2 if cms2-host
@@ -169,6 +173,7 @@ frontend https
 	use_backend wiki if wiki-host
 	use_backend hass-backend if hass-host
 	use_backend postiz-backend if postiz-host
+	use_backend stats-backend-api if stats-api
 	use_backend stats-backend if stats-host
 	use_backend n8n-backend if n8n-host
 	use_backend homegit-backend if homegit-host
@@ -205,26 +210,34 @@ frontend https
 #backend boudoir-backend
 #	server boudoir 192.168.1.57:2368
 backend boudoir-backend
-  acl ghost_path path_beg /ghost/
-  acl is_whitelisted src 82.67.3.126/32
-  acl is_lan src 192.168.1.0/24  # Plage LAN (adaptez 192.168.1.0/24 si précis)
-  acl is_lan2 src 192.168.2.0/24  # Plage LAN (adaptez 192.168.1.0/24 si précis)
-  acl is_whitelisted_full src 82.67.3.126/32 192.168.1.0/24 192.168.2.0/24  # Combine
-  acl admin_auth http_auth_group(admin-ghost) is-admin
+  	acl ghost_path path_beg /ghost/
+  	acl is_whitelisted src 82.67.3.126/32
+  	acl is_lan src 192.168.1.0/24  # Plage LAN (adaptez 192.168.1.0/24 si précis)
+  	acl is_lan2 src 192.168.2.0/24  # Plage LAN (adaptez 192.168.1.0/24 si précis)
+  	acl is_whitelisted_full src 82.67.3.126/32 192.168.1.0/24 192.168.2.0/24  # Combine
+  	acl admin_auth http_auth_group(admin-ghost) is-admin
   
-  # Deny /ghost/ hors IP white
-  http-request deny if ghost_path !is_whitelisted_full
-  server boudoir 192.168.1.57:2368 check
+  	# Deny /ghost/ hors IP white
+  	http-request deny if ghost_path !is_whitelisted_full
+  	server boudoir 192.168.1.57:2368 check
 
 
 #backend boudoir-backend
 #	server boudoir 192.168.1.107:31723 check
 
 backend homegit-backend
-	server homegit 192.168.1.70:3000 check
+	mode http
+	# S'assurer que le header n'est pas supprimé
+	http-response add-header WWW-Authenticate Basic\ realm="Gitea" 
+	server homegit 192.168.1.70:3000 check 
+
+backend stats-backend-api
+	server api_stats 192.168.1.58:8080
 
 backend stats-backend
-	server stats 192.168.1.49:3000
+	#option forwardfor
+	server stats 192.168.1.58:8081
+
 
 backend n8n-backend
 	mode http