changement de config : -umami +swetrix
This commit is contained in:
+29
-16
@@ -86,8 +86,9 @@ frontend https
|
|||||||
bind *:443,[::]:443 ssl crt /etc/haproxy/ssl/ strict-sni alpn http/1.1
|
bind *:443,[::]:443 ssl crt /etc/haproxy/ssl/ strict-sni alpn http/1.1
|
||||||
#bind *:443,[::]:443 ssl crt /etc/haproxy/ssl/ strict-sni alpn h2,http/1.1
|
#bind *:443,[::]:443 ssl crt /etc/haproxy/ssl/ strict-sni alpn h2,http/1.1
|
||||||
# headers
|
# headers
|
||||||
http-request set-header Host %[req.hdr(Host)]
|
#http-request set-header Host homegit.gyozamancave.fr
|
||||||
http-request set-header X-Real-IP %[src]
|
#http-request set-header Host %[req.hdr(Host)]
|
||||||
|
#http-request set-header X-Real-IP %[src]
|
||||||
http-request set-header X-Forwarded-Proto https if { ssl_fc }
|
http-request set-header X-Forwarded-Proto https if { ssl_fc }
|
||||||
http-request set-header X-Forwarded-Proto http if !{ ssl_fc }
|
http-request set-header X-Forwarded-Proto http if !{ ssl_fc }
|
||||||
http-request set-header X-Forwarded-For %[src]
|
http-request set-header X-Forwarded-For %[src]
|
||||||
@@ -106,10 +107,17 @@ frontend https
|
|||||||
http-response return status 503 default-errorfiles if { status 503 }
|
http-response return status 503 default-errorfiles if { status 503 }
|
||||||
http-response return status 504 default-errorfiles if { status 504 }
|
http-response return status 504 default-errorfiles if { status 504 }
|
||||||
|
|
||||||
|
# Redirection 301 pour links.billisdead.com
|
||||||
|
acl is_billisdead hdr(host) -i links.billisdead.com
|
||||||
|
http-request redirect code 301 location https://links.mrteddybear.fr/@billisdead.com if is_billisdead
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
## config antiDDOS
|
## config antiDDOS
|
||||||
|
acl homegit-host hdr(host) -i homegit.gyozamancave.fr
|
||||||
# Suivi du taux de requêtes par IP
|
# Suivi du taux de requêtes par IP
|
||||||
stick-table type ip size 1m expire 10m store http_req_rate(10s)
|
stick-table type ip size 1m expire 10m store http_req_rate(10s)
|
||||||
http-request track-sc0 src
|
http-request track-sc0 src unless homegit-host
|
||||||
|
|
||||||
# ACL pour whitelister ton domaine n8n
|
# ACL pour whitelister ton domaine n8n
|
||||||
acl n8n_domain hdr_end(host) -i gyozamancave.fr
|
acl n8n_domain hdr_end(host) -i gyozamancave.fr
|
||||||
@@ -125,25 +133,18 @@ frontend https
|
|||||||
http-request allow if my_lan1
|
http-request allow if my_lan1
|
||||||
http-request allow if my_lan2
|
http-request allow if my_lan2
|
||||||
|
|
||||||
#bloquer le reste
|
|
||||||
# http-request deny deny_status 403
|
|
||||||
|
|
||||||
# Appliquer la rate-limit globale pour le reste
|
# Appliquer la rate-limit globale pour le reste
|
||||||
http-request deny deny_status 429 if { sc0_http_req_rate gt 100 }
|
http-request deny deny_status 429 if { sc0_http_req_rate gt 100 }
|
||||||
|
|
||||||
# BEGIN CORS
|
# BEGIN CORS
|
||||||
#capture request header origin len 128
|
#capture request header origin len 128
|
||||||
#chttp-response set-header Access-Control-Allow-Origin "*"
|
#http-response set-header Access-Control-Allow-Origin "*"
|
||||||
#chttp-response set-header Access-Control-Allow-Headers "Origin, X-Requested-With, Content-Type, Accept, Authorization, JSNLog-RequestId, activityId, applicationId, applicationUserId, channelId, senderId, sessionId"
|
#http-response set-header Access-Control-Allow-Headers "Origin, X-Requested-With, Content-Type, Accept, Authorization, JSNLog-RequestId, activityId, applicationId, applicationUserId, channelId, senderId, sessionId"
|
||||||
#chttp-response set-header Access-Control-Max-Age 3628800
|
#http-response set-header Access-Control-Max-Age 3628800
|
||||||
#chttp-response set-header Access-Control-Allow-Methods "GET, DELETE, OPTIONS, POST, PUT"
|
#http-response set-header Access-Control-Allow-Methods "GET, DELETE, OPTIONS, POST, PUT"
|
||||||
# END CORS
|
# END CORS
|
||||||
|
|
||||||
|
|
||||||
# Redirection 301 pour links.billisdead.com
|
|
||||||
acl is_billisdead hdr(host) -i links.billisdead.com
|
|
||||||
http-request redirect code 301 location https://links.mrteddybear.fr/@billisdead.com if is_billisdead
|
|
||||||
|
|
||||||
acl cms-host hdr(host) -i mrteddybear.fr
|
acl cms-host hdr(host) -i mrteddybear.fr
|
||||||
acl links-host hdr(host) -i links.mrteddybear.fr
|
acl links-host hdr(host) -i links.mrteddybear.fr
|
||||||
acl cms2-host hdr(host) -i billisdead.com
|
acl cms2-host hdr(host) -i billisdead.com
|
||||||
@@ -154,12 +155,15 @@ frontend https
|
|||||||
acl hass-host hdr(host) -i hass.gyozamancave.fr
|
acl hass-host hdr(host) -i hass.gyozamancave.fr
|
||||||
acl postiz-host hdr(host) -i postiz.gyozamancave.fr
|
acl postiz-host hdr(host) -i postiz.gyozamancave.fr
|
||||||
acl stats-host hdr(host) -i stats.gyozamancave.fr
|
acl stats-host hdr(host) -i stats.gyozamancave.fr
|
||||||
|
acl stats-api hdr(host) -i api.stats.gyozamancave.fr
|
||||||
acl n8n-host hdr(host) -i n8n.gyozamancave.fr
|
acl n8n-host hdr(host) -i n8n.gyozamancave.fr
|
||||||
acl homegit-host hdr(host) -i homegit.gyozamancave.fr
|
#acl homegit-host hdr(host) -i homegit.gyozamancave.fr
|
||||||
#acl boudoir-assets path_beg /assets/
|
#acl boudoir-assets path_beg /assets/
|
||||||
#acl path_og path_beg /og/
|
#acl path_og path_beg /og/
|
||||||
acl boudoir-host hdr(host) -i ledigitalboudoir.com
|
acl boudoir-host hdr(host) -i ledigitalboudoir.com
|
||||||
|
|
||||||
|
#acl is_api path -m beg -i /api
|
||||||
|
|
||||||
use_backend cms if cms-host
|
use_backend cms if cms-host
|
||||||
use_backend links-mtb if links-host
|
use_backend links-mtb if links-host
|
||||||
use_backend cms2 if cms2-host
|
use_backend cms2 if cms2-host
|
||||||
@@ -169,6 +173,7 @@ frontend https
|
|||||||
use_backend wiki if wiki-host
|
use_backend wiki if wiki-host
|
||||||
use_backend hass-backend if hass-host
|
use_backend hass-backend if hass-host
|
||||||
use_backend postiz-backend if postiz-host
|
use_backend postiz-backend if postiz-host
|
||||||
|
use_backend stats-backend-api if stats-api
|
||||||
use_backend stats-backend if stats-host
|
use_backend stats-backend if stats-host
|
||||||
use_backend n8n-backend if n8n-host
|
use_backend n8n-backend if n8n-host
|
||||||
use_backend homegit-backend if homegit-host
|
use_backend homegit-backend if homegit-host
|
||||||
@@ -221,10 +226,18 @@ backend boudoir-backend
|
|||||||
# server boudoir 192.168.1.107:31723 check
|
# server boudoir 192.168.1.107:31723 check
|
||||||
|
|
||||||
backend homegit-backend
|
backend homegit-backend
|
||||||
|
mode http
|
||||||
|
# S'assurer que le header n'est pas supprimé
|
||||||
|
http-response add-header WWW-Authenticate Basic\ realm="Gitea"
|
||||||
server homegit 192.168.1.70:3000 check
|
server homegit 192.168.1.70:3000 check
|
||||||
|
|
||||||
|
backend stats-backend-api
|
||||||
|
server api_stats 192.168.1.58:8080
|
||||||
|
|
||||||
backend stats-backend
|
backend stats-backend
|
||||||
server stats 192.168.1.49:3000
|
#option forwardfor
|
||||||
|
server stats 192.168.1.58:8081
|
||||||
|
|
||||||
|
|
||||||
backend n8n-backend
|
backend n8n-backend
|
||||||
mode http
|
mode http
|
||||||
|
|||||||
Reference in New Issue
Block a user