ajout de http cats (avec adaptation selinux en parallèle)

2026-01-13 12:05:14 +01:00
parent dff7bd3064
commit 75d6ccaccb
1 changed files with 11 additions and 6 deletions
@@ -85,10 +85,12 @@ userlist admin-ghost
 frontend https
 	bind *:443,[::]:443 ssl crt /etc/haproxy/ssl/ strict-sni alpn http/1.1
 	#bind *:443,[::]:443 ssl crt /etc/haproxy/ssl/ strict-sni alpn h2,http/1.1
+  	# headers
+	http-request set-header Host %[req.hdr(Host)]
+    	http-request set-header X-Real-IP %[src]
 	http-request set-header X-Forwarded-Proto https if { ssl_fc }
  	http-request set-header X-Forwarded-Proto http if !{ ssl_fc }
  	http-request set-header X-Forwarded-For %[src]	
-  	http-request set-header X-Forwarded-For %[src]	
 	http-request track-sc0 src table per_ip_rates
        http-request silent-drop if { sc_http_req_rate(0) gt 100 }

@@ -123,6 +125,9 @@ frontend https
    	http-request allow if my_lan1
    	http-request allow if my_lan2
    	
+		#bloquer le reste
+#	http-request deny deny_status 403
+	
 	# Appliquer la rate-limit globale pour le reste
    	http-request deny deny_status 429 if { sc0_http_req_rate gt 100 }

@@ -216,7 +221,7 @@ backend boudoir-backend
 #	server boudoir 192.168.1.107:31723 check

 backend homegit-backend
-	server homegit 192.168.1.70:3000
+	server homegit 192.168.1.70:3000 check

 backend stats-backend
 	server stats 192.168.1.49:3000