config actuelle

2026-05-20 18:42:00 +02:00
parent 0326ac234e
commit f3e3a611d0
21 changed files with 1103 additions and 1057 deletions
@@ -73,6 +73,16 @@ userlist admin-ghost
 #	use_backend be_letsencrypt if acl_letsencrypt


+frontend gitea-ssh
+    bind *:2222
+    mode tcp
+    option tcplog
+    default_backend gitea-ssh-backend
+
+backend gitea-ssh-backend
+    mode tcp
+    server gitea 192.168.1.70:12222 check
+
 frontend https
 	bind *:443,[::]:443 ssl crt /etc/haproxy/ssl/ strict-sni alpn http/1.1
 	#bind *:443,[::]:443 ssl crt /etc/haproxy/ssl/ strict-sni alpn h2,http/1.1
@@ -84,11 +94,14 @@ frontend https
  	http-request set-header X-Forwarded-For %[src]	
 	http-request track-sc0 src table per_ip_rates
        http-request silent-drop if { sc_http_req_rate(0) gt 100 }
-   
+  	
+ 	acl homegit-host hdr(host) -i homegit.gyozamancave.fr
+	
 	# config httpcats
 	errorfiles kitties
 	http-response return status 400 default-errorfiles if { status 400 }
-	http-response return status 401 default-errorfiles if { status 401 }
+	#http-response return status 401 default-errorfiles if { status 401 }
+	http-response return status 401 default-errorfiles if { status 401 } !{ req.hdr(host) -i homegit.gyozamancave.fr }
 	http-response return status 403 default-errorfiles if { status 403 }
 	http-response return status 404 default-errorfiles if { status 404 }
 	http-response return status 408 default-errorfiles if { status 408 }
@@ -96,15 +109,14 @@ frontend https
 	http-response return status 502 default-errorfiles if { status 502 }
 	http-response return status 503 default-errorfiles if { status 503 }
 	http-response return status 504 default-errorfiles if { status 504 }	
+	http-response add-header WWW-Authenticate "Basic realm=\"Gitea\"" if { status 401 } homegit-host
+  	http-response return status 401 default-errorfiles if { status 401 } !homegit-host

 	# Redirection 301 pour links.billisdead.com
    	acl is_billisdead hdr(host) -i links.billisdead.com
    	http-request redirect code 301 location https://links.mrteddybear.fr/@billisdead.com if is_billisdead

-
-
 	## config antiDDOS
- 	acl homegit-host hdr(host) -i homegit.gyozamancave.fr
 	# Suivi du taux de requêtes par IP
    	stick-table type ip size 1m expire 10m store http_req_rate(10s)
    	http-request track-sc0 src unless homegit-host
@@ -148,9 +160,17 @@ frontend https
 	acl stats-api hdr(host) -i api.stats.gyozamancave.fr
 	acl n8n-host hdr(host) -i n8n.gyozamancave.fr
    	acl boudoir-host hdr(host) -i ledigitalboudoir.com
-  
-	#acl is_api path -m beg -i /api
-
+ 	acl host_temples hdr(host) -i temples.mrteddybear.fr
+    	acl is_temples_api path_beg /api
+	acl nextcloud_wellknown path_beg /.well-known/caldav /.well-known/carddav
+	http-request redirect location https://nextcloud.gyozamancave.fr/remote.php/dav/ code 301 if nextcloud_wellknown
+        acl nc_webfinger path -i /.well-known/webfinger
+    	acl nc_nodeinfo  path -i /.well-known/nodeinfo
+    	http-request redirect code 301 location https://nextcloud.gyozamancave.fr/index.php/.well-known/webfinger/ if nextcloud-host nc_webfinger
+    	http-request redirect code 301 location https://nextcloud.gyozamancave.fr/index.php/.well-known/nodeinfo/  if nextcloud-host nc_nodeinfo	
+	
+	use_backend temples_api if host_temples is_temples_api
+    	use_backend temples_web if host_temples  
 	use_backend cms if cms-host
 	use_backend links-mtb if links-host
 	use_backend cms2 if cms2-host
@@ -165,7 +185,25 @@ frontend https
 	use_backend n8n-backend if n8n-host
 	use_backend homegit-backend if homegit-host
 	use_backend boudoir-backend if boudoir-host
-	
+
+backend temples_api
+    	mode http
+    	option forwardfor
+	option http-server-close
+	balance roundrobin
+    	option httpchk GET /api/healthz
+    	http-check expect string ok
+    	server api 192.168.1.12:3000 check inter 10s rise 2 fall 3
+
+backend temples_web
+    	mode http
+	option forwardfor
+	option http-server-close
+    	balance roundrobin
+    	option httpchk GET /
+    	http-check expect status 200
+    	server web 192.168.1.12:3001 check inter 10s rise 2 fall 3	
+
 backend boudoir-backend
  	acl ghost_path path_beg /ghost/
  	acl is_whitelisted src 82.67.3.126/32
@@ -179,9 +217,9 @@ backend boudoir-backend
  	server boudoir 192.168.1.57:2368 check

 backend homegit-backend
-	mode http
+#	mode http
 	# S'assurer que le header n'est pas supprimé
-	http-response add-header WWW-Authenticate Basic\ realm="Gitea" 
+	http-response add-header WWW-Authenticate "Basic\ realm=\"Gitea\"" if { status 401 }
 	server homegit 192.168.1.70:3000 check 

 backend stats-backend-api
@@ -192,10 +230,21 @@ backend stats-backend
 	server stats 192.168.1.58:8081


+#backend n8n-backend
+#	mode http
+#	option forwardfor
+#	server n8n 192.168.1.56:5678
+
 backend n8n-backend
-	mode http
-	option forwardfor
-	server n8n 192.168.1.56:5678
+    mode http
+    balance source
+    http-request set-header X-Forwarded-Proto https if { ssl_fc }
+    http-request set-header X-Real-IP %[src]
+    http-request set-header X-Forwarded-For %[src]
+    http-request set-header Host %[req.hdr(host)]
+    option forwardfor
+    server n8n 192.168.1.56:5678
+

 backend links-mtb
        mode http
@@ -238,7 +287,8 @@ backend be_letsencrypt
 	server letsencrypt 127.0.0.1:9080

 backend wiki
-	server wiki 192.168.1.18:32149
+	#server wiki 192.168.1.18:32149
+	server wiki 192.168.1.18:30347

 backend postiz-backend
        mode http
@@ -255,7 +305,7 @@ backend postiz-backend
        http-request redirect scheme https if http
 	http-response set-header Strict-Transport-Security max-age=15552000
        option ssl-hello-chk
-	server postiz 192.168.1.18:32133 
+	server postiz 192.168.1.18:30101 


 backend nextcloud