This will create isolated networks where tenant1+2 are connected to rdomain-gw-left. Also rdomain-gw-left is connected to rdomain-gw-right and rdomain-gw-right to inetsrv via vboxnets.
| default one_two | |
| timeout connect 5s | |
| frontend one | |
| bind :1443 ssl crt ... | |
| bind :1080 | |
| frontend two | |
| bind :2443 ssl crt ... | |
| bind :2080 |
| mkdir /mnt/root/initrd-raid | |
| mkinitrd -v --fstab=/mnt/etc/fstab /mnt/root/initrd-raid/initrd-`uname -r`-raid.img `uname -r` | |
| [...] | |
| cd /mnt/root/initrd-raid | |
| zcat initrd-`uname -r`-raid.img | cpio -i | |
| vi init | |
| add 'raidautorun' for md1 and md2 below the entry for md0 | |
| find . -print | cpio -o -Hnewc | gzip -c > /mnt/boot/initrd-`uname -r`-raid.img |
| /sbin/modprobe raid1 | |
| # create software-raid devices, one disk on sdb, the other 'missing' for now (sda added later) | |
| yes|mdadm --create /dev/md0 --level=1 --raid-devices=2 /dev/sdb1 missing --metadata=0.90 | |
| yes|mdadm --create /dev/md1 --level=1 --raid-devices=2 /dev/sdb2 missing | |
| yes|mdadm --create /dev/md2 --level=1 --raid-devices=2 /dev/sdb3 missing | |
| mkfs.ext3 /dev/md0 | |
| tune2fs -i 0 /dev/md0 |
| frontend whatever | |
| acl badclient_ips hdr(CF-connecting-IP) -f /etc/haproxy/badclient_ips.lst | |
| acl badclient_ips src -f /etc/haproxy/badclient_ips.lst | |
| http-request deny if badclient_ips | |
| backend from_above | |
| acl new_hdr hdr_reg(CF-connecting-IP) [0-9]*\.[0-9]*\.[0-9]*\.[0-9]* | |
| http-request set-header Proxy-ip %ci if !new_hdr | |
| http-request set-header X-Real-IP %ci if !new_hdr | |
| http-request set-header Proxy-ip %[req.hdr(CF-connecting-IP)] if new_hdr |
| haproxy.conf: | |
| http-request redirect location %[path,lower,map(/etc/haproxy/redirects-path.map)] code 301 if { path,lower,map(/etc/haproxy/redirects-path.map) -m found } | |
| redirects-path.map: | |
| /help /en/help/help.html | |
| /sitemap /en/sitemap.xml |
| haproxy.conf: | |
| http-request redirect location %[path,lower,map(/etc/haproxy/redirects-path.map)]%HQ code 301 if { path,lower,map(/etc/haproxy/redirects-path.map) -m found } | |
| redirects-path.map: | |
| / /en/home/index.html | |
| /en /en/home/index.html | |
| /en/ /en/home/index.html | |
| #and so on |
| # acl is_bot hdr_sub(user-agent) -f /etc/haproxy/spider.lst | |
| Googlebot/ | |
| Bingbot/ | |
| ysearch/slurp | |
| DuckDuckBot/ | |
| Baiduspider/ | |
| YandexBot/ | |
| sogou.com/ | |
| Exabot/ | |
| facebookexternalhit/ |
| require 'digest/sha2' | |
| begin | |
| require 'io/console' | |
| rescue LoadError | |
| $no_io_console = true | |
| end | |
| def ask_noecho(message) | |
| $stderr.print message |
| Linux wakes up? https://lnkd.in/gDwXb3g … Please note that 'Stop Blob' in OpenBSD came in early 2006. https://lnkd.in/gPiXPZu | |
| Maybe, maybe - the other day - people might realize that closed-source and embargoes are utter failure. | |
| Embargo or Treason - basically INFORMATION leaking - is not defined by the "owner", but by the betrayed ones. Just that most are not even realizing that they are even betrayed on. So the smoke+mirroring goes on and on.. the overall ignorance about this makes me sad. |