Last active
January 8, 2022 16:54
-
-
Save infominer33/5a87c768539ef183325e8f8b3673b081 to your computer and use it in GitHub Desktop.
identosphere.net haproxy load balancer fission + apache config w staticman
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
global | |
log /dev/log local0 | |
log /dev/log local1 notice | |
chroot /var/lib/haproxy | |
stats socket /run/haproxy/admin.sock mode 660 level admin expose-fd listeners | |
stats timeout 30s | |
user haproxy | |
group haproxy | |
daemon | |
log 127.0.0.1:514 local0 info | |
maxconn 2048 | |
tune.ssl.default-dh-param 2048 | |
# Default SSL material locations | |
ca-base /etc/ssl/certs | |
crt-base /etc/ssl/private | |
# Default ciphers to use on SSL-enabled listening sockets. | |
# For more information, see ciphers(1SSL). This list is from: | |
# https://hynek.me/articles/hardening-your-web-servers-ssl-ciphers/ | |
# An alternative list with additional directives can be obtained from | |
# https://mozilla.github.io/server-side-tls/ssl-config-generator/?server=haproxy | |
ssl-default-bind-ciphers ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:RSA+AESGCM:RSA+AES:!aNULL:!MD5:!DSS | |
ssl-default-bind-options no-sslv3 | |
defaults | |
log global | |
mode http | |
option httplog | |
option dontlognull | |
option http-server-close | |
timeout connect 5000 | |
timeout client 50000 | |
timeout server 50000 | |
errorfile 400 /etc/haproxy/errors/400.http | |
errorfile 403 /etc/haproxy/errors/403.http | |
errorfile 408 /etc/haproxy/errors/408.http | |
errorfile 500 /etc/haproxy/errors/500.http | |
errorfile 502 /etc/haproxy/errors/502.http | |
errorfile 503 /etc/haproxy/errors/503.http | |
errorfile 504 /etc/haproxy/errors/504.http | |
frontend http | |
bind 165.227.1.181:80 | |
mode http | |
redirect scheme https code 301 | |
frontend https | |
bind 165.227.1.181:443 | |
mode tcp | |
option tcplog | |
tcp-request inspect-delay 5s | |
tcp-request content accept if { req_ssl_hello_type 1 } | |
default_backend apache | |
use_backend apache if { req_ssl_sni -i identosphere.net/news } | |
backend apache | |
mode tcp | |
http-request add-header X-Forwarded-For %[src] | |
http-request set-header X-Forwarded-Port %[dst_port] | |
option ssl-hello-chk | |
option log-health-checks | |
log global | |
server apache 127.0.0.1:443 check | |
backend fission | |
mode tcp | |
option ssl-hello-chk | |
server fission proud-junior-white-troll.fission.app:443 check | |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
<VirtualHost 127.0.0.1:80> | |
ServerAdmin infominer@protonmail.com | |
ServerName identosphere.net | |
ServerAlias www.identosphere.net | |
DocumentRoot /var/www/identosphere.net/public_html | |
<Directory /var/www/identosphere.net/public_html/> | |
Options Indexes FollowSymLinks | |
AllowOverride All | |
Require all granted | |
</Directory> | |
ProxyPreserveHost on | |
<Location /staticman/> | |
ProxyPass http://localhost:4411/ | |
ProxyPassReverse http://localhost:4411/ | |
Order deny,allow | |
Deny from all | |
Allow from all | |
</Location> | |
ErrorLog ${APACHE_LOG_DIR}/error.log | |
CustomLog ${APACHE_LOG_DIR}/access.log combined | |
<IfModule mod_dir.c> | |
DirectoryIndex index.php info.php index.pl index.cgi index.html index.xhtml index.htm | |
</IfModule> | |
RewriteEngine on | |
RewriteCond %{SERVER_NAME} =identosphere.net [OR] | |
RewriteCond %{SERVER_NAME} =www.identosphere.net | |
RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent] | |
</VirtualHost> |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# /etc/apache2/sites-enabled/000-default.conf | |
Listen 127.0.0.1:80 | |
<IfModule ssl_module> | |
Listen 127.0.0.1:443 | |
</IfModule> | |
<IfModule mod_gnutls.c> | |
Listen 127.0.0.1:443 | |
</IfModule> | |
# vim: syntax=apache ts=4 sw=4 sts=4 sr noet | |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment