Created
July 28, 2023 09:27
-
-
Save varazir/3f743a8c2f8d5bdfea2a605a58195f6a to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# Automaticaly generated, dont edit manually. | |
# Generated on: 2023-07-28 07:48 | |
global | |
maxconn 50 | |
log /var/run/log kern debug | |
stats socket /tmp/haproxy.socket level admin expose-fd listeners | |
uid 80 | |
gid 80 | |
nbthread 1 | |
hard-stop-after 15m | |
chroot /tmp/haproxy_chroot | |
daemon | |
tune.ssl.default-dh-param 2048 | |
log-send-hostname HaproxyMasterNode | |
server-state-file /tmp/haproxy_server_state | |
lua-load /var/etc/haproxy/luascript_acme-http01-webroot.lua | |
lua-load /var/etc/haproxy/luascript_json.lua | |
lua-load /var/etc/haproxy/luascript_http.lua | |
lua-load /var/etc/haproxy/luascript_auth-request.lua | |
lua-load /var/etc/haproxy/luascript_haproxy-lua-http.lua | |
ssl-default-bind-ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!3DES:!MD5:!PSK | |
lua-prepend-path /usr/local/share/lua/5.3/haproxy-lua-http.lua | |
listen HAProxyLocalStats | |
bind 127.0.0.1:2200 name localstats | |
mode http | |
stats enable | |
stats admin if TRUE | |
stats show-legends | |
stats uri /haproxy/haproxy_stats.php?haproxystats=1 | |
timeout client 5000 | |
timeout connect 5000 | |
timeout server 5000 | |
frontend ACME | |
bind 80.1.110.31:80 name 80.1.110.31:80 | |
mode http | |
log global | |
option http-keep-alive | |
option forwardfor | |
acl https ssl_fc | |
http-request set-header X-Forwarded-Proto http if !https | |
http-request set-header X-Forwarded-Proto https if https | |
timeout client 30000 | |
acl url_acme_http01 var(txn.txnpath) -m beg -i /.well-known/acme-challenge | |
http-request set-var(txn.txnpath) path | |
http-request use-service lua.acme-http01 if METH_GET url_acme_http01 | |
default_backend ToHTTPS_ipvANY | |
frontend Authelia | |
bind 0.0.0.0:443 name 0.0.0.0:443 ssl crt-list /var/etc/haproxy/Authelia.crt_list | |
bind /tmp/haproxy_chroot/Authelia.socket name unixsocket uid 80 accept-proxy ssl crt-list /var/etc/haproxy/Authelia.crt_list | |
mode http | |
log global | |
option log-separate-errors | |
option httplog | |
option http-keep-alive | |
option forwardfor | |
acl https ssl_fc | |
http-request set-header X-Forwarded-Proto http if !https | |
http-request set-header X-Forwarded-Proto https if https | |
timeout client 30000 | |
acl authelia var(txn.txnhost) -m str -i auth.home.com | |
acl protected-frontends hdr(host) -m reg -i ^(?i)(galaxy|zwave|octoprint|mainsail|nasdcf420|klipper)\.home\.com|\/(bx|wh) | |
acl protected-frontends-path-printer hdr(host) -m reg -i ^(?i)klipper\.home\.com\/(bx|wh) | |
acl hdr-xff_exists req.hdr(X-Forwarded-For) -m found | |
acl galaxy_list src 192.168.1.0/24 192.168.2.0/24 192.168.3.0/24 | |
acl white_list_controlicz src 3.9.46.147 | |
acl white_list src 192.168.1.0/24 192.168.2.0/24 192.168.3.0/24 | |
acl host-zwave var(txn.txnhost) -m str -i zwave.home.com | |
acl host-galaxy var(txn.txnhost) -m str -i galaxy.home.com | |
acl host-octoprint var(txn.txnhost) -m str -i octoprint.home.com | |
acl host-nasdcf420 var(txn.txnhost) -m str -i nasdcf420.home.com | |
acl host-mainsail var(txn.txnhost) -m str -i mainsail.home.com | |
acl host-bx var(txn.txnpath) -m beg -i /bx | |
acl host-wh var(txn.txnpath) -m sub -i /wh | |
acl aclcrt_Authelia var(txn.txnhost) -m reg -i ^njorth\.com(:([0-9]){1,5})?$ | |
acl aclcrt_Authelia var(txn.txnhost) -m reg -i ^mainsail\.home\.com(:([0-9]){1,5})?$ | |
acl aclcrt_Authelia var(txn.txnhost) -m reg -i ^galaxy\.home\.com(:([0-9]){1,5})?$ | |
acl aclcrt_Authelia var(txn.txnhost) -m reg -i ^octoprint\.home\.com(:([0-9]){1,5})?$ | |
acl aclcrt_Authelia var(txn.txnhost) -m reg -i ^zwave\.home\.com(:([0-9]){1,5})?$ | |
acl aclcrt_Authelia var(txn.txnhost) -m reg -i ^auth\.home\.com(:([0-9]){1,5})?$ | |
acl aclcrt_Authelia var(txn.txnhost) -m reg -i ^nasdcf420\.home\.com(:([0-9]){1,5})?$ | |
http-request set-var(txn.txnhost) hdr(host) | |
http-request set-var(txn.txnpath) path | |
http-request set-var(req.scheme) str(https) if { ssl_fc } aclcrt_Authelia | |
http-request set-var(req.scheme) str(http) if !{ ssl_fc } aclcrt_Authelia | |
http-request set-var(req.questionmark) str(?) if { query -m found } aclcrt_Authelia | |
http-request set-header X-Forwarded-For %[src] if !hdr-xff_exists aclcrt_Authelia | |
http-request set-header X-Real-IP %[src] if protected-frontends aclcrt_Authelia | |
http-request set-header X-Forwarded-Method %[var(req.method)] if protected-frontends aclcrt_Authelia | |
http-request set-header X-Forwarded-Proto %[var(req.scheme)] if protected-frontends aclcrt_Authelia | |
http-request set-header X-Forwarded-Host %[req.hdr(Host)] if protected-frontends aclcrt_Authelia | |
http-request set-header X-Forwarded-Uri %[path]%[var(req.questionmark)]%[query] if protected-frontends aclcrt_Authelia | |
http-request lua.auth-request be_authelia_ipvANY /api/verify if protected-frontends aclcrt_Authelia | |
http-request redirect location https://auth.home.com/?rd=%[var(req.scheme)]://%[base]%[var(req.questionmark)]%[query] if protected-frontends !{ var(txn.auth_response_successful) -m bool } aclcrt_Authelia | |
use_backend be_authelia_ipvANY if authelia aclcrt_Authelia | |
use_backend Domoticz_ipvANY if host-zwave aclcrt_Authelia | |
use_backend Octoprint_ipvANY if host-octoprint aclcrt_Authelia | |
use_backend Galaxy_ipvANY if host-galaxy galaxy_list aclcrt_Authelia | |
use_backend nasdcf4202_ipvANY if host-nasdcf420 galaxy_list aclcrt_Authelia | |
use_backend Mainsail_ipvANY if host-mainsail aclcrt_Authelia | |
use_backend Mainsail_ipvANY if host-wh aclcrt_Authelia | |
use_backend Klipper_ipvANY if host-bx aclcrt_Authelia | |
use_backend be_authelia_ipvANY if aclcrt_Authelia | |
backend ToHTTPS_ipvANY | |
mode http | |
id 105 | |
log global | |
timeout connect 30000 | |
timeout server 30000 | |
retries 3 | |
load-server-state-from-file global | |
server toHTTPs /Authelia.socket send-proxy-v2-ssl-cn id 106 | |
backend be_authelia_ipvANY | |
mode http | |
id 127 | |
log global | |
option log-health-checks | |
http-check send meth OPTIONS | |
timeout connect 30000 | |
timeout server 30000 | |
retries 3 | |
load-server-state-from-file global | |
option httpchk | |
acl remote_user_exist var(req.auth_response_header.remote_user) -m found | |
acl remote_groups_exist var(req.auth_response_header.remote_groups) -m found | |
acl remote_name_exist var(req.auth_response_header.remote_name) -m found | |
acl remote_email_exist var(req.auth_response_header.remote_email) -m found | |
http-request set-header Remote-User %[var(req.auth_response_header.remote_user)] if remote_user_exist | |
http-request set-header Remote-Groups %[var(req.auth_response_header.remote_groups)] if remote_groups_exist | |
http-request set-header Remote-Name %[var(req.auth_response_header.remote_name)] if remote_name_exist | |
http-request set-header Remote-Email %[var(req.auth_response_header.remote_email)] if remote_email_exist | |
server be_authelia 192.168.1.24:9091 id 128 check inter 1000 | |
backend Domoticz_ipvANY | |
mode http | |
id 109 | |
log global | |
option log-health-checks | |
timeout connect 30000 | |
timeout server 30000 | |
retries 3 | |
load-server-state-from-file global | |
option forwardfor | |
server zwave 192.168.1.113:80 id 101 | |
backend Octoprint_ipvANY | |
mode http | |
id 102 | |
log global | |
timeout connect 30000 | |
timeout server 30000 | |
retries 3 | |
load-server-state-from-file global | |
option forwardfor | |
acl remote_user_exist var(req.auth_response_header.remote_user) -m found | |
acl remote_groups_exist var(req.auth_response_header.remote_groups) -m found | |
acl remote_name_exist var(req.auth_response_header.remote_name) -m found | |
acl remote_email_exist var(req.auth_response_header.remote_email) -m found | |
acl strip_path var(req.auth_response_header.remote_email) -m found | |
http-request set-header Remote-User %[var(req.auth_response_header.remote_user)] if remote_user_exist | |
http-request set-header Remote-Groups %[var(req.auth_response_header.remote_groups)] if remote_groups_exist | |
http-request set-header Remote-Name %[var(req.auth_response_header.remote_name)] if remote_name_exist | |
http-request set-header Remote-Email %[var(req.auth_response_header.remote_email)] if remote_email_exist | |
http-request replace-path (/)?(.*) /bx if strip_path | |
server octoprint 192.168.1.114:80 id 115 check inter 1000 | |
backend Galaxy_ipvANY | |
mode http | |
id 104 | |
log global | |
timeout connect 1000 | |
timeout server 30000 | |
retries 3 | |
load-server-state-from-file global | |
acl remote_user_exist var(req.auth_response_header.remote_user) -m found | |
acl remote_groups_exist var(req.auth_response_header.remote_groups) -m found | |
acl remote_name_exist var(req.auth_response_header.remote_name) -m found | |
acl remote_email_exist var(req.auth_response_header.remote_email) -m found | |
http-request set-header Remote-User %[var(req.auth_response_header.remote_user)] if remote_user_exist | |
http-request set-header Remote-Groups %[var(req.auth_response_header.remote_groups)] if remote_groups_exist | |
http-request set-header Remote-Name %[var(req.auth_response_header.remote_name)] if remote_name_exist | |
http-request set-header Remote-Email %[var(req.auth_response_header.remote_email)] if remote_email_exist | |
server galaxy 192.168.1.20:9443 id 101 ssl verify none | |
backend nasdcf4202_ipvANY | |
mode http | |
id 131 | |
log global | |
timeout connect 30000 | |
timeout server 30000 | |
retries 3 | |
load-server-state-from-file global | |
acl remote_user_exist var(req.auth_response_header.remote_user) -m found | |
acl remote_groups_exist var(req.auth_response_header.remote_groups) -m found | |
acl remote_name_exist var(req.auth_response_header.remote_name) -m found | |
acl remote_email_exist var(req.auth_response_header.remote_email) -m found | |
http-request set-header Remote-User %[var(req.auth_response_header.remote_user)] if remote_user_exist | |
http-request set-header Remote-Groups %[var(req.auth_response_header.remote_groups)] if remote_groups_exist | |
http-request set-header Remote-Name %[var(req.auth_response_header.remote_name)] if remote_name_exist | |
http-request set-header Remote-Email %[var(req.auth_response_header.remote_email)] if remote_email_exist | |
server nasdcf420 192.168.1.233:443 id 115 ssl check-ssl check inter 1000 verify none | |
backend Mainsail_ipvANY | |
mode http | |
id 129 | |
log global | |
timeout connect 30000 | |
timeout server 30000 | |
retries 3 | |
load-server-state-from-file global | |
option forwardfor | |
acl remote_user_exist var(req.auth_response_header.remote_user) -m found | |
acl remote_groups_exist var(req.auth_response_header.remote_groups) -m found | |
acl remote_name_exist var(req.auth_response_header.remote_name) -m found | |
acl remote_email_exist var(req.auth_response_header.remote_email) -m found | |
http-request set-header Remote-User %[var(req.auth_response_header.remote_user)] if remote_user_exist | |
http-request set-header Remote-Groups %[var(req.auth_response_header.remote_groups)] if remote_groups_exist | |
http-request set-header Remote-Name %[var(req.auth_response_header.remote_name)] if remote_name_exist | |
http-request set-header Remote-Email %[var(req.auth_response_header.remote_email)] if remote_email_exist | |
server mainsail 192.168.1.115:80 id 115 check inter 1000 | |
backend Klipper_ipvANY | |
mode http | |
id 121 | |
log global | |
timeout connect 30000 | |
timeout server 30000 | |
retries 3 | |
load-server-state-from-file global | |
option forwardfor | |
acl remote_user_exist var(req.auth_response_header.remote_user) -m found | |
acl remote_groups_exist var(req.auth_response_header.remote_groups) -m found | |
acl remote_name_exist var(req.auth_response_header.remote_name) -m found | |
acl remote_email_exist var(req.auth_response_header.remote_email) -m found | |
acl strip_path var(req.auth_response_header.remote_email) -m found | |
http-request set-header Remote-User %[var(req.auth_response_header.remote_user)] if remote_user_exist | |
http-request set-header Remote-Groups %[var(req.auth_response_header.remote_groups)] if remote_groups_exist | |
http-request set-header Remote-Name %[var(req.auth_response_header.remote_name)] if remote_name_exist | |
http-request set-header Remote-Email %[var(req.auth_response_header.remote_email)] if remote_email_exist | |
http-request replace-path (/)?(.*) /bx if strip_path | |
server klipper 192.168.1.114:80 id 115 check inter 1000 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment