16
Tutorials and FAQs / Re: Tutorial 2022/08: HAProxy + Let's Encrypt Wildcard Certificates + 100% A+ Rating
« on: February 23, 2023, 05:20:30 pm »
sure..
screnshoots attached.
thanks.
screnshoots attached.
thanks.
This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.
#
# Automatically generated configuration.
# Do not edit this file manually.
#
global
uid 80
gid 80
chroot /var/haproxy
daemon
stats socket /var/run/haproxy.socket group proxy mode 775 level admin
nbthread 1
hard-stop-after 60s
no strict-limits
maxconn 128
tune.ssl.default-dh-param 4096
spread-checks 2
tune.bufsize 16384
tune.lua.maxmem 0
log /var/run/log local0 info
lua-prepend-path /tmp/haproxy/lua/?.lua
defaults
log global
option redispatch -1
maxconn 100
timeout client 30s
timeout connect 4s
timeout server 30s
retries 3
default-server init-addr last,libc
default-server maxconn 100
# autogenerated entries for ACLs
# autogenerated entries for config in backends/frontends
# autogenerated entries for stats
# Frontend: 0_SNI_Frontend (Listening on 0.0.0.0:80, 0.0.0.0:443)
frontend 0_SNI_Frontend
bind 0.0.0.0:443 name 0.0.0.0:443
bind 0.0.0.0:80 name 0.0.0.0:80
mode tcp
default_backend SSL_Backend
# logging options
option tcplog
# Frontend: 1_HTTP_Frontend (Listening on 127.4.4.3:80)
frontend 1_HTTP_Frontend
bind 127.4.4.3:80 name 127.4.4.3:80 accept-proxy
mode http
option http-keep-alive
option forwardfor
# logging options
option httplog
# ACL: NoSSL_Condition
acl acl_6241c8286b2146.46286925 ssl_fc
# ACTION: HTTPtoHTTPS_rule
http-request redirect scheme https code 301 if !acl_6241c8286b2146.46286925
# Frontend: 1_HTTPS_Frontend (Listening on 127.4.4.3:443)
frontend 1_HTTPS_Frontend
http-response set-header Strict-Transport-Security "max-age=63072000; includeSubDomains; preload"
bind 127.4.4.3:443 name 127.4.4.3:443 accept-proxy ssl curves secp384r1 no-sslv3 no-tlsv10 no-tlsv11 no-tls-tickets ciphers ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES256-GCM-SHA384 ciphersuites TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256 alpn h2,http/1.1 crt-list /tmp/haproxy/ssl/6241cc05878570.68121182.certlist
mode http
option http-keep-alive
option forwardfor
# logging options
option httplog
# ACL: LOCAL_SUBDOMAINS_map_conditions
acl acl_63f758e46145e5.66171870 src 192.168.1.0/26
# ACTION: LOCAL_SUBDOMAINS_map-rule
use_backend %[req.hdr(host),lower,map_dom(/tmp/haproxy/mapfiles/63f7583a8314e2.36363887.txt)] if acl_63f758e46145e5.66171870
# ACTION: PUBLIC_SUBDOMAINS_map_rule
# NOTE: actions with no ACLs/conditions will always match
use_backend %[req.hdr(host),lower,map_dom(/tmp/haproxy/mapfiles/6241c892a54f84.31767078.txt)]
# Backend: SSL_Backend (SSL_Backend)
backend SSL_Backend
# health checking is DISABLED
mode tcp
balance source
# stickiness
stick-table type ip size 50k expire 30m
stick on src
server SSL_Server 127.4.4.3 send-proxy-v2 check-send-proxy
# Backend: Unifi_backend (Unifi_Backend)
backend Unifi_backend
# health checking is DISABLED
mode http
balance source
# stickiness
stick-table type ip size 50k expire 30m
stick on src
http-reuse safe
server Unifi 172.1.1.2:8443 ssl alpn h2,http/1.1 verify none source 192.168.1.1
# Backend: Homeassistant_backend (Homeassistant_Backend)
backend Homeassistant_backend
# health checking is DISABLED
mode http
balance source
# stickiness
stick-table type ip size 50k expire 30m
stick on src
http-reuse safe
server Homeassistant 192.168.1.3:8123
# Backend: Docker_OCI_backend (Docker_OCI_Backend)
backend Docker_OCI_backend
# health checking is DISABLED
mode http
balance source
# stickiness
stick-table type ip size 50k expire 30m
stick on src
http-reuse safe
server docker 172.1.1.2:9443 ssl alpn h2,http/1.1 verify none source 192.168.1.1
# statistics are DISABLED
same for me.
P.S Usually I dont rant about free SW, but this is almost core functionality and gets no testing love prior release.
Zenarmor is a 3rd party plugin, tbh its anything else than core