## Automatically generated configuration.# Do not edit this file manually.#global uid 80 gid 80 chroot /var/haproxy daemon stats socket /var/run/haproxy.socket group proxy mode 775 level admin nbproc 1 nbthread 4 hard-stop-after 60s no strict-limits maxconn 1000 tune.ssl.default-dh-param 4096 spread-checks 2 tune.bufsize 16384 tune.lua.maxmem 0 log /var/run/log local0 debug lua-prepend-path /tmp/haproxy/lua/?.luadefaults log global option redispatch -1 maxconn 5000 timeout client 30s timeout connect 30s timeout server 30s retries 3 default-server init-addr last,libc default-server maxconn 5000# autogenerated entries for ACLs# autogenerated entries for config in backends/frontends# autogenerated entries for stats# Frontend: www ()frontend www bind 0.0.0.0:80 name 0.0.0.0:80 mode http option http-keep-alive # tuning options timeout client 30s # logging options # ACL: find_acme_challenge acl acl_635be49474e597.79861541 path_beg -i /.well-known/acme-challenge/ # ACTION: redirect_acme_challenges use_backend acme_challenge_backend if acl_635be49474e597.79861541# Frontend: 0_SNI_frontend (Listening on 0.0.0.0:80, 0.0.0.0:443)frontend 0_SNI_frontend bind 0.0.0.0:443 name 0.0.0.0:443 bind 0.0.0.0:80 name 0.0.0.0:80 mode tcp default_backend SSL_backend # tuning options timeout client 30s # logging options# Frontend: 1_HTTP_frontend (Listening on 127.4.4.3:80)frontend 1_HTTP_frontend bind 127.4.4.3:80 name 127.4.4.3:80 accept-proxy mode http option http-keep-alive option forwardfor # tuning options timeout client 30s # logging options # ACL: NoSSL_condition acl acl_639f0c4ad0fc49.48407927 ssl_fc # ACTION: HTTPtoHTTPS_rule http-request redirect scheme https code 301 if !acl_639f0c4ad0fc49.48407927# Frontend: 1_HTTPS_frontend (Listening on 127.4.4.3:443)frontend 1_HTTPS_frontend http-response set-header Strict-Transport-Security "max-age=63072000; includeSubDomains; preload" bind 127.4.4.3:443 name 127.4.4.3:443 accept-proxy ssl curves secp384r1 no-sslv3 no-tlsv10 no-tlsv11 no-tls-tickets ciphers ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256 ciphersuites TLS_AES_128_GCM_SHA256:TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256 alpn h2,http/1.1 crt-list /tmp/haproxy/ssl/639f116025c934.97390838.certlist mode http option http-keep-alive option forwardfor # tuning options timeout client 15m # logging options # ACTION: PUBLIC_SUBDOMAINS_map-rule # NOTE: actions with no ACLs/conditions will always match use_backend %[req.hdr(host),lower,map_dom(/tmp/haproxy/mapfiles/639f0e0e3acac0.41605309.txt)] # Backend: acme_challenge_backend (Added by ACME Client plugin)backend acme_challenge_backend # health checking is DISABLED mode http balance source # stickiness stick-table type ip size 50k expire 30m stick on src # tuning options timeout connect 30s timeout server 30s http-reuse safe server acme_challenge_host 127.0.0.1:43580 # Backend: SSL_backend ()backend SSL_backend # health checking is DISABLED mode tcp balance source # stickiness stick-table type ip size 50k expire 30m stick on src # tuning options timeout connect 30s timeout server 30s server SSL_Server 127.4.4.3 send-proxy-v2 check-send-proxy# Backend: kimai_backend (kimai)backend kimai_backend # health checking is DISABLED mode http balance source # stickiness stick-table type ip size 50k expire 30m stick on src # tuning options timeout connect 30s timeout server 30s http-reuse safe server kimai 192.168.40.205:80 ssl verify none# Backend: freshrss_backend (freshrss)backend freshrss_backend # health checking is DISABLED mode http balance source # stickiness stick-table type ip size 50k expire 30m stick on src # tuning options timeout connect 30s timeout server 30s http-reuse safe server freshrss 192.168.40.211:8085 ssl verify none# statistics are DISABLED
