silverbucket.net haproxy config

1. global
2. log /dev/log local0
3. log /dev/log local1 notice
4. chroot /var/lib/haproxy
5. stats socket /run/haproxy/admin.sock mode 660 level admin
6. stats timeout 30s
7. user haproxy
8. group haproxy
9. daemon
10.  
11. maxconn 4096
12. tune.ssl.default-dh-param 4096
13.  
14. # Default SSL material locations
15. ca-base /etc/ssl/certs
16. crt-base /etc/ssl/private
17.  
18. # Default ciphers to use on SSL-enabled listening sockets.
19. # For more information, see ciphers(1SSL). This list is from:
20. # https://hynek.me/articles/hardening-your-web-servers-ssl-ciphers/
21. ssl-default-bind-ciphers ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AESGCM:RSA+AES:RSA+3DES:!aNULL:!MD5:!DSS
22. ssl-default-bind-options no-sslv3
23.  
24. defaults
25. log global
26. mode http
27. option httplog
28. option dontlognull
29. timeout connect 5000
30. timeout client 50000
31. timeout server 50000
32. errorfile 400 /etc/haproxy/errors/400.http
33. errorfile 403 /etc/haproxy/errors/403.http
34. errorfile 408 /etc/haproxy/errors/408.http
35. errorfile 500 /etc/haproxy/errors/500.http
36. errorfile 502 /etc/haproxy/errors/502.http
37. errorfile 503 /etc/haproxy/errors/503.http
38. errorfile 504 /etc/haproxy/errors/504.http
39.  
40. option httpclose
41. option redispatch
42.  
43. frontend public
44. bind 0.0.0.0:80
45.  
46. acl is_sbnet hdr_end(host) -i silverbucket.net
47. acl is_sbnet hdr_end(host) -i www.silverbucket.net
48. acl is_67p hdr_end(host) -i 67p.io
49. acl is_67p hdr_end(host) -i www.67p.io
50. acl is_shdemo hdr_end(host) -i demo.sockethub.org
51. acl is_webfinger path_beg -i /.well-known
52.  
53. redirect location https://silverbucket.net if is_sbnet
54.  
55. use_backend webfinger if is_webfinger
56. use_backend 67p if is_67p
57. use_backend shdemo if is_shdemo
58.  
59. default_backend sbnet
60.  
61.  
62. frontend public-ssl
63. bind 0.0.0.0:443 ssl crt /etc/haproxy/fullchain_priv.pem ciphers ECDHE+aRSA+AES256+GCM+SHA384:ECDHE+aRSA+AES128+GCM+SHA256:ECDHE+aRSA+AES256+SHA384:ECDHE+aRSA+AES128+SHA256:ECDHE+aRSA+RC4+SHA:ECDHE+aRSA+AES256+SHA:ECDHE+aRSA+AES128+SHA:AES256+GCM+SHA384:AES128+GCM+SHA256:AES128+SHA256:AES256+SHA256:DHE+aRSA+AES128+SHA:RC4+SHA:HIGH:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!SRP:!DSS
64.  
65. acl is_sbnet hdr_end(host) -i silverbucket.net
66. acl is_sbnet hdr_end(host) -i www.silverbucket.net
67. acl is_67p hdr_end(host) -i 67p.io
68. acl is_67p hdr_end(host) -i www.67p.io
69. acl is_shdemo hdr_end(host) -i demo.sockethub.org
70. acl is_webfinger path_beg -i /.well-known
71. acl is_sockethub_path path_beg -i /sockethub
72.  
73. use_backend sockethub if is_sockethub_path
74. use_backend webfinger if is_webfinger
75. use_backend sbnet if is_sbnet
76. use_backend 67p if is_67p
77. use_backend shdemo if is_shdemo
78.  
79. default_backend sbnet
80.  
81. backend sbnet
82. timeout server 30s
83. option httpclose
84. option forwardfor
85. server sbnet1 127.0.0.1:8083 #check
86.  
87. backend 67p
88. timeout server 30s
89. option httpclose
90. option forwardfor
91. server sx1 127.0.0.1:8084 #check
92.  
93. backend shdemo
94. timeout server 30s
95. option httpclose
96. option forwardfor
97. server sx1 127.0.0.1:8085 #check
98.  
99. backend webfinger
100. timeout server 30s
101. option httpclose
102. option forwardfor
103. server wf1 127.0.0.1:9110
104.  
105. backend sockethub
106. timeout server 30s
107. option httpclose
108. option forwardfor
109. #reqrep ^([^\ ]*)\ /sockethub/(.*) \1\ /\2
110. reqrep ^([^\ ]*)\ /sockethub(.*) \1\ /sockethub\2
111. server wf1 127.0.0.1:10550