diff --git a/package/secubox/secubox-app-haproxy/files/etc/config/haproxy b/package/secubox/secubox-app-haproxy/files/etc/config/haproxy index 5e143218..047f9eb4 100644 --- a/package/secubox/secubox-app-haproxy/files/etc/config/haproxy +++ b/package/secubox/secubox-app-haproxy/files/etc/config/haproxy @@ -33,10 +33,10 @@ config frontend 'http_front' option default_backend 'fallback' option enabled '1' -# Example frontend (HTTPS with SNI) +# Example frontend (HTTPS with SNI using crt-list for multi-cert support) config frontend 'https_front' option name 'https-in' - option bind '*:443 ssl crt /etc/haproxy/certs/ alpn h2,http/1.1' + option bind '*:443 ssl crt-list /opt/haproxy/certs/certs.list alpn h2,http/1.1' option mode 'http' option default_backend 'fallback' option enabled '1' @@ -48,6 +48,23 @@ config backend 'fallback' option balance 'roundrobin' option enabled '1' +# CyberMood.eu vhost +config vhost 'cybermood' + option domain 'cybermood.eu' + option backend 'cybermood_web' + option ssl '1' + option ssl_redirect '1' + option acme '1' + option enabled '1' + +config vhost 'cybermood_www' + option domain 'www.cybermood.eu' + option backend 'cybermood_web' + option ssl '1' + option ssl_redirect '1' + option acme '1' + option enabled '1' + # Example vhost #config vhost 'example' # option domain 'example.com' @@ -57,6 +74,21 @@ config backend 'fallback' # option acme '1' # option enabled '1' +# CyberMood.eu backend +config backend 'cybermood_web' + option name 'cybermood-web' + option mode 'http' + option balance 'roundrobin' + option enabled '1' + +config server 'cybermood_srv' + option backend 'cybermood_web' + option name 'cybermood-srv' + option address '127.0.0.1' + option port '4000' + option check '1' + option enabled '1' + # Example backend with servers #config backend 'web_servers' # option name 'web-servers' @@ -83,6 +115,17 @@ config acme 'acme' option key_type 'ec-256' option renew_days '30' +# CyberMood.eu certificate (ACME) +config certificate 'cert_cybermood' + option domain 'cybermood.eu' + option type 'acme' + option enabled '1' + +config certificate 'cert_cybermood_www' + option domain 'www.cybermood.eu' + option type 'acme' + option enabled '1' + # Certificate entry (manual or ACME) #config certificate 'cert_example' # option domain 'example.com' diff --git a/package/secubox/secubox-app-haproxy/files/usr/share/haproxy/templates/default.cfg b/package/secubox/secubox-app-haproxy/files/usr/share/haproxy/templates/default.cfg index 531d1738..bc2808ad 100644 --- a/package/secubox/secubox-app-haproxy/files/usr/share/haproxy/templates/default.cfg +++ b/package/secubox/secubox-app-haproxy/files/usr/share/haproxy/templates/default.cfg @@ -47,9 +47,9 @@ frontend http-in http-request redirect scheme https code 301 unless is_acme default_backend default_luci -# HTTPS frontend - SSL termination +# HTTPS frontend - SSL termination with multi-certificate SNI support frontend https-in - bind *:443 ssl crt /opt/haproxy/certs/ alpn h2,http/1.1 + bind *:443 ssl crt-list /opt/haproxy/certs/certs.list alpn h2,http/1.1 mode http # Security headers @@ -62,6 +62,10 @@ frontend https-in http-request set-header X-Real-IP %[src] http-request set-header X-Forwarded-For %[src] + # CyberMood.eu routing + acl is_cybermood hdr(host) -i cybermood.eu www.cybermood.eu + use_backend cybermood_web if is_cybermood + default_backend default_luci # ACME challenge backend @@ -74,3 +78,9 @@ backend default_luci mode http balance roundrobin server luci 192.168.255.1:8081 check + +# CyberMood.eu backend +backend cybermood_web + mode http + balance roundrobin + server cybermood 127.0.0.1:4000 check