# SecuBox Feed HAProxy Configuration # Exposes local package feed via HAProxy with health checks and Gitea mirror failover # Copyright 2026 CyberMind # ACL for secubox-feed requests acl is_secubox_feed path_beg /secubox-feed acl is_feed_health path /secubox-feed/health # Use secubox-feed backend for matching requests use_backend secubox_feed_backend if is_secubox_feed # Backend: Local SecuBox Package Feed backend secubox_feed_backend mode http balance roundrobin option httpchk GET /secubox-feed/Packages http-check expect status 200 # Local feed (primary) - served by uhttpd on localhost server local_feed 127.0.0.1:80 check inter 30s fall 3 rise 2 weight 100 # Gitea mirror (fallback) - uses environment variable or default # Set SECUBOX_GITEA_MIRROR in /etc/default/haproxy or haproxy.cfg server gitea_mirror feed.maegia.tv:443 ssl verify none check inter 60s fall 3 rise 2 weight 50 backup # GitHub releases mirror (secondary fallback) server github_mirror raw.githubusercontent.com:443 ssl verify none check inter 120s fall 5 rise 2 weight 25 backup # Health endpoint response http-request return status 200 content-type "application/json" lf-string '{"status":"ok","feed":"secubox","timestamp":"%[date]"}' if is_feed_health # CORS headers for cross-origin requests http-response set-header Access-Control-Allow-Origin "*" http-response set-header Access-Control-Allow-Methods "GET, HEAD, OPTIONS" # Cache control for package lists acl is_packages_file path_end /Packages /Packages.gz http-response set-header Cache-Control "public, max-age=300" if is_packages_file http-response set-header Cache-Control "public, max-age=86400" unless is_packages_file # Compression for text content compression algo gzip compression type text/plain application/octet-stream # Frontend snippet (add to main frontend or include) # frontend https_frontend # bind *:443 ssl crt /etc/haproxy/certs/ # use_backend secubox_feed_backend if is_secubox_feed