gandalf/secubox-openwrt
1
1
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
e6b65679a4
secubox-openwrt/package/secubox/secubox-app-haproxy/files/usr/share/haproxy/templates/default.cfg
CyberMind-FR e6b65679a4 feat(haproxy): Add presse.cybermood.eu vhost 
- Add vhost for presse.cybermood.eu
- Add backend cybermood_presse on port 4001
- Add ACME certificate entry
- Add ACL routing rules
- Fix backends to use LAN IP (192.168.255.1) instead of localhost

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
2026-02-08 10:52:09 +01:00

95 lines
2.6 KiB
INI
Raw Blame History

# HAProxy Default Configuration Template
# This file is used as a base when generating haproxy.cfg
global
log stdout format raw local0
maxconn 4096
stats socket /var/run/haproxy.sock mode 660 level admin expose-fd listeners
stats timeout 30s
ssl-default-bind-ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256
ssl-default-bind-ciphersuites TLS_AES_128_GCM_SHA256:TLS_AES_256_GCM_SHA384
ssl-default-bind-options ssl-min-ver TLSv1.2 no-tls-tickets
tune.ssl.default-dh-param 2048
defaults
mode http
log global
option httplog
option dontlognull
option forwardfor
timeout connect 5s
timeout client 30s
timeout server 30s
timeout http-request 10s
timeout http-keep-alive 10s
retries 3
# Stats frontend - enable monitoring
frontend stats
bind *:8404
mode http
stats enable
stats uri /stats
stats refresh 10s
stats auth admin:secubox
stats admin if TRUE
# HTTP frontend - catch all port 80 traffic
frontend http-in
bind *:80
mode http
# ACME challenge handling
acl is_acme path_beg /.well-known/acme-challenge/
use_backend acme if is_acme
# Default: redirect to HTTPS
http-request redirect scheme https code 301 unless is_acme
default_backend default_luci
# HTTPS frontend - SSL termination with multi-certificate SNI support
frontend https-in
bind *:443 ssl crt-list /opt/haproxy/certs/certs.list alpn h2,http/1.1
mode http
# Security headers
http-response set-header Strict-Transport-Security "max-age=31536000; includeSubDomains"
http-response set-header X-Content-Type-Options nosniff
http-response set-header X-Frame-Options SAMEORIGIN
# Forward real IP
http-request set-header X-Forwarded-Proto https
http-request set-header X-Real-IP %[src]
http-request set-header X-Forwarded-For %[src]
# CyberMood.eu routing
acl is_cybermood hdr(host) -i cybermood.eu www.cybermood.eu
acl is_cybermood_presse hdr(host) -i presse.cybermood.eu
use_backend cybermood_web if is_cybermood
use_backend cybermood_presse if is_cybermood_presse
default_backend default_luci
# ACME challenge backend
backend acme
mode http
server acme 127.0.0.1:8080 check
# Default LuCI backend - routes to uhttpd
backend default_luci
mode http
balance roundrobin
server luci 192.168.255.1:8081 check
# CyberMood.eu backend
backend cybermood_web
mode http
balance roundrobin
server cybermood 192.168.255.1:4000 check
# CyberMood Presse backend
backend cybermood_presse
mode http
balance roundrobin
server cybermood-presse 192.168.255.1:4001 check
Reference in New Issue View Git Blame Copy Permalink