/munetakaJupyterHub/Computer/2024/HAProxy/ubuntuLinux/.ipynb_checkpoints/87-YsMettingChatGPT-checkpoint.md

§2024-06-05

I have a YsMeeting.service to serve http://h2nas03.yushei.com.tw:43410

[Unit]
Description=start YsMeeting
After=final.target
Documentation=https://chingyen.com.tw:30000

[Service]
User=root
Group=root
ExecStart=/home/alexlai/scripts/startYsMeeting.sh
Restart=always
RestartSec=5

[Install]
WantedBy=multi-user.target

and the /home/alexlai/scripts/startYsMeeting.sh is as

#!/bin/sh

. /home/alexlai/RUST/bin/activate

cd /home/alexlai/ysMeetingJournal

mdbook serve --hostname h2nas03.yushei.com.tw -p 43410

And my /etc/haproxy/haproxy.cfg

global
	log /dev/log	local0
	log /dev/log	local1 notice
	chroot /var/lib/haproxy
	stats socket /run/haproxy/admin.sock mode 660 level admin
	stats timeout 30s
	user haproxy
	group haproxy
	daemon

	# Default SSL material locations
	ca-base /etc/ssl/certs
	crt-base /etc/ssl/private

	# See: https://ssl-config.mozilla.org/#server=haproxy&server-version=2.0.3&config=intermediate
        ssl-default-bind-ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384
        ssl-default-bind-ciphersuites TLS_AES_128_GCM_SHA256:TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256
        ssl-default-bind-options ssl-min-ver TLSv1.2 no-tls-tickets

defaults
	log	global
	mode	http
	option	httplog
	option	dontlognull
        timeout connect 5000
        timeout client  50000
        timeout server  50000
	errorfile 400 /etc/haproxy/errors/400.http
	errorfile 403 /etc/haproxy/errors/403.http
	errorfile 408 /etc/haproxy/errors/408.http
	errorfile 500 /etc/haproxy/errors/500.http
	errorfile 502 /etc/haproxy/errors/502.http
	errorfile 503 /etc/haproxy/errors/503.http
	errorfile 504 /etc/haproxy/errors/504.http

frontend http_80_front
    # bind *:443 ssl crt /etc/letsencrypt/live/munetaka.me/fullchain.pem key /etc/letsencrypt/live/munetaka.me/privkey.pem
    bind *:443 ssl crt /etc/letsencrypt/live/munetaka.me/haproxy.pem
    default_backend http_8088_back

backend http_8088_back
    server nginx_server 127.0.0.1:8088 ssl verify none

# 2024-06-05 add nextCLoud 
frontend front__nextCloud_45101
    bind *:45101 ssl crt /etc/letsencrypt/live/munetaka.me/haproxy.pem
    http-request set-header X-Forwarded-Proto https
    default_backend back_nextCloud_45101

backend  back_nextCloud_45101
    server nextcloud_server hc4Noble.yushei.net:45101

# Caddy Server
frontend front_caddy_h2jammy_43889
    bind *:43889 ssl crt /etc/letsencrypt/live/munetaka.me/haproxy.pem
    default_backend back_caddy_h2jammy_43889

backend back_caddy_h2jammy_43889
    server h2jammy_server h2Jammy.yushei.net:43889 ssl verify none

How to https://munetaka.me:43410 HAProxy load balance server direct to h2nas03.yushei.com.tw:43410 with SSL