ยง2024-06-05
This is mine /etc//etc/haproxy/haproxy.cfg running the https://munetaka.net
global
log /dev/log local0
log /dev/log local1 notice
chroot /var/lib/haproxy
stats socket /run/haproxy/admin.sock mode 660 level admin
stats timeout 30s
user haproxy
group haproxy
daemon
# Default SSL material locations
ca-base /etc/ssl/certs
crt-base /etc/ssl/private
# See: https://ssl-config.mozilla.org/#server=haproxy&server-version=2.0.3&config=intermediate
ssl-default-bind-ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384
ssl-default-bind-ciphersuites TLS_AES_128_GCM_SHA256:TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256
ssl-default-bind-options ssl-min-ver TLSv1.2 no-tls-tickets
defaults
log global
mode http
option httplog
option dontlognull
timeout connect 5000
timeout client 50000
timeout server 50000
errorfile 400 /etc/haproxy/errors/400.http
errorfile 403 /etc/haproxy/errors/403.http
errorfile 408 /etc/haproxy/errors/408.http
errorfile 500 /etc/haproxy/errors/500.http
errorfile 502 /etc/haproxy/errors/502.http
errorfile 503 /etc/haproxy/errors/503.http
errorfile 504 /etc/haproxy/errors/504.http
frontend http_80_front
# bind *:443 ssl crt /etc/letsencrypt/live/munetaka.me/fullchain.pem key /etc/letsencrypt/live/munetaka.me/privkey.pem
bind *:443 ssl crt /etc/letsencrypt/live/munetaka.me/haproxy.pem
default_backend http_8088_back
backend http_8088_back
server nginx_server 127.0.0.1:8088 ssl verify none
# 2024-06-05 add nextCLoud
frontend front__nextCloud_45101
bind *:45101 ssl crt /etc/letsencrypt/live/munetaka.me/haproxy.pem
default_backend back_nextCloud_45101
backend back_nextCloud_45101
server nextcloud_server hc4Noble.yushei.net:45101
This is my /etc/systemd/system/Caddy.service running at h2Jammy.yushei.net:43889
[Unit]
Description=Caddy
Documentation=https://caddyserver.com/docs/
After=network.target network-online.target
Requires=network-online.target
[Service]
Type=notify
User=caddy
Group=caddy
WorkingDirectory=/home/alexlai/build/yushei-caddy-markdown/
ExecStart=/usr/bin/caddy run --environ --config /home/alexlai/build/yushei-caddy-markdown/Caddyfile
ExecReload=/usr/bin/caddy reload --config /home/alexlai/build/yushei-caddy-markdown/Caddyfile --force
TimeoutStopSec=5s
LimitNOFILE=1048576
LimitNPROC=512
PrivateDevices=yes
PrivateTmp=true
ProtectSystem=full
AmbientCapabilities=CAP_NET_BIND_SERVICE
[Install]
WantedBy=multi-user.target
My /home/alexlai/build/yushei-caddy-markdown/Caddyfile
# https://github.com/dbohdan/caddy-markdown-site
# Copyright (c) 2021 D. Bohdan. License: MIT.
h2jammy.yushei.net:43889 {
# reverse_proxy https://munetaka.me:43889 {
# Optionally, you can include headers as needed
# header_up Host {host}
# header_up X-Real-IP {remote}
# header_up X-Forwarded-For {remote}
# header_up X-Forwarded-Proto {scheme}
# }
# reverse_proxy https://munetaka.me:43889 {
# header_up Host munetaka.me:43889
#}
root * demo
encode gzip
file_server browse
templates
log {
output file access.43115.log
}
@media {
path /favicon.ico
path /media/*
}
@templates {
path /templates/*
not path /templates/*.css /templates/*.js
}
@markdown {
path_regexp \.md$
}
@markdown_exists {
file {path}.md
}
handle @media {
file_server
}
handle @templates {
error 403
}
handle @markdown {
rewrite * /templates/index.html
}
handle @markdown_exists {
map {path} {caddy_markdown_site.append_to_path} {
default extension
}
rewrite * /templates/index.html
}
handle_errors {
file_server
templates
@markdown_index_exists_404 {
file {path}/index.md
expression `{http.error.status_code} == 404`
}
handle @markdown_index_exists_404 {
map {path} {caddy_markdown_site.append_to_path} {
default index
}
file_server {
status 200
}
rewrite * /templates/index.html
}
handle {
rewrite * /templates/error.html
}
}
# reverse_proxy https://munetaka.me {
# header_up Host 43889
# }
}
How to setup so that https://munetaka.me:43889 direct to backend server h2Jammy.yushei.net:43889