Not fully working, but saving progress

2025-02-19 07:53:26 -08:00
parent f222b6e79a
commit 9c52edd53a
13 changed files with 376 additions and 93 deletions
--- a/templates/hap_backend.tpl
+++ b/templates/hap_backend.tpl
@@ -0,0 +1,9 @@
+
+backend {{ name }}-backend
+
+    option forwardfor
+    http-request add-header X-CLIENT-IP %[src]
+    {% if ssl_enabled %} ttp-request set-header X-Forwarded-Proto https if \{ ssl_fc \} {% endif %}
+    {% for server in servers %}
+    server {{ server.name }} {{ server.address }}:{{ server.port }} {{ server.options }}
+    {% endfor %}
--- a/templates/hap_header.tpl
+++ b/templates/hap_header.tpl
@@ -0,0 +1,48 @@
+#---------------------------------------------------------------------
+# Global settings
+#---------------------------------------------------------------------
+global
+    # to have these messages end up in /var/log/haproxy.log you will
+    # need to:
+    #
+    # 1) configure syslog to accept network log events.  This is done
+    #    by adding the '-r' option to the SYSLOGD_OPTIONS in
+    #    /etc/sysconfig/syslog
+    #
+    # 2) configure local2 events to go to the /var/log/haproxy.log
+    #   file. A line like the following can be added to
+    #   /etc/sysconfig/syslog
+    #
+    #    local2.*                       /var/log/haproxy.log
+    #
+    log         127.0.0.1 local2
+
+    chroot      /var/lib/haproxy
+    pidfile     /var/run/haproxy.pid
+    maxconn     4000
+    user        haproxy
+    group       haproxy
+    daemon
+
+    tune.ssl.default-dh-param 2048
+#---------------------------------------------------------------------
+# common defaults that all the 'listen' and 'backend' sections will
+# use if not designated in their block
+#---------------------------------------------------------------------
+defaults
+    mode                    http
+    log                     global
+    option                  httplog
+    option                  dontlognull
+    option http-server-close
+    option forwardfor       #except 127.0.0.0/8
+    option                  redispatch
+    retries                 3
+    timeout http-request    300s
+    timeout queue           2m
+    timeout connect         120s
+    timeout client          10m
+    timeout server          10m
+    timeout http-keep-alive 120s
+    timeout check           10s
+    maxconn                 3000
--- a/templates/hap_letsencrypt.tpl
+++ b/templates/hap_letsencrypt.tpl
@@ -0,0 +1,9 @@
+    #Let's Encrypt SSL
+    acl letsencrypt-acl path_beg /.well-known/acme-challenge/
+    use_backend letsencrypt-backend if letsencrypt-acl
+
+
+    #Pass SSL Requests to Lets Encrypt
+    backend letsencrypt-backend
+    server letsencrypt 127.0.0.1:8688
+
--- a/templates/hap_listener.tpl
+++ b/templates/hap_listener.tpl
@@ -0,0 +1,5 @@
+#web
+frontend web
+    bind 0.0.0.0:80
+    # crt can now be a path, so it will load all .pem files in the path
+    bind 0.0.0.0:443 ssl crt {{ crt_path }} alpn h2,http/1.1
--- a/templates/hap_path_acl.tpl
+++ b/templates/hap_path_acl.tpl
@@ -0,0 +1,3 @@
+    #Path Method {{ path }}
+    acl {{ path }}-acl path_beg {{ path }}
+    use_backend {{ name }}-backend if {{ path }}-acl
--- a/templates/hap_subdomain_acl.tpl
+++ b/templates/hap_subdomain_acl.tpl
@@ -0,0 +1,4 @@
+    
+    #Subdomain method {{ domain }}
+    acl {{ domain }}-acl hdr(host) -i {{ domain }}
+    use_backend {{ name }}-backend if {{ domain }}-acl