add cybbh.io to haproxy.cfg

0faf5d71 · David Ivey · 53a771af · 0faf5d71
Commit 0faf5d71 authored 5 years ago by David Ivey
--- a/apps/public/haproxy/files/haproxy.cfg
+++ b/apps/public/haproxy/files/haproxy.cfg
@@ -41,13 +41,14 @@ defaults

 frontend tls_termination
  mode http
-  bind 192.168.200.4:443 ssl crt /etc/letsencrypt/live/git.cybbh.space/master.pem crt /etc/letsencrypt/live/status.cybbh.space/master.pem
+  bind 192.168.200.4:443 ssl crt /etc/letsencrypt/live/git.cybbh.space/master.pem crt /etc/letsencrypt/live/status.cybbh.space/master.pem crt /etc/letsencrypt/live/cybbh.io/master.pem
  bind 192.168.200.4:9000 ssl crt /etc/letsencrypt/live/graylog.cybbh.space/master.pem ca-file /etc/ssl/certs/dod-root-certs.pem verify required
  reqadd  X-Forwarded-Proto:\ https
  http-response set-header Strict-Transport-Security "max-age=63072000; includeSubDomains; preload"
  http-response set-header Public-Key-Pins "pin-sha256=\"YLh1dUR9y6Kja30RrAn7JKnbQG/uEtLMkBgFF2Fuihg=\"; pin-sha256=\"sRHdihwgkaib1P1gxX8HFszlD+7/gTfNvuAybgLPNis=\"; pin-sha256=\"YLh1dUR9y6Kja30RrAn7JKnbQG/uEtLMkBgFF2Fuihg=\"; pin-sha256=\"sRHdihwgkaib1P1gxX8HFszlD+7/gTfNvuAybgLPNis=\"; pin-sha256=\"hKt/n8XrJnP3czMTKgZLx5NhiiXfYrdLodt3B3OSBA4=\"; max-age=5184000; includeSubDomains"
  redirect scheme https if !{ ssl_fc }
  use_backend gitlab_https if { ssl_fc_sni git.cybbh.space }
+  use_backend gitlab_pages_https if { ssl_fc_sni_end cybbh.io }
  use_backend status_https if { ssl_fc_sni status.cybbh.space }
  use_backend graylog_https if { ssl_c_verify 0 }

@@ -58,6 +59,13 @@ backend gitlab_https
  option  tcplog
  server git.cybbh.space 192.168.200.6:80 check inter 2000 rise 2 fall 5

+backend gitlab_pages_https
+  mode http
+  balance roundrobin
+  option  tcpka
+  option  tcplog
+  server cybbh.io 192.168.200.6:10000 check inter 2000 rise 2 fall 5
+
 backend status_https
  mode http
  balance roundrobin