Jérémy Lecour
5b4ea19350
All checks were successful
gitea/ansible-roles/pipeline/head This commit looks good
32 lines
1.7 KiB
Django/Jinja
32 lines
1.7 KiB
Django/Jinja
acl example_domains var(req.hdr_host) -m str example.com
|
|
acl example_domains2 var(req.hdr_host) -m str example.org www.example.org
|
|
### acl example_maintenance_ips src -f /etc/haproxy/sites/{{ site }}/maintenance_ips
|
|
|
|
# Redirect to HTTPS without Let's Encrypt certificate
|
|
### http-request redirect scheme https code 301 if example_domains !{ ssl_fc }
|
|
|
|
# Redirect to HTTPS with Let's Encrypt certificate (exclude LE challenge from redirection)
|
|
### http-request redirect scheme https code 301 if example_domains !{ ssl_fc } !letsencrypt
|
|
|
|
# Redirect a domain to another without Let's encrypt certificate
|
|
### http-request redirect prefix https://example-to.org code 301 if { var(req.hdr_host) -m str example-from.org }
|
|
|
|
# Redirect a domain to another with a Let's encrypt certificate (exclude LE challenge from redirection)
|
|
### http-request redirect prefix https://example-to.org code 301 if { var(req.hdr_host) -m str example-from.org } !letsencrypt
|
|
|
|
# HSTS (31536000 seconds = 1 year)
|
|
### http-response set-header Strict-Transport-Security max-age=31536000 if example_domains
|
|
|
|
# Custom directives, all conditionned by at least the "example_domains" ACL
|
|
# Example: reject request from a specific IP
|
|
### http-request deny if example_domains { src 203.0.113.1 }
|
|
|
|
# routing directives, all conditionned by (at least) the "example_domains" ACL
|
|
# Maintenance mode (### -> uncomment BUT define example_maintenance_ips acl before)
|
|
### use_backend example_maintenance if example_domains !example_maintenance_ips !maintenance_ips
|
|
# Use Varnish if available
|
|
use_backend varnish if example_domains varnish_available varnish_http_verb
|
|
|
|
# … or use normal backend
|
|
use_backend example if example_domains
|