HAProxy/Frontend
Jump to navigation
Jump to search
HAProxy » Reconfig
cat <<'EXE'| sudo bash
if [ -x "$(command -v curl)" ];then
export HAPROXY_ETC_BASE=/etc/haproxy
bash <(curl -s 'https://cdn.chorke.org/exec/cli/bash/install/haproxy/1.0.0-ubuntu-24.04.sh.txt')
curl -fsSL https://cdn.chorke.org/exec/cli/bash/install/haproxy/1.0.0-ubuntu-24.04.sh.txt|tee ${HAPROXY_ETC_BASE}/proxy-scripts/reconfig >/dev/null
chmod u+x ${HAPROXY_ETC_BASE}/proxy-scripts/reconfig
else printf 'curl \033[0;31mnot found! \033[0m:(\n';fi
EXE
HAProxy » Defaults
cat <<'CFG'| sudo tee /etc/haproxy/proxy-default/global.cfg >/dev/null
global
log /dev/log local0
log /dev/log local1 notice
chroot /var/lib/haproxy
stats socket /run/haproxy/admin.sock mode 660 level admin
stats timeout 30s
user haproxy
group haproxy
daemon
CFG
cat <<'CFG'| sudo tee /etc/haproxy/proxy-default/default-ssl.cfg >/dev/null
# default ssl material locations
ca-base /etc/ssl/certs
crt-base /etc/ssl/private
# see: https://ssl-config.mozilla.org/#server=haproxy&server-version=2.0.3&config=intermediate
ssl-default-bind-ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384
ssl-default-bind-ciphersuites TLS_AES_128_GCM_SHA256:TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256
ssl-default-bind-options ssl-min-ver TLSv1.2 no-tls-tickets
CFG
cat <<'CFG'| sudo tee /etc/haproxy/proxy-default/default-http.cfg >/dev/null
defaults
log global
option httplog
option dontlognull
timeout connect 5000
timeout client 50000
timeout server 50000
errorfile 400 /etc/haproxy/errors/400.http
errorfile 403 /etc/haproxy/errors/403.http
errorfile 408 /etc/haproxy/errors/408.http
errorfile 500 /etc/haproxy/errors/500.http
errorfile 502 /etc/haproxy/errors/502.http
errorfile 503 /etc/haproxy/errors/503.http
errorfile 504 /etc/haproxy/errors/504.http
CFG
HAProxy » Frontend » HTTP
cat <<'CFG'| sudo tee /etc/haproxy/proxy-configs/shahed.biz-http-all.cfg >/dev/null
# ##############################################################################
# http frontend config for *.chorke.org, *.chorke.com, *.shahed.biz
# this config added by chorke academia, inc
frontend fnt_shahed_biz
bind *:80
mode http
acl host-is-cid-shahed-biz hdr(host) -i cid.chorke.org
acl host-is-dev-shahed-biz hdr(host) -i dev.chorke.org
acl path-is-artifactory path_beg /artifactory
acl path-is-jenkins path_beg /jenkins
acl path-is-gitlab path_beg /gitlab
acl path-is-nexus path_beg /nexus
use_backend bck_shahed_biz_cid_artifactory if host-is-cid-shahed-biz path-is-artifactory
use_backend bck_shahed_biz_cid_jenkins if host-is-cid-shahed-biz path-is-jenkins
use_backend bck_shahed_biz_cid_gitlab if host-is-cid-shahed-biz path-is-gitlab
use_backend bck_shahed_biz_cid_nexus if host-is-cid-shahed-biz path-is-nexus
default_backend bck_shahed_biz_cid
backend bck_shahed_biz_cid_artifactory
server shahed_ah_artifactory 10.20.40.8:8084 check
mode http
backend bck_shahed_biz_cid_jenkins
server shahed_ah_jenkins 10.20.40.8:8080 check
mode http
backend bck_shahed_biz_cid_gitlab
server shahed_af_gitlab 10.20.40.6:80 check
mode http
backend bck_shahed_biz_cid_nexus
server shahed_ah_nexus 10.20.40.8:8081 check
mode http
backend bck_shahed_biz_cid
server shahed_am_apache2 10.20.40.13:80 check
mode http
CFG
sudo ln -s /etc/haproxy/proxy-configs/shahed.biz-http-all.cfg \
/etc/haproxy/proxy-enabled/shahed.biz-http-all.cfg
HAProxy » Frontend » TCP » VPN
cat <<'CFG'| sudo tee /etc/haproxy/proxy-configs/shahed.biz-tcp-vpn.cfg >/dev/null
# ##############################################################################
# tcp frontend config for vpn.shahed.biz:1194
# this config added by chorke academia, inc
# udp mode not supported, please go with iptables forward
# cat <<'EXE'| sudo bash
# echo iptables-persistent iptables-persistent/autosave_v4 boolean true | debconf-set-selections
# echo iptables-persistent iptables-persistent/autosave_v6 boolean true | debconf-set-selections
# apt-get -y install iptables-persistent && apt-get clean cache
# EXE
# cat <<'EXE'| sudo bash
# iptables -t nat -A PREROUTING -p udp --dport 1194 -j DNAT --to-destination 10.20.40.9:1194
# iptables -A FORWARD -p udp -d 10.20.40.9 --dport 1194 -j ACCEPT
# EXE
CFG
sudo ln -s /etc/haproxy/proxy-configs/shahed.biz-tcp-vpn.cfg \
/etc/haproxy/proxy-enabled/shahed.biz-tcp-vpn.cfg
HAProxy » Frontend » TCP » Git
cat <<'CFG'| sudo tee /etc/haproxy/proxy-configs/shahed.biz-tcp-git.cfg >/dev/null
# ##############################################################################
# tcp frontend config for git.shahed.biz:4321
# this config added by chorke academia, inc
frontend fnt_shahed_biz_git_gitlab_ssh
bind *:4321
mode tcp
option tcplog
option dontlognull
default_backend bck_shahed_biz_git_gitlab_ssh
backend bck_shahed_biz_git_gitlab_ssh
server shahed_af_gitlab 10.20.40.6:4321 check
mode tcp
CFG
sudo ln -s /etc/haproxy/proxy-configs/shahed.biz-tcp-git.cfg \
/etc/haproxy/proxy-enabled/shahed.biz-tcp-git.cfg
HAProxy » Frontend » TCP » Mail
cat <<'CFG'| sudo tee /etc/haproxy/proxy-configs/shahed.biz-tcp-mail.cfg >/dev/null
# ##############################################################################
# tcp frontend config for mail.shahed.biz:25,587,110,995,143,993,465,4190
# this config added by chorke academia, inc
# haproxy: mail.shahed.biz:25
frontend fnt_shahed_biz_mail_smtp_25
bind *:25
mode tcp
option tcplog
option dontlognull
default_backend bck_shahed_biz_mail_smtp_25
backend bck_shahed_biz_mail_smtp_25
server shahed_va 10.20.40.200:25 check
mode tcp
# haproxy: mail.shahed.biz:587
frontend fnt_shahed_biz_mail_smtp_587
bind *:587
mode tcp
option tcplog
option dontlognull
default_backend bck_shahed_biz_mail_smtp_587
backend bck_shahed_biz_mail_smtp_587
server shahed_va 10.20.40.200:587 check
mode tcp
# haproxy: mail.shahed.biz:110
frontend fnt_shahed_biz_mail_pop3_110
bind *:110
mode tcp
option tcplog
option dontlognull
default_backend bck_shahed_biz_mail_pop3_110
backend bck_shahed_biz_mail_pop3_110
server shahed_va 10.20.40.200:110 check
mode tcp
# haproxy: mail.shahed.biz:995
frontend fnt_shahed_biz_mail_pop3_995
bind *:995
mode tcp
option tcplog
option dontlognull
default_backend bck_shahed_biz_mail_pop3_995
backend bck_shahed_biz_mail_pop3_995
server shahed_va 10.20.40.200:995 check
mode tcp
# haproxy: mail.shahed.biz:143
frontend fnt_shahed_biz_mail_imap_143
bind *:143
mode tcp
option tcplog
option dontlognull
default_backend bck_shahed_biz_mail_imap_143
backend bck_shahed_biz_mail_imap_143
server shahed_va 10.20.40.200:143 check
mode tcp
# haproxy: mail.shahed.biz:993
frontend fnt_shahed_biz_mail_imap_993
bind *:993
mode tcp
option tcplog
option dontlognull
default_backend bck_shahed_biz_mail_imap_993
backend bck_shahed_biz_mail_imap_993
server shahed_va 10.20.40.200:993 check
mode tcp
# haproxy: mail.shahed.biz:465
frontend fnt_shahed_biz_mail_smtps_465
bind *:465
mode tcp
option tcplog
option dontlognull
default_backend bck_shahed_biz_mail_smtps_465
backend bck_shahed_biz_mail_smtps_465
server shahed_va 10.20.40.200:465 check
mode tcp
# haproxy: mail.shahed.biz:4190
frontend fnt_shahed_biz_mail_sieve_4190
bind *:4190
mode tcp
option tcplog
option dontlognull
default_backend bck_shahed_biz_mail_sieve_4190
backend bck_shahed_biz_mail_sieve_4190
server shahed_va 10.20.40.200:4190 check
mode tcp
CFG
sudo ln -s /etc/haproxy/proxy-configs/shahed.biz-tcp-mail.cfg \
/etc/haproxy/proxy-enabled/shahed.biz-tcp-mail.cfg
HAProxy » Frontend » Reconfigure
cat <<'EXE'| sudo bash
/etc/haproxy/proxy-scripts/reconfig
ls -alh /etc/haproxy/{haproxy.cfg,proxy-{backups,configs,default,enabled,scripts}}
EXE
nmap --reason mail.shahed.biz -sT -Pn -p25,587,110,995,143,993,465,4190
nmap --reason mail.shahed.biz -sT -Pn --top 20
nmap --reason git.shahed.biz -sT -Pn -p4321
nmap --reason vpn.shahed.biz -sT -Pn -p1194
sudo nmap --reason vpn.shahed.biz -sU -Pn -p1194