194 lines
5.5 KiB
Plaintext
194 lines
5.5 KiB
Plaintext
systemd:
|
|
service:
|
|
container-homeassistant:
|
|
Unit:
|
|
Description: Homeassistant
|
|
After: network-online.target local-fs.target
|
|
Before: haproxy.service
|
|
Requires: io.podman.service
|
|
Service:
|
|
ExecStart: /usr/bin/podman start -a homeassistant
|
|
ExecStop: /usr/bin/podman stop homeassistant
|
|
Install:
|
|
WantedBy: multi-user.target
|
|
container-homeassistant-configurator:
|
|
Unit:
|
|
Description: Homeassistant Configurator
|
|
After: network-online.target local-fs.target
|
|
Before: haproxy.service
|
|
Requires: io.podman.service
|
|
Service:
|
|
ExecStart: /usr/bin/podman start -a homeassistant-configurator
|
|
ExecStop: /usr/bin/podman stop homeassistant-configurator
|
|
Install:
|
|
WantedBy: multi-user.target
|
|
container-pihole:
|
|
Unit:
|
|
Description: pihole
|
|
After: network-online.target local-fs.target
|
|
Before: haproxy.service
|
|
Requires: io.podman.service
|
|
Service:
|
|
ExecStart: /usr/bin/podman start -a pihole
|
|
ExecStop: /usr/bin/podman stop pihole
|
|
Install:
|
|
WantedBy: multi-user.target
|
|
container-docker-registry:
|
|
Unit:
|
|
Description: Docker Registry
|
|
After: network-online.target local-fs.target
|
|
Before: haproxy.service
|
|
Requires: io.podman.service
|
|
Service:
|
|
ExecStart: /usr/bin/podman start -a docker-registry
|
|
ExecStop: /usr/bin/podman stop docker-registry
|
|
Install:
|
|
WantedBy: multi-user.target
|
|
container-zwave2mqtt:
|
|
Unit:
|
|
Description: zwave2mqtt - yes
|
|
After: network-online.target local-fs.target
|
|
Before: haproxy.service
|
|
Requires: io.podman.service
|
|
Service:
|
|
ExecStart: /usr/bin/podman start -a zwave2mqtt
|
|
ExecStop: /usr/bin/podman stop zwave2mqtt
|
|
Install:
|
|
WantedBy: multi-user.target
|
|
haproxy:
|
|
enabled: True
|
|
overwrite: True
|
|
global:
|
|
stats:
|
|
enable: True
|
|
socketpath: /var/lib/haproxy/stats
|
|
mode: 660
|
|
level: admin
|
|
# Optional extra bind parameter, for example to set the owner/group on the socket file
|
|
extra: user haproxy group haproxy
|
|
ssl-default-bind-ciphers: "ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA384"
|
|
ssl-default-bind-options: "no-sslv3 no-tlsv10 no-tlsv11"
|
|
|
|
user: haproxy
|
|
group: haproxy
|
|
chroot:
|
|
enable: True
|
|
path: /var/lib/haproxy
|
|
daemon: True
|
|
defaults:
|
|
mode: http
|
|
stats:
|
|
- enable
|
|
- uri: '/admin?stats'
|
|
- realm: 'Haproxy\ Statistics'
|
|
- auth: 'admin1:AdMiN123'
|
|
options:
|
|
- httplog
|
|
- dontlognull
|
|
- forwardfor
|
|
timeouts:
|
|
- connect 5000
|
|
- client 50000
|
|
- server 50000
|
|
- tunnel 80000 #longer timeouts for websockets
|
|
- http-request 5s
|
|
errorfiles:
|
|
400: /etc/haproxy/errors/400.http
|
|
403: /etc/haproxy/errors/403.http
|
|
408: /etc/haproxy/errors/408.http
|
|
500: /etc/haproxy/errors/500.http
|
|
502: /etc/haproxy/errors/502.http
|
|
503: /etc/haproxy/errors/503.http
|
|
504: /etc/haproxy/errors/504.http
|
|
#resolvers:
|
|
# local_dns:
|
|
# options:
|
|
# - nameserver resolvconf 192.168.10.1:53
|
|
# - resolve_retries 3
|
|
# - timeout retry 1s
|
|
# - hold valid 10s
|
|
listens:
|
|
stats:
|
|
bind:
|
|
- "127.0.0.1:8998"
|
|
mode: http
|
|
stats:
|
|
enable: True
|
|
uri: "/admin?stats"
|
|
refresh: "20s"
|
|
frontends:
|
|
frontend1:
|
|
name: www-http
|
|
bind:
|
|
- "*:80"
|
|
- "*:443 ssl crt /etc/pki/chain.pem"
|
|
default_backend: auto
|
|
acls:
|
|
- host_auto hdr_beg(host) -i auto.
|
|
- host_auto-conf hdr_beg(host) -i auto-conf.
|
|
- host_z2m hdr_beg(host) -i zwave2mqtt.
|
|
- host_pihole hdr_beg(host) -i pihole.
|
|
- host_docker-registry hdr_beg(host) -i docker-registry.
|
|
use_backends:
|
|
- auto if host_auto
|
|
- auto-conf if host_auto-conf
|
|
- z2m if host_z2m
|
|
- pihole if host_pihole
|
|
- docker-registry if host_docker-registry
|
|
backends:
|
|
backend1:
|
|
name: auto
|
|
balance: roundrobin
|
|
servers:
|
|
server1:
|
|
name: auto02
|
|
host: 127.0.0.1
|
|
port: 8123
|
|
check: check
|
|
backend2:
|
|
name: auto-conf
|
|
balance: roundrobin
|
|
servers:
|
|
server1:
|
|
name: auto02
|
|
host: 127.0.0.1
|
|
port: 3218
|
|
check: check
|
|
backend3:
|
|
name: z2m
|
|
balance: roundrobin
|
|
servers:
|
|
server1:
|
|
name: auto02
|
|
host: 127.0.0.1
|
|
port: 8091
|
|
check: check
|
|
backend4:
|
|
name: pihole
|
|
balance: roundrobin
|
|
servers:
|
|
server1:
|
|
name: auto02
|
|
host: 127.0.0.1
|
|
port: 8080
|
|
check: check
|
|
backend5:
|
|
name: docker-registry
|
|
balance: roundrobin
|
|
servers:
|
|
server1:
|
|
name: auto02
|
|
host: 127.0.0.1
|
|
port: 5000
|
|
check: check
|
|
options:
|
|
- http-server-close
|
|
extra:
|
|
#- http-request add-header Access-Control-Allow-Origin "http://docker-registry.lan"
|
|
- http-response add-header Access-Control-Allow-Origin "*"
|
|
- http-response add-header Access-Control-Allow-Methods "HEAD, GET, OPTIONS, DELETE"
|
|
- http-response add-header Access-Control-Allow-Headers "Authorization, Accept"
|
|
- http-response add-header Access-Control-Allow-Credentials true
|
|
- http-response add-header Access-Control-Expose-Headers "Docker-Content-Digest"
|
|
|
|
|