Adding Mail support

2020-02-13 22:19:31 +01:00 · 2020-02-13 22:19:31 +01:00 · d07555a3ab
parent 3b295ae4e9
commit d07555a3ab
1 changed files with 45 additions and 36 deletions
--- a/zone_route/haproxy.md
+++ b/zone_route/haproxy.md
@ -117,6 +117,7 @@ frontend all-web-in
    tcp-request inspect-delay 5s
    tcp-request content accept if { req_ssl_hello_type 1 }
    use_backend is-admin if { req_ssl_sni -i pve.sessionkrkn.fr }
+    use_backend is-admin if { req_ssl_sni -i rspamd.sessionkrkn.fr }
    default_backend is-user
        
 frontend user-web-in
@ -125,22 +126,30 @@ frontend user-web-in
    bind abns@haproxy-user accept-proxy ssl accept-proxy no-sslv3 crt /etc/ssl/letsencrypt interface eth0
    acl host_letsencrypt path_beg /.well-known/acme-challenge
    acl authorized_host hdr_end(host) sessionkrkn.fr
+    acl mail hdr_end(host) mail.sessionkrkn.fr
+    acl rspamd path_beg /rspamd/
    acl ctf_host hdr_end(host) ctf.sessionkrkn.fr
+    acl ctf_host hdr_end(host) web.sessionkrkn.fr
    acl host_www hdr_beg(host) -i www.
-	reqirep ^Host:\ www.(.*)$ Host:\ \1 if host_www !host_letsencrypt
+
+    reqirep ^Host:\ www.(.*)$ Host:\ \1 if host_www !host_letsencrypt !mail
    reqadd X-Forwarded-Proto:\ http
    reqadd X-Forwarded-Proto:\ https
-	redirect scheme https code 301 if !{ ssl_fc } authorized_host !host_letsencrypt
-	use_backend nginx-ctf if ctf_host
-	use_backend letsencrypt if host_letsencrypt 
-	use_backend reverse-nginx if authorized_host !ctf_host
+
+    redirect scheme https code 301 if !{ ssl_fc } authorized_host !host_letsencrypt !mail
+    use_backend nginx-ctf if ctf_host !host_letsencrypt !mail
+    use_backend letsencrypt if host_letsencrypt !mail 
+    use_backend reverse-nginx if authorized_host !ctf_host OR mail
    default_backend drop-http

 frontend admin-in
    mode http
    bind abns@haproxy-admin accept-proxy ssl no-sslv3 crt /etc/ssl/letsencrypt ca-file /home/hasync/pve.crt verify required interface eth0
    acl is_auth ssl_c_s_dn(cn) -i -f /etc/haproxy/allowed_cn.txt
-	use_backend pve-interface if { ssl_fc_has_crt } is_auth
+    acl pve hdr_end(host) pve.sessionkrkn.fr
+    acl rspamd hdr_end(host) rspamd.sessionkrkn.fr
+    use_backend reverse-nginx if { ssl_fc_has_crt } is_auth rspamd
+    use_backend pve-interface if { ssl_fc_has_crt } is_auth pve
    default_backend drop-http
        
 backend is-admin