diff options
| author | Lain Iwakura <lain@lainmail.xyz> | 2025-12-30 14:14:51 +0300 |
|---|---|---|
| committer | Lain Iwakura <lain@lainmail.xyz> | 2025-12-30 14:14:51 +0300 |
| commit | 2f5ecc3b8d48ce7b1496d276d4efa6d6f100a591 (patch) | |
| tree | e7e2541cd7b970614e663acc8a4189aae9a79c57 | |
| parent | feat(httpd): fix config (diff) | |
| download | infra-2f5ecc3b8d48ce7b1496d276d4efa6d6f100a591.tar.gz infra-2f5ecc3b8d48ce7b1496d276d4efa6d6f100a591.zip | |
fix(relayd): fix config
| -rw-r--r-- | etc/relayd.conf | 24 |
1 files changed, 16 insertions, 8 deletions
diff --git a/etc/relayd.conf b/etc/relayd.conf index 23e69bb..40fb565 100644 --- a/etc/relayd.conf +++ b/etc/relayd.conf @@ -1,6 +1,9 @@ ip4="193.26.157.243" + table <www> { 127.0.0.1 } -table <home> { REPLACEME } +table <chat> { 127.0.0.1 } +table <text> { REPLACEME } +table <git> { REPLACEME } log connection @@ -9,16 +12,19 @@ http protocol https { match request header append "X-Forwarded-By" \ value "$SERVER_ADDR:$SERVER_PORT" match request header set "Connection" value "close" + tcp { sack, backlog 128 } + tls { keypair iwakura.page } tls { keypair text.iwakura.page } tls { keypair git.iwakura.page } tls { keypair chat.iwakura.page } + match request header "Host" value "iwakura.page" forward to <www> match request header "Host" value "www.iwakura.page" forward to <www> - match request header "Host" value "text.iwakura.page" forward to <home> - match request header "Host" value "git.iwakura.page" forward to <home> - match request header "Host" value "chat.iwakura.page" forward to <www> + match request header "Host" value "chat.iwakura.page" forward to <chat> + match request header "Host" value "text.iwakura.page" forward to <text> + match request header "Host" value "git.iwakura.page" forward to <git> match response header append "Strict-Transport-Security" value "max-age=31536000; includeSubDomains; preload" match response header append "Cache-Control" value "public, max-age=86400" match response header append "Content-Security-Policy" value "default-src 'self'; script-src 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; object-src 'none';" @@ -26,19 +32,21 @@ http protocol https { match response header append "X-Frame-Options" value "SAMEORIGIN" match response header append "Referrer-Policy" value "no-referrer" match response header append "Permissions-Policy" value "interest-cohort=()" + match request header set "Accept-Encoding" value "gzip, deflate" } relay wwwtls { listen on $ip4 port 443 tls protocol https + forward to <www> port 8080 check tcp - forward to <www> port 7070 check tcp - forward to <home> port 8834 check tcp - forward to <home> port 8855 check tcp + forward to <chat> port 7070 check tcp + forward to <text> port 8834 check tcp + forward to <git> port 8855 check tcp } relay gitdaemon { listen on $ip4 port 9418 - forward to <home> port 9418 check tcp + forward to <git> port 9418 check tcp } |