Verified Commit 5980c7ff authored by Elias Ojala's avatar Elias Ojala
Browse files

HAproxy

parent 784051ab
......@@ -36,6 +36,14 @@ sudo certbot --server https://acme-v02.api.letsencrypt.org/directory \
sudo certbot certonly --webroot -w /var/www/certbot/example.com -d example.com
```
## HTTP (used by [Haproxy examples](/haproxy))
```bash
sudo certbot certonly --standalone --preferred-challenges http \
--server https://acme-v02.api.letsencrypt.org/directory --http-01-port 12345 \
-d example.com
```
## DH params
```bash
......
---
title: Haproxy
permalink: /haproxy/
---
## Base configuration
Coming soon
## Let's Encrypt
Use this utility to convert certs outputted by Certbot to ones compatible by HAProxy.
* [LE-Combiner](https://github.com/theel0ja/haproxy-scripts/blob/master/le-combiner/)
To generate certificates, see [this guide](certbot.md#http-used-by-haproxy-examples).
### Cronjob (root)
```
0 12 */3 * * /root/haproxy-scripts/le-combiner/le-combiner.sh
```
## User-Agent Blocklist
* [Repository](https://git.lelux.fi/theel0ja/useragent-blocklist)<br>
Mirrors:
* [gitlab.com](https://gitlab.com/theel0ja/useragent-blocklist)
* [github.com](https://github.com/theel0ja/useragent-blocklist)
### Haproxy configuration
```haproxy
frontend https-in
...
# Bad bots
# https://haproxy-dl.lelux.fi/blocked-ua.lst
acl bad_ua req.fhdr(User-Agent) -i -f /etc/haproxy/useragent-blocklist/blocked-ua.lst
use_backend bad_guy if bad_ua !{ path /robots.txt }
...
backend bad_guy
mode http
errorfile 503 /etc/haproxy/useragent-blocklist/haproxy-error.html
```
#### Should return `403`
```bash
curl https://YOUR_SERVER/example.html --header "User-Agent: YisouSpider" -I
```
#### Should return `200` (assuming it normally would)
```bash
curl https://YOUR_SERVER/robots.txt --header "User-Agent: YisouSpider" -I
```
### Cronjob (with user that has permissions to `/etc/haproxy/useragent-blocklist/`)
```
0 */3 * * * cd /etc/haproxy/useragent-blocklist && git pull
```
## Docker
Coming soon
\ No newline at end of file
......@@ -8,16 +8,19 @@ permalink: /
* [Certbot](/certbot)
* [Wireguard](/wireguard)
* [Nginx](/nginx)
* [HAProxy](/haproxy)
* [LXD](/lxd)
Other:
* [MySQL](/mysql)
* [Phusion Passenger](/phusion-passenger)
* [Useful tools](/server-linux/useful-tools)
<!-- * [HAProxy](/haproxy) -->
## Desktop Linux
* [Firefox](https://github.com/theel0ja/firefox-recommendations/blob/master/README.md)
* [uBlock Origin](https://github.com/theel0ja/ubo-recommendations/blob/master/README.md)
* [Firefox](https://theel0ja.info/ubo-recommendations/) ([github](https://github.com/theel0ja/firefox-recommendations/blob/master/README.md))
* [uBlock Origin](https://theel0ja.info/ubo-recommendations/) ([github](https://github.com/theel0ja/ubo-recommendations/blob/master/README.md))
* [Arch Linux](/arch-linux)
* Solus
* [WireGuard on Solus](/wireguard-on-solus)
......@@ -65,4 +68,4 @@ permalink: /
<hr>
<a href="https://git.lelux.fi/Lelux/wiki">Source code</a>
[Source code](https://git.lelux.fi/Lelux/wiki) (mirrors: [gitlab](https://gitlab.com/theel0ja/wiki), [github](https://github.com/theel0ja/Lelux-wiki))
\ No newline at end of file
......@@ -8,4 +8,4 @@ permalink: /server-linux/useful-tools
## commands to remember
`sudo named-checkconf` - check dns configuration
`sudo named-checkconf` - check bind/named dns configuration
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment