public-mirrors/NewsBlur-viq
1
0
Fork 0
mirror of https://github.com/viq/NewsBlur.git synced 2025-09-18 21:43:31 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

Updating keys to fix haproxy.

Browse source
This commit is contained in:
Samuel Clay 2021-02-08 22:40:06 -05:00
parent 30eab70fdf
commit 4981978046
3 changed files with 9 additions and 6 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

3
ansible/roles/haproxy/tasks/main.yml
View file

@ -14,4 +14,7 @@
expose:
- "80"
volumes:
- /srv/newsblur:/srv/newsblur
- /etc/letsencrypt/live/newsblur.com/:/etc/letsencrypt/live/newsblur.com/
- /etc/letsencrypt/archive/newsblur.com/:/etc/letsencrypt/archive/newsblur.com/
- /srv/newsblur/docker/haproxy:/usr/local/etc/haproxy

2
ansible/roles/letsencrypt/defaults/main.yml
View file

@ -17,7 +17,7 @@ domains_list:
- popular.global.newsblur.com
ssl_certificate: /srv/newsblur/config/certificates/newsblur.com.pem
ssl_certificate_key: /srv/newsblur/config/certificates/newsblur.com.key
ssl_certificate_key: /srv/newsblur/config/certificates/newsblur.com.pem.key
dnsimple_credentials_path: /srv/newsblur/config/certificates/certbot.conf
# DNS email (used for Cloudflare, LuaDNS)

10
docker/haproxy/haproxy.cfg
View file

@ -36,12 +36,9 @@ defaults
frontend public
bind :80
bind :443 ssl crt /srv/newsblur/config/certificates/newsblur.com.pem #ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES128-SHA:AES256-SHA256:AES256-SHA no-sslv3
rspadd Strict-Transport-Security:\ max-age=0;\ includeSubDomains
http-response add-header Strict-Transport-Security max-age=0;\ includeSubDomains
option http-server-close
# Redirect all HTTP traffic to HTTPS
redirect scheme https code 301 if !{ ssl_fc }
acl gunicorn_dead nbsrv(gunicorn) lt 1
acl nginx_dead nbsrv(nginx) lt 1
acl mx_mode nbsrv(maintenance) lt 1
@ -53,6 +50,9 @@ frontend public
monitor fail if nginx_dead
monitor fail if mx_mode
# Redirect all HTTP traffic to HTTPS
redirect scheme https code 301 if !{ ssl_fc }
use_backend node_socket if { path_beg /v2/socket.io/ }
use_backend node_favicon if { path_beg /rss_feeds/icon/ }
use_backend node_text if { path_beg /rss_feeds/original_text_fetcher }
@ -154,7 +154,7 @@ backend elasticsearch
server es-search01 elasticsearch:9300 check inter 2000ms
backend maintenance
option httpchk HEAD /maintenance HTTP/1.1\r\nHost:\ www
option httpchk HEAD /maintenance
http-check expect status 404
http-check send-state
server nginx nginx:81 check inter 3000ms