§2024-06-05
Ask chatGPT
I got a haprpxy.cfg as
global
log /dev/log local0
log /dev/log local1 notice
chroot /var/lib/haproxy
stats socket /run/haproxy/admin.sock mode 660 level admin
stats timeout 30s
user haproxy
group haproxy
daemon
# Default SSL material locations
ca-base /etc/ssl/certs
crt-base /etc/ssl/private
# See: https://ssl-config.mozilla.org/#server=haproxy&server-version=2.0.3&config=intermediate
ssl-default-bind-ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384
ssl-default-bind-ciphersuites TLS_AES_128_GCM_SHA256:TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256
ssl-default-bind-options ssl-min-ver TLSv1.2 no-tls-tickets
defaults
log global
mode http
option httplog
option dontlognull
timeout connect 5000
timeout client 50000
timeout server 50000
errorfile 400 /etc/haproxy/errors/400.http
errorfile 403 /etc/haproxy/errors/403.http
errorfile 408 /etc/haproxy/errors/408.http
errorfile 500 /etc/haproxy/errors/500.http
errorfile 502 /etc/haproxy/errors/502.http
errorfile 503 /etc/haproxy/errors/503.http
errorfile 504 /etc/haproxy/errors/504.http
frontend http_80_front
# bind *:443 ssl crt /etc/letsencrypt/live/munetaka.me/fullchain.pem key /etc/letsencrypt/live/munetaka.me/privkey.pem
bind *:443 ssl crt /etc/letsencrypt/live/munetaka.me/haproxy.pem
default_backend http_8088_back
backend http_8088_back
server nginx_server 127.0.0.1:8088 ssl verify none
and a snapd ubuntu version nextCloud running on http://hc4Noble.yushei.net:45101, and config is
sudo cat /var/snap/nextcloud/current/nextcloud/config/config.php
[sudo] password for alexlai:
<?php
$CONFIG = array (
'apps_paths' =>
array (
0 =>
array (
'path' => '/snap/nextcloud/current/htdocs/apps',
'url' => '/apps',
'writable' => false,
),
1 =>
array (
'path' => '/var/snap/nextcloud/current/nextcloud/extra-apps',
'url' => '/extra-apps',
'writable' => true,
),
),
'supportedDatabases' =>
array (
0 => 'mysql',
),
'memcache.locking' => '\\OC\\Memcache\\Redis',
'memcache.local' => '\\OC\\Memcache\\Redis',
'redis' =>
array (
'host' => '/tmp/sockets/redis.sock',
'port' => 0,
),
'log_type' => 'file',
'logfile' => '/var/snap/nextcloud/current/logs/nextcloud.log',
'logfilemode' => 416,
'instanceid' => 'ocktmzjp78j5',
'passwordsalt' => '2ZfHuWqwZy+zZKp0pII7pgdqON3Oh+',
'secret' => '5lgkZeOmtIJHkZqIlAdjcSvR+1DC35TGGTo+AsT+lWvb5Ee+',
'trusted_domains' =>
array (
0 => '192.168.48.239',
1 => 'munetaka.me:45103',
2 => 'hc4Noble.yushei.net:45101',
),
0 =>
array (
'trusted_proxies' =>
array (
0 => 'munetaka.me',
),
'overwriteprotocol' => 'https',
'overwrite.cli.url' => 'https://munetaka.me:45103',
),
'datadirectory' => '/var/snap/nextcloud/common/nextcloud/data',
'dbtype' => 'mysql',
'version' => '28.0.6.1',
'dbname' => 'nextcloud',
'dbhost' => 'localhost:/tmp/sockets/mysql.sock',
'dbport' => '',
'dbtableprefix' => 'oc_',
'mysql.utf8mb4' => true,
'dbuser' => 'nextcloud',
'dbpassword' => 'kG0vW58f9kql1zJURcCGZ4XVQitMeIYWBoktQOOcbIZVt3EOvjb8fm6lyUo3JRjt',
'installed' => true,
'allow_local_remote_servers' => true,
'maintenance' => false,
'mail_smtpmode' => 'smtp',
'mail_smtpsecure' => 'ssl',
'mail_sendmailmode' => 'smtp',
'loglevel' => 2,
'maintenance_window_start' => 1,
);
How to modify to work with HAProxy new load balance/
To configure HAProxy to work as a load balancer for your Nextcloud instance, you'll need to update your HAProxy configuration file to properly route traffic to your Nextcloud instance running on hc4Noble.yushei.net:45101.
Here's a modified version of your haproxy.cfg file with the necessary changes:
Frontend Configuration: You'll need to add a new frontend section to handle HTTP traffic on port 80 and HTTPS traffic on port 443, and route it to the backend. Backend Configuration: Add a backend section to handle the Nextcloud server, ensuring it points to the correct internal IP and port. Here’s the updated haproxy.cfg:
haproxy コードをコピーする global log /dev/log local0 log /dev/log local1 notice chroot /var/lib/haproxy stats socket /run/haproxy/admin.sock mode 660 level admin stats timeout 30s user haproxy group haproxy daemon
# Default SSL material locations
ca-base /etc/ssl/certs
crt-base /etc/ssl/private
# See: https://ssl-config.mozilla.org/#server=haproxy&server-version=2.0.3&config=intermediate
ssl-default-bind-ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384
ssl-default-bind-ciphersuites TLS_AES_128_GCM_SHA256:TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256
ssl-default-bind-options ssl-min-ver TLSv1.2 no-tls-tickets
defaults log global mode http option httplog option dontlognull timeout connect 5000 timeout client 50000 timeout server 50000 errorfile 400 /etc/haproxy/errors/400.http errorfile 403 /etc/haproxy/errors/403.http errorfile 408 /etc/haproxy/errors/408.http errorfile 500 /etc/haproxy/errors/500.http errorfile 502 /etc/haproxy/errors/502.http errorfile 503 /etc/haproxy/errors/503.http errorfile 504 /etc/haproxy/errors/504.http
frontend http_80_front bind *:80 redirect scheme https code 301 if !{ ssl_fc }
frontend https_443_front bind *:443 ssl crt /etc/letsencrypt/live/munetaka.me/haproxy.pem default_backend nextcloud_backend
backend nextcloud_backend server nextcloud_server hc4Noble.yushei.net:45101 Explanation: Frontend Configuration:
frontend http_80_front: Binds to port 80 and redirects all HTTP traffic to HTTPS. frontend https_443_front: Binds to port 443 and handles HTTPS traffic, using the SSL certificate located at /etc/letsencrypt/live/munetaka.me/haproxy.pem. Backend Configuration:
backend nextcloud_backend: Defines a backend for the Nextcloud server, pointing to the internal server address hc4Noble.yushei.net:45101. Nextcloud Configuration: Update the Nextcloud configuration to reflect the use of HAProxy. Ensure that the trusted_proxies and overwrite.cli.url settings are correctly set. Here's the relevant section of your config.php:
php コードをコピーする
Return to Top