/munetakaJupyterHub/Computer/2024/HAProxy/ubuntuLinux/83-chatGPT_haproxy

§2024-06-06

This is my config.php for Nextcloud running at hc4Nobel.yushei.net:45101

<?php
$CONFIG = array (
  'apps_paths' => 
  array (
    0 => 
    array (
      'path' => '/snap/nextcloud/current/htdocs/apps',
      'url' => '/apps',
      'writable' => false,
    ),
    1 => 
    array (
      'path' => '/var/snap/nextcloud/current/nextcloud/extra-apps',
      'url' => '/extra-apps',
      'writable' => true,
    ),
  ),
  'supportedDatabases' => 
  array (
    0 => 'mysql',
  ),
  'memcache.locking' => '\\OC\\Memcache\\Redis',
  'memcache.local' => '\\OC\\Memcache\\Redis',
  'redis' => 
  array (
    'host' => '/tmp/sockets/redis.sock',
    'port' => 0,
  ),
  'log_type' => 'file',
  'logfile' => '/var/snap/nextcloud/current/logs/nextcloud.log',
  'logfilemode' => 416,
  'instanceid' => 'ocktmzjp78j5',
  'passwordsalt' => '2ZfHuWqwZy+zZKp0pII7pgdqON3Oh+',
  'secret' => '5lgkZeOmtIJHkZqIlAdjcSvR+1DC35TGGTo+AsT+lWvb5Ee+',
  'trusted_domains' => 
  array (
    0 => '192.168.48.239',
    1 => 'munetaka.me:45101',
    2 => 'hc4Noble.yushei.net:45101',
  ),
  0 => 
  array (
    'trusted_proxies' => 
    array (
      0 => 'munetaka.me',
    ),
  ),
  'datadirectory' => '/var/snap/nextcloud/common/nextcloud/data',
  'dbtype' => 'mysql',
  'version' => '28.0.6.1',
  'dbname' => 'nextcloud',
  'dbhost' => 'localhost:/tmp/sockets/mysql.sock',
  'dbport' => '',
  'dbtableprefix' => 'oc_',
  'mysql.utf8mb4' => true,
  'dbuser' => 'nextcloud',
  'dbpassword' => 'kG0vW58f9kql1zJURcCGZ4XVQitMeIYWBoktQOOcbIZVt3EOvjb8fm6lyUo3JRjt',
  'installed' => true,
  'allow_local_remote_servers' => true,
  'maintenance' => false,
  'mail_smtpmode' => 'smtp',
  'mail_smtpsecure' => 'ssl',
  'mail_sendmailmode' => 'smtp',
  'loglevel' => 2,
  'maintenance_window_start' => 1,
);

Here is my haproxy.cfg running at munetaka.me

global
        log /dev/log    local0
        log /dev/log    local1 notice
        chroot /var/lib/haproxy
        stats socket /run/haproxy/admin.sock mode 660 level admin
        stats timeout 30s
        user haproxy
        group haproxy
        daemon

        # Default SSL material locations
        ca-base /etc/ssl/certs
        crt-base /etc/ssl/private

        # See: https://ssl-config.mozilla.org/#server=haproxy&server-version=2.0.3&config=intermediate
        ssl-default-bind-ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384
        ssl-default-bind-ciphersuites TLS_AES_128_GCM_SHA256:TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256
        ssl-default-bind-options ssl-min-ver TLSv1.2 no-tls-tickets

defaults
        log     global
        mode    http
        option  httplog
        option  dontlognull
        timeout connect 5000
        timeout client  50000
        timeout server  50000
        errorfile 400 /etc/haproxy/errors/400.http
        errorfile 403 /etc/haproxy/errors/403.http
        errorfile 408 /etc/haproxy/errors/408.http
        errorfile 500 /etc/haproxy/errors/500.http
        errorfile 502 /etc/haproxy/errors/502.http
        errorfile 503 /etc/haproxy/errors/503.http
        errorfile 504 /etc/haproxy/errors/504.http

frontend front_https_443
    # bind *:443 ssl crt /etc/letsencrypt/live/munetaka.me/fullchain.pem key /etc/letsencrypt/live/munetaka.me/privkey.pem
    bind *:443 ssl crt /etc/letsencrypt/live/munetaka.me/haproxy.pem
    default_backend back_http_nginx_8088

backend back_http_nginx_8088
    server nginx_server 127.0.0.1:8088 check

# 2024-06-05 add nextCLoud 
frontend front_https_nextCloud_45101
    bind *:45101 ssl crt /etc/letsencrypt/live/munetaka.me/haproxy.pem
    default_backend back_http_nextCloud_45101

backend  back_http_nextCloud_45101
    server nextcloud_server hc4Noble.yushei.net:45101 check

# Caddy Server
frontend front_https_caddy_h2jammy_43889
    bind *:43889 ssl crt /etc/letsencrypt/live/munetaka.me/haproxy.pem
    default_backend back_https_caddy_h2jammy_43889

backend back_https_caddy_h2jammy_43889
    server h2jammy_server h2Jammy.yushei.net:43889 check # ssl verify none check

# YsMeeting Service
frontend front_https_ysmeeting_43410
    bind *:43410 ssl crt /etc/letsencrypt/live/munetaka.me/haproxy.pem
    default_backend back_http_ysmeeting_43410

backend back_http_ysmeeting_43410
    # server ysmeeting_server h2nas03.yushei.com.tw:43410 ssl verify none
    # will cause 503 error
    server ysmeeting_server h2nas03.yushei.com.tw:43410 check

Why https://munetaka.me:45101 was clicked it will be http://munetaka.me:45101/index.php/login whatich a the nectCloud login? I only have to change it into https://munetaka.me:45101/index.php/login then works fine.