BDeliers · April 18, 2025 13:29
diff --git a/haproxy.cfg b/haproxy.cfg
 global
 	log /dev/log	local0
 	log /dev/log	local1 notice
 	chroot /var/lib/haproxy
 	stats socket /run/haproxy/admin.sock mode 660 level admin
 	stats timeout 30s
 	user haproxy
 	group haproxy
 	daemon

 	# Default SSL material locations
 	ca-base /etc/ssl/certs
 	crt-base /etc/ssl/private

 	# See: https://ssl-config.mozilla.org/#server=haproxy&server-version=2.0.3&config=intermediate
        ssl-default-bind-ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384
        ssl-default-bind-ciphersuites TLS_AES_128_GCM_SHA256:TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256
        ssl-default-bind-options ssl-min-ver TLSv1.2 no-tls-tickets

 defaults
 	log	global
 	mode	http
 	option	httplog
 	option	dontlognull
        timeout connect 5000
        timeout client  50000
        timeout server  50000
 	errorfile 400 /etc/haproxy/errors/400.http
 	errorfile 403 /etc/haproxy/errors/403.http
 	errorfile 408 /etc/haproxy/errors/408.http
 	errorfile 500 /etc/haproxy/errors/500.http
 	errorfile 502 /etc/haproxy/errors/502.http
 	errorfile 503 /etc/haproxy/errors/503.http
 	errorfile 504 /etc/haproxy/errors/504.http

 userlist userAuth
 	# Encode password with mkpasswd -m sha-256 <pass>
    user <user> password <pass>

 frontend public
        bind :::80 v4v6
        use_backend webcam if { path_beg /webcam }
        default_backend octoprint

 backend octoprint
        http-request replace-path ^([^\ :]*)\ /(.*) \1\ /\2
        option forwardfor
        server octoprint1 127.0.0.1:5000

 backend webcam
        http-request replace-path ^([^\ :]*)\ /webcam/(.*) \1\ /\2
        server webcam1  127.0.0.1:1984

        acl is_localnet src 192.168.1.0/24
        acl is_auth_ok http_auth(userAuth)
        http-request auth realm Authenticated if !is_localnet !is_auth_ok
	global
	log /dev/log local0
	log /dev/log local1 notice
	chroot /var/lib/haproxy
	stats socket /run/haproxy/admin.sock mode 660 level admin
	stats timeout 30s
	user haproxy
	group haproxy
	daemon

	# Default SSL material locations
	ca-base /etc/ssl/certs
	crt-base /etc/ssl/private

	# See: https://ssl-config.mozilla.org/#server=haproxy&server-version=2.0.3&config=intermediate
	ssl-default-bind-ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384
	ssl-default-bind-ciphersuites TLS_AES_128_GCM_SHA256:TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256
	ssl-default-bind-options ssl-min-ver TLSv1.2 no-tls-tickets

	defaults
	log global
	mode http
	option httplog
	option dontlognull
	timeout connect 5000
	timeout client 50000
	timeout server 50000
	errorfile 400 /etc/haproxy/errors/400.http
	errorfile 403 /etc/haproxy/errors/403.http
	errorfile 408 /etc/haproxy/errors/408.http
	errorfile 500 /etc/haproxy/errors/500.http
	errorfile 502 /etc/haproxy/errors/502.http
	errorfile 503 /etc/haproxy/errors/503.http
	errorfile 504 /etc/haproxy/errors/504.http

	userlist userAuth
	# Encode password with mkpasswd -m sha-256 <pass>
	user <user> password <pass>

	frontend public
	bind :::80 v4v6
	use_backend webcam if { path_beg /webcam }
	default_backend octoprint

	backend octoprint
	http-request replace-path ^([^\ :])\ /(.) \1\ /\2
	option forwardfor
	server octoprint1 127.0.0.1:5000

	backend webcam
	http-request replace-path ^([^\ :])\ /webcam/(.) \1\ /\2
	server webcam1 127.0.0.1:1984

	acl is_localnet src 192.168.1.0/24
	acl is_auth_ok http_auth(userAuth)
	http-request auth realm Authenticated if !is_localnet !is_auth_ok