430431f2f6
- Add order-haproxy config template and provision-order-haproxy-10210.sh (SSH to r630-01) - Document one-time unprivileged CT idmap chown repair when apt fails - Default THE_ORDER_UPSTREAM_* to IP_ORDER_HAPROXY:80; portal bypass via env - Align update-sankofa-npmplus-proxy-hosts.sh, AGENTS, ALL_VMIDS, E2E notes Made-with: Cursor
28 lines
873 B
Plaintext
28 lines
873 B
Plaintext
# HAProxy on VMID 10210 (order-haproxy @ 192.168.11.39).
|
|
# NPMplus terminates TLS and forwards HTTP to :80 here; we proxy to the Sankofa/Order Next.js portal.
|
|
# Deploy: scripts/deployment/provision-order-haproxy-10210.sh (substitutes __BACKEND_HOST__ / __BACKEND_PORT__).
|
|
|
|
global
|
|
log stdout format raw local0
|
|
maxconn 4096
|
|
|
|
defaults
|
|
log global
|
|
mode http
|
|
option httplog
|
|
option dontlognull
|
|
option forwardfor
|
|
timeout connect 10s
|
|
timeout client 300s
|
|
timeout server 300s
|
|
timeout tunnel 3600s
|
|
|
|
frontend fe_http
|
|
bind *:80
|
|
# Client used HTTPS at NPM; help Next.js / auth callbacks
|
|
http-request set-header X-Forwarded-Proto https if !{ hdr(X-Forwarded-Proto) -m found }
|
|
default_backend be_portal
|
|
|
|
backend be_portal
|
|
server portal __BACKEND_HOST__:__BACKEND_PORT__ check inter 10s fall 3 rise 2 maxconn 1000
|