Newer
Older
global
log /dev/log local0 info
log /dev/log local0 notice
ssl-default-bind-ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA
defaults
log global
mode http
option forwardfor
option httpclose
compression algo gzip
compression type text/html text/plain text/css application/javascript
frontend http-in
bind *:80
{{ range $host, $container := groupBy $ "Env.AUTOCONFIG_HOST" }}
redirect location https://{{ $host }}/mail/config-v1.1.xml code 301 if { hdr_beg(host) -i autoconfig }
{{end}}
bind *:443 ssl no-sslv3 crt /etc/haproxy/certs
reqadd X-Forwarded-Proto:\ https
rspadd Strict-Transport-Security:\ max-age=15768000
{{ range $host, $containers := groupByMulti $ "Env.VIRTUAL_HOST" "," }}
{{ $reverseProxyFor := (first (groupByKeys $containers "Env.REVERSE_PROXY_FOR")) }}
{{ if $reverseProxyFor }}:12:17:52 +0000] "GET /login HTTP/1.1" 200 9114 "-" "Mozilla/5.0 (Linux) mirall/2.5.2git (Nextcloud)"
in NC ( app)
10.0.241.4 - 12/Jun/2019:12:17:59 +0000 "POST /index.php" 303, 10.0.241.4 - 12/Jun/2019:12:17:52 +0000 "GET /index.php" 200, 10.0.241.4 - 12/Jun/2019:12:17:57 +0000 "POST /index.php" 303, 10.0.241.4 - 12/Jun/2019:12:17:57 +0000 "GET /index.php" 200, 10.0.241.4 - 12/Jun/2019:12:17:59 +0000 "GET /index.php" 302
On the client 2.5.2
[OCC::AccessManager::createRequest 2 "" "https://dock.ekimia.fr/status.php" has X-Request-ID "fd0e0377-370b-45ee-807b-66611c2fd6a1" [OCC::AbstractNetworkJob::start OCC::CheckServerJob created for "https://dock.ekimia.fr" + "status.php" "OCC::OwncloudSetupWizard" [OCC::CheckServerJob::finished No SSL session identifier / session ticket is used, this might impact sync performance negatively. [OCC::CheckServerJob::finished status.php returns: QJsonDocument({"edition":"","installed":true,"maintenance":false,"needsDbUpgrade":false,"productname":"Nextcloud","version":"15.0.4.0","versionstring":"15.0.4"}) QNetworkReply::NetworkError(NoError) Reply: QNetworkReplyHttpImpl(0x560151ad9910) [OCC::DetermineAuthTypeJob::start Determining auth type for QUrl("https://dock.ekimia.fr/remote.php/webdav/") [OCC::AccessManager::createRequest 2 "" "https://dock.ekimia.fr/remote.php/webdav/" has X-Request-ID "844ed18d-b8e9-4845-90b4-9c106b8b5b05" [OCC::AbstractNetworkJob::start OCC::SimpleNetworkJob created for "https://dock.ekimia.fr" + "" "OCC::Account" [OCC::AccessManager::createRequest 6 "PROPFIND" "https://dock.ekimia.fr/remote.php/webdav/" has X-Request-ID "0101c3d3-9fc1-4eb1-a2b0-08b1cce06444" [OCC::AbstractNetworkJob::start OCC::SimpleNetworkJob created for "https://dock.ekimia.fr" + "" "OCC::Account" [OCC::DetermineAuthTypeJob::checkBothDone Auth type for QUrl("https://dock.ekimia.fr/remote.php/webdav/") is 3 [OCC::WebViewPage::initializePage Url to auth at: "https://dock.ekimia.fr/index.php/login/flow"
Links
Flow login doc https://docs.nextcloud.com/server/15/developer_manual/client_apis/LoginFlow/index.html
a similar issue https://github.com/nextcloud/desktop/issues/279
Edited 1 week ago by ekimia
ekimia @freechelmi changed the description 1 week ago
ekimia @freechelmi added To Do label 1 week ago
ekimia @freechelmi changed the description 3 times within 3 minutes 1 week ago
ekimia @freechelmi changed the description 6 times within 9 minutes 1 week ago
use_backend {{ $host }}-acme if acme { hdr(host) -i {{ $host }} }
{{end}}
{{end}}
{{ range $host, $containers := groupBy $ "Env.LIBRESH_WEBHOOK_HOST" }}
use_backend webhook if { path_beg /XxosJDdRpo7Rww87VkJGzv1QLegnhh-uniq-libresh }
{{end}}
{{ range $host, $containers := groupByMulti $ "Env.VIRTUAL_HOST" "," }}
use_backend {{ $host}} if { hdr(host) -i {{ $host }} }
use_backend {{ $host}} if { hdr(host) -i {{ $host }}:443 }
{{ range $host, $containers := groupByMulti $ "Env.VIRTUAL_HOST" "," }}
{{ $reverseProxyFor := (first (groupByKeys $containers "Env.REVERSE_PROXY_FOR")) }}
{{ if $reverseProxyFor }}
backend {{ $host }}-acme
server Server {{ $reverseProxyFor }}:80
{{end}}
{{ if $reverseProxyFor }}
http-request set-header Host {{ $host }}
server Server {{ $reverseProxyFor }}:443 ssl sni str({{ $host }}) ca-file ca-certificates.crt
{{ if eq $networkLen 1 }}
{{ $network := index $container.Networks 0 }}
server Server {{ $network.IP }}:80 cookie Server
{{ else }}
{{ range $network := $container.Networks }}
{{ if eq $network.Name "lb_web" }}
server Server {{ $network.IP }}:80 cookie Server
{{ range $host, $containers := groupBy $ "Env.LIBRESH_WEBHOOK_HOST" }}
backend webhook
cookie SERVERID insert nocache indirect
server Server webhook:80 cookie Server
{{end}}