From d751ed4027e55938c251640958716249721df289 Mon Sep 17 00:00:00 2001
From: Michael Rennecke <michael.rennecke@gmail.com>
Date: Thu, 20 Jun 2019 22:21:55 +0200
Subject: [PATCH] add prosody reverse proxy

---
 hosts.yaml                          | 5 +++++
 roles/haproxy/templates/haproxy.cfg | 5 +++--
 2 files changed, 8 insertions(+), 2 deletions(-)

diff --git a/hosts.yaml b/hosts.yaml
index 30dd1a7..62b8b5c 100644
--- a/hosts.yaml
+++ b/hosts.yaml
@@ -14,6 +14,7 @@ all:
       # <Domain>: <Backend>
       smokeping.0rpheus.net: smokeping
       seafile.0rpheus.net: odroid
+      jabber.0rpheus.net: prosody
       tt-rss.0rpheus.net: odroid
       mail.0rpheus.net: apache
       blog.0rpheus.net: apache
@@ -25,6 +26,10 @@ all:
         server_defs:
           - "apache 127.0.0.1:8080 check"
 
+      prosody:
+        server_defs:
+          - "prosody 127.0.0.1:5281 check ssl verify none"
+
       odroid:
         server_defs:
           - "odroid 172.30.30.2:80 check"
diff --git a/roles/haproxy/templates/haproxy.cfg b/roles/haproxy/templates/haproxy.cfg
index 4a125fa..5b7f0f4 100644
--- a/roles/haproxy/templates/haproxy.cfg
+++ b/roles/haproxy/templates/haproxy.cfg
@@ -33,9 +33,10 @@ defaults
     option  splice-auto
 
     option  forwardfor
-    # option  forceclose
     option  socket-stats
 
+    no option http-use-htx
+
     timeout http-request 20s 
     timeout connect       5s
     timeout client       50s
@@ -54,7 +55,7 @@ defaults
 
 frontend http
     bind *:80  name http
-    bind *:443 name https ssl crt /etc/haproxy/certs/mail.0rpheus.net.pem crt /etc/haproxy/certs/ ecdhe secp384r1 alpn h2,http/1.1 npn h2,http/1.1
+    bind *:443 name https ssl crt /etc/haproxy/certs/mail.0rpheus.net.pem crt /etc/haproxy/certs/ ecdhe secp384r1 alpn h2,http/1.1
 
     compression algo gzip
     compression type text/html text/plain text/javascript application/javascript application/xml text/css