From c8a545c0470d5e29e236f6dbd8c03a184d52826a Mon Sep 17 00:00:00 2001
From: Ivan Reshetnikov <admin@comfycamp.space>
Date: Sat, 9 Nov 2024 16:45:48 +0500
Subject: [PATCH] Start haproxy even if dns resolution fails, enable forwardfor

---
 roles/haproxy/files/haproxy.cfg | 24 +++++-------------------
 1 file changed, 5 insertions(+), 19 deletions(-)

diff --git a/roles/haproxy/files/haproxy.cfg b/roles/haproxy/files/haproxy.cfg
index 286a26d..e240583 100644
--- a/roles/haproxy/files/haproxy.cfg
+++ b/roles/haproxy/files/haproxy.cfg
@@ -11,6 +11,7 @@ global
 defaults
 	log	global
 	mode	http
+    option forwardfor
 	option	httplog
 	option	dontlognull
         timeout connect 5000
@@ -23,7 +24,7 @@ defaults
 	errorfile 502 /usr/local/etc/haproxy/errors/502.http
 	errorfile 503 /usr/local/etc/haproxy/errors/503.http
 	errorfile 504 /usr/local/etc/haproxy/errors/504.http
-
+    default-server init-addr last,libc,none
 
 frontend http
     mode http
@@ -45,7 +46,6 @@ frontend http
     acl host_comfycamp_tor hdr(host) -i comfycgmgfvowbbw2ckkobuvk4cejo2e56uxrhznravxnrl7itftpkad.onion
     use_backend comfycamp if host_comfycamp_tor
 
-
 frontend https
     mode http
     bind :443 ssl crt /usr/local/etc/haproxy/certs
@@ -116,7 +116,6 @@ frontend https
     acl host_mta_sts hdr(host) -i mta-sts.comfycamp.space
     use_backend mta_sts if host_mta_sts
 
-
 frontend matrix-federation
     bind :8448 ssl crt /usr/local/etc/haproxy/certs
     http-request set-header X-Forwarded-Proto https if { ssl_fc }
@@ -136,7 +135,6 @@ backend comfycamp
 
 backend mastodon
     mode http
-    option forwardfor
     http-response set-header Referrer-Policy same-origin
     http-response set-header Onion-Location http://mcomfyzeyibt2unmkttoxa2li2dzpsljcp3sasrioqsks4ayrl5kk2ad.onion%[capture.req.uri]
     server s1 mastodon-web-1:3000 check
@@ -144,50 +142,42 @@ backend mastodon
 
 backend mastodon_streaming
     mode http
-    option forwardfor
     option http-server-close
     timeout tunnel 1h
     server green mastodon-streaming:4000 check
 
 backend vaultwarden
     mode http
-    option forwardfor
     server green vaultwarden:80 check
 
 backend minio_console
     mode http
-    option forwardfor
     server green minio:9001 check
 
 backend minio
     mode http
     http-response set-header Access-Control-Allow-Origin https://m.comfycamp.space
-    option forwardfor
     server green minio:9000 check
 
 backend forgejo
     mode http
-    option forwardfor
     server green forgejo:3000 check
 
 backend matrix
     mode http
-    option forwardfor
-    server matrix synapse:8008
+    server matrix synapse:8008 check
 
 backend grafana
     mode http
-    server grafana grafana:3000
+    server grafana grafana:3000 check
 
 backend peertube
     mode http
-    option forwardfor
     http-response set-header Onion-Location http://vcomfyooxdbibyusen75qbzaunrjykw2cxkc6txm6qykkdv4z2danpid.onion%[capture.req.uri]
-    server s1 peertube:9000
+    server s1 peertube:9000 check
 
 backend authentik
     mode http
-    option forwardfor
     server s1 authentik-1:9000 check
     server s2 authentik-2:9000 check
 
@@ -198,7 +188,6 @@ backend authentik_ldap
 
 backend nextcloud
     mode http
-    option forwardfor
     server s1 nextcloud-1:80 check
 
 backend mta_sts
@@ -211,14 +200,12 @@ backend jellyfin
 
 backend prosody
     mode http
-    option forwardfor
     option http-server-close
     timeout tunnel 1h
     server s1 prosody:5280 check
 
 backend immich
     mode http
-    option forwardfor
     option http-server-close
     timeout tunnel 1h
     server s1 immich-1:2283 check
@@ -227,7 +214,6 @@ backend archivebox
     server s1 archivebox-1:8000 check
 
 backend freshrss
-    option forwardfor
     server s1 freshrss-1:80 check
 
 backend phoenix