senke/veza
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
veza/config/haproxy
History
senke 98f6db3a1d fix(streaming): ensure HLS audio chain works end-to-end 
- HAProxy: route /hls to stream server
- Vite proxy: /ws, /stream, /hls for dev
- HLS_BASE_URL: empty when STREAM_URL relative (proxy)
- FEATURE_STATUS: HLS_STREAMING operational
2026-02-18 12:42:42 +01:00
..
haproxy.cfg fix(streaming): ensure HLS audio chain works end-to-end 2026-02-18 12:42:42 +01:00
README.md fix(infra): HAProxy HTTPS and stats security 2026-02-15 15:58:51 +01:00

README.md

HAProxy Configuration

Production (haproxy.cfg)

  • HTTP (port 80): Redirects all traffic to HTTPS (301)
  • HTTPS (port 443): Serves traffic with TLS. Certificates from config/ssl/ mounted at /etc/ssl/veza/
  • Stats (port 8404): Restricted to localhost and Docker network (172.20.0.0/16)

SSL Certificates

Before starting production, add at least one certificate to config/ssl/. See config/ssl/README.md for instructions.

For quick local testing with self-signed cert:

cd config/ssl
openssl req -x509 -nodes -days 365 -newkey rsa:2048 \
  -keyout key.pem -out cert.pem -subj "/CN=veza.local"
cat cert.pem key.pem > veza.pem

Development Without HTTPS

For local development without SSL, use docker-compose.yml (not prod) or create a haproxy.dev.cfg that omits the HTTPS frontend and HTTP redirect.