senke/veza
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
veza/config/haproxy
History
senke 279a10d317 chore(cleanup): remove veza-chat-server directory and all operational references 
Chat functionality is now fully handled by the Go backend (since v0.502).
Remove the deprecated Rust chat server and all its references from:
- CI/CD workflows (ci.yml, cd.yml, rust-ci.yml, chat-ci.yml)
- Monitoring & proxy config (prometheus, caddy, haproxy)
- Incus deployment scripts and documentation
- Monorepo config (package.json, dependabot, GH templates)
2026-02-22 21:13:00 +01:00
..
haproxy.cfg chore(cleanup): remove veza-chat-server directory and all operational references 2026-02-22 21:13:00 +01:00
README.md fix(infra): HAProxy HTTPS and stats security 2026-02-15 15:58:51 +01:00

README.md

HAProxy Configuration

Production (haproxy.cfg)

  • HTTP (port 80): Redirects all traffic to HTTPS (301)
  • HTTPS (port 443): Serves traffic with TLS. Certificates from config/ssl/ mounted at /etc/ssl/veza/
  • Stats (port 8404): Restricted to localhost and Docker network (172.20.0.0/16)

SSL Certificates

Before starting production, add at least one certificate to config/ssl/. See config/ssl/README.md for instructions.

For quick local testing with self-signed cert:

cd config/ssl
openssl req -x509 -nodes -days 365 -newkey rsa:2048 \
  -keyout key.pem -out cert.pem -subj "/CN=veza.local"
cat cert.pem key.pem > veza.pem

Development Without HTTPS

For local development without SSL, use docker-compose.yml (not prod) or create a haproxy.dev.cfg that omits the HTTPS frontend and HTTP redirect.