## Minimal sample pound.cfg ## ## see pound(8) for details ###################################################################### ## global options: User "www-data" Group "www-data" #RootJail "/chroot/pound" ## Logging: (goes to syslog by default) ## 0 no logging ## 1 normal ## 2 extended ## 3 Apache-style (common log format) LogLevel 0 ## check backend every X secs: Alive 30 ## use hardware-accelleration card supported by openssl(1): #SSLEngine "" # poundctl control socket Control "/var/run/pound/poundctl.socket" ###################################################################### ## listen, redirect and ... to: # Main listening ports ListenHTTP Address 192.168.1.180 Port 80 Client 10 xHTTP 2 # As per https://secwise.nl/lets-encrypt-certifcates-and-pound-load-balancer/ Service URL "/.well-known/acme-challenge/.*" BackEnd Address 127.0.0.1 Port 8000 End End # Force all to https up to Pound server Service HeadRequire "Host:.*.determine.org.uk.*" Redirect "https://www.determine.org.uk" End Service HeadRequire "Host:.*.www.barwap.com.*" Redirect "https://www.barwap.com" End Service HeadRequire "Host:.*.owncloud.barwap.com.*" Redirect "https://owncloud.barwap.com/owncloud" End Service HeadRequire "Host:.*.library.barwap.com.*" Redirect "https://library.barwap.com" End Service HeadRequire "Host:.*.shed.barwap.com.*" Redirect "https://shed.barwap.com" End Service HeadRequire "Host:.*.shed-image.barwap.com.*" Redirect "https://shed-image.barwap.com" End Service HeadRequire "Host:.*.fisheye-image.barwap.com.*" Redirect "https://fisheye-image.barwap.com" End Service HeadRequire "Host:.*.flask-ask.barwap.com.*" Redirect "https://flask-ask.barwap.com" End Service HeadRequire "Host:*.barwap.com.*" Redirect "https://www.barwap.com" End # # Annoyignly that mythweb gives content over http # To fix # Service # HeadRequire "Host:.*.myth.barwap.com.*" # Redirect "https://myth.barwap.com" # End # Service # HeadRequire "Host:.*.mythtv.barwap.com.*" # Redirect "https://myth.barwap.com" # End End ListenHTTPS Address 192.168.1.180 Port 443 Cert "/etc/pound/certs/www.barwap.com" Cert "/etc/pound/certs/owncloud.barwap.com" Cert "/etc/pound/certs/library.barwap.com" Cert "/etc/pound/certs/shed.barwap.com" Cert "/etc/pound/certs/shed-image.barwap.com" Cert "/etc/pound/certs/flask-ask.barwap.com" Cert "/etc/pound/certs/fisheye-image.barwap.com" Cert "/etc/pound/certs/myth.barwap.com" Cert "/etc/pound/certs/barwap.com" Cert "/etc/pound/certs/www.determine.org.uk" Cert "/etc/pound/certs/determine.org.uk" Client 20 xHTTP 2 ## Disable SSL (All versions) # Disable SSLv2 # Disable SSLv3 End Service HeadRequire "Host:.*.www.barwap.com.*" BackEnd Address barwap.lan Port 80 End End Service HeadRequire "Host:.*.library.barwap.com.*" BackEnd Address barwap.lan Port 80 End End Service HeadRequire "Host:.*.shed.barwap.com.*" BackEnd Address cctv.lan Port 80 End End Service HeadRequire "Host:.*.shed-image.barwap.com.*" BackEnd Address cctv.lan Port 8080 End End Service HeadRequire "Host:.*.fisheye-image.barwap.com.*" BackEnd Address fisheye.lan Port 8080 End End Service HeadRequire "Host:.*.flask-ask.barwap.com.*" BackEnd Address shed.lan Port 5000 End End Service HeadRequire "Host:.*.owncloud.barwap.com.*" BackEnd Address owncloud.lan Port 80 End End Service HeadRequire "Host:.*.myth.barwap.com.*" BackEnd Address mythtv.lan Port 80 End End Service HeadRequire "Host:*.barwap.com.*" Redirect "https://www.barwap.com" End Service HeadRequire "Host:.*.www.determine.org.uk.*" BackEnd Address determine.lan Port 80 End End Service HeadRequire "Host:*.determine.org.uk.*" Redirect "https://www.determine.org.uk" End