{ "admin": { "listen": "localhost:2019" }, "apps": { "http": { "servers": { "main": { "listen": [":80", ":443"], "routes": [ { "match": [ { "host": ["rockvilletollandsda.church", "www.rockvilletollandsda.church"] } ], "handle": [ { "handler": "subroute", "routes": [ { "match": [ { "path": ["/admin*"] } ], "handle": [ { "handler": "http_basic_auth", "accounts": [ { "username": "admin", "password": "$2b$12$LQv3c1yqBWVHxkd0LHAkCOYz6TtxMQJqhN8/LeH6Gn0.oJD0V8XZe" } ], "realm": "Admin Area" }, { "handler": "headers", "response": { "set": { "Cache-Control": ["no-store, no-cache, must-revalidate"] } } }, { "handler": "reverse_proxy", "upstreams": [ { "dial": "localhost:4321" } ] } ] }, { "match": [ { "path": ["/api/*"] } ], "handle": [ { "handler": "headers", "response": { "set": { "Access-Control-Allow-Origin": ["*"], "Access-Control-Allow-Methods": ["GET, POST, PUT, DELETE, OPTIONS"], "Access-Control-Allow-Headers": ["Content-Type, Authorization"] } } }, { "handler": "reverse_proxy", "upstreams": [ { "dial": "localhost:3002" } ], "load_balancing": { "selection_policy": "round_robin" }, "health_checks": { "active": { "uri": "/health", "interval": "30s", "timeout": "5s", "expect_status": 200 } } } ] }, { "match": [ { "path": ["/uploads/*"] } ], "handle": [ { "handler": "file_server", "root": "/opt/rtsda/church-api", "browse": { "template": "browse.html" } } ] }, { "match": [ { "path": ["/_next/*", "/styles/*", "/images/*", "/fonts/*"] } ], "handle": [ { "handler": "headers", "response": { "set": { "Cache-Control": ["public, max-age=31536000, immutable"] } } }, { "handler": "file_server", "root": "/var/www/nextjs", "precompressed": { "encodings": ["br", "gzip"] } } ] }, { "handle": [ { "handler": "file_server", "root": "/var/www/rockville", "index_names": ["index.html", "index.htm"], "canonical_uris": true } ] } ] } ] }, { "match": [ { "host": ["api.rockvilletollandsda.church"] } ], "handle": [ { "handler": "headers", "response": { "set": { "Strict-Transport-Security": ["max-age=31536000; includeSubDomains"], "X-Content-Type-Options": ["nosniff"], "X-Frame-Options": ["DENY"], "X-XSS-Protection": ["1; mode=block"], "Referrer-Policy": ["strict-origin-when-cross-origin"] } } }, { "handler": "reverse_proxy", "upstreams": [ { "dial": "localhost:3002" }, { "dial": "localhost:3003" } ], "load_balancing": { "selection_policy": "least_conn", "try_duration": "30s", "try_interval": "1s" }, "health_checks": { "active": { "uri": "/health", "port": 3002, "headers": { "User-Agent": ["Quantum-HealthCheck/1.0"] }, "interval": "10s", "timeout": "3s", "expect_status": 200 }, "passive": { "unhealthy_status": [500, 502, 503, 504], "unhealthy_latency": "10s", "unhealthy_request_count": 3, "healthy_count": 2 } }, "circuit_breaker": { "trip_duration": "30s", "recovery_duration": "10s", "failure_threshold": 0.5, "success_threshold": 0.8 } } ] }, { "match": [ { "host": ["jellyfin.rockvilletollandsda.church"] } ], "handle": [ { "handler": "headers", "request": { "set": { "X-Forwarded-For": ["{remote_ip}"], "X-Real-IP": ["{remote_ip}"] } } }, { "handler": "reverse_proxy", "upstreams": [ { "dial": "localhost:8096" } ], "transport": { "keep_alive": { "enabled": true, "probe_interval": "30s", "max_idle_conns": 100, "idle_conn_timeout": "90s" }, "dial_timeout": "5s", "response_header_timeout": "10s" } } ] }, { "match": [ { "host": ["webrtc.rockvilletollandsda.church"] } ], "handle": [ { "handler": "reverse_proxy", "upstreams": [ { "dial": "localhost:8081" } ], "headers": { "request": { "set": { "Upgrade": ["websocket"], "Connection": ["upgrade"] } } } } ] }, { "match": [ { "host": ["bible.rockvilletollandsda.church"] } ], "handle": [ { "handler": "rate_limit", "key": "{remote_ip}", "rate": "100r/m", "burst": 20, "window": "1m" }, { "handler": "file_server", "root": "/media/archive/bibles", "browse": { "template": "bible-browse.html" } } ] }, { "match": [ { "host": ["adventisthymnarium.rockvilletollandsda.church", "adventisthymnarium.app"] } ], "handle": [ { "handler": "subroute", "routes": [ { "match": [ { "path": ["/api/*"] } ], "handle": [ { "handler": "reverse_proxy", "upstreams": [ { "dial": "localhost:3004" } ] } ] }, { "handle": [ { "handler": "file_server", "root": "/media/archive/AdventistHymnarium-Assets", "canonical_uris": true, "index_names": ["index.html"] } ] } ] } ] }, { "match": [ { "host": ["privacy-policy.adventisthymnarium.app", "privacy-policy.rockvilletollandsda.church"] } ], "handle": [ { "handler": "file_server", "root": "/media/archive/AdventistHymnarium-Assets/privacy", "canonical_uris": true } ] }, { "match": [ { "host": ["schedule.rockvilletollandsda.church"] } ], "handle": [ { "handler": "authentication", "providers": { "local": { "method": "basic" } } }, { "handler": "file_server", "root": "/var/www/schedule", "index_names": ["index.html", "schedule.html"] } ] }, { "match": [ { "path": ["/.well-known/acme-challenge/*"] } ], "handle": [ { "handler": "file_server", "root": "/var/lib/acme/.well-known/acme-challenge", "pass_thru": true } ] }, { "match": [ { "path": ["/health", "/status"] } ], "handle": [ { "handler": "health" } ] }, { "match": [ { "path": ["/metrics"] } ], "handle": [ { "handler": "ip_whitelist", "source": "remote_ip", "rules": [ { "action": "allow", "rule": "127.0.0.1" }, { "action": "allow", "rule": "10.0.0.0/8" } ] }, { "handler": "metrics", "path": "/metrics" } ] }, { "match": [ { "path": ["/redirect-test"] } ], "handle": [ { "handler": "redirect", "to": "https://rockvilletollandsda.church/", "status_code": 301 } ] }, { "handle": [ { "handler": "static_response", "status_code": 404, "headers": { "Content-Type": ["text/html; charset=utf-8"] }, "body": "404 Not Found

Page Not Found

The requested resource could not be found.

" } ] } ], "automatic_https": { "disable": false, "disable_redirects": false }, "tls_connection_policies": [ { "match": { "sni": ["*.rockvilletollandsda.church", "*.adventisthymnarium.app"] }, "cipher_suites": [ "TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384", "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384", "TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305", "TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305", "TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256", "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256" ], "protocols": { "min": "tls1.2", "max": "tls1.3" }, "alpn": ["h2", "http/1.1"] } ], "protocols": ["h1", "h2", "h3"], "experimental_http3": true, "request_timeout": "30s", "read_timeout": "30s", "write_timeout": "30s", "idle_timeout": "2m", "max_header_bytes": 1048576 } } }, "tls": { "automation": { "policies": [ { "subjects": [ "rockvilletollandsda.church", "*.rockvilletollandsda.church", "adventisthymnarium.app", "*.adventisthymnarium.app" ], "issuer": { "module": "acme", "ca": "https://acme-v02.api.letsencrypt.org/directory", "email": "admin@rockvilletollandsda.church", "challenges": { "http": { "disabled": false }, "dns": { "provider": "cloudflare", "disabled": false, "propagation_delay": "2m", "propagation_timeout": "10m" } }, "preferred_chains": { "smallest": true } }, "key_type": "ec256", "must_staple": true } ], "on_demand": { "rate_limit": { "interval": "1h", "burst": 10 }, "ask": "https://example.com/check-cert" }, "ocsp_interval": "1h", "renew_ahead": "30d" }, "session_tickets": { "rotation_interval": "1h", "max_keys": 4, "disabled": false } }, "pki": { "certificate_authorities": { "internal": { "name": "Quantum Internal CA", "root_common_name": "Quantum Root CA", "intermediate_common_name": "Quantum Intermediate CA", "intermediate_lifetime": "365d" } } } } }