Surprise! We've been running on hardware provided by BuyVM for a few months and wanted to show them a little appreciation.
Running a paste site comes with unique challenges, ones that aren't always obvious and hard to control. As such, BuyVM offered us a home where we could worry less about the hosting side of things and focus on maintaining a clean and useful service! Go check them out and show them some love!
Submitted on July 12, 2016 at 09:30 AM

Download - Report

Section 1 (Bash)

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142 
global
        log 127.0.0.1 local0 debug
        chroot /var/lib/haproxy
        stats socket /run/haproxy/admin.sock mode 660 level admin
        stats timeout 30s
        user haproxy
        group haproxy
        daemon
	ssl-server-verify none
        # Default SSL material locations
        #ca-base /etc/ssl/certs
        #crt-base /etc/ssl/private
	crt-base /etc/ssl/ca/certs
	ca-base /etc/ssl/ca/intermediate/certs


        # Default ciphers to use on SSL-enabled listening sockets.
        # For more information, see ciphers(1SSL). This list is from:
        #  https://hynek.me/articles/hardening-your-web-servers-ssl-ciphers/
        ssl-default-bind-ciphers ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AESGCM:RSA+AES:RSA+3DES:!aNULL:!MD5:!DSS
        ssl-default-bind-options no-sslv3
        tune.ssl.default-dh-param 2048

defaults
        log       global
        mode      http
        option    httplog
        option    http-keep-alive
        option    forwardfor
        option    http-server-close
        option    dontlognull
        option    prefer-last-server
        option    forwardfor
        no option http-tunnel
        no option httpclose
        no option forceclose
        timeout connect 300s
        timeout client 600s
        timeout server 60s
        timeout http-request 10s
        default-server inter 3s rise 2 fall 3
        balance leastconn
        errorfile 400 /etc/haproxy/errors/400.http
        errorfile 403 /etc/haproxy/errors/403.http
        errorfile 408 /etc/haproxy/errors/408.http
        errorfile 500 /etc/haproxy/errors/500.http
        errorfile 502 /etc/haproxy/errors/502.http
        errorfile 503 /etc/haproxy/errors/503.http
        errorfile 504 /etc/haproxy/errors/504.http

frontend ft_exchange2016_https
	bind 192.168.9.207:80 name http
	bind 192.168.9.207:443 name https ssl crt /etc/ssl/ca/intermediate/certs/mail.example.com.pem ca-file /etc/ssl/ca/intermediate/certs/ca-chain.crt verify required crt-ignore-err all no-sslv3
	capture request header Host len 32
	capture request header User-Agent len 64
	capture response header Content-Length len 10
	log-format %ci:%cp\ [%t]\ %ft\ %b/%s\ %Tq/%Tw/%Tc/%Tr/%Tt\ %ST\ %B\ %CC\ %CS\ %tsc\ %ac/%fc/%bc/%sc/%rc\ %sq/%bq\ %hr\ %hs\ {%sslv/%sslc/%[ssl_fc_sni]/%[ssl_fc_session_id]}\ "%[capture.req.method]\ %[capture.req.hdr(0)]%[capture.req.uri]\ HTTP/1.1"
	stats uri /haproxy?stats
        stats realm Strictly\ Private
        stats auth admin:passwd
	maxconn 1000
	tcp-request content accept if { ssl_fc_has_crt }
	acl ssl_connection ssl_fc
	acl host_mail hdr(Host) -i mail.example.com
	acl path_slash path /
	acl path_autodiscover path_beg -i /Autodiscover/Autodiscover.xml
	acl path_activesync path_beg -i /Microsoft-Server-ActiveSync
	acl path_ews path_beg -i /ews/
	acl path_owa path_beg -i /owa/
	acl path_oa path_beg -i /rpc/rpcproxy.dll
	acl path_ecp path_beg -i /ecp/
	acl path_oab path_beg -i /oab/
	acl path_mapi path_beg -i /mapi/
	acl path_check path_end -i HealthCheck.htm
	http-request deny if path_check
	http-request redirect scheme https code 302 unless ssl_connection
	http-request redirect location /owa/ code 302 if path_slash host_mail
	use_backend bk_exchange2016_https_autodiscover if path_autodiscover
	use_backend bk_exchange2016_https_activesync if path_activesync
	use_backend bk_exchange2016_https_ews if path_ews
	use_backend bk_exchange2016_https_owa if path_owa
	use_backend bk_exchange2016_https_oa if path_oa
	use_backend bk_exchange2016_https_ecp if path_ecp
	use_backend bk_exchange2016_https_oab if path_oab
	use_backend bk_exchange2016_https_mapi if path_mapi
	default_backend bk_exchange2016_https_default

backend bk_exchange2016_https_activesync
	option httpchk GET /Microsoft-Server-ActiveSync/HealthCheck.htm
	http-check expect string 200\ OK
	server exchange1 192.168.8.4:443 ssl verify none maxconn 1000 weight 10 check
	server exchange2 192.168.8.5:443 ssl verify none maxconn 1000 weight 10 check

backend bk_exchange2016_https_autodiscover
	option httpchk GET /Autodiscover/HealthCheck.htm
	http-check expect string 200\ OK
	server exchange1 192.168.8.4:443 ssl verify none maxconn 1000 weight 10 check
	server exchange2 192.168.8.5:443 ssl verify none maxconn 1000 weight 10 check

backend bk_exchange2016_https_ecp
	option httpchk GET /ECP/HealthCheck.htm
	http-check expect string 200\ OK
	server exchange1 192.168.8.4:443 ssl verify none maxconn 1000 weight 10 check
	server exchange2 192.168.8.5:443 ssl verify none maxconn 1000 weight 10 check

backend bk_exchange2016_https_ews
	option httpchk GET /EWS/HealthCheck.htm
	http-check expect string 200\ OK
	server exchange1 192.168.8.4:443 ssl verify none maxconn 1000 weight 10 check
	server exchange2 192.168.8.5:443 ssl verify none maxconn 1000 weight 10 check

backend bk_exchange2016_https_mapi
	option httpchk GET /mapi/HealthCheck.htm
	http-check expect string 200\ OK
	timeout server 600s
	server exchange1 192.168.8.4:443 ssl verify none maxconn 1000 weight 10 check
	server exchange2 192.168.8.5:443 ssl verify none maxconn 1000 weight 10 check

backend bk_exchange2016_https_oab
	option httpchk GET /OAB/HealthCheck.htm
	http-check expect string 200\ OK
	server exchange1 192.168.8.4:443 ssl verify none maxconn 1000 weight 10 check
	server exchange2 192.168.8.5:443 ssl verify none maxconn 1000 weight 10 check

backend bk_exchange2016_https_oa
	option httpchk GET /RPC/HealthCheck.htm
	http-check expect string 200\ OK
	timeout server 600s
	server exchange1 192.168.8.4:443 ssl verify none maxconn 1000 weight 10 check
	server exchange2 192.168.8.5:443 ssl verify none maxconn 1000 weight 10 check

backend bk_exchange2016_https_owa
	option httpchk GET /owa/HealthCheck.htm
	http-check expect string 200\ OK
	server exchange1 192.168.8.4:443 ssl verify none maxconn 1000 weight 10 check
	server exchange2 192.168.8.5:443 ssl verify none maxconn 1000 weight 10 check

backend bk_exchange2016_https_default
	timeout server 60s
	server exchange1 192.168.8.4:443 ssl verify none maxconn 1000 weight 10 check
	server exchange2 192.168.8.5:443 ssl verify none maxconn 1000 weight 10 check