resolvers mydns nameserver dns1 127.0.0.11:53 global # debug daemon log 127.0.0.1 local0 tune.ssl.default-dh-param 2048 defaults mode http timeout connect 25s timeout client 25s timeout client-fin 25s timeout server 25s timeout tunnel 7200s option http-server-close option httpclose log global option httplog backlog 4096 maxconn 2000 option tcpka frontend website mode http bind :80 redirect scheme https if !{ ssl_fc } # http-request set-header SSL_CLIENT_CERT %[ssl_c_der,base64] http-request del-header ssl_client_cert unless { ssl_fc_has_crt } http-request set-header ssl_client_cert -----BEGIN\ CERTIFICATE-----\ %[ssl_c_der,base64]\ -----END\ CERTIFICATE-----\ if { ssl_fc_has_crt } bind :443 ssl crt /certs/chain.pem #cookie JSESSIONID prefix nocache #use_backend be_hydra if { path_beg /hydra } #use_backend be_hydra if { path_beg /oauth2 } acl is_nextcloud hdr_beg(host) nextcloud. acl is_moodle hdr_beg(host) moodle. acl is_jitsi hdr_beg(host) jitsi. acl is_oof hdr_beg(host) oof. acl is_wp hdr_sub(host) .wp. acl is_wp hdr_beg(host) wp. acl is_pad hdr_beg(host) pad. acl is_sso hdr_beg(host) sso. acl is_ipa hdr_beg(host) ipa. use_backend be_nextcloud if is_nextcloud use_backend be_moodle if is_moodle use_backend be_jitsi if is_jitsi use_backend be_oof if is_oof use_backend be_wp if is_wp use_backend be_etherpad if is_pad use_backend be_sso if is_sso use_backend be_ipa if is_ipa # default_backend be_sso backend be_ipa mode http acl existing-x-forwarded-host req.hdr(X-Forwarded-Host) -m found acl existing-x-forwarded-proto req.hdr(X-Forwarded-Proto) -m found http-request add-header X-Forwarded-Host %[req.hdr(Host)] unless existing-x-forwarded-host http-request add-header X-Forwarded-Proto https unless existing-x-forwarded-proto server freeipa isard-sso-freeipa:443 check port 443 ssl verify none inter 5s rise 2 fall 10 resolvers mydns init-addr none backend be_sso mode http option httpclose #option http-server-close option forwardfor acl existing-x-forwarded-host req.hdr(X-Forwarded-Host) -m found acl existing-x-forwarded-proto req.hdr(X-Forwarded-Proto) -m found http-request add-header X-Forwarded-Host %[req.hdr(Host)] unless existing-x-forwarded-host http-request add-header X-Forwarded-Proto https unless existing-x-forwarded-proto server keycloak isard-sso-keycloak:8080 check port 8080 inter 5s rise 2 fall 10 resolvers mydns init-addr none ## APPS backend be_moodle mode http acl existing-x-forwarded-host req.hdr(X-Forwarded-Host) -m found acl existing-x-forwarded-proto req.hdr(X-Forwarded-Proto) -m found http-request add-header X-Forwarded-Host %[req.hdr(Host)] unless existing-x-forwarded-host http-request add-header X-Forwarded-Proto https unless existing-x-forwarded-proto server moodle isard-apps-moodle:8080 check port 8080 inter 5s rise 2 fall 10 resolvers mydns init-addr none backend be_nextcloud mode http acl existing-x-forwarded-host req.hdr(X-Forwarded-Host) -m found acl existing-x-forwarded-proto req.hdr(X-Forwarded-Proto) -m found http-request add-header X-Forwarded-Host %[req.hdr(Host)] unless existing-x-forwarded-host http-request add-header X-Forwarded-Proto https unless existing-x-forwarded-proto server nextcloud isard-apps-nextcloud-nginx:80 check port 80 inter 5s rise 2 fall 10 resolvers mydns init-addr none backend be_etherpad mode http acl existing-x-forwarded-host req.hdr(X-Forwarded-Host) -m found acl existing-x-forwarded-proto req.hdr(X-Forwarded-Proto) -m found http-request add-header X-Forwarded-Host %[req.hdr(Host)] unless existing-x-forwarded-host http-request add-header X-Forwarded-Proto https unless existing-x-forwarded-proto server etherpad isard-apps-etherpad:9001 check port 9001 inter 5s rise 2 fall 10 resolvers mydns init-addr none backend be_jitsi mode http acl existing-x-forwarded-host req.hdr(X-Forwarded-Host) -m found acl existing-x-forwarded-proto req.hdr(X-Forwarded-Proto) -m found http-request add-header X-Forwarded-Host %[req.hdr(Host)] unless existing-x-forwarded-host http-request add-header X-Forwarded-Proto https unless existing-x-forwarded-proto server jitsi isard-apps-jitsi:80 check port 80 inter 5s rise 2 fall 10 resolvers mydns init-addr none backend be_oof mode http acl existing-x-forwarded-host req.hdr(X-Forwarded-Host) -m found acl existing-x-forwarded-proto req.hdr(X-Forwarded-Proto) -m found http-request add-header X-Forwarded-Host %[req.hdr(Host)] unless existing-x-forwarded-host http-request add-header X-Forwarded-Proto https unless existing-x-forwarded-proto server onlyoffice isard-apps-onlyoffice:80 check port 80 inter 5s rise 2 fall 10 resolvers mydns init-addr none backend be_wp mode http acl existing-x-forwarded-host req.hdr(X-Forwarded-Host) -m found acl existing-x-forwarded-proto req.hdr(X-Forwarded-Proto) -m found http-request add-header X-Forwarded-Host %[req.hdr(Host)] unless existing-x-forwarded-host http-request add-header X-Forwarded-Proto https unless existing-x-forwarded-proto server wp isard-apps-wordpress:80 check port 80 inter 5s rise 2 fall 10 resolvers mydns init-addr none listen stats bind 0.0.0.0:8888 mode http stats enable option httplog stats show-legends stats uri /haproxy stats realm Haproxy\ Statistics stats refresh 5s #stats auth staging:pep1n1ll0 #acl authorized http_auth(AuthUsers) #stats http-request auth unless authorized timeout connect 5000ms timeout client 50000ms timeout server 50000ms userlist AuthUsers user admin password $6$grgQMVfwI0XSGAQl$2usaQC9LVXXXYHtSkGUf74CIGsiH8fi/K.V6DuKSq0twPkmFGP2vL/b//Ulp2I4xBEZ3eYDhUbwBPK8jpmsbo.