resolvers mydns nameserver dns1 127.0.0.11:53 global # debug daemon log 127.0.0.1 local0 tune.ssl.default-dh-param 2048 h1-case-adjust content-type Content-Type h1-case-adjust content-encoding Content-Encoding h1-case-adjust transfer-encoding Transfer-Encoding defaults mode http timeout connect 25s timeout client 25s timeout client-fin 25s timeout server 25s timeout tunnel 7200s option http-server-close option httpclose log global option httplog backlog 4096 maxconn 2000 option tcpka option h1-case-adjust-bogus-client frontend website mode http bind :80 # redirect scheme https if !{ ssl_fc } # http-request del-header ssl_client_cert unless { ssl_fc_has_crt } # http-request set-header ssl_client_cert -----BEGIN\ CERTIFICATE-----\ %[ssl_c_der,base64]\ -----END\ CERTIFICATE-----\ if { ssl_fc_has_crt } # bind :443 ssl crt /certs/chain.pem acl is_upgrade hdr(Connection) -i upgrade acl is_websocket hdr(Upgrade) -i websocket acl is_nextcloud hdr_beg(host) nextcloud. acl is_moodle hdr_beg(host) moodle. acl is_jitsi hdr_beg(host) jitsi. acl is_oof hdr_beg(host) oof. acl is_wp hdr_sub(host) .wp. acl is_wp hdr_beg(host) wp. acl is_pad hdr_beg(host) pad. acl is_sso hdr_beg(host) sso. acl is_ipa hdr_beg(host) ipa. acl is_api hdr_beg(host) api. acl is_admin hdr_beg(host) admin. use_backend be_nextcloud if is_nextcloud use_backend be_moodle if is_moodle use_backend be_jitsi if is_jitsi use_backend be_oof if is_oof use_backend be_wp if is_wp use_backend be_etherpad if is_pad use_backend be_admin if is_sso { path_beg /socket.io } use_backend be_adminer if is_sso { path_beg /isard-sso-adminer } use_backend be_admin if is_admin use_backend be_sso if is_sso use_backend be_ipa if is_ipa use_backend be_api if is_api http-request redirect code 301 location https://moodle."${DOMAIN}" if { hdr(host) -i "${DOMAIN}" } # default_backend be_sso backend be_api mode http acl existing-x-forwarded-host req.hdr(X-Forwarded-Host) -m found acl existing-x-forwarded-proto req.hdr(X-Forwarded-Proto) -m found http-request add-header X-Forwarded-Host %[req.hdr(Host)] unless existing-x-forwarded-host http-request add-header X-Forwarded-Proto https unless existing-x-forwarded-proto server api isard-sso-api:80 check port 80 inter 5s rise 2 fall 10 resolvers mydns init-addr none backend be_ipa mode http acl existing-x-forwarded-host req.hdr(X-Forwarded-Host) -m found acl existing-x-forwarded-proto req.hdr(X-Forwarded-Proto) -m found http-request add-header X-Forwarded-Host %[req.hdr(Host)] unless existing-x-forwarded-host http-request add-header X-Forwarded-Proto https unless existing-x-forwarded-proto server freeipa isard-sso-freeipa:443 check port 443 ssl verify none inter 5s rise 2 fall 10 resolvers mydns init-addr none backend be_sso mode http option httpclose #option http-server-close option forwardfor acl existing-x-forwarded-host req.hdr(X-Forwarded-Host) -m found acl existing-x-forwarded-proto req.hdr(X-Forwarded-Proto) -m found http-request add-header X-Forwarded-Host %[req.hdr(Host)] unless existing-x-forwarded-host http-request add-header X-Forwarded-Proto https unless existing-x-forwarded-proto server keycloak isard-sso-keycloak:8080 check port 8080 inter 5s rise 2 fall 10 resolvers mydns init-addr none backend be_admin mode http option forwardfor timeout queue 600s timeout server 600s timeout connect 600s # acl authorized http_auth(AuthUsers) # http-request auth realm AuthUsers unless authorized acl existing-x-forwarded-host req.hdr(X-Forwarded-Host) -m found acl existing-x-forwarded-proto req.hdr(X-Forwarded-Proto) -m found http-request add-header X-Forwarded-Host %[req.hdr(Host)] unless existing-x-forwarded-host http-request add-header X-Forwarded-Proto https unless existing-x-forwarded-proto server isard-sso-admin isard-sso-admin:9000 check port 9000 inter 5s rise 2 fall 10 resolvers mydns init-addr none backend be_adminer mode http # acl authorized http_auth(AuthUsers) # http-request auth realm AuthUsers unless authorized http-request redirect scheme http drop-query append-slash if { path -m str /isard-sso-adminer } http-request replace-path /isard-sso-adminer/(.*) /\1 # http-request del-header Authorization acl existing-x-forwarded-host req.hdr(X-Forwarded-Host) -m found acl existing-x-forwarded-proto req.hdr(X-Forwarded-Proto) -m found http-request add-header X-Forwarded-Host %[req.hdr(Host)] unless existing-x-forwarded-host http-request add-header X-Forwarded-Proto https unless existing-x-forwarded-proto server isard-sso-adminer isard-sso-adminer:8080 check port 8080 inter 5s rise 2 fall 10 resolvers mydns init-addr none ## APPS backend be_moodle mode http acl existing-x-forwarded-host req.hdr(X-Forwarded-Host) -m found acl existing-x-forwarded-proto req.hdr(X-Forwarded-Proto) -m found http-request add-header X-Forwarded-Host %[req.hdr(Host)] unless existing-x-forwarded-host http-request add-header X-Forwarded-Proto https unless existing-x-forwarded-proto server moodle isard-apps-moodle:8080 check port 8080 inter 5s rise 2 fall 10 resolvers mydns init-addr none backend be_nextcloud mode http acl existing-x-forwarded-host req.hdr(X-Forwarded-Host) -m found acl existing-x-forwarded-proto req.hdr(X-Forwarded-Proto) -m found http-request add-header X-Forwarded-Host %[req.hdr(Host)] unless existing-x-forwarded-host http-request add-header X-Forwarded-Proto https unless existing-x-forwarded-proto server nextcloud isard-apps-nextcloud-nginx:80 check port 80 inter 5s rise 2 fall 10 resolvers mydns init-addr none backend be_etherpad mode http acl existing-x-forwarded-host req.hdr(X-Forwarded-Host) -m found acl existing-x-forwarded-proto req.hdr(X-Forwarded-Proto) -m found http-request add-header X-Forwarded-Host %[req.hdr(Host)] unless existing-x-forwarded-host http-request add-header X-Forwarded-Proto https unless existing-x-forwarded-proto server etherpad isard-apps-etherpad:9001 check port 9001 inter 5s rise 2 fall 10 resolvers mydns init-addr none backend be_jitsi mode http acl existing-x-forwarded-host req.hdr(X-Forwarded-Host) -m found acl existing-x-forwarded-proto req.hdr(X-Forwarded-Proto) -m found http-request add-header X-Forwarded-Host %[req.hdr(Host)] unless existing-x-forwarded-host http-request add-header X-Forwarded-Proto https unless existing-x-forwarded-proto server jitsi isard-apps-jitsi:80 check port 80 inter 5s rise 2 fall 10 resolvers mydns init-addr none backend be_oof mode http acl existing-x-forwarded-host req.hdr(X-Forwarded-Host) -m found acl existing-x-forwarded-proto req.hdr(X-Forwarded-Proto) -m found http-request add-header X-Forwarded-Host %[req.hdr(Host)] unless existing-x-forwarded-host http-request add-header X-Forwarded-Proto https unless existing-x-forwarded-proto server onlyoffice isard-apps-onlyoffice:80 check port 80 inter 5s rise 2 fall 10 resolvers mydns init-addr none backend be_wp mode http acl existing-x-forwarded-host req.hdr(X-Forwarded-Host) -m found acl existing-x-forwarded-proto req.hdr(X-Forwarded-Proto) -m found http-request add-header X-Forwarded-Host %[req.hdr(Host)] unless existing-x-forwarded-host http-request add-header X-Forwarded-Proto https unless existing-x-forwarded-proto http-request set-header X-SSL %[ssl_fc] http-request set-header X-Forwarded-Proto https server wp isard-apps-wordpress:80 check port 80 inter 5s rise 2 fall 10 resolvers mydns init-addr none listen stats bind 0.0.0.0:8888 mode http stats enable option httplog stats show-legends stats uri /haproxy stats realm Haproxy\ Statistics stats refresh 5s #stats auth staging:mypassword #acl authorized http_auth(AuthUsers) #stats http-request auth unless authorized timeout connect 5000ms timeout client 50000ms timeout server 50000ms userlist AuthUsers user admin password $6$grgQMVfwI0XSGAQl$2usaQC9LVXXXYHtSkGUf74CIGsiH8fi/K.V6DuKSq0twPkmFGP2vL/b//Ulp2I4xBEZ3eYDhUbwBPK8jpmsbo.