global
    log stdout  format raw  local0  info
    maxconn 2000

    # intermediate configuration
    ssl-default-bind-ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305
    ssl-default-bind-ciphersuites TLS_AES_128_GCM_SHA256:TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256
    ssl-default-bind-options prefer-client-ciphers no-sslv3 no-tlsv10 no-tlsv11 no-tls-tickets

    ssl-default-server-ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305
    ssl-default-server-ciphersuites TLS_AES_128_GCM_SHA256:TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256
    ssl-default-server-options no-sslv3 no-tlsv10 no-tlsv11 no-tls-tickets


defaults
    log global
    unique-id-format %{+X}o\ %ci:%cp_%fi:%fp_%Ts_%rt:%pid
    unique-id-header X-Edge-Request-ID
    option httplog

    timeout connect    3s
    timeout client    10s
    timeout server    10m
    errorfile 400 /etc/easyhaproxy/haproxy/errors-custom/400.http
    errorfile 403 /etc/easyhaproxy/haproxy/errors-custom/403.http
    errorfile 408 /etc/easyhaproxy/haproxy/errors-custom/408.http
    errorfile 500 /etc/easyhaproxy/haproxy/errors-custom/500.http
    errorfile 502 /etc/easyhaproxy/haproxy/errors-custom/502.http
    errorfile 503 /etc/easyhaproxy/haproxy/errors-custom/503.http
    errorfile 504 /etc/easyhaproxy/haproxy/errors-custom/504.http


frontend stats
    bind *:1937
    mode http
    http-request use-service prometheus-exporter if { path /metrics }
    stats enable
    stats hide-version
    stats realm Haproxy\ Statistics
    stats uri /
    stats auth joe:s3cr3t
    default_backend srv_stats

backend srv_stats
    mode http
    server Local 127.0.0.1:1937

frontend http_in_19901
    bind *:19901
    mode http
    redirect prefix www.google.com code 301 if { hdr(host) -i google.helloworld.com }

    acl is_rule_www_helloworld_com_19901_1 hdr(host) -i www.helloworld.com
    acl is_rule_www_helloworld_com_19901_2 hdr(host) -i www.helloworld.com:19901
    use_backend srv_www_helloworld_com_19901 if is_rule_www_helloworld_com_19901_1 OR is_rule_www_helloworld_com_19901_2

    acl is_rule_hello_com_19901_1 hdr(host) -i hello.com
    acl is_rule_hello_com_19901_2 hdr(host) -i hello.com:19901
    use_backend srv_hello_com_19901 if is_rule_hello_com_19901_1 OR is_rule_hello_com_19901_2

backend srv_www_helloworld_com_19901
    balance roundrobin
    mode http
    option forwardfor
    http-request set-header X-Forwarded-Port %[dst_port]
    http-request add-header X-Forwarded-Proto https if { ssl_fc }
    http-request set-header X-Forwarded-Host %[req.hdr(Host)]
    http-request set-header X-Request-ID %[uuid()]
    server srv-0 3e63154954b0:80 check weight 1
    server srv-1 eb294c110eb1:80 check weight 1
backend srv_hello_com_19901
    balance roundrobin
    mode http
    option forwardfor
    http-request set-header X-Forwarded-Port %[dst_port]
    http-request add-header X-Forwarded-Proto https if { ssl_fc }
    http-request set-header X-Forwarded-Host %[req.hdr(Host)]
    http-request set-header X-Request-ID %[uuid()]
    server srv-0 3e63154954b0:80 check weight 1
    server srv-1 eb294c110eb1:80 check weight 1

backend certbot_backend
    mode http
    server certbot 127.0.0.1:2080
