global
    log stdout  format raw  local0  info
    maxconn 2000

    # intermediate configuration
    ssl-default-bind-ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305
    ssl-default-bind-ciphersuites TLS_AES_128_GCM_SHA256:TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256
    ssl-default-bind-options prefer-client-ciphers no-sslv3 no-tlsv10 no-tlsv11 no-tls-tickets

    ssl-default-server-ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305
    ssl-default-server-ciphersuites TLS_AES_128_GCM_SHA256:TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256
    ssl-default-server-options no-sslv3 no-tlsv10 no-tlsv11 no-tls-tickets


defaults
    log global
    unique-id-format %{+X}o\ %ci:%cp_%fi:%fp_%Ts_%rt:%pid
    unique-id-header X-Edge-Request-ID
    option httplog

    timeout connect    3s
    timeout client    10s
    timeout server    10m


frontend stats
    bind *:1936
    mode http
    http-request use-service prometheus-exporter if { path /metrics }
    # CORS for stats dashboard (only for configured origin)
    acl from_ui hdr(Origin) -i http://localhost:3000
    acl preflight method OPTIONS

    # Preflight response
    http-request return status 204 hdr "Access-Control-Allow-Origin" "%[req.hdr(Origin)]" hdr "Access-Control-Allow-Methods" "GET, OPTIONS" hdr "Access-Control-Allow-Headers" "Authorization, Content-Type" hdr "Access-Control-Max-Age" "86400" hdr "Vary" "Origin" if from_ui preflight

    # Actual response headers
    http-after-response set-header Access-Control-Allow-Origin "http://localhost:3000"
    http-after-response set-header Access-Control-Allow-Methods "GET, OPTIONS"
    http-after-response set-header Access-Control-Allow-Headers "Authorization, Content-Type"
    http-after-response set-header Access-Control-Expose-Headers "X-Request-ID"
    http-after-response set-header Vary "Origin"

    stats enable
    stats hide-version
    stats realm Haproxy\ Statistics
    stats uri /
    stats auth admin:test123
    default_backend srv_stats

backend srv_stats
    mode http
    server Local 127.0.0.1:1936

frontend http_in_80
    bind *:80
    mode http

    acl is_rule_host1_com_br_80_1 hdr(host) -i host1.com.br
    acl is_rule_host1_com_br_80_2 hdr(host) -i host1.com.br:80
    use_backend srv_host1_com_br_80 if is_rule_host1_com_br_80_1 OR is_rule_host1_com_br_80_2

backend srv_host1_com_br_80
    balance roundrobin
    mode http
    option forwardfor
    http-request set-header X-Forwarded-Port %[dst_port]
    http-request add-header X-Forwarded-Proto https if { ssl_fc }
    http-request set-header X-Forwarded-Host %[req.hdr(Host)]
    http-request set-header X-Request-ID %[uuid()]
    server srv-0 container:5000 check weight 1

backend certbot_backend
    mode http
    server certbot 127.0.0.1:2080
