global
    log stdout  format raw  local0  info
    maxconn 2000

    # intermediate configuration
    ssl-default-bind-ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305
    ssl-default-bind-ciphersuites TLS_AES_128_GCM_SHA256:TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256
    ssl-default-bind-options prefer-client-ciphers no-sslv3 no-tlsv10 no-tlsv11 no-tls-tickets

    ssl-default-server-ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305
    ssl-default-server-ciphersuites TLS_AES_128_GCM_SHA256:TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256
    ssl-default-server-options no-sslv3 no-tlsv10 no-tlsv11 no-tls-tickets


defaults
    log global
    unique-id-format %{+X}o\ %ci:%cp_%fi:%fp_%Ts_%rt:%pid
    unique-id-header X-Edge-Request-ID
    option httplog

    timeout connect    3s
    timeout client    10s
    timeout server    10m
    errorfile 400 /etc/easyhaproxy/haproxy/errors-custom/400.http
    errorfile 403 /etc/easyhaproxy/haproxy/errors-custom/403.http
    errorfile 408 /etc/easyhaproxy/haproxy/errors-custom/408.http
    errorfile 500 /etc/easyhaproxy/haproxy/errors-custom/500.http
    errorfile 502 /etc/easyhaproxy/haproxy/errors-custom/502.http
    errorfile 503 /etc/easyhaproxy/haproxy/errors-custom/503.http
    errorfile 504 /etc/easyhaproxy/haproxy/errors-custom/504.http


frontend stats
    bind *:1936
    mode http
    http-request use-service prometheus-exporter if { path /metrics }
    stats enable
    stats hide-version
    stats realm Haproxy\ Statistics
    stats uri /
    stats auth admin:test123
    default_backend srv_stats

backend srv_stats
    mode http
    server Local 127.0.0.1:1936

frontend http_in_443
    bind *:443  ssl crt /etc/easyhaproxy/certs/certbot/ alpn h2,http/1.1 crt /etc/easyhaproxy/certs/haproxy/ alpn h2,http/1.1
    mode http

    acl is_rule_host1_com_br_443_1 hdr(host) -i host1.com.br
    acl is_rule_host1_com_br_443_2 hdr(host) -i host1.com.br:443
    use_backend srv_host1_com_br_443 if is_rule_host1_com_br_443_1 OR is_rule_host1_com_br_443_2

backend srv_host1_com_br_443
    balance roundrobin
    mode http
    option forwardfor
    http-request set-header X-Forwarded-Port %[dst_port]
    http-request add-header X-Forwarded-Proto https if { ssl_fc }
    http-request set-header X-Forwarded-Host %[req.hdr(Host)]
    http-request set-header X-Request-ID %[uuid()]
    server srv-0 container:5000 check weight 1

frontend http_in_80
    bind *:80
    mode http
    redirect prefix http://host1.com.br code 301 if { hdr(host) -i www.host1.com.br }

    acl is_rule_host1_com_br_80_1 hdr(host) -i host1.com.br
    acl is_rule_host1_com_br_80_2 hdr(host) -i host1.com.br:80
    acl is_certbot_host1_com_br_80 path_beg /.well-known/acme-challenge/
    use_backend certbot_backend if is_certbot_host1_com_br_80 is_rule_host1_com_br_80_1 OR is_certbot_host1_com_br_80 is_rule_host1_com_br_80_2
    use_backend srv_host1_com_br_80 if is_rule_host1_com_br_80_1 OR is_rule_host1_com_br_80_2

    acl is_rule_host2_com_br_80_1 hdr(host) -i host2.com.br
    acl is_rule_host2_com_br_80_2 hdr(host) -i host2.com.br:80
    use_backend srv_host2_com_br_80 if is_rule_host2_com_br_80_1 OR is_rule_host2_com_br_80_2

backend srv_host1_com_br_80
    balance roundrobin
    mode http
    option forwardfor
    http-request set-header X-Forwarded-Port %[dst_port]
    http-request add-header X-Forwarded-Proto https if { ssl_fc }
    http-request set-header X-Forwarded-Host %[req.hdr(Host)]
    http-request set-header X-Request-ID %[uuid()]
    server srv-0 container:5000 check weight 1
backend srv_host2_com_br_80
    balance roundrobin
    mode http
    option forwardfor
    http-request set-header X-Forwarded-Port %[dst_port]
    http-request add-header X-Forwarded-Proto https if { ssl_fc }
    http-request set-header X-Forwarded-Host %[req.hdr(Host)]
    http-request set-header X-Request-ID %[uuid()]
    server srv-0 other:3000 check weight 1

frontend http_in_8080
    bind *:8080
    mode http

    acl is_rule_host3_com_br_8080_1 hdr(host) -i host3.com.br
    acl is_rule_host3_com_br_8080_2 hdr(host) -i host3.com.br:8080
    use_backend srv_host3_com_br_8080 if is_rule_host3_com_br_8080_1 OR is_rule_host3_com_br_8080_2

backend srv_host3_com_br_8080
    balance roundrobin
    mode http
    option forwardfor
    http-request set-header X-Forwarded-Port %[dst_port]
    http-request add-header X-Forwarded-Proto https if { ssl_fc }
    http-request set-header X-Forwarded-Host %[req.hdr(Host)]
    http-request set-header X-Request-ID %[uuid()]
    server srv-0 domain:8181 check weight 1

backend certbot_backend
    mode http
    server certbot 127.0.0.1:2080
