global
    daemon
    maxconn 1024
    log 127.0.0.1 local0
    stats timeout 30s

defaults
    timeout connect 5s
    timeout client 30s
    timeout server 30s
    log global

    option forwardfor
    option http-server-close

    default-server init-addr last,none resolvers dns

resolvers dns
    parse-resolv-conf

## FRONTENDS ##

# haproxy stuff
frontend http_management
    bind *:8080
    mode http

    # redirects /status to haproxy monitor
    monitor-uri /status

    # redirects /stats to stats backend
    acl prefixed-with-stats path_beg -i /stats
    use_backend haproxy_stats if prefixed-with-stats

    # redirects /metrics to metrics backend
    acl prefixed-with-metrics path_beg -i /metrics
    use_backend haproxy_metrics if prefixed-with-metrics

frontend http_in
    bind *:80
    mode http

    http-request redirect scheme https code 302

frontend https_in
    # backend is assumed to be http, perform ssl termination here
    bind *:443 ssl crt /etc/letsencrypt/live/{{ letsencrypt.domains[0] }}/{{ letsencrypt.domains[0] }}.pem
    # mode tcp

    # request is ssl
    # tcp-request inspect-delay 5s
    # tcp-request content accept if { req.ssl_hello_type 1  }

{% for route in https_routing %}
    # use_backend https_{{ route.src[0]|replace('.','_') }} if { req.ssl_sni -i {% for src in route.src %}{{ src }} {% endfor %}}
    use_backend https_{{ route.src[0]|replace('.','_') }} if { hdr_end(host) -i {% for src in route.src %}{{ src }} {% endfor %}}
{% endfor %}

## BACKENDS ##

backend haproxy_stats
    mode http
    stats uri /stats
    stats enable
    stats refresh 10s
    stats auth admin:admin

backend haproxy_metrics
    mode http
    http-request use-service prometheus-exporter

{% for route in https_routing %}
backend https_{{ route.src[0]|replace('.','_') }}
    # mode tcp
    balance roundrobin
{% for dst in route.dst %}
    # server {{ dst }} {{ dst }}{% if ':' not in dst %}:443{% endif %} check
    server {{ dst }} {{ dst }}{% if ':' not in dst %}:80{% endif %} check
{% endfor %}
{% endfor %}