global
#  stats socket /var/run/api.sock user haproxy group haproxy mode 660 level admin expose-fd listeners
 # log stdout format raw local0 info
  log stdout format raw local0
  crt-base /etc/ssl/certs/
  maxconn 120000

defaults
  log global
  mode http
  timeout client 2000m
  timeout connect 200s
  timeout server 2000m
  timeout http-request 2000m

frontend stats # you can call this whatever you want
  mode http
  bind *:9000       # default port, but you can pick any port
  stats enable      # turns on stats module
  stats refresh 10s # set auto-refresh rate

#Application Setup
frontend ContentSwitching
  bind *:80
 # bind *:443 ssl crt /etc/ssl/certs/cloudflare.pem
  bind *:443 ssl crt /etc/ssl/certs/origin_ca_ecc_root_new.pem crt /var/lib/acme/nayeonie.com/full.pem strict-sni
  mode  http
  option httplog

  # max-age is mandatory 
  # 16000000 seconds is a bit more than 6 months
  http-response set-header Strict-Transport-Security "max-age=16000000; includeSubDomains; preload;"

  # Front-end acess control list
  http-request return status 200 content-type text/plain lf-string "%[path,field(-1,/)].${ACCOUNT_THUMBPRINT}\n" if { path_beg '/.well-known/acme-challenge/' }

  # Front-end acess control list
  acl host_www hdr(host) -i www.alicehuston.xyz
  acl host_www hdr(host) -i alicehuston.xyz
#  acl host_ldapui hdr(host) -i authui.alicehuston.xyz
  acl host_glances hdr(host) -i monit.alicehuston.xyz
  acl host_glances hdr(host) -i glances.alicehuston.xyz
  # acl host_foundry hdr(host) -i dnd.alicehuston.xyz
#  acl host_netdata hdr(host) -i netdata.alicehuston.xyz
  #acl host_terraria hdr(host) -i terraria.alicehuston.xyz
  acl host_nextcloud hdr(host) -i nextcloud.alicehuston.xyz
  acl host_nextcloud hdr(host) -i nayeonie.com
  acl host_hydra hdr(host) -i hydra.alicehuston.xyz
  acl host_attic hdr(host) -i attic.alicehuston.xyz
  acl host_minio hdr(host) -i minio.alicehuston.xyz
  acl host_minio_console hdr(host) -i minio-console.alicehuston.xyz
  acl host_attic hdr(host) -i attic.nayeonie.com
  acl host_minio hdr(host) -i minio.nayeonie.com
  acl host_minio_console hdr(host) -i minio-console.nayeonie.com
  #acl host_nextcloud_vol hdr(host) -i nextcloud-vol.alicehuston.xyz
#  acl host_collabora hdr(host) -i collabora.alicehuston.xyz
  acl host_prometheus hdr(host) -i prom.alicehuston.xyz
  acl host_gitea hdr(host) -i git.alicehuston.xyz
  acl host_gitea hdr(host) -i nayeonie.com
  # Backend-forwarding
  use_backend www_nodes if host_www
#  use_backend ldapui_nodes if host_ldapui
  use_backend glances_nodes if host_glances
  use_backend foundry_nodes if host_foundry
#  use_backend netdata_nodes if host_netdata
 # use_backend terraria_nodes if host_terraria
  use_backend nextcloud_nodes if host_nextcloud
  use_backend hydra_nodes if host_hydra
  use_backend attic_nodes if host_attic
  #use_backend nextcloud_vol_nodes if host_nextcloud_vol
#  use_backend collabora_nodes if host_collabora
  use_backend prometheus_nodes if host_prometheus
  use_backend minio_nodes if host_minio
  use_backend minio_console_nodes if host_minio_console
  use_backend gitea_nodes if host_gitea

#frontend ldap
#  bind *:389
#  bind *:636 ssl crt /etc/ssl/certs/cloudflare.pem
#  mode tcp
#  option tcplog
#  acl host_ldap hdr(host) -i auth.alicehuston.xyz
#  use_backend ldap_nodes if host_ldap

backend nextcloud_nodes
  mode http
  server server nextcloud:80
  acl url_discovery path /.well-known/caldav /.well-known/carddav
  http-request redirect location /remote.php/dav/ code 301 if url_discovery
  acl h_xfh_exists req.hdr(X-Forwarded-Host) -m found
  http-request set-header X-Forwarded-Host %[req.hdr(host)] unless h_xfh_exists
  acl h_xfport_exists req.hdr(X-Forwarded-Port) -m found
  http-request set-header X-Forwarded-Port %[dst_port] unless h_xfport_exists
  acl h_xfproto_exists req.hdr(X-Forwarded-Proto) -m found
  http-request set-header X-Forwarded-Proto http if !{ ssl_fc } !h_xfproto_exists
  http-request set-header X-Forwarded-Proto https if { ssl_fc } !h_xfproto_exists

#backend nextcloud_nodes
#  mode http
#  server nxserver nextcloud:80
#  acl url_discovery path /.well-known/caldav /.well-known/carddav
#  http-request redirect location /remote.php/dav/ code 301 if url_discovery
#  http-request set-header X-Forwarded-Host %[req.hdr(Host)]

#backend nextcloud_vol_nodes
#  mode http
#  server server nextcloud-vol:80
#  acl url_discovery path /.well-known/caldav /.well-known/carddav
#  http-request redirect location /remote.php/dav/ code 301 if url_discovery
#  acl h_xfh_exists req.hdr(X-Forwarded-Host) -m found
#  http-request set-header X-Forwarded-Host %[req.hdr(host)] unless h_xfh_exists
#  acl h_xfport_exists req.hdr(X-Forwarded-Port) -m found
#  http-request set-header X-Forwarded-Port %[dst_port] unless h_xfport_exists
#  acl h_xfproto_exists req.hdr(X-Forwarded-Proto) -m found
#  http-request set-header X-Forwarded-Proto http if !{ ssl_fc } !h_xfproto_exists
#  http-request set-header X-Forwarded-Proto https if { ssl_fc } !h_xfproto_exists

#backend terraria_nodes
#  mode http
#  server server terraria:6526

#backend collabora_nodes
#  mode http
#  server server collabora:9980

backend www_nodes
  mode http
  server server grafana:3000

backend minio_nodes
  mode http
  server server 192.168.76.2:8500
#  acl h_xfh_exists req.hdr(X-Forwarded-Host) -m found
#  http-request set-header X-Forwarded-Host %[req.hdr(host)] unless h_xfh_exists
#  acl h_xfport_exists req.hdr(X-Forwarded-Port) -m found
#  http-request set-header X-Forwarded-Port %[dst_port] unless h_xfport_exists
#  acl h_xfproto_exists req.hdr(X-Forwarded-Proto) -m found
#  http-request set-header X-Forwarded-Proto http if !{ ssl_fc } !h_xfproto_exists
#  http-request set-header X-Forwarded-Proto https if { ssl_fc } !h_xfproto_exists

backend minio_console_nodes
  mode http
  server server 192.168.76.2:8501

# backend foundry_nodes
#   timeout tunnel 50s
#   mode http
#   server server foundryvtt:30000

#backend ldap_nodes
#  mode tcp
#  balance roundrobin
#  option ldap-check
#  server ldap1 192.168.76.2:1636 ssl ca-file /etc/ssl/certs/origin_ca_rsa_root.pem
#
#backend ldapui_nodes
#  mode http
#  server server 192.168.76.2:18081

backend glances_nodes
  mode http
  server server glances:61208

backend hydra_nodes
  mode http
  server server 192.168.76.2:3000

backend attic_nodes
  mode http
  server server 192.168.76.2:8183

backend prometheus_nodes
  mode http
  server server 192.168.76.2:9001

backend gitea_nodes
  mode http
  server server 192.168.76.2:6443

#backend netdata_nodes
#  mode http
#  server server 192.168.76.2:19999

# backend dnd_nodes
#   mode http
#   server server foundry:30000
#   acl host_www hdr(host) -i www.tmmworkshop.com

frontend giteassh
  mode tcp
  bind :2222
  default_backend giteassh_nodes

backend giteassh_nodes
   mode tcp
   server s1 192.168.76.2:2223

frontend minecraft
  mode tcp
  bind :25565
  default_backend router_nodes
  

backend router_nodes
   mode tcp
   server s1 mc-router:25565