# _md5hash=ff2097121a2f96da27405d664043310a
# _version=32
# Dataplaneapi managed File
# changing file directly can cause a conflict if dataplaneapi is running
global
chroot /var/lib/haproxy
user haproxy
group haproxy
master-worker
stats socket /var/run/haproxy.sock user haproxy group haproxy mode 660 level admin expose-fd listeners
lua-prepend-path /usr/local/etc/haproxy/http.lua
lua-load /usr/local/etc/haproxy/auth-request.lua
defaults unnamed_defaults_1
mode http
maxconn 4000
log global
option forwardfor
option tcp-smart-accept
timeout http-request 10s
timeout check 10s
timeout connect 10s
timeout client 1m
timeout queue 1m
timeout server 1m
timeout http-keep-alive 10s
retries 3
errorfile 502 /etc/haproxy/errors/502.http
errorfile 503 /etc/haproxy/errors/503.http
resolvers docker
nameserver ns1 127.0.0.11:53
hold nx 30s
hold obsolete 30s
hold other 30s
hold refused 30s
hold timeout 30s
hold valid 10s
timeout resolve 2s
timeout retry 2s
accepted_payload_size 8192
resolve_retries 5
frontend fe_http from unnamed_defaults_1
mode http
bind :80
acl letsencrypt-acl path_beg /.well-known
use_backend letsencrypt_backend if letsencrypt-acl
default_backend error_backend
frontend fe_https from unnamed_defaults_1
mode http
bind :443 ssl crt /etc/haproxy/ssl/ alpn h2,http/1.1
acl letsencrypt-acl path_beg /.well-known
acl protected-frontends hdr(Host) -m reg -i ^(?i)(example.com|minc.demo2.tanmoysrt.xyz)
http-request set-var(req.scheme) str(https) if { ssl_fc }
http-request set-var(req.scheme) str(http) if !{ ssl_fc }
http-request set-var(req.questionmark) str(?) if { query -m found }
http-request set-header X-Forwarded-Proto %[var(req.scheme)]
http-request set-header X-Forwarded-Method %[method]
http-request set-header X-Forwarded-Host %[req.hdr(Host)]
http-request set-header X-Forwarded-URI %[path]%[var(req.questionmark)]%[query]
http-request lua.auth-intercept be_authelia_9091 /api/authz/forward-auth HEAD * remote-user,remote-groups,remote-name,remote-email - if protected-frontends
http-request deny if protected-frontends !{ var(txn.auth_response_successful) -m bool } { var(txn.auth_response_code) -m int 403 }
http-request redirect location %[var(txn.auth_response_location)] if protected-frontends !{ var(txn.auth_response_successful) -m bool }
use_backend letsencrypt_backend if letsencrypt-acl
use_backend be_minc_3000 if { hdr(host) -i minc.demo2.tanmoysrt.xyz }
use_backend be_authelia_9091 if { hdr(host) -i authelia.demo2.tanmoysrt.xyz }
use_backend be_uptime-kuma_3001 if { hdr(host) -i uptime.demo2.tanmoysrt.xyz }
default_backend error_backend
backend be_authelia_9091 from unnamed_defaults_1
balance roundrobin
http-response set-header Set-Cookie %[var(req.auth_response_header.set_cookie)] if { var(req.auth_response_header.set_cookie) -m found }
server-template authelia_container- 1 authelia:9091 no-check init-addr none resolvers docker
backend be_minc_3000 from unnamed_defaults_1
balance roundrobin
http-response set-header Set-Cookie %[var(req.auth_response_header.set_cookie)] if { var(req.auth_response_header.set_cookie) -m found }
server-template minc_container- 1 minc:3000 no-check init-addr none resolvers docker
backend be_uptime-kuma_3001 from unnamed_defaults_1
balance roundrobin
http-response set-header Set-Cookie %[var(req.auth_response_header.set_cookie)] if { var(req.auth_response_header.set_cookie) -m found }
server-template uptime-kuma_container- 1 uptime-kuma:3001 no-check init-addr none resolvers docker
backend error_backend from unnamed_defaults_1
mode http
http-request deny deny_status 502
http-response set-header Set-Cookie %[var(req.auth_response_header.set_cookie)] if { var(req.auth_response_header.set_cookie) -m found }
backend letsencrypt_backend from unnamed_defaults_1
option httpchk
http-check send meth GET uri /healthcheck hdr Host "$SWIFTWAVE_SERVICE_ADDRESS"
http-check expect status 200
http-request set-header Host "$SWIFTWAVE_SERVICE_ADDRESS"
server swiftwave_service_https "$SWIFTWAVE_SERVICE_ENDPOINT" check ssl verify required ca-file /etc/ssl/certs/ca-certificates.crt check-sni "$SWIFTWAVE_SERVICE_ADDRESS" sni str("$SWIFTWAVE_SERVICE_ADDRESS")
server swiftwave_service_http "$SWIFTWAVE_SERVICE_ENDPOINT" check
program api
command /dataplaneapi.sh
no option start-on-reload