global
  maxconn 2048
  maxconnrate 40
  stats socket /run/haproxy.sock mode 600 user telegraf
  stats timeout 2m

defaults
  mode http
  retries 1
  option forwardfor
  option http-keep-alive
  option tcp-smart-connect
  option tcpka
  balance roundrobin
  compression algo gzip
  timeout http-request 10s
  timeout connect 10s
  timeout client 60s
  timeout server 240s
  timeout http-keep-alive 240s
  default-server resolvers local init-addr libc,none resolve-opts prevent-dup-ip check

  errorfile 400 /etc/haproxy/errorpages/400.http
  errorfile 403 /etc/haproxy/errorpages/403.http
  errorfile 408 /etc/haproxy/errorpages/408.http
  errorfile 500 /etc/haproxy/errorpages/500.http
  errorfile 502 /etc/haproxy/errorpages/502.http
  errorfile 503 /etc/haproxy/errorpages/503.http
  errorfile 504 /etc/haproxy/errorpages/504.http

resolvers local
  nameserver unbound 127.0.0.1:53
  resolve_retries 2
  timeout retry 300ms
  hold other           100ms
  hold refused         100ms
  hold nx              100ms
  hold timeout         3s
  hold valid           5s

listen murmur
  mode tcp
  bind ipv4@*:64738,ipv6@*:64738
  option tcp-check
  server-template murmur 1 _murmur._tcp.routinginfo.redxen.localhost

listen git-gitea
  mode tcp
  bind ipv4@*:2442,ipv6@*:2442
  option tcp-check
  server-template gitssh 1 _gitssh._tcp.routinginfo.redxen.localhost

frontend http
  mode http
  bind ipv4@:443,ipv6@:443 ssl crt /etc/ssl/redxen/letsencrypt/fullchain.crt alpn h2,http/1.1
  bind ipv4@:80,ipv6@:80

  acl root path /

  redirect prefix /web code 302 if { hdr_beg(host) -i seed } root
  use_backend backend-transmission if { hdr_beg(host) -i seed }

  use_backend backend-root if { hdr(host) -i redxen.eu }
  use_backend backend-grafana if { hdr_beg(host) -i stats }
  use_backend backend-pleroma if { hdr_beg(host) -i social }
  use_backend backend-gitea if { hdr_beg(host) -i git }
  use_backend backend-seedown if { hdr_beg(host) -i sd }

  http-response set-header X-Forwarded-Proto https
  http-response set-header X-XSS-Protection 1;\ mode=block
  http-response set-header X-Content-Type-Options nosniff
  http-response set-header Referrer-Policy no-referrer-when-downgrade
  http-response set-header Strict-Transport-Security max-age=31536000;\ includeSubDomains;\ preload

  backend backend-root
    server-template root 1 _root._tcp.routinginfo.redxen.localhost
    option httpchk HEAD / HTTP/1.1
    http-check send hdr Host redxen.eu

  backend backend-transmission
    server-template transmission 1 _transmission._tcp.routinginfo.redxen.localhost

  backend backend-grafana
    server-template grafana 1 _grafana._tcp.routinginfo.redxen.localhost
    option httpchk HEAD / HTTP/1.1
    http-check send hdr Host stats.redxen.eu

  backend backend-seedown
    server-template seedown 1 _seedown._tcp.routinginfo.redxen.localhost
    option httpchk HEAD / HTTP/1.1
    http-check send hdr Host sd.redxen.eu

  backend backend-pleroma
    server-template pleroma 1 _pleroma._tcp.routinginfo.redxen.localhost
    option httpchk HEAD / HTTP/1.1
    http-check send hdr Host social.redxen.eu

  backend backend-gitea
    server-template gitea 1 _gitea._tcp.routinginfo.redxen.localhost
    option httpchk HEAD / HTTP/1.1
    http-check send hdr Host gitea.redxen.eu