global
#	chroot /var/empty/
#	uid 451
#	gid 451
	log 192.168.131.214:8514 local4 debug
	maxconn 8192

defaults
	timeout connect		3500
	timeout queue		11000
	timeout tarpit		12000
	timeout client		30000
	timeout http-request	40000
	timeout http-keep-alive	5000
	timeout server		40000
	timeout check		7000

	option	contstats
	option	log-health-checks

################################
userlist customer1
	group adm users tiger,xdb
	group dev users scott,tiger
	group uat users boss,xdb,tiger
	user scott insecure-password cat
	user tiger insecure-password dog
	user xdb insecure-password hello
	user boss password $6$k6y3o.eP$JlKBx9za966ud67qe45NSQYf8Nw.XFuk8QVRevoLh1XPCQDCBPjcU2JtGBSS0MOQW2PFxHSwRv6J.C0/D7cV91

userlist customer1alt
	group adm
	group dev
	group uat
	user scott insecure-password cat groups dev
	user tiger insecure-password dog groups adm,dev,uat
	user xdb insecure-password hello groups adm,uat
	user boss password $6$k6y3o.eP$JlKBx9za966ud67qe45NSQYf8Nw.XFuk8QVRevoLh1XPCQDCBPjcU2JtGBSS0MOQW2PFxHSwRv6J.C0/D7cV91 groups uat

# Both customer1 and customer1alt userlist are functionally identical

frontend c1
	bind 127.101.128.1:8080
	log global
	mode http

	acl host_stats	hdr_beg(host) -i stats.local
	acl host_dev	hdr_beg(host) -i dev.local
	acl host_uat	hdr_beg(host) -i uat.local

	acl auth_uat	http_auth_group(customer1) uat

	# auth for host_uat checked in frontend, use realm "uat"
	http-request	auth realm uat if host_uat !auth_uat

	use_backend	c1stats if host_stats
	use_backend	c1dev	if host_dev
	use_backend	c1uat	if host_uat

backend c1uat
	mode http
	log global

	server s6 192.168.152.206:80
	server s7 192.168.152.207:80

backend c1dev
	mode http
	log global

	# require users from customer1 assigned to group dev
	acl auth_ok	http_auth_group(customer1) dev

	# auth checked in backend, use default realm (c1dev)
	http-request auth if !auth_ok

	server s6 192.168.152.206:80
	server s7 192.168.152.207:80

backend c1stats
	mode http
	log global

	# stats auth checked in backend, use default realm (Stats)
	acl nagios	src 192.168.126.31
	acl guests	src 192.168.162.0/24
	acl auth_ok	http_auth_group(customer1) adm

	stats enable
	stats refresh 60
	stats uri /
	stats scope c1
	stats scope c1stats

	# unconditionally deny guests, without checking auth or asking for a username/password
	stats http-request deny if guests

	# allow nagios without password, allow authenticated users
	stats http-request allow if nagios
	stats http-request allow if auth_ok

	# ask for a username/password
	stats http-request auth realm Stats


################################
userlist customer2
	user peter insecure-password peter
	user monica insecure-password monica

frontend c2
	bind 127.201.128.1:8080
	log global
	mode http

	acl auth_ok http_auth(customer2)
	acl host_b1 hdr(host) -i b1.local

	http-request auth unless auth_ok

	use_backend	c2b1 if host_b1
	default_backend	c2b0

backend c2b1
	mode http
	log global

	server s1 192.168.152.201:80

backend c2b0
	mode http
	log global

	server s1 192.168.152.201:80