#---------------------------------------------------------------------
# Example configuration for a possible web application.  See the
# full configuration options online.
#
#   https://www.haproxy.org/download/1.8/doc/configuration.txt
#
#---------------------------------------------------------------------

#---------------------------------------------------------------------
# Global settings
#---------------------------------------------------------------------
global
    # to have these messages end up in /var/log/haproxy.log you will
    # need to:
    #
    # 1) configure syslog to accept network log events.  This is done
    #    by adding the '-r' option to the SYSLOGD_OPTIONS in
    #    /etc/sysconfig/syslog
    #
    # 2) configure local2 events to go to the /var/log/haproxy.log
    #   file. A line like the following can be added to
    #   /etc/sysconfig/syslog
    #
    #    local2.*                       /var/log/haproxy.log
    #
    log         127.0.0.1 local2

    chroot      /var/lib/haproxy
    pidfile     /var/run/haproxy.pid
    maxconn     2048
    user        haproxy
    group       haproxy
    daemon

    # configure the maximum size of temporary DHE keys that are generated
    tune.ssl.default-dh-param 2048

    # turn on stats unix socket
    stats socket /var/lib/haproxy/stats

    # utilize system-wide crypto-policies
    ssl-default-bind-ciphers PROFILE=SYSTEM
    ssl-default-server-ciphers PROFILE=SYSTEM

#---------------------------------------------------------------------
# common defaults that all the 'listen' and 'backend' sections will
# use if not designated in their block
#---------------------------------------------------------------------

defaults
    mode                    http
    log                     global
    option                  httplog
    option                  dontlognull
    option http-server-close
    option forwardfor       except 127.0.0.0/8
    option                  redispatch
    retries                 3
    timeout http-request    10s
    timeout queue           1m
    timeout connect         10s
    timeout client          1m
    timeout server          1m
    timeout http-keep-alive 10s
    timeout check           10s
    maxconn                 2048

frontend apexaltruism
    bind *:80
    bind *:443 ssl crt /etc/haproxy/cert/apexaltruism.net.pem
    # READ https://serversforhackers.com/c/letsencrypt-with-haproxy
    # READ https://www.digitalocean.com/community/tutorials/how-to-secure-haproxy-with-let-s-encrypt-on-ubuntu-14-04
    # READ WILDCARD https://serverfault.com/a/812038
    # UNEXPLAINED 503 https://serverfault.com/a/1016614
    # LOAD BALANCING MULTIPLE DOMAINS https://medium.com/trabe/multiple-ssl-configurations-in-the-same-ip-port-with-haproxy-349c7dc9a170
    http-request set-header X-Forwarded-Proto https
    redirect scheme https code 301 if !{ ssl_fc }
    # [PATH] CHAT
    # use_backend back_chat if { path /chat } || { path_beg /chat/ }
    # [PATH] JUMP
    # use_backend back_jump if { path /jump } || { path_beg /jump/ }
    # [PATH] DASH
    # use_backend back_dash if { path /dash } || { path_beg /dash/ }
    # [PATH] DOWNLOAD
    # use_backend back_download if { path /download } || { path_beg /download/ }
    # [PATH] EXPLORER
    # use_backend back_explorer if { path /explorer } || { path_beg /explorer/ }
    # [FRNT] ROOT
    acl sbdm_root hdr(host) -i apexaltruism.net
    use_backend back_root if sbdm_root
    # [FRNT] CHAT
    acl sbdm_chat hdr(host) -i chat.apexaltruism.net
    use_backend back_chat if sbdm_chat
    # [FRNT] DASH
    acl sbdm_dash hdr(host) -i dash.apexaltruism.net
    use_backend back_dash if sbdm_dash
    # [FRNT] DOWNLOAD
    acl sbdm_download hdr(host) -i download.apexaltruism.net
    use_backend back_download if sbdm_download
    # [FRNT] EXPLORER
    acl sbdm_explorer hdr(host) -i explorer.apexaltruism.net
    use_backend back_explorer if sbdm_explorer
    # [FRNT] JUMP
    acl sbdm_jump hdr(host) -i jump.apexaltruism.net
    use_backend back_jump if sbdm_jump
    # [FRNT] PLAY
    # acl sbdm_play hdr(host) -i play.apexaltruism.net
    # use_backend back_play if sbdm_play
    # [FRNT] STREAM
    acl sbdm_stream hdr(host) -i stream.apexaltruism.net
    use_backend back_stream if sbdm_stream
    # [FRNT] STREAM-BACK
    acl sbdm_stream_back hdr(host) -i stream-back.apexaltruism.net
    use_backend back_stream_back if sbdm_stream_back
    # [FRNT] STREAM-PASS
    acl sbdm_stream_pass hdr(host) -i stream-pass.apexaltruism.net
    use_backend back_stream_pass if sbdm_stream_pass
    # [FRNT] COCKPIT
    acl sbdm_cockpit hdr(host) -i cockpit-gridhead-main.apexaltruism.net
    use_backend back_cockpit if sbdm_cockpit

# [BACK] CHAT
backend back_chat
    # http-request replace-path /chat(/)?(.*) /\2
    server back_chat 127.0.0.1:9898

backend back_cockpit
    server back_cockpit 129.154.253.197:9090

# [BACK] DASH
backend back_dash
    # http-request replace-path /dash(/)?(.*) /\2
    server back_dash 127.0.0.1:9000

# [BACK] DOWNLOAD
backend back_download
    # http-request replace-path /download(/)?(.*) /\2
    server back_download 127.0.0.1:8112

# [BACK] EXPLORER
backend back_explorer
    # http-request replace-path /explorer(/)?(.*) /\2
    server back_download 192.168.192.111:3000

# [BACK] JUMP
backend back_jump
    # http-request replace-path /jump(/)?(.*) /\2
    server back_jump 192.168.192.111:5005

# [BACK] PLAY
# backend back_play
    # server back_play 192.168.192.111:32400

# [BACK] STREAM
backend back_stream
    server back_stream 192.168.192.111:6969

# [BACK] STREAM BACK
backend back_stream_back
    server back_stream_back 192.168.192.111:4200

# [BACK] STREAM BACK
backend back_stream_pass
    server back_stream_pass 192.168.192.111:4000

# [BACK] ROOT
backend back_root
    server back_root 127.0.0.1:2368

# [FULL] BADGESDB-MAIN

frontend frnt_badgesdb_main
    mode tcp
    bind *:5432 transparent crt /etc/haproxy/cert/apexaltruism.net.pem
    acl sbdm_badgesdb_main req.ssl_sni -i badgesdb-main.apexaltruism.net
    use_backend back_badgesdb_main if sbdm_badgesdb_main
    default_backend back_badgesdb_main

backend back_badgesdb_main
    mode tcp
    server back_badgesdb_main 192.168.192.112:5432

# [FULL] DISK

frontend frnt_disk
    mode tcp
    bind *:445 transparent crt /etc/haproxy/cert/apexaltruism.net.pem
    # Check outgoing port support by running `curl portquiz.net:445  --connect-timeout 60`
    # Added support for PORT 4450 as PORT 445 is blocked on Jio Fiber and Jio Mobile Carrier
    bind *:4450 transparent crt /etc/haproxy/cert/apexaltruism.net.pem
    acl sbdm_disk req.ssl_sni -i disk.apexaltruism.net
    use_backend back_disk if sbdm_disk
    default_backend back_disk

backend back_disk
    mode tcp
    server back_disk 192.168.192.112:445

# [FULL] DOWNLOAD_SEED

# frontend frnt_download_seed
#    mode tcp
#    bind *:6881 transparent crt /etc/haproxy/cert/apexaltruism.net.pem
#    acl sbdm_download_seed req.ssl_sni -i download.apexaltruism.net
#    use_backend back_download_seed if sbdm_download_seed
#    default_backend back_download_seed
#
# backend back_download_seed
#    mode tcp
#    server back_disk 192.168.192.111:6881