# global configuration and other details omitted
# Object:
# If connections arrive on the IP (v4/v6) addresses for staticsites, then direct them to the second RGW instance, listening on port 7481.
# Otherwise direct them to the regular RGW instance listening on port 7481.

# HTTP & HTTPS configuration 
# extra-crt-list.txt is a file, with the paths to additional certificates for SNI.
# If you need overlapping hostnames in the SNI certificates see haproxy documentation for crt-list for additional help.
# One path per line, optionally followed by hostnames [not recommended].
# Each listed path must include all intermediate certificates.
# Somewhere you will want a wildcard matching *.objects-website-region.domain.com and *.objects-region.domain.com
frontend api-http
  bind ${REGULAR_IPV4}:80 transparent
  bind ${STATICSITE_IPV4}:80 transparent  
  bind ${REGULAR_IPV6}:80 transparent 
  bind ${STATICSITE_IPV6}:80 transparent
  bind ${REGULAR_IPV4}:443 transparent ssl crt ${MAIN_CRT} no-sslv3 ciphers ${CIPHERLIST} crt-list extra-crt-list.txt
  bind ${REGULAR_IPV6}:443 transparent ssl crt ${MAIN_CRT} no-sslv3 ciphers  ${CIPHERLIST} crt-list extra-crt-list.txt
  bind ${STATICSITE_IPV4}:443 transparent ssl crt ${STATICSITE_CRT} no-sslv3 ciphers ${CIPHERLIST} crt-list extra-crt-list.txt
  bind ${STATICSITE_IPV6}:443 transparent ssl crt ${STATICSITE_CRT} no-sslv3 ciphers ${CIPHERLIST} crt-list extra-crt-list.txt  
  maxconn 4000  
  default_backend radosgw-http
  option forwardfor
  reqidel ^X-Forwarded-For:.*
  option accept-invalid-http-request
  acl acl_ip4_staticsite dst ${STATICSITE_IPV4}
  acl acl_ip6_staticsite dst ${STATICSITE_IPV6}
  use_backend radosgw-http-staticsite if acl_ip4_staticsite
  use_backend radosgw-http-staticsite if acl_ip6_staticsite
  use_backend radosgw-http 
  
backend radosgw-http
  balance roundrobin
  http-check expect ! rstatus ^5
  option httpchk HEAD /
  option http-server-close
  timeout check 6000
  timeout connect 8000
  timeout http-request 4000
  http-response add-header Vary Origin if { capture.req.hdr(1) -m found }
  server RGW1 $PRIVATE_ADDR1:7480 check inter 2000 rise 2 fall 5 weight 100 maxconn 100
  server RGW2 $PRIVATE_ADDR2:7480 check inter 2000 rise 2 fall 5 weight 100 maxconn 100
  rspdel Bucket

# identical, just on port 7481,
# optional: add a Varnish caching layer here, with varnish connecting to the RGWs instead.
backend radosgw-http-staticsite
  balance roundrobin
  http-check expect ! rstatus ^5
  option httpchk HEAD /
  option http-server-close
  timeout check 6000
  timeout connect 8000
  timeout http-request 4000
  http-response add-header Vary Origin if { capture.req.hdr(1) -m found }
  server RGW1 $PRIVATE_ADDR1:7481 check inter 2000 rise 2 fall 5 weight 100 maxconn 100
  server RGW2 $PRIVATE_ADDR2:7481 check inter 2000 rise 2 fall 5 weight 100 maxconn 100
  rspdel Bucket