# /etc/haproxy/haproxy.cfg

frontend FE-application
  mode http
  timeout client 5s
  timeout connect 5s
  timeout server 5s
  bind :80
  # ssl offloading on port 8443 using a certificate from /etc/haproxy/ssl/
  bind :8443 ssl crt /etc/techaro/pki/haproxy-simple.test.pem alpn h2,http/1.1 ssl-min-ver TLSv1.2 no-tls-tickets

  # set X-Real-IP header required for Anubis
  http-request set-header X-Real-IP "%[src]"

  # redirect HTTP to HTTPS
  http-request redirect scheme https code 301 unless { ssl_fc }
  # add HSTS header
  http-response set-header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload"

  # route to Anubis backend by default
  default_backend BE-anubis-application

backend BE-anubis-application
  mode http
  timeout connect 5s
  timeout server 5s
  server anubis /shared/anubis.sock