global

maxconn 100
log 127.0.0.1:514 local2

defaults
log global
option httplog
mode tcp
retries 2
timeout client 30m
timeout connect 4s
timeout server 30m
timeout check 5s

listen stats
mode http
bind *:7000
stats enable
stats uri /

frontend httpqnms
bind *:80
mode http
redirect scheme https code 301 if !{ ssl_fc }

frontend qnms
bind *:443 ssl crt /etc/ssl/certs/haproxy.pem verify optional ca-file
/etc/ssl/certs/ca.pem
#crt-ignore-err all
mode http
http-request set-header X-SSL-Client-Verify %[ssl_c_verify]
http-request set-header X-SSL-Client-DN %{+Q}[ssl_c_s_dn]
http-request set-header X-SSL-Client-CN %{+Q}[ssl_c_s_dn(cn)]
option logasap

acl is_root path -i /

redirect code 301 location https://10.16.0.101/webnms if is_root

acl webnms path_beg /webnms

use_backend webnms-backend if webnms

acl api-version path /api-version

use_backend api-version-backend if api-version

acl v1 path_reg ^/[0-9]+\.[0-9]+/

use_backend v1-backend if v1

acl arc path_beg /arc /satoss

use_backend arc-backend if arc

acl sri path_beg /sri /oss

use_backend sri-backend if sri

acl iphosync path_beg /ipho

use_backend iphosync-backend if iphosync

default_backend web-backend

backend webnms-backend
 mode http
balance roundrobin
http-send-name-header Host
#http-request set-header Host webkube1:30443 if { hdr(host) -i qnms }
#http-request replace-header Host .* webkube1
http-request set-header X-Client-IP %[src]
server webkube1:30443 webkube1:30443 ssl verify none check
server webkube2:30443 webkube2:30443 ssl verify none check
server webkube3:30443 webkube3:30443 ssl verify none check

backend api-version-backend
mode http
balance roundrobin
http-send-name-header Host
server kube1:30443 kube1:30443 ssl verify none check
server kube2:30443 kube2:30443 ssl verify none check
server kube3:30443 kube3:30443 ssl verify none check

backend v1-backend
mode http
balance roundrobin
#http-request set-header Host kube1:30443 if { hdr(host) -i qnms }
http-send-name-header Host
server kube1:30443 kube1:30443 ssl verify none check
server kube2:30443 kube2:30443 ssl verify none check
server kube3:30443 kube3:30443 ssl verify none check

backend arc-backend
mode http
balance roundrobin
#http-request set-header Host kube1:30443 if { hdr(host) -i qnms }
http-request set-path "%[path,regsub(^/arc/|/satoss/,/)]"
http-send-name-header Host
server kube1:30443 kube1:30443 ssl verify none check
server kube2:30443 kube2:30443 ssl verify none check
server kube3:30443 kube3:30443 ssl verify none check

backend sri-backend
mode http
balance roundrobin
http-request set-path "%[path,regsub(^/sri/|/oss/,/)]"
http-send-name-header Host
server srikube1:30443 srikube1:30443 ssl verify none check
server srikube2:30443 srikube2:30443 ssl verify none check
server srikube3:30443 srikube3:30443 ssl verify none check

backend web-backend
mode http
balance roundrobin
http-send-name-header Host
server webkube1:30443 webkube1:30443 ssl verify none check
server webkube2:30443 webkube2:30443 ssl verify none check
server webkube3:30443 webkube3:30443 ssl verify none check

backend iphosync-backend
mode http
balance roundrobin
http-send-name-header Host
server iphosynckube1:30443 iphosynckube1:30443 ssl verify none check
server iphosynckube2:30443 iphosynckube2:30443 ssl verify none check
server iphosynckube3:30443 iphosynckube3:30443 ssl verify none check