diff --git a/lb-test-common/overlay/etc/hiera/data/group.yaml b/lb-test-common/overlay/etc/hiera/data/group.yaml
index c0927c8..8a7241f 100644
--- a/lb-test-common/overlay/etc/hiera/data/group.yaml
+++ b/lb-test-common/overlay/etc/hiera/data/group.yaml
@@ -40,6 +40,28 @@ sunet_frontend:
         haproxy_imagetag: '20230228-stable'
         frontendtools_imagetag: '20230228'
 
+      'authtest':
+        haproxy_volumes:
+          - "/etc/ssl/certs/infra.crt:/etc/ssl/certs/infra.crt:ro"
+          - "/etc/ssl/private/infra_haproxy.crt:/etc/ssl/private/infra_haproxy.crt:ro"
+        site_name: 'auth-test.sunet.se'
+        frontends:
+          'lb-test-tug-1.sunet.se':
+            ips: ['37.156.192.64', '2001:6b0:60:c0::64']
+          'lb-test-sthb-1.sunet.se':
+            ips: ['37.156.192.65', '2001:6b0:60:c0::65']
+        backends:
+          default:
+            'auth-test-1.sunet.se':
+              ips: ['89.47.185.11']
+              server_args: 'ssl  alpn h2  crt /etc/ssl/private/infra_haproxy.crt  verify required  ca-file /etc/ssl/certs/infra.crt  check check-alpn http/1.1'
+        allow_ports:
+          - 443
+          - 80
+        letsencrypt_server: 'acme-c.sunet.se'
+        haproxy_imagetag: '20230228-stable'
+        frontendtools_imagetag: '20230228'
+
 #      'edusealapit':
 #        site_name: 'test-api.eduseal.sunet.se'
 #        frontends:
diff --git a/lb-test-common/overlay/opt/frontend/config/authtest/haproxy.j2 b/lb-test-common/overlay/opt/frontend/config/authtest/haproxy.j2
new file mode 100644
index 0000000..ae036af
--- /dev/null
+++ b/lb-test-common/overlay/opt/frontend/config/authtest/haproxy.j2
@@ -0,0 +1,39 @@
+{% extends 'common/haproxy_base.j2' %}
+
+{% from "common/haproxy_macros.j2" import bind_ip_tls, web_security_options, acme_challenge, csp %}
+
+{%- macro bind_ip_tls_extra(bind_ips, port, tls_cert, extra) -%}
+{%- for ip in bind_ips %}
+    bind {{ ip }}:{{ port }} ssl crt {{ tls_cert }}  {{ extra }}
+{%- endfor %}
+{%- endmacro %}
+
+{% block frontend %}
+frontend {{ site_name }}
+    {{ bind_ip_tls_extra(bind_ips, 443, tls_certificate_bundle, "verify optional  crt-ignore-err all  ca-file /etc/ssl/certs/ca-certificates.crt") }}
+
+
+    timeout http-request 10s
+    timeout http-keep-alive 4s
+    option forwardfor
+    http-request set-header X-Forwarded-Proto https
+    http-request set-header client-cert %{+Q}[ssl_c_der,base64]
+
+    {{ web_security_options(['no_frames', 'block_xss', 'hsts', 'no_sniff', 'no_cache']) }}
+
+
+    {{ acme_challenge(letsencrypt_server) }}
+
+    use_backend {{ site_name }}__default
+{% endblock frontend %}
+
+{% block backend %}
+{{ output_backends(backends,
+        config=['option httpchk GET /status/healthy HTTP/1.1',
+        'http-check expect string STATUS_OK',
+        'http-check send-state',
+        'http-check disable-on-404',
+        ],
+    )
+}}
+{% endblock backend %}