{% extends 'common/haproxy_base.j2' %}

{% from "common/haproxy_macros.j2" import bind_ip_tls, web_security_options, acme_challenge, csp %}

{%- macro bind_ip_tls_extra(bind_ips, port, tls_cert, extra) -%}
{%- for ip in bind_ips %}
    bind {{ ip }}:{{ port }} ssl crt {{ tls_cert }}  {{ extra }}
{%- endfor %}
{%- endmacro %}

{% block frontend_80 %}
frontend {{ site_name }}_port80
{%- for ip in bind_ips %}
    bind {{ ip }}:80
{%- endfor %}
    mode tcp 

    timeout http-request 10s
    timeout http-keep-alive 4s
    option forwardfor

    use_backend {{ site_name }}__port80
{% endblock frontend_80 %}

{% block frontend %}
frontend {{ site_name }}
{%- for ip in bind_ips %}
    bind {{ ip }}:443
{%- endfor %}
    mode tcp 

    timeout http-request 10s
    timeout http-keep-alive 4s
    option forwardfor

    {{ acme_challenge(letsencrypt_server) }}

    use_backend {{ site_name }}__default
{% endblock frontend %}