net-ops/lb-common/overlay/opt/frontend/config/edusign/haproxy.j2

{% extends 'common/haproxy_base.j2' %}

{% from "common/haproxy_macros.j2" import bind_ip_tls, web_security_options, acme_challenge, csp %}

{% block frontend %}
frontend {{ site_name }}
    {{ bind_ip_tls(bind_ips, 443, tls_certificate_bundle) }}


    timeout http-request 10s
    timeout http-keep-alive 4s
    option forwardfor
    http-request set-header X-Forwarded-Proto https
    option forwardfor header X-Real-IP
    http-request set-header X-Real-IP %[src]

    {{ web_security_options(['no_cache', 'block_xss', 'hsts', 'no_sniff']) }}

    {{ acme_challenge(letsencrypt_server) }}

    ## acl user_eudsign hdr(user-agent) -i edusign
    ## http-request redirect location https://www.sunet.se/maintenance/edusign/ if ! user_eudsign

    use_backend {{ site_name }}__default
{% endblock frontend %}