From 6a7276197155f1b19dafa2233ba1d22168a2ab40 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Erik=20Bergstro=CC=88m?= <berra@nordu.net>
Date: Mon, 4 Jun 2018 13:29:50 +0200
Subject: [PATCH] added haproxy.j2 to fe-common

---
 .../opt/frontend/config/connector/haproxy.j2  | 26 +++++++++++++++++++
 1 file changed, 26 insertions(+)
 create mode 100644 fe-common/overlay/opt/frontend/config/connector/haproxy.j2

diff --git a/fe-common/overlay/opt/frontend/config/connector/haproxy.j2 b/fe-common/overlay/opt/frontend/config/connector/haproxy.j2
new file mode 100644
index 00000000..35fb74bc
--- /dev/null
+++ b/fe-common/overlay/opt/frontend/config/connector/haproxy.j2
@@ -0,0 +1,26 @@
+{% extends 'common/haproxy_base.j2' %}
+
+{% from "common/haproxy_macros.j2" import bind_ip_tls, web_security_options, acme_challenge, csp %}
+
+{% block frontend %}
+frontend {{ site_name }}
+    {{ bind_ip_tls(bind_ips, 443, tls_certificate_bundle) }}
+
+    stats enable
+    timeout http-request 10s
+    timeout http-keep-alive 4s
+    option forwardfor
+    http-request set-header X-Forwarded-Proto https
+
+    {{ web_security_options(['no_frames', 'block_xss', 'hsts', 'no_sniff']) }}
+
+#    {{ csp(["default-src "               + [csp_ext_src]|join(' '),
+#	    "style-src 'unsafe-inline' " + [csp_ext_src]|join(' '),
+#	    ]) }}
+
+    {{ acme_challenge(letsencrypt_server) }}
+
+    use_backend {{ site_name }}__default
+
+{% endblock frontend %}
+