added proxy.eidas.swedenconnect.se to the frontends

fe-common/overlay/etc/hiera/data/group.yaml

@@ -92,6 +92,32 @@ sunet_frontend:
         letsencrypt_server: 'acme-c.sunet.se'
         haproxy_imagetag: 'staging'
 
+      'proxy':
+        site_name: 'proxy.eidas.swedenconnect.se'
+        frontends:
+          'fe-fre-3.komreg.net':
+            ips: ['94.176.226.18', '2001:6b0:65:1::18']
+          'fe-tug-3.komreg.net':
+            ips: ['94.176.226.19', '2001:6b0:65:1::19']
+        backends:
+          default:
+            'eidas-proxy-1.sveidas.se':
+              ips: ['94.176.224.140']
+              server_args: 'ssl check verify none cookie p1'
+            'eidas-proxy-2.sveidas.se':
+              ips: ['94.176.224.12']
+              server_args: 'ssl check verify none cookie p2'
+            'eidas-proxy-3.sveidas.se':
+              ips: ['94.176.224.141']
+              server_args: 'ssl check verify none cookie p3'
+            'eidas-proxy-4.sveidas.se':
+              ips: ['94.176.224.13']
+              server_args: 'ssl check verify none cookie p4'
+        allow_ports:
+          - 443
+        letsencrypt_server: 'acme-c.sunet.se'
+        haproxy_imagetag: 'staging'
+
       'md':
         site_name: 'md.swedenconnect.se'
         frontends:

fe-common/overlay/opt/frontend/config/proxy/haproxy.j2

@@ -0,0 +1,22 @@
+{% extends 'common/haproxy_base.j2' %}
+
+{% from "common/haproxy_macros.j2" import bind_ip_tls, web_security_options, acme_challenge, csp %}
+
+{% block frontend %}
+frontend {{ site_name }}
+    {{ bind_ip_tls(bind_ips, 443, tls_certificate_bundle) }}
+
+    stats enable
+    timeout http-request 10s
+    timeout http-keep-alive 4s
+    option forwardfor
+    http-request set-header X-Forwarded-Proto https
+
+    {{ web_security_options(['no_frames', 'block_xss', 'hsts', 'no_sniff']) }}
+
+    {{ acme_challenge(letsencrypt_server) }}
+
+    use_backend {{ site_name }}__default
+
+{% endblock frontend %}
+