defaults
    option  dontlognull
    timeout connect {{ defaults.timeout.connect }}
    timeout client {{ defaults.timeout.client }}
    timeout server {{ defaults.timeout.server }}
    {% if dns %}default-server init-addr none{% endif %}

{% if dns %}
resolvers docker
    nameserver dns "{{ dns.tcp.addr }}:{{ dns.tcp.port }}"
{% endif %}

{% if ssl_apps|length %}
frontend http_ssl_proxy
    bind 0.0.0.0:443

    mode tcp
    tcp-request inspect-delay 5s
    tcp-request content accept if { req_ssl_hello_type 1 }

    {% for app in ssl_apps %}
    {% for domain in app.domains %}
    acl is_ssl_{{ app.name | replace(' ', '_') }} req_ssl_sni -i {% if domain.regex %}-m reg {% endif %}{{ domain.name }}
    {% endfor %}
    use_backend backend_{{ app.name | replace(' ', '_') }}_cluster if is_ssl_{{ app.name | replace(' ', '_') }}
    {% endfor %}

    {% for app in ssl_apps %}
    backend {{ app.backend.name | replace(' ', '_') }}_cluster
        mode tcp
        {% if app.backend.defaults %}
        # defaults
        {{ app.backend.defaults }}
        {% endif %}
        # maximum SSL session ID length is 32 bytes.
        stick-table type binary len 32 size 30k expire 30m

        acl clienthello req_ssl_hello_type 1
        acl serverhello rep_ssl_hello_type 2

        # use tcp content accepts to detects ssl client and server hello.
        tcp-request inspect-delay 5s
        tcp-request content accept if clienthello

        # no timeout on response inspect delay by default.
        tcp-response content accept if serverhello

        stick on payload_lv(43,1) if clienthello

        # Learn on response if server hello.
        stick store-response payload_lv(43,1) if serverhello

        option ssl-hello-chk

        {% if app.backend.port %}
        {% if app.send_proxy %}
        server {{ app.backend.name | replace(' ', '_') }} {{ app.backend.ip }}:{{ app.backend.port }} send-proxy check {% if dns %}resolvers docker resolve-prefer ipv4{% endif %}
        {% else %}
        server {{ app.backend.name | replace(' ', '_') }} {{ app.backend.ip }}:{{ app.backend.port }} check {% if dns %}resolvers docker resolve-prefer ipv4{% endif %}
        {% endif %}
        {% endif %}

    {% endfor %}
{% endif %}

frontend http_proxy
    bind 0.0.0.0:80

    mode   http
    option httpclose
    option forwardfor

    {% for app in apps %}
    {% for domain in app.domains %}
    acl is_{{ app.name | replace(' ', '_') }} hdr{% if domain.regex %}_reg{% endif %}(host) -i {{ domain.name }}
    {% endfor %}
    use_backend backend_{{ app.name | replace(' ', '_') }}_cluster if is_{{ app.name | replace(' ', '_') }}
    {% endfor %}

    {% for app in apps %}
    backend {{ app.backend.name | replace(' ', '_') }}_cluster
        mode http
        {% if app.backend.defaults %}
        # defaults
        {{ app.backend.defaults }}
        {% endif %}
        {% if app.backend.port %}
        {% if app.send_proxy %}
        server {{ app.backend.name | replace(' ', '_') }} {{ app.backend.ip }}:{{ app.backend.port }} check send-proxy {% if dns %}resolvers docker resolve-prefer ipv4{% endif %}
        {% else %}
        server {{ app.backend.name | replace(' ', '_') }} {{ app.backend.ip }}:{{ app.backend.port }} check {% if dns %}resolvers docker resolve-prefer ipv4{% endif %}
        {% endif %}
        {% endif %}

    {% endfor %}