global
    log         127.0.0.1 local2
    maxconn     4000
    daemon

defaults
    mode                    tcp
    log                     global
    retries                 3
    timeout http-request    10s
    timeout queue           1m
    timeout connect         10s
    timeout client          1m
    timeout server          1m
    timeout http-keep-alive 10s
    timeout check           10s
    maxconn                 3000

listen stats-50000
    bind :50000
    mode            http
    log             global
    maxconn 10
    timeout client  100s
    timeout server  100s
    timeout connect 100s
    stats enable
    stats hide-version
    stats refresh 30s
    stats show-node
    stats auth admin:password
    stats uri  /haproxy?stats

frontend apis-6443
    bind :6443
    mode tcp
    tcp-request inspect-delay 5s
    tcp-request content accept if { req_ssl_hello_type 1 }
    acl ACL_management req_ssl_sni -i api.management.hypershift.lab
    acl ACL_hosted req_ssl_sni -i api.hosted.hypershift.lab
    use_backend be_api_management_6443 if ACL_management
    use_backend be_api_hosted_6443 if ACL_hosted

frontend routers-http-80
    bind :80
    mode http
    acl ACL_management hdr(host) -m reg -i ^[^\.]+\.apps\.management\.hypershift\.lab
    acl ACL_hosted hdr(host) -m reg -i ^[^\.]+\.apps\.hosted\.hypershift\.lab
    use_backend be_ingress_management_80 if ACL_management
    use_backend be_ingress_hosted_80 if ACL_hosted

frontend routers-https-443
    bind :443
    mode tcp
    tcp-request inspect-delay 5s
    tcp-request content accept if { req_ssl_hello_type 1 }
    acl ACL_management req_ssl_sni -m reg -i ^[^\.]+\.apps\.management\.hypershift\.lab
    acl ACL_hosted req_ssl_sni -m reg -i ^[^\.]+\.apps\.hosted\.hypershift\.lab
    use_backend be_ingress_management_443 if ACL_management
    use_backend be_ingress_hosted_443 if ACL_hosted

backend be_api_management_6443
    mode tcp
    balance source
    option ssl-hello-chk
    server master0 192.168.125.20:6443 check inter 1s
    server master1 192.168.125.21:6443 check inter 1s
    server master2 192.168.125.22:6443 check inter 1s
    
backend be_api_hosted_6443
    mode tcp
    balance source
    option ssl-hello-chk
    server master0 192.168.125.150:6443 check inter 1s

backend be_ingress_management_80
    mode http
    balance hdr(Host)
    hash-type consistent
    option forwardfor
    http-send-name-header Host
    server master0 192.168.125.20:80 check inter 1s
    server master1 192.168.125.21:80 check inter 1s
    server master2 192.168.125.22:80 check inter 1s

backend be_ingress_management_443
    mode tcp
    balance source
    option ssl-hello-chk
    server master0 192.168.125.20:443 check inter 1s
    server master1 192.168.125.21:443 check inter 1s
    server master2 192.168.125.22:443 check inter 1s

backend be_ingress_hosted_80
    mode http
    balance hdr(Host)
    hash-type consistent
    option forwardfor
    http-send-name-header Host
    server master0 192.168.125.160:80 check inter 1s

backend be_ingress_hosted_443
    mode tcp
    balance source
    option ssl-hello-chk
    server master0 192.168.125.160:443 check inter 1s