# Ansible managed

    

frontend base-redirect-front-1
bind 104.130.253.16:80
    mode http
    redirect scheme https if !{ ssl_fc }

frontend base-front-1
    bind 104.130.253.16:443 ssl crt /etc/haproxy/ssl/haproxy_aio1-104.130.253.16.pem alpn h2,http/1.1
    option httplog
    option forwardfor except 127.0.0.0/8
    use_backend %[path,map_reg(/etc/haproxy/base_regex.map)]
    http-request add-header X-Forwarded-Proto https
    mode http
    http-response set-header Strict-Transport-Security "max-age=31536000; includeSubDomains;"
    http-response set-header X-Content-Type-Options "nosniff"
    http-response set-header Referrer-Policy "same-origin"
    http-response set-header Permissions-Policy "accelerometer=(), ambient-light-sensor=(), autoplay=(), battery=(), camera=(), cross-origin-isolated=(), display-capture=(), document-domain=(), encrypted-media=(), execution-while-not-rendered=(), execution-while-out-of-viewport=(), fullscreen=(self), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), midi=(), navigation-override=(self), payment=(), picture-in-picture=(), publickey-credentials-get=(), screen-wake-lock=(), sync-xhr=(), usb=(), web-share=(), xr-spatial-tracking=(), clipboard-read=(self), clipboard-write=(self), gamepad=(), speaker-selection=()"
    http-response set-header Content-Security-Policy " default-src 'self'; frame-ancestors 'self' ; form-action 'self'; upgrade-insecure-requests; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; child-src 'self' 104.130.253.16:6082 104.130.253.16:6080 104.130.253.16:6083; frame-src 'self' 104.130.253.16:6082 104.130.253.16:6080 104.130.253.16:6083; connect-src 'self' 104.130.253.16:* wss://104.130.253.16:6083; img-src 'self' data:; worker-src blob:; "

    

frontend base-redirect-front-2
bind 172.29.236.101:80
    mode http
    redirect scheme https if !{ ssl_fc }

frontend base-front-2
    bind 172.29.236.101:443 ssl crt /etc/haproxy/ssl/haproxy_aio1-172.29.236.101.pem alpn h2,http/1.1
    option httplog
    option forwardfor except 127.0.0.0/8
    use_backend %[path,map_reg(/etc/haproxy/base_regex.map)]
    http-request add-header X-Forwarded-Proto https
    mode http
    http-response set-header Strict-Transport-Security "max-age=31536000; includeSubDomains;"
    http-response set-header X-Content-Type-Options "nosniff"
    http-response set-header Referrer-Policy "same-origin"
    http-response set-header Permissions-Policy "accelerometer=(), ambient-light-sensor=(), autoplay=(), battery=(), camera=(), cross-origin-isolated=(), display-capture=(), document-domain=(), encrypted-media=(), execution-while-not-rendered=(), execution-while-out-of-viewport=(), fullscreen=(self), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), midi=(), navigation-override=(self), payment=(), picture-in-picture=(), publickey-credentials-get=(), screen-wake-lock=(), sync-xhr=(), usb=(), web-share=(), xr-spatial-tracking=(), clipboard-read=(self), clipboard-write=(self), gamepad=(), speaker-selection=()"
    http-response set-header Content-Security-Policy " default-src 'self'; frame-ancestors 'self' ; form-action 'self'; upgrade-insecure-requests; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; child-src 'self' 104.130.253.16:6082 104.130.253.16:6080 104.130.253.16:6083; frame-src 'self' 104.130.253.16:6082 104.130.253.16:6080 104.130.253.16:6083; connect-src 'self' 104.130.253.16:* wss://104.130.253.16:6083; img-src 'self' data:; worker-src blob:; "