# Ansible managed

    

frontend rabbitmq_mgmt-front-1
    bind 172.29.236.101:15671 ssl crt /etc/haproxy/ssl/haproxy_aio1-172.29.236.101.pem alpn h2,http/1.1
    option httplog
    option forwardfor except 127.0.0.0/8
    acl allow_list src 127.0.0.1/8 192.168.0.0/16 172.16.0.0/12 10.0.0.0/8
    tcp-request content accept if allow_list
    tcp-request content reject
    http-request add-header X-Forwarded-Proto https
    mode http
    default_backend rabbitmq_mgmt-back


backend rabbitmq_mgmt-back
    mode http
    balance leastconn
    stick-table  type ipv6  size 256k  expire 10s  store http_err_rate(10s)
    http-request track-sc0 src
    http-request deny deny_status 429 if { sc_http_err_rate(0) gt 20 } !{ src 192.168.0.0/16 } !{ src 172.16.0.0/12 } !{ src 10.0.0.0/8 }
    option forwardfor
    option httpchk
    http-check send hdr User-Agent "osa-haproxy-healthcheck" meth HEAD


    server aio1-rabbit-mq-container-a85e173f 172.29.238.154:15671 check port 15671 inter 12000 rise 3 fall 3 ssl check-ssl verify none