global
    log stdout format raw local0

    # turn on stats unix socket
    stats socket /var/lib/haproxy/stats

resolvers mydns
  parse-resolv-conf
  timeout retry   1s
  hold valid 30s
  hold nx 3s
  hold other 3s
  hold obsolete 0s
  accepted_payload_size 8192

defaults
    retries                 3
    log global
    timeout http-request    10s
    timeout queue           1m
    timeout connect         10s
    timeout client          1m
    timeout server          1m
    timeout http-keep-alive 10s
    timeout check           10s

frontend f_http
    bind ipv6@:80
    mode http

    http-request do-resolve(txn.myip,mydns,ipv6) hdr(Host),lower

    # if DNS resolving did not work
    # use_backend b_503 unless { var(txn.myip) -m found }

    default_backend      b_http

backend b_http
    mode http
    http-request deny unless { hdr(host) -i c2.k8s.ooo }
    http-request set-dst var(txn.myip)
    server http ipv6@*

# # HTTPs
frontend f_https
    bind ipv6@:443
    mode tcp

    tcp-request inspect-delay 5s
    tcp-request content accept if { req_ssl_hello_type 1 }
    tcp-request deny unless { req_ssl_sni -i k8s.ooo }
    tcp-request content do-resolve(txn.myip,mydns,ipv6) req_ssl_sni,lower

    default_backend b_https

backend b_https
    mode tcp

    tcp-request content set-dst var(txn.myip)
    server tcp_https ipv6@*

#    tcp-request connection deny unless { hdr(host) -i c2.k8s.ooo }
#    use_backend b_503 unless { var(txn.myip) -m found }