global
  log /dev/log	local0
  log /dev/log	local1 notice
  chroot /var/lib/haproxy
  stats socket /run/haproxy/admin.sock mode 660 level admin
  stats timeout 30s
  user haproxy
  group haproxy
  daemon
  maxconn 10000

defaults
  log	global
  mode	http
  option	httplog
  option	dontlognull
  errorfile 400 /etc/haproxy/errors/400.http
  errorfile 403 /etc/haproxy/errors/403.http
  errorfile 408 /etc/haproxy/errors/408.http
  errorfile 500 /etc/haproxy/errors/500.http
  errorfile 502 /etc/haproxy/errors/502.http
  errorfile 503 /etc/haproxy/errors/503.http
  errorfile 504 /etc/haproxy/errors/504.http

listen https
  bind *:443
  mode tcp
  timeout http-request 60s
  timeout connect 10s
  timeout client  10s
  timeout server  10s
  server default {{ wireguard.clients.intersect.ip }}:443 send-proxy

listen http
  bind *:80
  stats enable
  stats show-node
  stats uri /haproxy
  stats auth stats:{{ haproxy.stats_pass }}
  timeout http-request 60s
  timeout connect 10s
  timeout client  10s
  timeout server  10s
  server default {{ wireguard.clients.intersect.ip }}:80 check

{% for port in haproxy.exposed_ports %}

listen expose_{{ port }}
  bind *:{{ port }}
  mode tcp
  server default {{ wireguard.clients.intersect.ip }}:{{ port }}

{% endfor %}