global
	balance roundrobin

frontend http
	bind :80
	bind :443 ssl crt /etc/haproxy/cert.pem
	option forwardfor

	# XXX: To test configuration
	#http-request set-header Host domain.local

	# Set environment

	http-request set-var(req.backend)     req.hdr(host),map_str(/etc/haproxy/maps/host.map)
	http-request set-var(req.backend)     base,map_beg(/etc/haproxy/maps/base.map)
	http-request set-var(req.acl)         src,map_ip(/etc/haproxy/maps/acl.map)
	http-request set-var(req.zone)        var(req.backend),map_str(/etc/haproxy/maps/zone.map)
	http-request set-var(req.aclZone)     var(req.acl),concat(/,req.zone)

	# XXX: Debugging
	#log-format "%[var(txn.test)]"

	# ACL check

	acl allow var(req.aclZone) -f /etc/haproxy/maps/access.map
	http-request deny if !allow

	# HTTPS redirect

	acl https var(req.backend) -f /etc/haproxy/maps/https.map
	http-request add-header X-Forwarded-Proto https if { ssl_fc }
	redirect scheme https if !{ ssl_fc } https

	# Backend

	default_backend not-found
	use_backend %[var(req.backend)]

# Auto-generated backends

{{#each services}}
{{#if isTcp}}
backend {{name}}
	{{#each ../nodes}}
	{{#if isWorker}}
	server {{name}}:{{../port}} {{address}}:{{../port}} check
	{{/if}}
	{{/each}}
{{/if}}
{{/each}}