First version master
authorJean-Michel Vourgère <nirgal@debian.org>
Fri, 11 Jan 2019 14:34:17 +0000 (15:34 +0100)
committerJean-Michel Vourgère <nirgal@debian.org>
Fri, 11 Jan 2019 14:34:17 +0000 (15:34 +0100)
23 files changed:
.gitignore [new file with mode: 0644]
update-virtualhosts [new file with mode: 0755]
virtualhosts.dnsmasq/config [new file with mode: 0644]
virtualhosts.dnsmasq/hostname/local-cname/line [new file with mode: 0644]
virtualhosts.dnsmasq/hostname/local-cname/line_DEFAULT [new file with mode: 0644]
virtualhosts.haproxy/config [new file with mode: 0644]
virtualhosts.haproxy/ipv4/1-frontend-http/line [new file with mode: 0644]
virtualhosts.haproxy/ipv4/1-frontend-http/line_DEFAULT [new file with mode: 0644]
virtualhosts.haproxy/ipv4/1-frontend-http/prolog [new file with mode: 0644]
virtualhosts.haproxy/ipv4/2-frontend-https/line [new file with mode: 0644]
virtualhosts.haproxy/ipv4/2-frontend-https/line_DEFAULT [new file with mode: 0644]
virtualhosts.haproxy/ipv4/2-frontend-https/prolog [new file with mode: 0644]
virtualhosts.haproxy/ipv4/3-backend-http/destination [new file with mode: 0644]
virtualhosts.haproxy/ipv4/4-backend-https/destination [new file with mode: 0644]
virtualhosts.haproxy/ipv6/1-frontend-http/line [new file with mode: 0644]
virtualhosts.haproxy/ipv6/1-frontend-http/line_DEFAULT [new file with mode: 0644]
virtualhosts.haproxy/ipv6/1-frontend-http/prolog [new file with mode: 0644]
virtualhosts.haproxy/ipv6/2-frontend-https/line [new file with mode: 0644]
virtualhosts.haproxy/ipv6/2-frontend-https/line_DEFAULT [new file with mode: 0644]
virtualhosts.haproxy/ipv6/2-frontend-https/prolog [new file with mode: 0644]
virtualhosts.haproxy/ipv6/3-backend-http/destination [new file with mode: 0644]
virtualhosts.haproxy/ipv6/4-backend-https/destination [new file with mode: 0644]
virtualhosts.haproxy/prolog [new file with mode: 0644]

diff --git a/.gitignore b/.gitignore
new file mode 100644 (file)
index 0000000..3396de7
--- /dev/null
@@ -0,0 +1 @@
+README.local
diff --git a/update-virtualhosts b/update-virtualhosts
new file mode 100755 (executable)
index 0000000..f6610ee
--- /dev/null
@@ -0,0 +1,386 @@
+#!/bin/bash
+# update-virtualhosts Virtual hosts updater
+# (C) 2019 Nirgal Vourgère <nirgal@debian.org>
+# GPL-3
+
+DIRS=()
+VERBOSE=1  # 0=only_warnings 1=notice 2=debug
+COMMANDLINE="$0 $@"
+OUTPUT=""
+
+parsearg() {
+       _OPT="${1%=?*}"
+       _VAL="${1#?*=}"
+}
+
+usage() {
+       #echo $'\n' $@ $'\n'
+       echo "Usage: $0 [options] basedir..."
+       echo "  -h|--help             Display that help"
+       echo "  --verbose-lvl=level   Define verbosity level. Defaults to $VERBOSE."
+       echo "                        0: Only warnings"
+       echo "                        1: Include notices"
+       echo "                        2: debug"
+       echo "                        Fell free to ignore STDERR"
+       echo "  -q|--quiet            Identical to --verbose-lvl=0"
+       echo "  -d|--debug            Identical to --verbose-lvl=2"
+}
+
+for arg in "$@"; do
+       parsearg $arg
+
+       case $_OPT in
+       --verbose-lvl)
+               VERBOSE=$_VAL
+               continue
+       ;;
+       -q|--quiet)
+               VERBOSE=0
+               continue
+       ;;
+       -d|--debug)
+               VERBOSE=2
+               continue
+       ;;
+       -h|--help)
+               usage 
+               exit 0
+       ;;
+       -*)
+               echo "Unknown option $_OPT" >&2
+               usage >&2
+               exit 22
+       ;;
+       *)
+               DIRS+=("$_OPT")
+               continue
+       ;;
+       esac
+done
+
+NORMAL=`tput sgr0 2>/dev/null`
+RED=`tput setaf 1 2>/dev/null`
+GREEN=`tput setaf 2 2>/dev/null`
+
+log() {
+       echo "$@" >&2
+}
+
+log_error() {
+       log $RED"$@"$NORMAL
+}
+
+log_info() {
+       if (( $VERBOSE > 0 ))
+       then
+               log "$@"
+       fi
+}
+
+log_debug() {
+       if (( $VERBOSE > 1 ))
+       then
+               log "$@"
+       fi
+}
+
+output() {
+       if [[ -n "$OUTPUT" ]]
+       then
+               echo "$@" >> $OUTPUT
+       else
+               echo "$@"  # STDOUT
+       fi
+}
+
+main() {
+       basedir="$1"
+
+       # ======================================================================
+       # Step 1
+       # Parse $INPUT that reads like
+       #   www1.lan < example.com www.example.com
+       #   192.168.0.11 < example.net www.example.net
+       #   fdce:266b:c77a::b < example.net www.example.net
+       # and fill these 6 vars:
+       redirections4_src=()      # ( "example.com www.example.com" "example.net www.example.net" )
+       redirections4_dst=()      # ( "192.168.0.10" "192.168.0.11" )
+       redirections4_dstname=()  # ( "www1.lan" "192.168.0.11" )
+       redirections6_src=()      # ( "example.com www.example.com" "example.net www.example.net" )
+       redirections6_dst=()      # ( "fdce:266b:c77a::a" "fdce:266b:c77a::b" )
+       redirections6_dstname=()  # ( "www1.lan" "fdce:266b:c77a::b" )
+       redirectionsn_src=()      # ( "example.com www.example.com" )
+       redirectionsn_dst=()      # ( "www1.lan" )
+
+       if test -r "$basedir/config"
+       then
+               log_info "Reading $basedir/config"
+               source "$basedir/config"
+       else
+               log_error "Cannot read $basedir/config. Skiping."
+               return
+       fi
+       if [[ -z "$INPUT" ]]
+       then
+               log_error "Variable INPUT is empty. Skiping $basedir."
+               return
+       fi
+       while read line
+       do
+               if [[ "$line" =~ ^([^\>]*)[[:space:]]*\>[[:space:]]*(.*)$ ]]
+               then
+                       sources="${BASH_REMATCH[1]}"
+                       destination=${BASH_REMATCH[2]}
+                       if [[ "$destination" =~ ^[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}$ ]]
+                       then
+                               log_info "Virtual host(s) $sources redirect(s) to ipv4 $destination, no ipv6."
+                               redirections4_src+=("$sources")
+                               redirections4_dst+=($destination)
+                               redirections4_dstname+=($destination)
+                       elif [[ "$destination" =~ ^[0-9a-f:]*:[0-9a-f:]* ]]
+                       then
+                               log_info "Virtual host(s) $sources redirect(s) to ipv6 $destination, no ipv4."
+                               redirections6_src+=("$sources")
+                               redirections6_dst+=("$destination")
+                               redirections6_dstname+=("$destination")
+                       else
+                               msg="Virtual host(s) $sources redirect(s) to host $destination: "
+                               redirectionsn_src+=("$sources")
+                               redirectionsn_dst+=("$destination")
+                               ipv4=$(getent ahostsv4 "$destination" | cut -d ' ' -f 1 | sort -u)
+                               ipv6=$(getent ahostsv6 "$destination" | cut -d ' ' -f 1 | sort -u)
+                               if (( $(echo "$ipv4" | wc -l) > 1 ))
+                               then
+                                       log_error "ERROR: $destination has several ipv4 addresses. This is not supported. ipv4 disabled for this domain."
+                                       ipv4=""
+                               fi
+                               if (( $(echo "$ipv6" | wc -l) > 1 ))
+                               then
+                                       log_error "ERROR: $destination has several ipv6 addresses. This is not supported. ipv6 disabled for this domain."
+                                       ipv6=""
+                               fi
+                               if [[ -n "$ipv4" ]]
+                               then
+                                       msg+="ipv4=$ipv4, "
+                                       redirections4_src+=("$sources")
+                                       redirections4_dst+=($ipv4)
+                                       redirections4_dstname+=($destination)
+                               else
+                                       msg+="no ipv4,"
+                               fi
+                               if [[ -n "$ipv6" ]]
+                               then
+                                       msg+="ipv6=$ipv6."
+                                       redirections6_src+=("$sources")
+                                       redirections6_dst+=($ipv6)
+                                       redirections6_dstname+=($destination)
+                               else
+                                       msg+="no ipv6."
+                               fi
+                               log_info "$msg"
+                               if [[ -z "$ipv4" && -z "$ipv6" && ! -d "$basedir/hostname" ]]
+                               then
+                                       log_error "ERROR: $destination has no ipv4 nor ipv6."
+                               fi
+                       fi
+               else
+                       log_error "ERROR: syntax error while parsing $line"
+               fi
+       done < "$INPUT"
+
+       #log_debug "============================================================="
+       #
+       #for (( i=0; i<${#redirections4_dst[@]}; i++ ))
+       #do
+       #       log_debug "${redirections4_dst[$i]}"
+       #       sources=${redirections4_src[$i]}
+       #       for s in ${sources[*]}
+       #       do
+       #               log_debug "  if $s"
+       #       done
+       #done
+
+       # ======================================================================
+       # Step 2: write the file
+       if [[ -n "$OUTPUT" ]]
+       then
+               log_debug "Backup'ing $OUTPUT"
+               mv "$OUTPUT" "$OUTPUT.bak"
+               log_info "Writing to $OUTPUT."
+               echo -n > "$OUTPUT"
+       fi
+
+       log_debug "============================================================="
+
+       output "############################################################################"
+       output "# DO NOT EDIT THAT FILE"
+       output "# Notice: That file was generated using:"
+       output "#    $COMMANDLINE"
+       output "# See $basedir/config"
+       output "############################################################################"
+
+       if [[ -f "$basedir/prolog" ]]
+       then
+               fragment=$(cat "$basedir/prolog")
+               output "${fragment}"
+       fi
+
+       if [[ -d "$basedir/ipv4" ]]
+       then
+               for fragmentdir in $( find "$basedir/ipv4" -mindepth 1 -maxdepth 1 -type d | sort )
+               do
+                       log_debug "Processing $fragmentdir"
+                       if test -f "$fragmentdir/prolog"
+                       then
+                               fragment=$(cat "$fragmentdir/prolog")
+                               output "${fragment}"
+                       fi
+                       for (( i=0; i<${#redirections4_dst[@]}; i++ ))
+                       do
+                               destination="${redirections4_dst[$i]}"
+                               dstname="${redirections4_dstname[$i]}"
+                               log_debug "Processing $fragmentdir for destination $destination"
+                               if test -f "$fragmentdir/destination"
+                               then
+                                       fragment=$(cat "$fragmentdir/destination")
+                                       fragment="${fragment//[$]destination/$destination}"
+                                       fragment="${fragment//[$]dstname/$dstname}"
+                                       output "${fragment}"
+                               fi
+                               sources=${redirections4_src[$i]}
+                               for source in ${sources[*]}
+                               do
+                                       if test -f "$fragmentdir/line_$source"
+                                       then
+                                               fragment=$(cat "$fragmentdir/line_$source")
+                                               fragment="${fragment//[$]destination/$destination}"
+                                               fragment="${fragment//[$]dstname/$dstname}"
+                                               fragment="${fragment//[$]source/$source}"
+                                               output "${fragment}"
+                                       elif test -f "$fragmentdir/line"
+                                       then
+                                               fragment=$(cat "$fragmentdir/line")
+                                               fragment="${fragment//[$]destination/$destination}"
+                                               fragment="${fragment//[$]dstname/$dstname}"
+                                               fragment="${fragment//[$]source/$source}"
+                                               output "${fragment}"
+                                       fi
+                               done
+                       done
+               done
+       fi
+
+       if [[ -d "$basedir/ipv6" ]]
+       then
+               for fragmentdir in $( find "$basedir/ipv6" -mindepth 1 -maxdepth 1 -type d | sort )
+               do
+                       log_debug "processing $fragmentdir"
+                       if test -f "$fragmentdir/prolog"
+                       then
+                               fragment=$(cat "$fragmentdir/prolog")
+                               output "${fragment}"
+                       fi
+                       for (( i=0; i<${#redirections6_dst[@]}; i++ ))
+                       do
+                               destination="${redirections6_dst[$i]}"
+                               dstname="${redirections6_dstname[$i]}"
+                               log_debug "processing $fragmentdir for destination $destination"
+                               if test -f "$fragmentdir/destination"
+                               then
+                                       fragment=$(cat "$fragmentdir/destination")
+                                       fragment="${fragment//[$]destination/$destination}"
+                                       fragment="${fragment//[$]dstname/$dstname}"
+                                       output "${fragment}"
+                               fi
+                               sources=${redirections6_src[$i]}
+                               for source in ${sources[*]}
+                               do
+                                       if test -f "$fragmentdir/line_$source"
+                                       then
+                                               fragment=$(cat "$fragmentdir/line_$source")
+                                               fragment="${fragment//[$]destination/$destination}"
+                                               fragment="${fragment//[$]dstname/$dstname}"
+                                               fragment="${fragment//[$]source/$source}"
+                                               output "${fragment}"
+                                       elif test -f "$fragmentdir/line"
+                                       then
+                                               fragment=$(cat "$fragmentdir/line")
+                                               fragment="${fragment//[$]destination/$destination}"
+                                               fragment="${fragment//[$]dstname/$dstname}"
+                                               fragment="${fragment//[$]source/$source}"
+                                               output "${fragment}"
+                                       fi
+                               done
+                       done
+               done
+       fi
+
+       if [[ -d "$basedir/hostname" ]]
+       then
+               for fragmentdir in $( find "$basedir/hostname" -mindepth 1 -maxdepth 1 -type d | sort )
+               do
+                       log_debug "processing $fragmentdir"
+                       if test -f "$fragmentdir/prolog"
+                       then
+                               fragment=$(cat "$fragmentdir/prolog")
+                               output "${fragment}"
+                       fi
+                       for (( i=0; i<${#redirectionsn_dst[@]}; i++ ))
+                       do
+                               destination="${redirectionsn_dst[$i]}"
+                               log_debug "processing $fragmentdir for destination $destination"
+                               if test -f "$fragmentdir/destination"
+                               then
+                                       fragment=$(cat "$fragmentdir/destination")
+                                       fragment="${fragment//[$]destination/$destination}"
+                                       output "${fragment}"
+                               fi
+                               sources=${redirectionsn_src[$i]}
+                               for source in ${sources[*]}
+                               do
+                                       if test -f "$fragmentdir/line_$source"
+                                       then
+                                               fragment=$(cat "$fragmentdir/line_$source")
+                                               fragment="${fragment//[$]destination/$destination}"
+                                               fragment="${fragment//[$]source/$source}"
+                                               output "${fragment}"
+                                       elif test -f "$fragmentdir/line"
+                                       then
+                                               fragment=$(cat "$fragmentdir/line")
+                                               fragment="${fragment//[$]destination/$destination}"
+                                               fragment="${fragment//[$]source/$source}"
+                                               output "${fragment}"
+                                       fi
+                               done
+                       done
+               done
+       fi
+
+       # ======================================================================
+       # Step 3: run the hook
+       if [[ -n "$HOOK" ]]
+       then
+               read -p "$HOOK ? (y/n): " -n 1 confirm
+               echo >&2
+               if [[ "$confirm" = "y" ]]
+               then
+                       log_info "Running hook: $HOOK"
+                       $HOOK
+               else
+                       log_debug "Skipping hook: $HOOK"
+               fi
+       fi
+}
+
+for dir in "${DIRS[@]}"
+do
+       # Reset some vars that are supposed to be in $dir/condig
+       # We don't want to keep the value from previous dir
+       INPUT=""
+       OUTPUT=""
+       HOOK=""
+       main "$dir"
+done
+
+# vim: set ts=4 noet:
+
diff --git a/virtualhosts.dnsmasq/config b/virtualhosts.dnsmasq/config
new file mode 100644 (file)
index 0000000..3c01895
--- /dev/null
@@ -0,0 +1,5 @@
+# This is a bash fragment
+
+INPUT="/etc/network/virtualhosts"
+OUTPUT="/etc/dnsmasq.d/localcnames.conf"
+HOOK="service dnsmasq force-reload"
diff --git a/virtualhosts.dnsmasq/hostname/local-cname/line b/virtualhosts.dnsmasq/hostname/local-cname/line
new file mode 100644 (file)
index 0000000..bd2aee1
--- /dev/null
@@ -0,0 +1 @@
+cname=$source,$destination
diff --git a/virtualhosts.dnsmasq/hostname/local-cname/line_DEFAULT b/virtualhosts.dnsmasq/hostname/local-cname/line_DEFAULT
new file mode 100644 (file)
index 0000000..e69de29
diff --git a/virtualhosts.haproxy/config b/virtualhosts.haproxy/config
new file mode 100644 (file)
index 0000000..675a6dc
--- /dev/null
@@ -0,0 +1,5 @@
+# This is a bash fragment
+
+INPUT="/etc/network/virtualhosts"
+OUTPUT="/etc/haproxy/haproxy.cfg"
+HOOK="service haproxy reload"
diff --git a/virtualhosts.haproxy/ipv4/1-frontend-http/line b/virtualhosts.haproxy/ipv4/1-frontend-http/line
new file mode 100644 (file)
index 0000000..345991d
--- /dev/null
@@ -0,0 +1 @@
+       use_backend http4-$dstname if { hdr(host) -i $source }
diff --git a/virtualhosts.haproxy/ipv4/1-frontend-http/line_DEFAULT b/virtualhosts.haproxy/ipv4/1-frontend-http/line_DEFAULT
new file mode 100644 (file)
index 0000000..4910451
--- /dev/null
@@ -0,0 +1,2 @@
+        default_backend http4-$dstname
+
diff --git a/virtualhosts.haproxy/ipv4/1-frontend-http/prolog b/virtualhosts.haproxy/ipv4/1-frontend-http/prolog
new file mode 100644 (file)
index 0000000..fb295f8
--- /dev/null
@@ -0,0 +1,5 @@
+
+frontend http4-in
+        bind :80 transparent
+        mode http
+        option  httplog
diff --git a/virtualhosts.haproxy/ipv4/2-frontend-https/line b/virtualhosts.haproxy/ipv4/2-frontend-https/line
new file mode 100644 (file)
index 0000000..ce5feb5
--- /dev/null
@@ -0,0 +1 @@
+       use_backend https4-$dstname if { req_ssl_sni -i $source }
diff --git a/virtualhosts.haproxy/ipv4/2-frontend-https/line_DEFAULT b/virtualhosts.haproxy/ipv4/2-frontend-https/line_DEFAULT
new file mode 100644 (file)
index 0000000..b5c7477
--- /dev/null
@@ -0,0 +1,2 @@
+        default_backend https4-$dstname
+
diff --git a/virtualhosts.haproxy/ipv4/2-frontend-https/prolog b/virtualhosts.haproxy/ipv4/2-frontend-https/prolog
new file mode 100644 (file)
index 0000000..500088a
--- /dev/null
@@ -0,0 +1,6 @@
+
+frontend https4-in
+        bind :443 strict-sni transparent
+        mode tcp
+        tcp-request inspect-delay 5s
+        tcp-request content accept if { req_ssl_hello_type 1 }
diff --git a/virtualhosts.haproxy/ipv4/3-backend-http/destination b/virtualhosts.haproxy/ipv4/3-backend-http/destination
new file mode 100644 (file)
index 0000000..0753527
--- /dev/null
@@ -0,0 +1,4 @@
+
+backend http4-$dstname
+       mode http
+       server http4-$dstname ipv4@$destination:80
diff --git a/virtualhosts.haproxy/ipv4/4-backend-https/destination b/virtualhosts.haproxy/ipv4/4-backend-https/destination
new file mode 100644 (file)
index 0000000..d6420d5
--- /dev/null
@@ -0,0 +1,3 @@
+
+backend https4-$dstname
+       server https4-$dstname ipv4@$destination:443
diff --git a/virtualhosts.haproxy/ipv6/1-frontend-http/line b/virtualhosts.haproxy/ipv6/1-frontend-http/line
new file mode 100644 (file)
index 0000000..7a9ba91
--- /dev/null
@@ -0,0 +1 @@
+       use_backend http6-$dstname if { hdr(host) -i $source }
diff --git a/virtualhosts.haproxy/ipv6/1-frontend-http/line_DEFAULT b/virtualhosts.haproxy/ipv6/1-frontend-http/line_DEFAULT
new file mode 100644 (file)
index 0000000..9e42fda
--- /dev/null
@@ -0,0 +1,2 @@
+        default_backend http6-$dstname
+
diff --git a/virtualhosts.haproxy/ipv6/1-frontend-http/prolog b/virtualhosts.haproxy/ipv6/1-frontend-http/prolog
new file mode 100644 (file)
index 0000000..85d9c43
--- /dev/null
@@ -0,0 +1,5 @@
+
+frontend http6-in
+        bind :::80 v6only transparent
+        mode http
+        option  httplog
diff --git a/virtualhosts.haproxy/ipv6/2-frontend-https/line b/virtualhosts.haproxy/ipv6/2-frontend-https/line
new file mode 100644 (file)
index 0000000..2ca944c
--- /dev/null
@@ -0,0 +1 @@
+       use_backend https6-$dstname if { req_ssl_sni -i $source }
diff --git a/virtualhosts.haproxy/ipv6/2-frontend-https/line_DEFAULT b/virtualhosts.haproxy/ipv6/2-frontend-https/line_DEFAULT
new file mode 100644 (file)
index 0000000..38dde53
--- /dev/null
@@ -0,0 +1,2 @@
+        default_backend https6-$dstname
+
diff --git a/virtualhosts.haproxy/ipv6/2-frontend-https/prolog b/virtualhosts.haproxy/ipv6/2-frontend-https/prolog
new file mode 100644 (file)
index 0000000..3b0004c
--- /dev/null
@@ -0,0 +1,6 @@
+
+frontend https6-in
+        bind :::443 v6only strict-sni transparent
+        mode tcp
+        tcp-request inspect-delay 5s
+        tcp-request content accept if { req_ssl_hello_type 1 }
diff --git a/virtualhosts.haproxy/ipv6/3-backend-http/destination b/virtualhosts.haproxy/ipv6/3-backend-http/destination
new file mode 100644 (file)
index 0000000..a5ed4e3
--- /dev/null
@@ -0,0 +1,4 @@
+
+backend http6-$dstname
+       mode http
+       server http6-$dstname ipv6@[$destination]:80
diff --git a/virtualhosts.haproxy/ipv6/4-backend-https/destination b/virtualhosts.haproxy/ipv6/4-backend-https/destination
new file mode 100644 (file)
index 0000000..adf0a6c
--- /dev/null
@@ -0,0 +1,3 @@
+
+backend https6-$dstname
+       server https6-$dstname ipv6@[$destination]:443
diff --git a/virtualhosts.haproxy/prolog b/virtualhosts.haproxy/prolog
new file mode 100644 (file)
index 0000000..03fd1c5
--- /dev/null
@@ -0,0 +1,44 @@
+global
+       log /dev/log    local0
+       log /dev/log    local1 notice
+       chroot /var/lib/haproxy
+       stats socket /run/haproxy/admin.sock mode 660 level admin
+       stats timeout 30s
+       # user haproxy  # transparent proxying requires root privileges
+       group haproxy
+       daemon
+
+       # Default SSL material locations
+       ca-base /etc/ssl/certs
+       crt-base /etc/ssl/private
+
+       # Default ciphers to use on SSL-enabled listening sockets.
+       # For more information, see ciphers(1SSL). This list is from:
+       #  https://hynek.me/articles/hardening-your-web-servers-ssl-ciphers/
+       # An alternative list with additional directives can be obtained from
+       #  https://mozilla.github.io/server-side-tls/ssl-config-generator/?server=haproxy
+       ssl-default-bind-ciphers ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:RSA+AESGCM:RSA+AES:!aNULL:!MD5:!DSS
+       ssl-default-bind-options no-sslv3
+
+defaults
+       source 0.0.0.0 usesrc clientip
+       log     global
+       #mode   http
+       #option httplog
+       option  dontlognull
+        timeout connect 5000
+        timeout client  50000
+        timeout server  50000
+       errorfile 400 /etc/haproxy/errors/400.http
+       errorfile 403 /etc/haproxy/errors/403.http
+       errorfile 408 /etc/haproxy/errors/408.http
+       errorfile 500 /etc/haproxy/errors/500.http
+       errorfile 502 /etc/haproxy/errors/502.http
+       errorfile 503 /etc/haproxy/errors/503.http
+       errorfile 504 /etc/haproxy/errors/504.http
+
+# Redirects all http traffic to https:
+#frontend http-in
+#        bind :::80
+#        mode http
+#        redirect scheme https code 301