global # Logging configuration - send to syslog with detailed format log /dev/log local0 debug log /dev/log local1 notice maxconn 4096 daemon tune.ssl.default-dh-param 2048 defaults log global mode http # Enhanced logging format with detailed information # Note: log-format is used instead of option httplog (log-format replaces httplog) option log-health-checks option dontlognull option forwardfor option http-server-close # Log format: detailed HTTP logs with all metrics # Format: client_ip:port [timestamp] frontend backend/server time_queued/time_wait/time_connect/time_response/time_active status_code bytes_read conn_conn conn_fail conn_backend conn_server conn_retry queue_backend queue_frontend request_header response_header request_line log-format "%ci:%cp [%t] %ft %b/%s %Tq/%Tw/%Tc/%Tr/%Ta %ST %B %CC %CS %tsc %ac/%fc/%bc/%sc/%rc %sq/%bq %hr %hs %{+Q}r" timeout connect 5000ms timeout client 50000ms timeout server 50000ms timeout http-request 10000ms # ============================================================================ # STATS & MONITORING # ============================================================================ frontend stats bind *:8404 stats enable stats uri /stats stats refresh 30s stats admin if TRUE # ============================================================================ # HTTP FRONTEND (Port 80) # ============================================================================ frontend http_frontend bind *:80 bind *:443 ssl crt /etc/haproxy/certs/veza.pem mode http # ACLs for routing (must be defined before use) acl is_api path_beg /api/v1 acl is_ws path_beg /ws acl is_stream path_beg /stream acl is_web path_beg / # Return 503 for WebSocket endpoints (stream not available) # Note: stream-server is disabled (Rust service not deployed) # Must be before redirect to avoid processing order issues http-request return status 503 content-type "text/plain" string "Service temporarily unavailable: stream-server is not deployed" if is_ws http-request return status 503 content-type "text/plain" string "Service temporarily unavailable: stream-server is not deployed" if is_stream # Redirect HTTP to HTTPS (after WebSocket checks) redirect scheme https code 301 if !{ ssl_fc } # Route to appropriate backend use_backend backend_api if is_api use_backend web_frontend if is_web # ============================================================================ # BACKENDS (Incus IP addresses) # ============================================================================ # Backend API (Go) - veza-backend-api container backend backend_api mode http balance roundrobin option httpchk GET /api/v1/health http-check expect status 200 server backend1 10.10.10.2:8080 check inter 5s fall 3 rise 2 # Stream WebSocket (Rust) - veza-stream-server container # DISABLED: stream-server is not deployed (Rust compilation issues) # backend stream_ws # mode http # balance roundrobin # option httpchk GET /health # http-check expect status 200 # server stream1 10.10.10.4:3002 check inter 5s fall 3 rise 2 # # WebSocket specific options # timeout tunnel 3600s # Web Frontend (Host Dev Server) - 10.10.10.1:5173 backend web_frontend mode http balance roundrobin option httpchk GET / http-check expect status 200 # Route to host machine (gateway IP) on Vite port server dev_web 10.10.10.1:5173 check inter 5s fall 3 rise 2