global
    log stdout format raw local0
    maxconn 2000
    tune.ssl.default-dh-param 2048

defaults
    log     global
    mode    http
    option  httplog
    option  dontlognull
    timeout connect 5000
    timeout client  50000
    timeout server  50000

frontend http-in
    bind *:80
    bind *:443 ssl crt /usr/local/etc/haproxy/certs/veza.pem
    redirect scheme https code 301 if !{ ssl_fc }

    # ACLs for routing
    acl path_api path_beg /api
    acl path_ws path_beg /ws/chat
    acl path_stream path_beg /hls /stream

    # CORS (Simplified for dev, can be restrictive in prod)
    http-response set-header Access-Control-Allow-Origin "*"
    http-response set-header Access-Control-Allow-Headers "Origin, X-Requested-With, Content-Type, Accept, Authorization"
    http-response set-header Access-Control-Allow-Methods "GET, POST, PUT, DELETE, OPTIONS"

    # Routing logic
    use_backend backend_go if path_api
    use_backend backend_chat if path_ws
    use_backend backend_stream if path_stream

    # Default to Frontend (React)
    default_backend backend_web

backend backend_go
    balance roundrobin
    server api1 veza-backend-api:8080 check

backend backend_chat
    balance roundrobin
    server chat1 veza-chat-server:8081 check

backend backend_stream
    balance roundrobin
    server stream1 veza-stream-server:8082 check

backend backend_web
    balance roundrobin
    server web1 veza-frontend:80 check