Add LF on last line and move tcp-request before http-request

config/haproxy/haproxy.cfg

@@ -35,6 +35,9 @@ frontend web
     bind :80
     bind :443 ssl crt /certificates strict-sni
 
+    tcp-request inspect-delay 5s
+    tcp-request content accept if { req_ssl_hello_type 1 }
+
     http-request return status 200 content-type text/plain lf-string "%[path,field(-1,/)].${ACCOUNT_THUMBPRINT}\n" if { path_beg '/.well-known/acme-challenge/' }
     http-request redirect scheme https code 301 unless { ssl_fc }
 
@@ -53,9 +56,6 @@ frontend web
     # max-age is mandatory. 16000000 seconds is approximately 6 months. Use a low value during testing.
     http-response set-header Strict-Transport-Security "max-age=16000000; includeSubDomains; preload;"
 
-    tcp-request inspect-delay 5s
-    tcp-request content accept if { req_ssl_hello_type 1 }
-
     # ACLS
     acl is_base ssl_fc_sni -i "${BASE_URL}"
     acl is_stream ssl_fc_sni -i "stream.${BASE_URL}"
@@ -70,4 +70,4 @@ backend backend_api
 
 backend backend_restreamer
     balance leastconn
-    server restreamer1 restreamer:8080 check inter 5s rise 4 fall 2
+    server restreamer1 restreamer:8080 check inter 5s rise 4 fall 2