From 1cfadfa2fe5fd71ab5fa697199a34c6b674a06af Mon Sep 17 00:00:00 2001
From: Daniel Krastev <daniel@blackbear.bg>
Date: Wed, 5 Feb 2025 20:41:04 +0200
Subject: [PATCH] Add LF on last line and move tcp-request before http-request

---
 config/haproxy/haproxy.cfg | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/config/haproxy/haproxy.cfg b/config/haproxy/haproxy.cfg
index 10e847c..000b8de 100644
--- a/config/haproxy/haproxy.cfg
+++ b/config/haproxy/haproxy.cfg
@@ -35,6 +35,9 @@ frontend web
     bind :80
     bind :443 ssl crt /certificates strict-sni
 
+    tcp-request inspect-delay 5s
+    tcp-request content accept if { req_ssl_hello_type 1 }
+
     http-request return status 200 content-type text/plain lf-string "%[path,field(-1,/)].${ACCOUNT_THUMBPRINT}\n" if { path_beg '/.well-known/acme-challenge/' }
     http-request redirect scheme https code 301 unless { ssl_fc }
 
@@ -53,9 +56,6 @@ frontend web
     # max-age is mandatory. 16000000 seconds is approximately 6 months. Use a low value during testing.
     http-response set-header Strict-Transport-Security "max-age=16000000; includeSubDomains; preload;"
 
-    tcp-request inspect-delay 5s
-    tcp-request content accept if { req_ssl_hello_type 1 }
-
     # ACLS
     acl is_base ssl_fc_sni -i "${BASE_URL}"
     acl is_stream ssl_fc_sni -i "stream.${BASE_URL}"
@@ -70,4 +70,4 @@ backend backend_api
 
 backend backend_restreamer
     balance leastconn
-    server restreamer1 restreamer:8080 check inter 5s rise 4 fall 2
\ No newline at end of file
+    server restreamer1 restreamer:8080 check inter 5s rise 4 fall 2