From 6ae5d63512c04a0665f65c76bfcf6a5354fe6c40 Mon Sep 17 00:00:00 2001
From: Joao Morais <jcmoraisjr@gmail.com>
Date: Sat, 14 Dec 2019 17:49:16 -0300
Subject: [PATCH 1/2] update to haproxy 2.0

Update also the configuration template in order to remove config parsing warnings
---
 .../en/docs/configuration/command-line.md     |   2 +-
 docs/content/en/docs/configuration/keys.md    | 122 +++++++++---------
 pkg/haproxy/instance_test.go                  |  18 +--
 rootfs/Dockerfile                             |   2 +-
 rootfs/etc/haproxy/template/haproxy.tmpl      |   6 +-
 5 files changed, 75 insertions(+), 75 deletions(-)

diff --git a/docs/content/en/docs/configuration/command-line.md b/docs/content/en/docs/configuration/command-line.md
index 8d24d3f51..def8a098d 100644
--- a/docs/content/en/docs/configuration/command-line.md
+++ b/docs/content/en/docs/configuration/command-line.md
@@ -189,7 +189,7 @@ The value of the configmap entry is a colon separated list of the following item
 
 1. `<namespace>/<service-name>`, mandatory, is the well known notation of the service that will receive incoming connections.
 1. `<portnumber>`, mandatory, is the port number the upstream service is listening - this is not related to the listening port of HAProxy.
-1. `<in-proxy>`, optional, should be defined as `PROXY` if HAProxy should expect requests using the [PROXY](http://www.haproxy.org/download/1.9/doc/proxy-protocol.txt) protocol. Leave empty to not use PROXY protocol. This is usually used only if there is another load balancer in front of HAProxy which supports the PROXY protocol. PROXY protocol v1 and v2 are supported.
+1. `<in-proxy>`, optional, should be defined as `PROXY` if HAProxy should expect requests using the [PROXY](https://www.haproxy.org/download/2.0/doc/proxy-protocol.txt) protocol. Leave empty to not use PROXY protocol. This is usually used only if there is another load balancer in front of HAProxy which supports the PROXY protocol. PROXY protocol v1 and v2 are supported.
 1. `<out-proxy>`, optional, should be defined as `PROXY` or `PROXY-V2` if the upstream service expect connections using the PROXY protocol v2. Use `PROXY-V1` instead if the upstream service only support v1 protocol. Leave empty to connect without using the PROXY protocol.
 1. `<namespace/secret-name>`, optional, used to configure SSL/TLS over the TCP connection. Secret should have `tls.crt` and `tls.key` pair used on TLS handshake. Leave empty to not use ssl-offload.
 
diff --git a/docs/content/en/docs/configuration/keys.md b/docs/content/en/docs/configuration/keys.md
index 6e0e2478d..5888f8828 100644
--- a/docs/content/en/docs/configuration/keys.md
+++ b/docs/content/en/docs/configuration/keys.md
@@ -351,10 +351,10 @@ limitation was removed on v0.6.
 
 See also:
 
-* http://cbonte.github.io/haproxy-dconv/1.9/configuration.html#4-cookie
-* http://cbonte.github.io/haproxy-dconv/1.9/configuration.html#5.2-cookie
+* https://cbonte.github.io/haproxy-dconv/2.0/configuration.html#4-cookie
+* https://cbonte.github.io/haproxy-dconv/2.0/configuration.html#5.2-cookie
 * https://www.haproxy.com/blog/load-balancing-affinity-persistence-sticky-sessions-what-you-need-to-know/
-* http://cbonte.github.io/haproxy-dconv/1.9/configuration.html#dynamic-cookie-key
+* https://cbonte.github.io/haproxy-dconv/2.0/configuration.html#dynamic-cookie-key
 
 ---
 
@@ -396,10 +396,10 @@ overwrite the weight defined from the agent
 
 See also:
 
-* http://cbonte.github.io/haproxy-dconv/1.9/configuration.html#5.2-agent-check
-* http://cbonte.github.io/haproxy-dconv/1.9/configuration.html#5.2-agent-port
-* http://cbonte.github.io/haproxy-dconv/1.9/configuration.html#5.2-agent-inter
-* http://cbonte.github.io/haproxy-dconv/1.9/configuration.html#5.2-agent-send
+* https://cbonte.github.io/haproxy-dconv/2.0/configuration.html#5.2-agent-check
+* https://cbonte.github.io/haproxy-dconv/2.0/configuration.html#5.2-agent-port
+* https://cbonte.github.io/haproxy-dconv/2.0/configuration.html#5.2-agent-inter
+* https://cbonte.github.io/haproxy-dconv/2.0/configuration.html#5.2-agent-send
 
 ---
 
@@ -430,7 +430,7 @@ The following keys are supported:
 * `auth-tls-error-page`: Optional URL of the page to redirect the user if he doesn't provide a certificate or the certificate is invalid.
 * `auth-tls-secret`: Mandatory secret name with `ca.crt` key providing all certificate authority bundles used to validate client certificates.
 * `auth-tls-verify-client`: Optional configuration of Client Verification behavior. Supported values are `off`, `on`, `optional` and `optional_no_ca`. The default value is `on` if a valid secret is provided, `off` otherwise.
-* `ssl-headers-prefix`: Configures which prefix should be used on HTTP headers. Since [RFC 6648](http://tools.ietf.org/html/rfc6648) `X-` prefix on unstandardized headers changed from a convention to deprecation. This configuration allows to select which pattern should be used on header names.
+* `ssl-headers-prefix`: Configures which prefix should be used on HTTP headers. Since [RFC 6648](https://tools.ietf.org/html/rfc6648) `X-` prefix on unstandardized headers changed from a convention to deprecation. This configuration allows to select which pattern should be used on header names.
 
 See also:
 
@@ -460,7 +460,7 @@ See also:
 
 * [use-htx](#use-htx) configuration key to enable HTTP/2 backends.
 * [secure-backend](#secure-backend) configuration keys to configure optional client certificate and certificate authority bundle of SSL/TLS connections.
-* http://cbonte.github.io/haproxy-dconv/1.9/configuration.html#5.2-proto
+* https://cbonte.github.io/haproxy-dconv/2.0/configuration.html#5.2-proto
 
 ---
 
@@ -474,7 +474,7 @@ Defines a valid HAProxy load balancing algorithm. The default value is `roundrob
 
 See also:
 
-* http://cbonte.github.io/haproxy-dconv/1.9/configuration.html#4-balance
+* https://cbonte.github.io/haproxy-dconv/2.0/configuration.html#4-balance
 
 ---
 
@@ -493,7 +493,7 @@ The bind configuration keys in this section have precedente if declared.
 
 Any HAProxy supported option can be used, this will be copied verbatim to the
 bind keyword. See HAProxy
-[bind keyword doc](#http://cbonte.github.io/haproxy-dconv/1.9/configuration.html#4-bind).
+[bind keyword doc](#https://cbonte.github.io/haproxy-dconv/2.0/configuration.html#4-bind).
 
 Configuration examples:
 
@@ -515,7 +515,7 @@ configuration key.
 
 See also:
 
-* http://cbonte.github.io/haproxy-dconv/1.9/configuration.html#4-bind
+* https://cbonte.github.io/haproxy-dconv/2.0/configuration.html#4-bind
 * [Bind IP addr](#bind-ip-addr)
 * [Bind port](#bind-port)
 
@@ -539,7 +539,7 @@ Define listening IPv4/IPv6 address on public HAProxy frontends.
 
 See also:
 
-* http://cbonte.github.io/haproxy-dconv/1.9/configuration.html#4-bind
+* https://cbonte.github.io/haproxy-dconv/2.0/configuration.html#4-bind
 * [Bind](#bind)
 
 ---
@@ -558,7 +558,7 @@ See also:
 
 See also:
 
-* http://cbonte.github.io/haproxy-dconv/1.9/configuration.html#4-monitor-uri (`healthz-port`)
+* https://cbonte.github.io/haproxy-dconv/2.0/configuration.html#4-monitor-uri (`healthz-port`)
 * [Bind](#bind)
 
 ---
@@ -645,8 +645,8 @@ uses the chosen load balance algorithm.
 See also:
 
 * [example]({{% relref "../examples/blue-green" %}}) page.
-* http://cbonte.github.io/haproxy-dconv/1.9/configuration.html#5.2-weight (`weight` based balance)
-* http://cbonte.github.io/haproxy-dconv/1.9/configuration.html#4-use-server (`use-server` based selector)
+* https://cbonte.github.io/haproxy-dconv/2.0/configuration.html#5.2-weight (`weight` based balance)
+* https://cbonte.github.io/haproxy-dconv/2.0/configuration.html#4-use-server (`use-server` based selector)
 
 ---
 
@@ -713,9 +713,9 @@ Configuration of connection limits.
 
 See also:
 
-* http://cbonte.github.io/haproxy-dconv/1.9/configuration.html#3.2-maxconn (`max-connections`)
-* http://cbonte.github.io/haproxy-dconv/1.9/configuration.html#5.2-maxconn (`maxconn-server`)
-* http://cbonte.github.io/haproxy-dconv/1.9/configuration.html#5.2-maxqueue (`maxqueue-server`)
+* https://cbonte.github.io/haproxy-dconv/2.0/configuration.html#3.2-maxconn (`max-connections`)
+* https://cbonte.github.io/haproxy-dconv/2.0/configuration.html#5.2-maxconn (`maxconn-server`)
+* https://cbonte.github.io/haproxy-dconv/2.0/configuration.html#5.2-maxqueue (`maxqueue-server`)
 
 ---
 
@@ -779,8 +779,8 @@ The following keys are supported:
 See also:
 
 * [example](https://github.com/jcmoraisjr/haproxy-ingress/tree/master/examples/dns-service-discovery) page.
-* https://cbonte.github.io/haproxy-dconv/1.9/configuration.html#5.3.2
-* https://cbonte.github.io/haproxy-dconv/1.9/configuration.html#5.2-resolvers
+* https://cbonte.github.io/haproxy-dconv/2.0/configuration.html#5.3.2
+* https://cbonte.github.io/haproxy-dconv/2.0/configuration.html#5.2-resolvers
 * https://kubernetes.io/docs/concepts/services-networking/dns-pod-service/
 * https://kubernetes.io/docs/concepts/services-networking/service/#headless-services
 
@@ -841,7 +841,7 @@ The following keys are supported:
 
 See also:
 
-* http://cbonte.github.io/haproxy-dconv/1.9/management.html#9.3
+* https://cbonte.github.io/haproxy-dconv/2.0/management.html#9.3
 
 ---
 
@@ -869,7 +869,7 @@ doesn't provide one.
 
 See also:
 
-* http://cbonte.github.io/haproxy-dconv/1.9/configuration.html#4-option%20forwardfor
+* https://cbonte.github.io/haproxy-dconv/2.0/configuration.html#4-option%20forwardfor
 * https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Forwarded-For
 
 ---
@@ -932,12 +932,12 @@ Controls server health checks on a per-backend basis.
 
 See also:
 
-* http://cbonte.github.io/haproxy-dconv/1.9/configuration.html#4.2-option%20httpchk
-* http://cbonte.github.io/haproxy-dconv/1.9/configuration.html#5.2-addr
-* http://cbonte.github.io/haproxy-dconv/1.9/configuration.html#5.2-port
-* http://cbonte.github.io/haproxy-dconv/1.9/configuration.html#5.2-inter
-* http://cbonte.github.io/haproxy-dconv/1.9/configuration.html#5.2-rise
-* http://cbonte.github.io/haproxy-dconv/1.9/configuration.html#5.2-fall
+* https://cbonte.github.io/haproxy-dconv/2.0/configuration.html#4.2-option%20httpchk
+* https://cbonte.github.io/haproxy-dconv/2.0/configuration.html#5.2-addr
+* https://cbonte.github.io/haproxy-dconv/2.0/configuration.html#5.2-port
+* https://cbonte.github.io/haproxy-dconv/2.0/configuration.html#5.2-inter
+* https://cbonte.github.io/haproxy-dconv/2.0/configuration.html#5.2-rise
+* https://cbonte.github.io/haproxy-dconv/2.0/configuration.html#5.2-fall
 
 ---
 
@@ -983,7 +983,7 @@ provided that the maximum is lesser than or equal `256`.
 See also:
 
 * [`agent-check`](#agent-check)
-* http://cbonte.github.io/haproxy-dconv/1.9/configuration.html#5.2-weight
+* https://cbonte.github.io/haproxy-dconv/2.0/configuration.html#5.2-weight
 
 ---
 
@@ -1021,8 +1021,8 @@ an old state with disabled servers will disable them in the new configuration.
 
 See also:
 
-* http://cbonte.github.io/haproxy-dconv/1.9/configuration.html#3.1-server-state-file
-* http://cbonte.github.io/haproxy-dconv/1.9/configuration.html#4-load-server-state-from-file
+* https://cbonte.github.io/haproxy-dconv/2.0/configuration.html#3.1-server-state-file
+* https://cbonte.github.io/haproxy-dconv/2.0/configuration.html#4-load-server-state-from-file
 
 ---
 
@@ -1043,7 +1043,7 @@ Customize the tcp, http or https log format using log format variables. Only use
 
 See also:
 
-* https://cbonte.github.io/haproxy-dconv/1.9/configuration.html#8.2.4
+* https://cbonte.github.io/haproxy-dconv/2.0/configuration.html#8.2.4
 
 ---
 
@@ -1078,8 +1078,8 @@ See also:
 
 * [example]({{% relref "../examples/modsecurity" %}}) page.
 * [`waf`](#waf) configuration key.
-* https://www.haproxy.org/download/1.9/doc/SPOE.txt
-* http://cbonte.github.io/haproxy-dconv/1.9/configuration.html#9.3
+* https://www.haproxy.org/download/2.0/doc/SPOE.txt
+* https://cbonte.github.io/haproxy-dconv/2.0/configuration.html#9.3
 * https://github.com/jcmoraisjr/modsecurity-spoa
 
 ---
@@ -1111,9 +1111,9 @@ If splitting HAProxy into two or more process and the number of threads is one,
 See also:
 
 * [nbthread](#nbthread) configuration key
-* http://cbonte.github.io/haproxy-dconv/1.9/configuration.html#3.1-nbproc
-* http://cbonte.github.io/haproxy-dconv/1.9/configuration.html#4-bind-process
-* http://cbonte.github.io/haproxy-dconv/1.9/configuration.html#3.1-cpu-map
+* https://cbonte.github.io/haproxy-dconv/2.0/configuration.html#3.1-nbproc
+* https://cbonte.github.io/haproxy-dconv/2.0/configuration.html#4-bind-process
+* https://cbonte.github.io/haproxy-dconv/2.0/configuration.html#3.1-cpu-map
 
 ---
 
@@ -1132,8 +1132,8 @@ bind each thread on its own CPU core.
 
 See also:
 
-* http://cbonte.github.io/haproxy-dconv/1.9/configuration.html#3.1-nbthread
-* http://cbonte.github.io/haproxy-dconv/1.9/configuration.html#3.1-cpu-map
+* https://cbonte.github.io/haproxy-dconv/2.0/configuration.html#3.1-nbthread
+* https://cbonte.github.io/haproxy-dconv/2.0/configuration.html#3.1-cpu-map
 
 ---
 
@@ -1183,7 +1183,7 @@ Since 0.7 `unlimited` can also be used to overwrite any global body size limit.
 
 See also:
 
-* http://cbonte.github.io/haproxy-dconv/1.9/configuration.html#7.3.6-req.body_size
+* https://cbonte.github.io/haproxy-dconv/2.0/configuration.html#7.3.6-req.body_size
 
 ---
 
@@ -1201,12 +1201,12 @@ Configures PROXY protocol in frontends and backends.
 
 See also:
 
-* http://www.haproxy.org/download/1.9/doc/proxy-protocol.txt
-* http://cbonte.github.io/haproxy-dconv/1.9/configuration.html#5.1-accept-proxy
-* http://cbonte.github.io/haproxy-dconv/1.9/configuration.html#5.2-send-proxy
-* http://cbonte.github.io/haproxy-dconv/1.9/configuration.html#5.2-send-proxy-v2
-* http://cbonte.github.io/haproxy-dconv/1.9/configuration.html#5.2-send-proxy-v2-ssl
-* http://cbonte.github.io/haproxy-dconv/1.9/configuration.html#5.2-send-proxy-v2-ssl-cn
+* https://www.haproxy.org/download/2.0/doc/proxy-protocol.txt
+* https://cbonte.github.io/haproxy-dconv/2.0/configuration.html#5.1-accept-proxy
+* https://cbonte.github.io/haproxy-dconv/2.0/configuration.html#5.2-send-proxy
+* https://cbonte.github.io/haproxy-dconv/2.0/configuration.html#5.2-send-proxy-v2
+* https://cbonte.github.io/haproxy-dconv/2.0/configuration.html#5.2-send-proxy-v2-ssl
+* https://cbonte.github.io/haproxy-dconv/2.0/configuration.html#5.2-send-proxy-v2-ssl-cn
 
 ---
 
@@ -1343,10 +1343,10 @@ Default values on HAProxy Ingress v0.9 and newer:
 See also:
 
 * https://ssl-config.mozilla.org/#server=haproxy
-* http://cbonte.github.io/haproxy-dconv/1.9/configuration.html#3.1-ssl-default-bind-ciphers
-* http://cbonte.github.io/haproxy-dconv/1.9/configuration.html#3.1-ssl-default-bind-ciphersuites
-* http://cbonte.github.io/haproxy-dconv/1.9/configuration.html#5.2-ciphers
-* http://cbonte.github.io/haproxy-dconv/1.9/configuration.html#5.2-ciphersuites
+* https://cbonte.github.io/haproxy-dconv/2.0/configuration.html#3.1-ssl-default-bind-ciphers
+* https://cbonte.github.io/haproxy-dconv/2.0/configuration.html#3.1-ssl-default-bind-ciphersuites
+* https://cbonte.github.io/haproxy-dconv/2.0/configuration.html#5.2-ciphers
+* https://cbonte.github.io/haproxy-dconv/2.0/configuration.html#5.2-ciphersuites
 
 ---
 
@@ -1364,8 +1364,8 @@ Configures Diffie-Hellman key exchange parameters.
 
 See also:
 
-* http://cbonte.github.io/haproxy-dconv/1.9/configuration.html#tune.ssl.default-dh-param
-* http://cbonte.github.io/haproxy-dconv/1.9/configuration.html#3.1-ssl-dh-param-file
+* https://cbonte.github.io/haproxy-dconv/2.0/configuration.html#tune.ssl.default-dh-param
+* https://cbonte.github.io/haproxy-dconv/2.0/configuration.html#3.1-ssl-dh-param-file
 
 ---
 
@@ -1384,8 +1384,8 @@ the ssl-engine used supports it.
 
 Reference:
 
-* http://cbonte.github.io/haproxy-dconv/1.9/configuration.html#ssl-engine
-* http://cbonte.github.io/haproxy-dconv/1.9/configuration.html#ssl-mode-async
+* https://cbonte.github.io/haproxy-dconv/2.0/configuration.html#ssl-engine
+* https://cbonte.github.io/haproxy-dconv/2.0/configuration.html#ssl-mode-async
 
 ---
 
@@ -1517,8 +1517,8 @@ Logging configurations.
 
 See also:
 
-* http://cbonte.github.io/haproxy-dconv/1.9/configuration.html#3.1-log
-* http://cbonte.github.io/haproxy-dconv/1.9/configuration.html#3.1-log-tag
+* https://cbonte.github.io/haproxy-dconv/2.0/configuration.html#3.1-log
+* https://cbonte.github.io/haproxy-dconv/2.0/configuration.html#3.1-log-tag
 
 ---
 
@@ -1554,8 +1554,8 @@ The following keys are supported:
 
 See also:
 
-* http://cbonte.github.io/haproxy-dconv/1.9/configuration.html#3.1-hard-stop-after (`timeout-stop`)
-* http://cbonte.github.io/haproxy-dconv/1.9/configuration.html#2.4 (time suffix)
+* https://cbonte.github.io/haproxy-dconv/2.0/configuration.html#3.1-hard-stop-after (`timeout-stop`)
+* https://cbonte.github.io/haproxy-dconv/2.0/configuration.html#2.4 (time suffix)
 
 ---
 
@@ -1570,7 +1570,7 @@ HTTP/2 on the client side.
 
 See also:
 
-* http://cbonte.github.io/haproxy-dconv/1.9/configuration.html#5.1-alpn
+* https://cbonte.github.io/haproxy-dconv/2.0/configuration.html#5.1-alpn
 
 ---
 
@@ -1585,7 +1585,7 @@ is `false`. HTX should be used to enable HTTP/2 protocol to backends.
 
 See also:
 
-* http://cbonte.github.io/haproxy-dconv/1.9/configuration.html#4-option%20http-use-htx
+* https://cbonte.github.io/haproxy-dconv/2.0/configuration.html#4-option%20http-use-htx
 
 ---
 
diff --git a/pkg/haproxy/instance_test.go b/pkg/haproxy/instance_test.go
index 732376d50..7525a5b7c 100644
--- a/pkg/haproxy/instance_test.go
+++ b/pkg/haproxy/instance_test.go
@@ -187,7 +187,7 @@ func TestBackends(t *testing.T) {
 			},
 			path: []string{"/app"},
 			expected: `
-    reqrep ^([^:\ ]*)\ /app/?(.*)$     \1\ /\2`,
+    http-request replace-uri ^/app/?(.*)$     /\1`,
 		},
 		{
 			doconfig: func(g *hatypes.Global, h *hatypes.Host, b *hatypes.Backend) {
@@ -200,7 +200,7 @@ func TestBackends(t *testing.T) {
 			},
 			path: []string{"/app"},
 			expected: `
-    reqrep ^([^:\ ]*)\ /app(.*)$       \1\ /other\2`,
+    http-request replace-uri ^/app(.*)$       /other\1`,
 		},
 		{
 			doconfig: func(g *hatypes.Global, h *hatypes.Host, b *hatypes.Backend) {
@@ -213,8 +213,8 @@ func TestBackends(t *testing.T) {
 			},
 			path: []string{"/app", "/app/sub"},
 			expected: `
-    reqrep ^([^:\ ]*)\ /app(.*)$       \1\ /other/\2
-    reqrep ^([^:\ ]*)\ /app/sub(.*)$       \1\ /other/\2`,
+    http-request replace-uri ^/app(.*)$       /other/\1
+    http-request replace-uri ^/app/sub(.*)$       /other/\1`,
 		},
 		{
 			doconfig: func(g *hatypes.Global, h *hatypes.Host, b *hatypes.Backend) {
@@ -235,9 +235,9 @@ func TestBackends(t *testing.T) {
     # path02 = d1.local/path2
     # path03 = d1.local/path3
     http-request set-var(txn.pathID) base,lower,map_beg(/etc/haproxy/maps/_back_d1_app_8080_idpath.map)
-    reqrep ^([^:\ ]*)\ /path1(.*)$       \1\ /sub1\2     if { var(txn.pathID) path01 }
-    reqrep ^([^:\ ]*)\ /path2(.*)$       \1\ /sub2\2     if { var(txn.pathID) path02 }
-    reqrep ^([^:\ ]*)\ /path3(.*)$       \1\ /sub2\2     if { var(txn.pathID) path03 }`,
+    http-request replace-uri ^/path1(.*)$       /sub1\1     if { var(txn.pathID) path01 }
+    http-request replace-uri ^/path2(.*)$       /sub2\1     if { var(txn.pathID) path02 }
+    http-request replace-uri ^/path3(.*)$       /sub2\1     if { var(txn.pathID) path03 }`,
 		},
 		{
 			doconfig: func(g *hatypes.Global, h *hatypes.Host, b *hatypes.Backend) {
@@ -2435,7 +2435,7 @@ listen stats
     stats enable
     stats uri /
     no log
-    option forceclose
+    option httpclose
     stats show-legends
 frontend healthz
     mode http
@@ -3022,7 +3022,7 @@ func (c *testConfig) checkConfig(expected string) {
     stats enable
     stats uri /
     no log
-    option forceclose
+    option httpclose
     stats show-legends
 frontend healthz
     mode http
diff --git a/rootfs/Dockerfile b/rootfs/Dockerfile
index 3ec0fed97..0a0816024 100644
--- a/rootfs/Dockerfile
+++ b/rootfs/Dockerfile
@@ -12,7 +12,7 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 
-FROM haproxy:1.9.13-alpine
+FROM haproxy:2.0.11-alpine
 RUN apk --no-cache add socat openssl lua5.3 lua-socket dumb-init
 
 COPY . /
diff --git a/rootfs/etc/haproxy/template/haproxy.tmpl b/rootfs/etc/haproxy/template/haproxy.tmpl
index 4106e1697..195942bd4 100644
--- a/rootfs/etc/haproxy/template/haproxy.tmpl
+++ b/rootfs/etc/haproxy/template/haproxy.tmpl
@@ -447,10 +447,10 @@ backend {{ $backend.ID }}
 {{- if $rewrite }}
 {{- range $path := $rewriteCfg.Paths.Items }}
 {{- if eq $rewrite "/" }}
-    reqrep ^([^:\ ]*)\ {{ $path.Path }}/?(.*)$     \1\ {{ $rewrite }}\2
+    http-request replace-uri ^{{ $path.Path }}/?(.*)$     {{ $rewrite }}\1
         {{- if $needACL }}     if { var(txn.pathID) {{ $path.ID }} }{{ end }}
 {{- else }}
-    reqrep ^([^:\ ]*)\ {{ $path.Path }}(.*)$       \1\ {{ $rewrite }}{{ if hasSuffix $path.Path "/" }}/{{ end }}\2
+    http-request replace-uri ^{{ $path.Path }}(.*)$       {{ $rewrite }}{{ if hasSuffix $path.Path "/" }}/{{ end }}\1
         {{- if $needACL }}     if { var(txn.pathID) {{ $path.ID }} }{{ end }}
 {{- end }}
 {{- end }}
@@ -1051,7 +1051,7 @@ listen stats
     stats enable
     stats uri /
     no log
-    option forceclose
+    option httpclose
     stats show-legends
 
   # # # # # # # # # # # # # # # # # # #

From c9129426a2ddc6c6de2af956abb8b9f6253e5d3f Mon Sep 17 00:00:00 2001
From: Joao Morais <jcmoraisjr@gmail.com>
Date: Sat, 14 Dec 2019 17:50:38 -0300
Subject: [PATCH 2/2] use-htx global config defaults to true

Since haproxy v2.0-dev3 http-use-htx is enabled by default. Changing template and use-htx default configmap option accordingly.
---
 pkg/converters/ingress/defaults.go       |  1 +
 pkg/haproxy/instance_test.go             |  1 +
 rootfs/etc/haproxy/template/haproxy.tmpl | 22 ++--------------------
 3 files changed, 4 insertions(+), 20 deletions(-)

diff --git a/pkg/converters/ingress/defaults.go b/pkg/converters/ingress/defaults.go
index 4eaa49517..926e49335 100644
--- a/pkg/converters/ingress/defaults.go
+++ b/pkg/converters/ingress/defaults.go
@@ -95,5 +95,6 @@ func createDefaults() map[string]string {
 		types.GlobalSyslogTag:                    "ingress",
 		types.GlobalTimeoutStop:                  "10m",
 		types.GlobalTLSALPN:                      "h2,http/1.1",
+		types.GlobalUseHTX:                       "true",
 	}
 }
diff --git a/pkg/haproxy/instance_test.go b/pkg/haproxy/instance_test.go
index 7525a5b7c..4ea815acf 100644
--- a/pkg/haproxy/instance_test.go
+++ b/pkg/haproxy/instance_test.go
@@ -2872,6 +2872,7 @@ func (c *testConfig) configGlobal(global *hatypes.Global) {
 	global.Timeout.ServerFin = "50s"
 	global.Timeout.Stop = "15m"
 	global.Timeout.Tunnel = "1h"
+	global.UseHTX = true
 }
 
 var endpointS0 = &hatypes.Endpoint{
diff --git a/rootfs/etc/haproxy/template/haproxy.tmpl b/rootfs/etc/haproxy/template/haproxy.tmpl
index 195942bd4..0c756a34e 100644
--- a/rootfs/etc/haproxy/template/haproxy.tmpl
+++ b/rootfs/etc/haproxy/template/haproxy.tmpl
@@ -92,8 +92,8 @@ defaults
     option dontlognull
     option http-server-close
     option http-keep-alive
-{{- if $global.UseHTX }}
-    option http-use-htx
+{{- if not $global.UseHTX }}
+    no option http-use-htx
 {{- end }}
     timeout client          {{ default "--" $global.Timeout.Client }}
 {{- if $global.Timeout.ClientFin }}
@@ -171,11 +171,6 @@ listen _tcp_{{ $backend.Name }}_{{ $backend.Port }}
         {{- if $backend.ProxyProt.Decode }} accept-proxy{{ end }}
     mode tcp
 
-{{- /*------------------------------------*/}}
-{{- if $global.UseHTX }}
-    no option http-use-htx
-{{- end }}
-
 {{- /*------------------------------------*/}}
 {{- if $global.Syslog.Endpoint }}
 {{- if eq $global.Syslog.TCPLogFormat "default" }}
@@ -253,11 +248,6 @@ backend {{ $backend.ID }}
 {{- /*------------------------------------*/}}
 {{- if $backend.ModeTCP }}
 
-{{- /*------------------------------------*/}}
-{{- if $global.UseHTX }}
-    no option http-use-htx
-{{- end }}
-
 {{- /*------------------------------------*/}}
 {{- if $backend.WhitelistTCP }}
 {{- range $w1 := short 10 $backend.WhitelistTCP }}
@@ -613,11 +603,6 @@ listen _front__tls
     mode tcp
     bind {{ $global.Bind.HTTPSBind }}{{ if $global.Bind.AcceptProxy }} accept-proxy{{ end }}
 
-{{- /*------------------------------------*/}}
-{{- if $global.UseHTX }}
-    no option http-use-htx
-{{- end }}
-
 {{- /*------------------------------------*/}}
 {{- if $global.Syslog.Endpoint }}
 {{- if eq $global.Syslog.HTTPSLogFormat "default" }}
@@ -1074,9 +1059,6 @@ backend spoe-modsecurity
     mode tcp
     timeout connect 5s
     timeout server  5s
-{{- if $global.UseHTX }}
-    no option http-use-htx
-{{- end }}
 {{- range $i, $endpoint := $global.ModSecurity.Endpoints }}
     server modsec-spoa{{ $i }} {{ $endpoint }}
 {{- end }}