From b7c2007696560741e3780c4be94ab931de654010 Mon Sep 17 00:00:00 2001
From: Minoplhy <kraneberru@disroot.org>
Date: Mon, 15 Feb 2021 09:31:26 +0700
Subject: [PATCH 1/3] http 2.0

---
 configuration/haproxy.cfg | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/configuration/haproxy.cfg b/configuration/haproxy.cfg
index 7ac61d0..f9fddb6 100644
--- a/configuration/haproxy.cfg
+++ b/configuration/haproxy.cfg
@@ -62,8 +62,8 @@ backend dns-dot
 
 # TCP LB (443)
 frontend 443-in-doh
-	bind 0.0.0.0:443 strict-sni tfo ssl crt /etc/haproxy/certs/doh.domain.pem
-        bind [::]:443 strict-sni tfo ssl crt /etc/haproxy/certs/doh.domain.pem
+	bind 0.0.0.0:443 strict-sni tfo ssl crt /etc/haproxy/certs/doh.domain.pem alpn h2,http/2
+        bind [::]:443 strict-sni tfo ssl crt /etc/haproxy/certs/doh.domain.pem alpn h2,http/2
 
         mode http
 

From f5d4cb69c103d0927e8a733917a4010b1a682456 Mon Sep 17 00:00:00 2001
From: Minoplhy <kraneberru@disroot.org>
Date: Mon, 15 Feb 2021 10:35:51 +0700
Subject: [PATCH 2/3] Remove # lines

# default_backend nginx
---
 configuration/haproxy.cfg | 1 -
 1 file changed, 1 deletion(-)

diff --git a/configuration/haproxy.cfg b/configuration/haproxy.cfg
index f9fddb6..7fe2ae9 100644
--- a/configuration/haproxy.cfg
+++ b/configuration/haproxy.cfg
@@ -74,7 +74,6 @@ frontend 443-in-doh
 
 	use_backend dns-doh if { hdr(host) -i doh.domain }
 
-#	default_backend nginx
 
 backend dns-doh
 mode http

From c6fb9270de5dd63202f58c6c814a80667da79d8a Mon Sep 17 00:00:00 2001
From: Minoplhy <kraneberru@disroot.org>
Date: Mon, 15 Feb 2021 10:44:09 +0700
Subject: [PATCH 3/3] backend revolution

- move backend to bottom
- remove garbage line
---
 configuration/haproxy.cfg | 16 ++++++++--------
 1 file changed, 8 insertions(+), 8 deletions(-)

diff --git a/configuration/haproxy.cfg b/configuration/haproxy.cfg
index 7fe2ae9..df911a7 100644
--- a/configuration/haproxy.cfg
+++ b/configuration/haproxy.cfg
@@ -56,10 +56,6 @@ frontend 853-in
 	# DoT
 	use_backend dns-dot if { ssl_fc_sni dot.domain }
 
-backend dns-dot
-	mode tcp
-	server dot 127.0.0.1:5353 check
-
 # TCP LB (443)
 frontend 443-in-doh
 	bind 0.0.0.0:443 strict-sni tfo ssl crt /etc/haproxy/certs/doh.domain.pem alpn h2,http/2
@@ -75,12 +71,16 @@ frontend 443-in-doh
 	use_backend dns-doh if { hdr(host) -i doh.domain }
 
 
-backend dns-doh
-mode http
-server dns-doh 127.0.0.1:8053 check
+backend dns-dot
+	mode tcp
+	server dot 127.0.0.1:5353 check
 
-http-response set-header Strict-Transport-Security max-age=63072000
+backend dns-doh
+        mode http
+        server dns-doh 127.0.0.1:8053 check
 
 backend check
         mode http
         errorfile 503 /root/dns/check.http
+
+http-response set-header Strict-Transport-Security max-age=63072000