feat(haproxy): Add cybermood.eu vhost configuration

- Add vhost entries for cybermood.eu and www.cybermood.eu
- Add backend configuration (cybermood_web on port 4000)
- Add ACME certificate entries for SSL
- Add ACL routing rules in template
- Switch to crt-list for multi-certificate SNI support

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>

package/secubox/secubox-app-haproxy/files/etc/config/haproxy

@@ -33,10 +33,10 @@ config frontend 'http_front'
 	option default_backend 'fallback'
 	option enabled '1'
 
-# Example frontend (HTTPS with SNI)
+# Example frontend (HTTPS with SNI using crt-list for multi-cert support)
 config frontend 'https_front'
 	option name 'https-in'
-	option bind '*:443 ssl crt /etc/haproxy/certs/ alpn h2,http/1.1'
+	option bind '*:443 ssl crt-list /opt/haproxy/certs/certs.list alpn h2,http/1.1'
 	option mode 'http'
 	option default_backend 'fallback'
 	option enabled '1'
@@ -48,6 +48,23 @@ config backend 'fallback'
 	option balance 'roundrobin'
 	option enabled '1'
 
+# CyberMood.eu vhost
+config vhost 'cybermood'
+	option domain 'cybermood.eu'
+	option backend 'cybermood_web'
+	option ssl '1'
+	option ssl_redirect '1'
+	option acme '1'
+	option enabled '1'
+
+config vhost 'cybermood_www'
+	option domain 'www.cybermood.eu'
+	option backend 'cybermood_web'
+	option ssl '1'
+	option ssl_redirect '1'
+	option acme '1'
+	option enabled '1'
+
 # Example vhost
 #config vhost 'example'
 #	option domain 'example.com'
@@ -57,6 +74,21 @@ config backend 'fallback'
 #	option acme '1'
 #	option enabled '1'
 
+# CyberMood.eu backend
+config backend 'cybermood_web'
+	option name 'cybermood-web'
+	option mode 'http'
+	option balance 'roundrobin'
+	option enabled '1'
+
+config server 'cybermood_srv'
+	option backend 'cybermood_web'
+	option name 'cybermood-srv'
+	option address '127.0.0.1'
+	option port '4000'
+	option check '1'
+	option enabled '1'
+
 # Example backend with servers
 #config backend 'web_servers'
 #	option name 'web-servers'
@@ -83,6 +115,17 @@ config acme 'acme'
 	option key_type 'ec-256'
 	option renew_days '30'
 
+# CyberMood.eu certificate (ACME)
+config certificate 'cert_cybermood'
+	option domain 'cybermood.eu'
+	option type 'acme'
+	option enabled '1'
+
+config certificate 'cert_cybermood_www'
+	option domain 'www.cybermood.eu'
+	option type 'acme'
+	option enabled '1'
+
 # Certificate entry (manual or ACME)
 #config certificate 'cert_example'
 #	option domain 'example.com'

package/secubox/secubox-app-haproxy/files/usr/share/haproxy/templates/default.cfg

@@ -47,9 +47,9 @@ frontend http-in
     http-request redirect scheme https code 301 unless is_acme
     default_backend default_luci
 
-# HTTPS frontend - SSL termination
+# HTTPS frontend - SSL termination with multi-certificate SNI support
 frontend https-in
-    bind *:443 ssl crt /opt/haproxy/certs/ alpn h2,http/1.1
+    bind *:443 ssl crt-list /opt/haproxy/certs/certs.list alpn h2,http/1.1
     mode http
 
     # Security headers
@@ -62,6 +62,10 @@ frontend https-in
     http-request set-header X-Real-IP %[src]
     http-request set-header X-Forwarded-For %[src]
 
+    # CyberMood.eu routing
+    acl is_cybermood hdr(host) -i cybermood.eu www.cybermood.eu
+    use_backend cybermood_web if is_cybermood
+
     default_backend default_luci
 
 # ACME challenge backend
@@ -74,3 +78,9 @@ backend default_luci
     mode http
     balance roundrobin
     server luci 192.168.255.1:8081 check
+
+# CyberMood.eu backend
+backend cybermood_web
+    mode http
+    balance roundrobin
+    server cybermood 127.0.0.1:4000 check