Fix letsencrypt acls

03frontends.cfg

@@ -285,19 +285,25 @@ frontend frontend_default
   acl ZM src -f /etc/haproxy/country/ZM.txt
   acl ZW src -f /etc/haproxy/country/ZW.txt
 
+  # Let's Encrypt
+  acl letsencrypt path_beg /.well-known/acme-challenge/
+  use_backend letsencrypt if letsencrypt
+
   # Redirect www to non-www domains
   http-request redirect prefix https://%[hdr(host),regsub(^www\.,,i)] code 301 if { hdr_beg(host) -i www. }
 
+  # Mastodon
   # ACL to match requests for /.well-known/webfinger
   acl webfinger_request path_beg /.well-known/webfinger
   # ACL to check if the host is not mastodon.benoit.jp.net
   acl not_mastodon hdr(host) !mastodon.benoit.jp.net
-
   # Redirect if it's a webfinger request and the host is not mastodon.benoit.jp.net
   http-request redirect location https://mastodon.benoit.jp.net%[capture.req.uri] if webfinger_request not_mastodon
 
-  acl letsencrypt path_beg /.well-known/acme-challenge/
+  # Filtering
+  http-request deny if adguard !JP !SG !letsencrypt
 
+  # Everything else
   acl adguard hdr(host) -i adguard.benoit.jp.net
   acl archive hdr(host) -i blog.benpro.fr.archive.benoit.jp.net
   acl archive hdr(host) -i lekernelpanique.fr.archive.benoit.jp.net
@@ -307,8 +313,6 @@ frontend frontend_default
   acl linkding hdr(host) -i linkding.benoit.jp.net
   acl mastodon hdr(host) -i mastodon.benoit.jp.net
 
-  http-request deny if adguard !JP !letsencrypt
-
   use_backend adguard if adguard
   use_backend archive if archive
   use_backend forgejo if forgejo