From de8e6c9853f80f9e0e74891a1af3b6a5dd7def22 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Moritz=20J=C3=B6rg?= <moritz.jorg@oceanbox.io>
Date: Wed, 6 May 2026 14:22:54 +0200
Subject: [PATCH] fix(haproxy): Quicless

---
 .../values/ingress-haproxy.yaml.gotmpl          | 17 +++++++++++++++++
 1 file changed, 17 insertions(+)

diff --git a/values/ingress-haproxy/values/ingress-haproxy.yaml.gotmpl b/values/ingress-haproxy/values/ingress-haproxy.yaml.gotmpl
index 653b03a6..e727b65e 100644
--- a/values/ingress-haproxy/values/ingress-haproxy.yaml.gotmpl
+++ b/values/ingress-haproxy/values/ingress-haproxy.yaml.gotmpl
@@ -16,6 +16,15 @@ controller:
   config:
     body-size: "0"
     tune.bufsize: "131072"
+    ssl-redirect: "true"
+    forwarded-for: "true"
+
+    # Disable QUIC ar Hetzner LB doesn't support UDP
+    quic-enabled: "false"
+
+    # Proxy protocol
+    proxy-protocol: "10.0.0.0/8"
+    use-proxy-protocol: "true"
 
   tolerations:
    - key: unschedulable
@@ -96,3 +105,11 @@ controller:
 
   serviceMonitor:
     enabled: true
+
+  defaultTLSSecret:
+    enabled: true
+    # Create this secret separately (self-signed or real cert)
+    secret: ingress-haproxy/ingress-haproxy-default-cert
+
+  extraArgs:
+    - --disable-quic