Do not create the portainer network. Fix the haproxy configuration

defaults/main.yml

@@ -4,6 +4,7 @@ docker_swarm_cluster_haproxy_install: True
 docker_swarm_haproxy_installation_type: 'keepalive'
 docker_swarm_haproxy_networks:
   - 'portainer_{{ docker_swarm_portainer_network }}'
+docker_swarm_haproxy_additional_networks: []
 #
 docker_swarm_expose_api_via_haproxy: True
 docker_swarm_expose_api_hostname: 'swarm.example.com'

tasks/haproxy_networks.yml

@@ -1,12 +1,12 @@
 ---
-- name: Create the networks that haproxy will attach to
+- name: Create the networks that haproxy will attach to and that are not created by the services
   block:
-  - name: Create the overlay networks
+  - name: Create the overlay networks that are not created by the services
     docker_network:
       name: '{{ item }}'
       driver: overlay
       scope: swarm
-    with_items: '{{ docker_swarm_haproxy_networks }}'
+    with_items: '{{ docker_swarm_haproxy_additional_networks }}'
 
 #   - name: Connect haproxy to the overlay networks
 #     docker_network:
@@ -16,5 +16,13 @@
 #       appends: yes
 #     with_items: '{{ docker_swarm_haproxy_networks }}'
 
+#   - name: Connect haproxy to the overlay additional networks
+#     docker_network:
+#       name: '{{ item }}'
+#       connected:
+#         - 'haproxy_haproxy'
+#       appends: yes
+#     with_items: '{{ docker_swarm_haproxy_additional_networks }}'
+
   when: docker_swarm_manager_main_node | bool
   tags: [ 'haproxy', 'docker_haproxy', 'docker_swarm', 'docker', 'docker_network' ]

templates/haproxy.cfg.j2

@@ -83,6 +83,7 @@ frontend http
 {% if docker_swarm_expose_api_via_haproxy %}
     acl swarm_api hdr_dom(host) -i {{ docker_swarm_expose_api_hostname }}
     acl swarm_api_allowed_nets src {% for net in docker_swarm_api_networks_acl %} {{ net }}{% endfor %}
+
     http-request deny if swarm_api !swarm_api_allowed_nets
     use_backend swarm_api_bck if swarm_api
 {% endif %}
@@ -90,6 +91,7 @@ frontend http
     acl {{ srv.acl_name }} {{ srv.acl_rule }}
 {% if srv.allowed_networks is defined %}
     acl {{ srv.acl_name }}_nets src {% for net in srv.allowed_networks %} {{ net }}{% endfor %}
+
     http-request deny if {{ srv.acl_name }} !{{ srv.acl_name }}_nets
 {% endif %}
     use_backend {{ srv.acl_name }}_bck if {{ srv.acl_name }}
@@ -108,14 +110,17 @@ backend swarm_api_bck
 
 {% if docker_swarm_cluster_portainer_install %}
 backend portainer_bck
-    option httpchk GET /  HTTP/1.1\r\nHost:\ localhost
+    option httpchk
+    http-check send meth HEAD uri / ver HTTP/1.1 hdr Host localhost
     http-check expect rstatus (2|3)[0-9][0-9]
     balance roundrobin
     server-template portainer- 1 portainer:{{ docker_swarm_portainer_http_port }} check resolvers docker init-addr libc,none
 {% endif %}
 
 {% for srv in docker_swarm_haproxy_additional_services %}
-    option httpchk GET /  HTTP/1.1\r\nHost:\ localhost
+backend {{ srv.acl_name }}_bck
+    option httpchk
+    http-check send meth HEAD uri / ver HTTP/1.1 hdr Host localhost
     http-check expect rstatus (2|3)[0-9][0-9]
     balance roundrobin
     server-template {{ srv.service_name }}- {{ srv.service_replica_num }} {{ srv.service_name }}:{{ srv.service_port }} check resolvers docker init-addr libc,none