I’m running OPNSense with the HAProxy plugin purely as a reverse proxy and I need a clean set-up of URL rewrite rules. The goal is to make every incoming request land on the right backend while transparently converting • plain-HTTP traffic to HTTPS, and • requests for one domain to another domain, all under a mix of conditions: some rewrites must trigger on custom headers, others on specific path patterns, and the remainder should catch anything that slips through. I already have the frontends and backends defined; what’s missing is the precise ACLs, actions and map files (if you prefer those) that will: 1. Force HTTPS with an HSTS header. 2. Swap domains without breaking existing paths, query strings or cookies. 3. Respect header-based rules (e.g., X-Forwarded-Proto or custom app headers) before defaulting to the generic catch-all. Please document the edits you make inside OPNSense (or export the config diff) so I can re-apply them if needed, and give me a short explanation of each rule so future maintenance is straightforward. Test evidence—curl output or browser screenshots—showing that the three scenarios above resolve correctly will be the acceptance criteria. i have 4 Urls like http/s://servername.domain.cloud/appname which needs to be rewritten to https://appname.domain.com