diff --git a/templates/haproxy_cfg.jinja2 b/templates/haproxy_cfg.jinja2
index 6c73623a9d8f97456cd104ee01a6cfebe824e1a6..06d42c459e974e5324ad7d87476ecfbca6ac4563 100644
--- a/templates/haproxy_cfg.jinja2
+++ b/templates/haproxy_cfg.jinja2
@@ -85,6 +85,9 @@ frontend http_in
   acl private_auth http_auth(notprivate) if !privateip
   http-request auth realm notprivate if !letsencrypt_challenge privatedomain !privateip !private_auth
 {% endif %}
+{% for line in proxy_extra_lines|default([]) %}
+  {{ line }}
+{% endfor %}
 {% for host in groups['all']|sort %}
 {% for redirect in hostvars[host].proxy_redirect|default([]) %}
 {% for from in redirect.from %}
@@ -206,6 +209,9 @@ frontend https_in_{{ cert.ip }}
   acl private_auth http_auth(notprivate) if !privateip
   http-request auth realm notprivate if privatedomain !privateip !private_auth
 {% endif %}
+{% for line in proxy_extra_lines|default([]) %}
+  {{ line }}
+{% endfor %}
   acl blockedip src -f /etc/haproxy/blacklist.ip
   http-request deny if blockedip
   acl blockedreferer hdr_sub(referer) -i -f /etc/haproxy/blacklist.referer