global log /dev/log local0 log /dev/log local1 notice # chroot /var/lib/haproxy stats timeout 30s user haproxy group haproxy daemon external-check insecure-fork-wanted defaults log global option httplog option dontlognull option dontlog-normal timeout client 30s timeout server 30s timeout connect 5s # errorfile 400 /etc/haproxy/errors/400.http # errorfile 403 /etc/haproxy/errors/403.http # errorfile 408 /etc/haproxy/errors/408.http # errorfile 500 /etc/haproxy/errors/500.http # errorfile 502 /etc/haproxy/errors/502.http # errorfile 503 /etc/haproxy/errors/503.http # errorfile 504 /etc/haproxy/errors/504.http resolvers mydns nameserver dns1 1.1.1.1:53 nameserver dns2 8.8.8.8:53 resolve_retries 3 timeout resolve 1s timeout retry 1s hold other 10s hold refused 10s hold nx 10s hold timeout 10s hold valid 10s hold obsolete 10s ########################################################################################## #FRONTENDS: ########################################################################################## ############## HTTP: frontend ft_http mode http bind *:80 option httplog option forwardfor #ACL: acl geobaldemo-burdigone_http hdr_dom(host) -i geobaldemo.burdig.one #BACKENDS: use_backend bk_geobaldemo-burdigone_http if geobaldemo-burdigone_http ############ HTTPS_SNI: frontend ft_https_sni_global bind *:443 mode tcp acl geobaldemo-burdigone_https req.ssl_sni -i geobaldemo.burdig.one use_backend bk_geobaldemo-burdigone_https if geobaldemo-burdigone_https tcp-request inspect-delay 2s tcp-request content reject if !geobaldemo-burdigone_https ########################################################################################## #BACKENDS: ########################################################################################## backend bk_redirect_https mode http redirect scheme https if !{ ssl_fc } backend bk_geobaldemo-burdigone_https mode tcp server srv-geobaldemo-burdigone_https 127.0.0.1:443 check sni req.ssl_sni backend bk_geobaldemo-burdigone_http mode http server srv-geobaldemo-burdigone_http 127.0.0.1:8000 check listen stats bind *:9000 mode http stats enable stats uri /stats stats realm HAProxy\ Statistics stats refresh 20s stats show-node stats show-legends stats show-desc HAPROXY stats auth admin:Passw0rd stats admin if TRUE