haproxytechblog/blog20171011-01.cfg

## blog20171011-01.cfg
frontend www.mysite.com
    bind 10.0.0.3:80
    bind 10.0.0.3:443 ssl crt /etc/ssl/certs/mysite.pem
    default_backend web_servers

## blog20171011-02.cfg
backend web_servers
    balance roundrobin
    server server1 10.0.1.3:443 check maxconn 20 ssl
    server server2 10.0.1.4:443 check maxconn 20 ssl

## blog20171011-03.cfg
backend web_servers
    balance roundrobin
    server server1 10.0.1.3:443 check maxconn 20 ssl ca-file /etc/ssl/certs/ca.pem
    server server2 10.0.1.4:443 check maxconn 20 ssl ca-file /etc/ssl/certs/ca.pem

## blog20171011-04.cfg
frontend www.mysite.com
    bind 10.0.0.3:80
    bind 10.0.0.3:443 ssl crt /etc/ssl/certs/mysite.pem
    http-request redirect scheme https unless { ssl_fc }
    default_backend web_servers

## blog20171011-05.cfg
frontend www.mysite.com
    bind 10.0.0.3:80
    bind 10.0.0.3:443 ssl crt /etc/ssl/certs/mysite.pem ssl-min-ver TLSv1.2
    http-request redirect scheme https unless { ssl_fc }
    default_backend web_servers

## blog20171011-06.cfg
global
    ssl-default-bind-options ssl-min-ver TLSv1.2

## blog20171011-07.cfg
bind 10.0.0.3:443 ssl crt /etc/ssl/certs/mysite.pem ssl-min-ver TLSv1.2 ciphers ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256

## blog20171011-08.cfg
global
    ssl-default-bind-ciphers ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256

## blog20171011-09.cfg
frontend www.mysite.com
    bind 10.0.0.3:80
    bind 10.0.0.3:443 ssl crt /etc/ssl/certs/
    http-request redirect scheme https unless { ssl_fc }
    default_backend web_servers

## blog20171011-09a.cfg
bind 10.0.0.3:443 ssl crt /etc/ssl/certs/mycert.pem

## blog20171011-10.cfg
bind 10.0.0.3:443 ssl crt /etc/ssl/certs/mysite.pem verify required ca-file /etc/ssl/certs/ca.pem crl-file /etc/ssl/certs/crl.pem
	frontend www.mysite.com
	bind 10.0.0.3:80
	bind 10.0.0.3:443 ssl crt /etc/ssl/certs/mysite.pem
	default_backend web_servers
	backend web_servers
	balance roundrobin
	server server1 10.0.1.3:443 check maxconn 20 ssl
	server server2 10.0.1.4:443 check maxconn 20 ssl
	global
	ssl-default-bind-ciphers ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256