mbentley/haproxy.conf

## haproxy.conf
global
        log /dev/log local0
        log /dev/log local1 notice

defaults
      	log global
	mode tcp
	option tcplog
	option dontlognull
      	timeout connect 5s
      	timeout client 50s
        timeout client-fin 50s
      	timeout server 50s
        timeout tunnel 1h
        default-server inter 15s fastinter 2s downinter 5s rise 3 fall 3

### standalone stats page
listen stats
        # accessible at http://192.168.1.100/haproxy?stats
        bind 0.0.0.0:8181
      	mode http
      	option httplog
      	stats enable
      	stats admin if TRUE
      	stats refresh 5m

### frontend servers
frontend http
        bind 0.0.0.0:80
        mode http
        # redirects from http to https
        redirect scheme https code 301 if { hdr(Host) -i site1.example.com } !{ ssl_fc }
	redirect scheme https code 301 if { hdr(Host) -i site1alias.example.com } !{ ssl_fc }
        redirect scheme https code 301 if { hdr(Host) -i site2.example.com } !{ ssl_fc }
        redirect scheme https code 301 if { hdr(Host) -i site3.example.com } !{ ssl_fc }
        redirect scheme https code 301 if { hdr(Host) -i site4.example.com } !{ ssl_fc }

        # set default backend
        default_backend default_http

frontend https
        option tcplog
        bind 0.0.0.0:443
        tcp-request inspect-delay 5s
        tcp-request content accept if { req_ssl_hello_type 1 }

        ## exact matches
        use_backend site1_https if { req.ssl_sni -i site1.example.com or site1alias.example.com }
        use_backend site2_https if { req.ssl_sni -i site2.example.com }
        use_backend site3_https if { req.ssl_sni -i site3.example.com }
        use_backend site4_https if { req.ssl_sni -i site4.example.com }

        # set default backend
        default_backend default_https

### backend servers
backend default_http
        mode http
        server nginx_lb_http.sock unix@/run/nginx_lb_http.sock send-proxy weight 100 check

backend default_https
        mode tcp
        server nginx_lb_https.sock unix@/run/nginx_lb_https.sock send-proxy weight 100 check

backend site1_https
        mode tcp
        option ssl-hello-chk
        server server1:443 192.168.1.101:443 weight 100 check

backend site2_https
        mode tcp
        option ssl-hello-chk
        server server2:443 192.168.1.102:443 weight 100 check

backend site3_https
        mode tcp
        option ssl-hello-chk
        server server3:443 192.168.1.103:443 weight 100 check

backend site4_https
        mode tcp
        option ssl-hello-chk
        server server4:443 192.168.1.104:443 weight 100 check
	global
	log /dev/log local0
	log /dev/log local1 notice

	defaults
	log global
	mode tcp
	option tcplog
	option dontlognull
	timeout connect 5s
	timeout client 50s
	timeout client-fin 50s
	timeout server 50s
	timeout tunnel 1h
	default-server inter 15s fastinter 2s downinter 5s rise 3 fall 3

	### standalone stats page
	listen stats
	# accessible at http://192.168.1.100/haproxy?stats
	bind 0.0.0.0:8181
	mode http
	option httplog
	stats enable
	stats admin if TRUE
	stats refresh 5m

	### frontend servers
	frontend http
	bind 0.0.0.0:80
	mode http
	# redirects from http to https
	redirect scheme https code 301 if { hdr(Host) -i site1.example.com } !{ ssl_fc }
	redirect scheme https code 301 if { hdr(Host) -i site1alias.example.com } !{ ssl_fc }
	redirect scheme https code 301 if { hdr(Host) -i site2.example.com } !{ ssl_fc }
	redirect scheme https code 301 if { hdr(Host) -i site3.example.com } !{ ssl_fc }
	redirect scheme https code 301 if { hdr(Host) -i site4.example.com } !{ ssl_fc }

	# set default backend
	default_backend default_http

	frontend https
	option tcplog
	bind 0.0.0.0:443
	tcp-request inspect-delay 5s
	tcp-request content accept if { req_ssl_hello_type 1 }

	## exact matches
	use_backend site1_https if { req.ssl_sni -i site1.example.com or site1alias.example.com }
	use_backend site2_https if { req.ssl_sni -i site2.example.com }
	use_backend site3_https if { req.ssl_sni -i site3.example.com }
	use_backend site4_https if { req.ssl_sni -i site4.example.com }

	# set default backend
	default_backend default_https

	### backend servers
	backend default_http
	mode http
	server nginx_lb_http.sock unix@/run/nginx_lb_http.sock send-proxy weight 100 check

	backend default_https
	mode tcp
	server nginx_lb_https.sock unix@/run/nginx_lb_https.sock send-proxy weight 100 check

	backend site1_https
	mode tcp
	option ssl-hello-chk
	server server1:443 192.168.1.101:443 weight 100 check

	backend site2_https
	mode tcp
	option ssl-hello-chk
	server server2:443 192.168.1.102:443 weight 100 check

	backend site3_https
	mode tcp
	option ssl-hello-chk
	server server3:443 192.168.1.103:443 weight 100 check

	backend site4_https
	mode tcp
	option ssl-hello-chk
	server server4:443 192.168.1.104:443 weight 100 check