sacreman/gist:4453493

## gistfile1.txt
global
log 127.0.0.1 local2 info
pidfile /var/run/haproxy.pid
stats socket /var/run/haproxy.stat mode 600 level admin

#debug

defaults
mode http
log global

option httplog
option dontlognull
option forwardfor
option http-server-close
option redispatch

timeout http-request 10s
timeout queue 1m
timeout connect 5s
timeout client 2m
timeout server 2m
timeout http-keep-alive 10s
timeout check 5s
retries 3

compression algo gzip
compression type text/html text/html;charset=utf-8 text/plain text/css text/javascript application/x-javascript application/javascript application/ecmascript application/rss+xml application/atomsvc+xml application/atom+xml application/atom+xml;type=entry application/atom+xml;type=feed application/cmisquery+xml application/cmisallowableactions+xml application/cmisatom+xml application/cmistree+xml application/cmisacl+xml application/msword application/vnd.ms-excel application/vnd.ms-powerpoint

errorfile 400 /var/www/html/errors/400.http
errorfile 403 /var/www/html/errors/403.http
errorfile 408 /var/www/html/errors/408.http
errorfile 500 /var/www/html/errors/500.http
errorfile 502 /var/www/html/errors/502.http
errorfile 503 /var/www/html/errors/503.http
errorfile 504 /var/www/html/errors/504.http

# Front end for http to https redirect
frontend http
bind *:80
redirect location https://envmy.company.com/share

# Main front end
frontend https
bind *:443 ssl crt /etc/haproxy/company.com.pem

# ACL for backend mapping based on host header
acl is_my hdr_end(host) -i envmy.company.com
acl is_api hdr_end(host) -i envapi.company.com
acl is_a hdr_end(host) -i enva.company.com
acl is_webdav hdr_end(host) -i envwebdav.company.com
acl is_sp hdr_end(host) -i envsp.company.com

# ACL for backend mapping based on url paths
acl is_l7auth path_reg ^/auth/oauth/versions/2/.*
acl robots path_reg ^/robots.txt$
acl app_path path_reg ^/app/.*
acl share_path path_reg ^/share/.*/proxy/app/api/solr/.*
acl share_redirect path_reg ^$|^/$

# Changes to header responses
rspirep ^Location:\s*http://.*?\.company.com(/.*)$ Location:\ \1
rspirep ^Location:(.*\?\w+=)http(%3a%2f%2f.*?\.company.com%2f.*)$ Location:\ \1https\2
rspadd Strict-Transport-Security:\ max-age=15768000

# Blocked paths
block if app_path is_my

# Redirects
redirect location /share if share_redirect is_my

# List of backends
use_backend S3 if robots
use_backend layer7 if is_l7auth
use_backend share if is_my
use_backend api if is_api
use_backend api if is_a
use_backend webdav if is_webdav
use_backend sharepoint if is_sp

default_backend share

backend share

# Enable the cool stats page only on share backend
stats enable
stats hide-version
stats auth admin:*********
stats uri       /monitor
stats refresh   5s

option httpchk GET /share
server tomcat1 envappn1.app.pri:8080 cookie share1 check inter 5000
server tomcat2 envappn2.app.pri:8080 cookie share2 check inter 5000
server tomcat3 envappn3.app.pri:8080 cookie share3 check inter 5000
appsession JSESSIONID len 52 timeout 3h

backend api
balance source
option httpchk GET /app
reqrep ^([^\ ]*)\ /(.*) \1\ /app/publicapi/\2
server tomcat1 envappn1.app.pri:8080 check inter 5000
server tomcat2 envappn2.app.pri:8080 check inter 5000
server tomcat3 envappn3.app.pri:8080 check inter 5000

backend webdav
option httpchk GET /app
reqrep ^([^\ ]*)\ /(.*) \1\ /app/webdav/\2
server tomcat1 envappn1.app.pri:8080 check inter 5000
server tomcat2 envappn2.app.pri:8080 check inter 5000
server tomcat3 envappn3.app.pri:8080 check inter 5000

backend sharepoint
server tomcat1 envappn1.app.pri:7070 cookie share1 check inter 5000
server tomcat2 envappn2.app.pri:7070 cookie share2 check inter 5000
server tomcat3 envappn3.app.pri:7070 cookie share3 check inter 5000
appsession VTISESSIONID len 52 timeout 3h

backend layer7
server qa-layer7.app.pri qa-layer7.app.pri:8443 check inter 5000 ssl

backend S3
reqirep  ^Host:   Host:\ s3.amazonaws.com
reqrep  ^([^\ ]*)\ /(.*) \1\ /app-static/\2
server CDN  s3.amazonaws.com:80 check inter 5000
reqidel ^Authorization:.*
	global
	log 127.0.0.1 local2 info
	pidfile /var/run/haproxy.pid
	stats socket /var/run/haproxy.stat mode 600 level admin

	#debug

	defaults
	mode http
	log global

	option httplog
	option dontlognull
	option forwardfor
	option http-server-close
	option redispatch

	timeout http-request 10s
	timeout queue 1m
	timeout connect 5s
	timeout client 2m
	timeout server 2m
	timeout http-keep-alive 10s
	timeout check 5s
	retries 3

	compression algo gzip
	compression type text/html text/html;charset=utf-8 text/plain text/css text/javascript application/x-javascript application/javascript application/ecmascript application/rss+xml application/atomsvc+xml application/atom+xml application/atom+xml;type=entry application/atom+xml;type=feed application/cmisquery+xml application/cmisallowableactions+xml application/cmisatom+xml application/cmistree+xml application/cmisacl+xml application/msword application/vnd.ms-excel application/vnd.ms-powerpoint

	errorfile 400 /var/www/html/errors/400.http
	errorfile 403 /var/www/html/errors/403.http
	errorfile 408 /var/www/html/errors/408.http
	errorfile 500 /var/www/html/errors/500.http
	errorfile 502 /var/www/html/errors/502.http
	errorfile 503 /var/www/html/errors/503.http
	errorfile 504 /var/www/html/errors/504.http

	# Front end for http to https redirect
	frontend http
	bind *:80
	redirect location https://envmy.company.com/share

	# Main front end
	frontend https
	bind *:443 ssl crt /etc/haproxy/company.com.pem

	# ACL for backend mapping based on host header
	acl is_my hdr_end(host) -i envmy.company.com
	acl is_api hdr_end(host) -i envapi.company.com
	acl is_a hdr_end(host) -i enva.company.com
	acl is_webdav hdr_end(host) -i envwebdav.company.com
	acl is_sp hdr_end(host) -i envsp.company.com

	# ACL for backend mapping based on url paths
	acl is_l7auth path_reg ^/auth/oauth/versions/2/.*
	acl robots path_reg ^/robots.txt$
	acl app_path path_reg ^/app/.*
	acl share_path path_reg ^/share/./proxy/app/api/solr/.
	acl share_redirect path_reg ^$\|^/$

	# Changes to header responses
	rspirep ^Location:\shttp://.?\.company.com(/.*)$ Location:\ \1
	rspirep ^Location:(.\?\w+=)http(%3a%2f%2f.?\.company.com%2f.*)$ Location:\ \1https\2
	rspadd Strict-Transport-Security:\ max-age=15768000

	# Blocked paths
	block if app_path is_my

	# Redirects
	redirect location /share if share_redirect is_my

	# List of backends
	use_backend S3 if robots
	use_backend layer7 if is_l7auth
	use_backend share if is_my
	use_backend api if is_api
	use_backend api if is_a
	use_backend webdav if is_webdav
	use_backend sharepoint if is_sp

	default_backend share

	backend share

	# Enable the cool stats page only on share backend
	stats enable
	stats hide-version
	stats auth admin:*********
	stats uri /monitor
	stats refresh 5s

	option httpchk GET /share
	server tomcat1 envappn1.app.pri:8080 cookie share1 check inter 5000
	server tomcat2 envappn2.app.pri:8080 cookie share2 check inter 5000
	server tomcat3 envappn3.app.pri:8080 cookie share3 check inter 5000
	appsession JSESSIONID len 52 timeout 3h

	backend api
	balance source
	option httpchk GET /app
	reqrep ^([^\ ])\ /(.) \1\ /app/publicapi/\2
	server tomcat1 envappn1.app.pri:8080 check inter 5000
	server tomcat2 envappn2.app.pri:8080 check inter 5000
	server tomcat3 envappn3.app.pri:8080 check inter 5000

	backend webdav
	option httpchk GET /app
	reqrep ^([^\ ])\ /(.) \1\ /app/webdav/\2
	server tomcat1 envappn1.app.pri:8080 check inter 5000
	server tomcat2 envappn2.app.pri:8080 check inter 5000
	server tomcat3 envappn3.app.pri:8080 check inter 5000

	backend sharepoint
	server tomcat1 envappn1.app.pri:7070 cookie share1 check inter 5000
	server tomcat2 envappn2.app.pri:7070 cookie share2 check inter 5000
	server tomcat3 envappn3.app.pri:7070 cookie share3 check inter 5000
	appsession VTISESSIONID len 52 timeout 3h

	backend layer7
	server qa-layer7.app.pri qa-layer7.app.pri:8443 check inter 5000 ssl

	backend S3
	reqirep ^Host: Host:\ s3.amazonaws.com
	reqrep ^([^\ ])\ /(.) \1\ /app-static/\2
	server CDN s3.amazonaws.com:80 check inter 5000
	reqidel ^Authorization:.*