global daemon log 127.0.0.1 local0 log 127.0.0.1 local1 notice maxconn 4096 ssl-default-bind-ciphers ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256 defaults log global option httplog retries 3 maxconn 2000 timeout connect 5s timeout client 50s timeout server 50s listen stats bind 127.0.0.1:9090 balance mode http stats enable stats auth admin:securepasswordhere12341234! frontend http_in bind *:80 mode http http-request set-header X-Forwarded-Proto https if { ssl_fc } http-request set-header X-Forwarded-Proto http if !{ ssl_fc } http-request set-header X-Forwarded-For %[src] use_backend ssl_redirect if { hdr(host) -i domainwithsslredirect.de } use_backend acmesh if { path_beg /.well-known/acme-challenge/ } default_backend no_match frontend https_in bind *:443 ssl crt /etc/haproxy/ssl/ mode http http-request set-header X-Forwarded-Proto https if { ssl_fc } http-request set-header X-Forwarded-Proto http if !{ ssl_fc } http-request set-header X-Forwarded-For %[src] use_backend domainxyz if { hdr(host) -i domainwithsslredirect.de } default_backend no_match # Default backends backend acmesh mode http server acmesh 127.0.0.1:60001 # Custom backends backend domainxyz mode http http-response set-header X-Robots-Tag noindex server web1 10.10.10.10:80