Using default globals:
Listen on specific IP on port 443. Apply cert on connection. Create ACLs and use specific backends, with default backend.
frontend www_front mode http bind 192.168.2.99:443 ssl crt /cert/cert.pem redirect scheme https if !{ ssl_fc } option forwardfor except 127.0.0.1 acl ACL_wiki hdr(host) -i wiki.example.local acl ACL_wwwint hdr(host) -i pwd.example.local acl ACL_wwwint hdr(host) -i api.example.local acl ACL_wwwint hdr(host) -i inv.example.local use_backend wiki_back if ACL_wiki use_backend wwwint_back if ACL_wwwint default_backend www_back backend www_back mode http balance roundrobin http-request set-header X-Client-IP %[src] reqadd X-Forwarded-Proto:\ https option forwardfor header X-Forwarded-For server www_1 172.16.0.4:80 check backend wiki_back mode http balance roundrobin http-request set-header X-Client-IP %[src] reqadd X-Forwarded-Proto:\ https option forwardfor header X-Forwarded-For server wiki_1 192.168.0.252:3000 check backend wwwint_back mode http balance roundrobin http-request set-header X-Client-IP %[src] reqadd X-Forwarded-Proto:\ https option forwardfor header X-Forwarded-For server www_1 192.168.0.254:443 check ssl verify none listen stats bind *:88 mode http stats enable stats hide-version stats realm Haproxy\ Statistics stats uri / stats auth Username:Password