Haproxy basics

Using default globals:

Listen on specific IP on port 443. Apply cert on connection. Create ACLs and use specific backends, with default backend.

frontend www_front
        mode http
        bind 192.168.2.99:443 ssl crt /cert/cert.pem
        redirect scheme https if !{ ssl_fc }
        option forwardfor except 127.0.0.1
        acl ACL_wiki hdr(host) -i wiki.example.local
        acl ACL_wwwint hdr(host) -i pwd.example.local
        acl ACL_wwwint hdr(host) -i api.example.local
        acl ACL_wwwint hdr(host) -i inv.example.local
        use_backend wiki_back if ACL_wiki
        use_backend wwwint_back if ACL_wwwint
        default_backend www_back

backend www_back
        mode http
        balance roundrobin
        http-request set-header X-Client-IP %[src]
        reqadd X-Forwarded-Proto:\ https
        option forwardfor header X-Forwarded-For
        server www_1 172.16.0.4:80 check

backend wiki_back
        mode http
        balance roundrobin
        http-request set-header X-Client-IP %[src]
        reqadd X-Forwarded-Proto:\ https
        option forwardfor header X-Forwarded-For
        server wiki_1 192.168.0.252:3000 check

backend wwwint_back
        mode http
        balance roundrobin
        http-request set-header X-Client-IP %[src]
        reqadd X-Forwarded-Proto:\ https
        option forwardfor header X-Forwarded-For
        server www_1 192.168.0.254:443 check ssl verify none


listen stats
        bind *:88
        mode http
        stats enable
        stats hide-version
        stats realm Haproxy\ Statistics
        stats uri /
        stats auth Username:Password