global log /dev/log local5 chroot /var/lib/haproxy pidfile /var/run/haproxy.pid user haproxy group haproxy daemon # turn on stats unix socket stats socket /var/lib/haproxy/stats user haproxy group haproxy mode 660 level admin node haproxy stats timeout 30s ca-base /etc/ssl/certs/ tune.ssl.default-dh-param 2048 ssl-default-bind-ciphers ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AESGCM:RSA+AES:RSA+3DES:!aNULL:!MD5:!DSS:!RC4 ssl-default-bind-options no-sslv3 no-tlsv10 no-tlsv11 no-tls-tickets defaults mode http log global option httplog option dontlognull option forwardfor except 127.0.0.0/8 header X-Forwarded-For option redispatch option http-server-close option abortonclose retries 3 timeout http-request 10s timeout queue 60s timeout connect 4s timeout client 300s timeout server 300s # timeout http-keep-alive 10s # timeout check 10s maxconn 3000 default-server port 80 maxconn 150 on-error fail-check slowstart 60s inter 30s fastinter 5s downinter 10s weight 100 frontend front option forwardfor maxconn 800 bind 0.0.0.0:80 http-request add-header X-Proto https if { ssl_fc } redirect scheme https if !{ ssl_fc } # default_backend back frontend front_ssl bind 0.0.0.0:443 ssl crt /etc/ssl/domaine.com.pem http-request set-header X-Forwarded-Proto: https default_backend back backend back balance roundrobin server debian 192.168.0.23:80 check observe layer4 weight 100 server debian3 192.168.0.24:80 check observe layer4 weight 100 listen stats bind 0.0.0.0:8080 stats enable stats uri /haproxy stats show-legends stats show-node stats realm Auth\ required stats auth foo:bar stats admin if TRUE