global
  maxconn			300
	log			192.168.0.40	local0	debug
	stats socket /tmp/haproxy.socket level admin
	gid			80
	nbproc			1
	chroot			/var/empty
	daemon

frontend stats
	bind			192.168.0.2:446 ssl  crt /var/etc/stats.446.crt 
	mode			http
	log			global
	option			dontlognull
	maxconn			10
	timeout client		30000
	default_backend		stats_http

frontend mainSSLfrontend-merged
	bind			192.168.1.22:443  
	mode			tcp
	log			global
	option			dontlognull
	maxconn			300
	timeout client		30000
	acl			0_sub1acl	req_ssl_sni -i sub1.pfsense.localdomain
	use_backend		ba_sub1_TCP_https if 0_sub1acl 
	default_backend		noSNI_https
	tcp-request inspect-delay 5s
	tcp-request content accept if { req_ssl_hello_type 1 }


frontend noSNIfrontend-merged
	bind			127.0.0.1:10443 ssl  crt /var/etc/noSNIsub1.10443.crt accept-proxy
	#accept-proxy
	reqadd HAPROXY:\ NO_SNI_FALLBACK
	redirect prefix http://nosnisub1.pfsense.localdomain drop-query if { hdr(host) -i sub1.pfsense.localdomain }
	mode			http
	log			global
	option			dontlognull
	maxconn			300
	timeout client		30000
	acl			0_nosnisub	hdr(host) -i nosnisub1.pfsense.localdomain
	use_backend		ba_sub1_SSL_http if 0_nosnisub 
	acl			1_SNI_ba_sub1_SSL_http	hdr(host) -i sub1.pfsense.localdomain
	use_backend		ba_sub1_SSL_http if 1_SNI_ba_sub1_SSL_http 
	default_backend		nosni_default_http

backend stats_http
	mode			http
	timeout connect		30000
	timeout server		30000
	retries			3
	stats			enable
	stats			uri /
	stats			realm haproxystats
	stats			auth qw:as
	stats			refresh 5s
	option			httpchk OPTIONS / 
	option tcpka

backend noSNI_https
	mode			tcp
	timeout connect		30000
	timeout server		30000
	retries			3
	option			httpchk
	server			noSNIsrv 127.0.0.1:10443 check-ssl    weight 1 send-proxy 

backend ba_sub1_TCP_https
	mode			tcp
	timeout connect		30000
	timeout server		30000
	retries			3
	source 0.0.0.0 usesrc clientip
	option			httpchk OPTIONS / 
	#option transparent
	server			srv40_srv_443 192.168.0.40:443  check inter 10000  weight 1 check-ssl

backend nosni_default_http
	mode			http
	timeout connect		30000
	timeout server		30000
	retries			3
	option			httpchk OPTIONS / 
	server			localSRV 127.0.0.1:443 ssl  check inter 1000  weight 1 

backend ba_sub1_SSL_http
	mode			http
	timeout connect		30000
	timeout server		30000
	retries			3
	source 0.0.0.0 usesrc clientip
	option			httpchk OPTIONS / 
	server			srv40_srv_443 192.168.0.40:443 ssl  check inter 10000  weight 1