haproxy.cfg

global
  maxconn  4096
  daemon

defaults
  mode  http

frontend insecure
  # HTTP
  bind :80

  timeout client 5000

  # acl
  acl is_admin hdr_end(host) -i admin.myapp.com
  acl is_client hdr_end(host) -i www.myapp.com
  acl is_websocket hdr(Upgrade) -i WebSocket
  acl is_websocket hdr_beg(Host) -i ws

  # Redirect all HTTP traffic to HTTPS
  redirect location https://admin.myapp.com if is_admin

  default_backend varnish
  use_backend myapp_admin if is_admin is_websocket
  use_backend myapp_client if is_client is_websocket

frontend secure
  # HTTPS
  bind :443 ssl crt /etc/ssl/admin.myapp.com.pem

  timeout client 5000

  # acl
  acl is_admin hdr_end(host) -i admin.myapp.com
  acl is_client hdr_end(host) -i www.myapp.com
  acl is_websocket hdr(Upgrade) -i WebSocket
  acl is_websocket hdr_beg(Host) -i ws
  acl is_websocket hdr_beg(Host) -i wss

  default_backend varnish
  use_backend myapp_admin if is_admin is_websocket
  use_backend myapp_client if is_client is_websocket

backend varnish
  balance leastconn
  option forwardfor
  timeout server 5000
  timeout connect 4000
  server varnish1 127.0.0.1:6081

backend myapp_client
  balance leastconn
  option forwardfor
  timeout queue 5000
  timeout server 5000
  timeout connect 5000
  server client_node1 127.0.0.1:3000

backend myapp_admin
  balance leastconn
  option forwardfor
  timeout queue 5000
  timeout server 5000
  timeout connect 5000
  timeout tunnel 86400000
  server admin_node1 127.0.0.1:3001