HAPROXY 101
===

+ Stop sending requests to node to enable maintenance on it
`echo "set server backend_name/svc_name state drain" | socat stdio /var/run/haproxy/admin.sock`

+ Start sending requests to node to disable maintenance on it
`echo "set server backend_name/svc_name state ready" | socat stdio /var/run/haproxy/admin.sock`

+ Show statistics
`echo "show stat" | socat stdio /var/run/haproxy/admin.sock | cut -d "," -f 1-2,5-10,34-36 | column -s, -t`

+ [TCP] Wildcard domain match based redirection
```
acl api_urls req.ssl_sni -m end .test.local
use_backend backend_api if api_urls
```

+ [TCP] IP address based redirection
```
acl acl_frontend_green src xxx.xxx.xxx.xxx/xx #blue_green_deployment
use_backend backend_green if acl_frontend_green
```

+ [HTTP] SSL Redirection
```
redirect scheme https code 301 if !{ ssl_fc }
```

+ [HTTP] Letsencrypt path based redirection
```
acl letsencrypt-acl path_beg /.well-known/acme-challenge/
use_backend letsencrypt_backend if letsencrypt-acl
```

+ [HTTP] Backend servers count based redirection
```
# frontend
acl backend_ko nbsrv(backend_prod) lt 1
use_backend backend_failed if backend_ko
default_backend backend_prod

# backend_failed
backend backend_failed
acl failed_path hdr_beg(host) -i sub.domain.local
http-request redirect code 307 location https://another.domain.local if !failed_path
http-request redirect code 307 location https://new.domain.local if failed_path

# backend_prod
backend backend_prod
fullconn 20000
balance roundrobin
cookie SERVERUSED insert indirect nocache
default-server check maxconn 500
mode http
log global
server server1 xxx.xxx.xxx.xxx:443 ssl check verify none cookie server1 check maxconn 20000 send-proxy 
server server2 xxx.xxx.xxx.xxx:443 ssl check verify none cookie server2 check maxconn 20000 send-proxy 
```