phuysmans · March 27, 2018 07:57 · thenightfighter · Oct 12, 2018
diff --git a/gistfile1.txt b/gistfile1.txt
 global
   log 127.0.0.1 local0 debug
   chroot /var/lib/haproxy
   stats socket /var/lib/haproxy/admin.sock level admin
   pidfile /var/lib/haproxy/pid
   stats timeout 30s
   daemon
   tune.ssl.default-dh-param 2048
   ssl-server-verify none
   crt-base /etc/ssl/certs/

 defaults
   log global
   option tcplog
   option http-server-close
   timeout connect 5000
   timeout client 50000
   timeout server 50000

 frontend stats 
   bind *:9999
   mode http
   stats enable
   stats refresh 30s
   stats show-node
   stats auth admin:admin
   stats show-desc Super Awesome Stats Page! YAY!   
   stats uri /haproxy?stats

 frontend http_front
   bind *:80
   default_backend http_back
   mode http
 	# Placeholder with funny page. Do we need to redirect to pt 443?

 frontend https_Main
   bind *:443
   mode tcp
   mode tcp
   tcp-request inspect-delay 5s
   tcp-request content accept if { req_ssl_hello_type 1 }
   use_backend %[req.ssl_sni,lower,map_dom(/etc/haproxy/sni2backend.map,nonSNIhttps_back)]
 	# Check the mapping for sni headers. If SNI info not fount, go to nonSNIhttps_back->nonSNIhttps_front

 frontend nonSNIhttps_front
   bind 127.0.0.1:9443 ssl crt test01.pem crt test02.pem 
   mode http
   option forwardfor
   use_backend %[req.hdr(host),lower,map_dom(/etc/haproxy/domain2backend.map,http_back)]
 	# This is the fallback to look for certs. If the domain is not found in the main FrontEnd, look here

 backend nonSNIhttps_back
   mode tcp
   server nonSNIhttps_front 127.0.0.1:9443 check check-ssl  

 backend http_back
   mode http
   server localhost 127.0.0.1:9998 check

 backend test01
   mode http
   server test01 172.20.0.141:80 check

 backend test02
   mode http
   server test02 172.20.0.142:80 check

 backend dev42
   mode tcp 
   server dev42 172.20.0.42:443 check
	global
	log 127.0.0.1 local0 debug
	chroot /var/lib/haproxy
	stats socket /var/lib/haproxy/admin.sock level admin
	pidfile /var/lib/haproxy/pid
	stats timeout 30s
	daemon
	tune.ssl.default-dh-param 2048
	ssl-server-verify none
	crt-base /etc/ssl/certs/

	defaults
	log global
	option tcplog
	option http-server-close
	timeout connect 5000
	timeout client 50000
	timeout server 50000

	frontend stats
	bind *:9999
	mode http
	stats enable
	stats refresh 30s
	stats show-node
	stats auth admin:admin
	stats show-desc Super Awesome Stats Page! YAY!
	stats uri /haproxy?stats

	frontend http_front
	bind *:80
	default_backend http_back
	mode http
	# Placeholder with funny page. Do we need to redirect to pt 443?

	frontend https_Main
	bind *:443
	mode tcp
	mode tcp
	tcp-request inspect-delay 5s
	tcp-request content accept if { req_ssl_hello_type 1 }
	use_backend %[req.ssl_sni,lower,map_dom(/etc/haproxy/sni2backend.map,nonSNIhttps_back)]
	# Check the mapping for sni headers. If SNI info not fount, go to nonSNIhttps_back->nonSNIhttps_front

	frontend nonSNIhttps_front
	bind 127.0.0.1:9443 ssl crt test01.pem crt test02.pem
	mode http
	option forwardfor
	use_backend %[req.hdr(host),lower,map_dom(/etc/haproxy/domain2backend.map,http_back)]
	# This is the fallback to look for certs. If the domain is not found in the main FrontEnd, look here

	backend nonSNIhttps_back
	mode tcp
	server nonSNIhttps_front 127.0.0.1:9443 check check-ssl

	backend http_back
	mode http
	server localhost 127.0.0.1:9998 check

	backend test01
	mode http
	server test01 172.20.0.141:80 check

	backend test02
	mode http
	server test02 172.20.0.142:80 check

	backend dev42
	mode tcp
	server dev42 172.20.0.42:443 check