global chroot /var/lib/haproxy stats socket /admin.sock mode 660 level admin stats timeout 30s user haproxy group haproxy daemon ca-base /etc/ssl/certs crt-base /crypt ssl-default-bind-ciphers kEECDH+aRSA+AES:kRSA+AES:+AES256:RC4-SHA:!kEDH:!LOW:!EXP:!MD5:!aNULL:!eNULL ssl-default-bind-options no-sslv3 defaults #log global mode http #option httplog #option dontlognull timeout connect 5000 timeout client 50000 timeout server 50000 frontend http bind *:80 # add X-Forwarded-For Header to request http-request add-header X-Forwarded-For %[src] reqadd X-Forwarded-Proto:\ http acl letsencrypt-acl path_beg /.well-known/acme-challenge/ use_backend letsencrypt-backend if letsencrypt-acl default_backend www-backend backend www-backend server one target:80 backend letsencrypt-backend server letsencrypt 127.0.0.1:54321