global chroot /var/lib/haproxy stats socket /admin.sock mode 660 level admin stats timeout 30s user haproxy group haproxy daemon ca-base /etc/ssl/certs crt-base /crypt ssl-default-bind-ciphers kEECDH+aRSA+AES:kRSA+AES:+AES256:!RC4:!kEDH:!LOW:!EXP:!MD5:!aNULL:!eNULL ssl-default-bind-options no-sslv3 defaults #log global mode http #option httplog #option dontlognull timeout connect 5000 timeout client 50000 timeout server 50000 frontend http bind *:80 reqadd X-Forwarded-Proto:\ http # add X-Forwarded-For Header to request http-request add-header X-Forwarded-For %[src] redirect scheme https code 301 if !{ ssl_fc } acl letsencrypt-acl path_beg /.well-known/acme-challenge/ use_backend letsencrypt-backend if letsencrypt-acl default_backend www-backend frontend https bind *:443 ssl crt /data/haproxy/cert.pem reqadd X-Forwarded-Proto:\ https # add X-Forwarded-For Header to request http-request add-header X-Forwarded-For %[src] acl letsencrypt-acl path_beg /.well-known/acme-challenge/ use_backend letsencrypt-backend if letsencrypt-acl default_backend www-backend backend www-backend server one target:80 backend letsencrypt-backend server letsencrypt 127.0.0.1:54321