global
        chroot /var/lib/haproxy
        stats socket /admin.sock mode 660 level admin
        stats timeout 30s
        user haproxy
        group haproxy
        daemon

        ca-base /etc/ssl/certs
        crt-base /crypt

        ssl-default-bind-ciphers kEECDH+aRSA+AES:kRSA+AES:+AES256:RC4-SHA:!kEDH:!LOW:!EXP:!MD5:!aNULL:!eNULL
        ssl-default-bind-options no-sslv3

defaults
        #log     global
        mode    http
        #option  httplog
        #option  dontlognull
        timeout connect 5000
        timeout client  50000
        timeout server  50000

frontend http
        bind *:80
        reqadd X-Forwarded-Proto:\ http
        acl letsencrypt-acl path_beg /.well-known/acme-challenge/
        use_backend letsencrypt-backend if letsencrypt-acl
        default_backend www-backend

frontend https
        bind *:443 ssl crt /data/haproxy/cert.pem
        reqadd X-Forwarded-Proto:\ https
        acl letsencrypt-acl path_beg /.well-known/acme-challenge/
        use_backend letsencrypt-backend if letsencrypt-acl
        default_backend www-backend

backend www-backend
        server one target:80

backend letsencrypt-backend
   server letsencrypt 127.0.0.1:54321