NAT-rules-fixed-IPv4-provider/haproxy.cfg

global
    log         127.0.0.1 local2

    chroot      /var/lib/haproxy
    pidfile     /var/run/haproxy.pid
    maxconn     4000
    user        haproxy
    group       haproxy
    daemon

    # turn on stats unix socket
    stats socket /var/lib/haproxy/stats

    # utilize system-wide crypto-policies
    ssl-default-bind-ciphers PROFILE=SYSTEM
    ssl-default-server-ciphers PROFILE=SYSTEM

defaults
    option tcplog
    mode                    tcp
    log                     global
    option http-server-close
    timeout connect         10s
    timeout client          1m
    timeout server          1m

# HTTPS
frontend https
    bind :443

    acl dst_fastlight    dst            10.0.0.104
    acl dst_norrsken     dst            10.0.0.143

    use_backend https_fastlight if dst_fastlight
    use_backend https_norrsken if dst_norrsken

backend https_fastlight
    balance     roundrobin
    server      fastlight      10.0.100.10:443      send-proxy

backend https_norrsken
    balance     roundrobin
    server      norrsken       10.0.100.20:4430     send-proxy

# HTTP
frontend http
    bind :80

    acl dst_fastlight    dst            10.0.0.104
    acl dst_norrsken     dst            10.0.0.143

    use_backend http_fastlight if dst_fastlight
    use_backend http_norrsken if dst_norrsken
	
backend http_fastlight
    balance     roundrobin
    server      fastlight      10.0.100.10:80      send-proxy

backend http_norrsken
    balance     roundrobin
    server      norrsken       10.0.100.20:8000     send-proxy
HAProxy for HTTP and HTTPS (except HTTPS UDP) 2024-08-07 16:25:14 +02:00			`global`
			`log 127.0.0.1 local2`

			`chroot /var/lib/haproxy`
			`pidfile /var/run/haproxy.pid`
			`maxconn 4000`
			`user haproxy`
			`group haproxy`
			`daemon`

			`# turn on stats unix socket`
			`stats socket /var/lib/haproxy/stats`

			`# utilize system-wide crypto-policies`
			`ssl-default-bind-ciphers PROFILE=SYSTEM`
			`ssl-default-server-ciphers PROFILE=SYSTEM`

			`defaults`
			`option tcplog`
			`mode tcp`
			`log global`
			`option http-server-close`
			`timeout connect 10s`
			`timeout client 1m`
			`timeout server 1m`

			`# HTTPS`
			`frontend https`
			`bind :443`

			`acl dst_fastlight dst 10.0.0.104`
			`acl dst_norrsken dst 10.0.0.143`

			`use_backend https_fastlight if dst_fastlight`
			`use_backend https_norrsken if dst_norrsken`

			`backend https_fastlight`
			`balance roundrobin`
			`server fastlight 10.0.100.10:443 send-proxy`

			`backend https_norrsken`
			`balance roundrobin`
			`server norrsken 10.0.100.20:4430 send-proxy`

			`# HTTP`
			`frontend http`
			`bind :80`

			`acl dst_fastlight dst 10.0.0.104`
			`acl dst_norrsken dst 10.0.0.143`

			`use_backend http_fastlight if dst_fastlight`
			`use_backend http_norrsken if dst_norrsken`

			`backend http_fastlight`
			`balance roundrobin`
			`server fastlight 10.0.100.10:80 send-proxy`

			`backend http_norrsken`
			`balance roundrobin`
			`server norrsken 10.0.100.20:8000 send-proxy`