global
    log         127.0.0.1 local2

    chroot      /var/lib/haproxy
    pidfile     /var/run/haproxy.pid
    maxconn     4000
    user        haproxy
    group       haproxy
    daemon

    # turn on stats unix socket
    stats socket /var/lib/haproxy/stats

    # utilize system-wide crypto-policies
    ssl-default-bind-ciphers PROFILE=SYSTEM
    ssl-default-server-ciphers PROFILE=SYSTEM

defaults
    option tcplog
    mode                    tcp
    log                     global
    option http-server-close
    timeout connect         10s
    timeout client          1m
    timeout server          1m

# HTTPS
frontend https
    bind :443

    acl dst_fastlight    dst            10.0.0.104
    acl dst_norrsken     dst            10.0.0.143

    use_backend https_fastlight if dst_fastlight
    use_backend https_norrsken if dst_norrsken

backend https_fastlight
    balance     roundrobin
    server      fastlight      10.0.100.10:443      send-proxy

backend https_norrsken
    balance     roundrobin
    server      norrsken       10.0.100.20:4430     send-proxy

# HTTP
frontend http
    bind :80

    acl dst_fastlight    dst            10.0.0.104
    acl dst_norrsken     dst            10.0.0.143

    use_backend http_fastlight if dst_fastlight
    use_backend http_norrsken if dst_norrsken
	
backend http_fastlight
    balance     roundrobin
    server      fastlight      10.0.100.10:80      send-proxy

backend http_norrsken
    balance     roundrobin
    server      norrsken       10.0.100.20:8000     send-proxy