global
        log 127.0.0.1 local0 notice
        user haproxy
        group haproxy
        tune.ssl.default-dh-param 4096

defaults
        log     global
        mode    http
        retries 2
        timeout connect 3000
        timeout server 5000
        timeout client 5000
        stats enable
        stats uri {{ proxy_stats_uri }}
        stats realm Haproxy\ Statistics
        stats auth {{ proxy_stats_user }}:{{ proxy_stats_pass }}

listen mysql-cluster
    bind 0.0.0.0:3306
    mode tcp
    option mysql-check user haproxy_check
    balance roundrobin
    {% for db_server in groups['db'] %}
    server {{ hostvars[db_server]['ansible_eth1']['ipv4']['address'] }} {{ hostvars[db_server]['ansible_eth1']['ipv4']['address'] }}:3306 check
    {% endfor %}

frontend www-http
   bind 0.0.0.0:80
   reqadd X-Forwarded-Proto:\ http
   default_backend wrestlingdev

frontend www-https
   bind 0.0.0.0:443 ssl crt /root/server.pem
   reqadd X-Forwarded-Proto:\ https
   default_backend wrestlingdev

backend wrestlingdev
   redirect scheme https if !{ ssl_fc }
   balance roundrobin
   option redispatch
   option httpclose
   cookie SERVERID insert indirect nocache
   {% for web_server in groups['web'] %}
   server {{ hostvars[web_server]['ansible_eth1']['ipv4']['address'] }} {{ hostvars[web_server]['ansible_eth1']['ipv4']['address'] }}:443 check cookie A ssl verify none
   {% endfor %}