wrestlingdev-ansible/roles/proxy/templates/haproxy.cfg.j2

global
        log 127.0.0.1 local0 notice
        user haproxy
        group haproxy
        tune.ssl.default-dh-param 4096

defaults
        log     global
        mode    http
        retries 2
        timeout connect 3000
        timeout server 5000
        timeout client 5000
        stats enable
        stats uri {{ proxy_stats_uri }}
        stats realm Haproxy\ Statistics
        stats auth {{ proxy_stats_user }}:{{ proxy_stats_pass }}

listen mysql-cluster
    bind 0.0.0.0:3306
    mode tcp
    option mysql-check user haproxy_check
    balance roundrobin
    {% for db_server in dbservers %}
    server {{ db_server }} {{ db_server }}:3306 check
    {% endfor %}

frontend www-http
   bind 0.0.0.0:80
   reqadd X-Forwarded-Proto:\ http
   default_backend www-backend

frontend www-https
   bind 0.0.0.0:443 ssl crt /root/server.pem
   reqadd X-Forwarded-Proto:\ https

   acl host_wrestlingdev hdr(host) -i wrestlingdev.com
   use_backend wrestlingdev if host_wrestlingdev

   default_backend www-backend

backend www-backend
   redirect scheme https if !{ ssl_fc }
   errorfile 503 /root/home.html

backend wrestlingdev
   redirect scheme https if !{ ssl_fc }
   balance roundrobin
   {% for web_server in webservers %}
   server {{ web_server }} {{ web_server }}:443 check ssl verify none
   {% endfor %}