## Automatically generated configuration.# Do not edit this file manually.#global uid 80 gid 80 chroot /var/haproxy daemon stats socket /var/run/haproxy.socket group proxy mode 775 level admin nbthread 4 hard-stop-after 60s no strict-limits maxconn 10000 tune.ssl.default-dh-param 4096 spread-checks 2 tune.bufsize 16384 tune.lua.maxmem 0 log /var/run/log local0 info lua-prepend-path /tmp/haproxy/lua/?.luadefaults log global option redispatch -1 timeout client 30s timeout connect 30s timeout server 30s retries 3 default-server init-addr last,libc default-server maxconn 5000# autogenerated entries for ACLs# autogenerated entries for config in backends/frontends# autogenerated entries for stats# Frontend: SNI_frontend (Listening on 0.0.0.0:80, 0.0.0.0:443)frontend SNI_frontend bind 0.0.0.0:80 name 0.0.0.0:80 bind 0.0.0.0:443 name 0.0.0.0:443 mode tcp default_backend SSL_Backend # logging options# Frontend: HTTP_frontend (Listening 127.4.4.3:80)frontend HTTP_frontend bind 127.4.4.3:80 name 127.4.4.3:80 accept-proxy mode http option http-keep-alive option forwardfor # logging options # ACL: NOSSL_Conditons acl acl_65897953ed1946.82005955 ssl_fc # ACTION: HTTPtoHTTPS http-request allow if !acl_65897953ed1946.82005955# Frontend: HTTPS_frontend (Listening on 127.4.4.3:443)frontend HTTPS_frontend http-response set-header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload" bind 127.4.4.3:443 name 127.4.4.3:443 accept-proxy ssl curves secp384r1 no-sslv3 no-tlsv10 no-tlsv11 no-tls-tickets ciphers ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256 ciphersuites TLS_AES_128_GCM_SHA256:TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256 alpn h2,http/1.1 crt-list /tmp/haproxy/ssl/65898324076999.90389690.certlist mode http option http-keep-alive option forwardfor # logging options# Backend (DISABLED): acme_challenge_backend (Added by ACME Client plugin)# Backend: SSL_Backend (SSL_Backend)backend SSL_Backend # health checking is DISABLED mode tcp balance source # stickiness stick-table type ip size 50k expire 30m stick on src server SSL_server 127.4.4.3 send-proxy-v2 check-send-proxy# Backend: Backend_Public ()backend Backend_Public # health checking is DISABLED mode http balance source # stickiness stick-table type ip size 50k expire 30m stick on src http-reuse safe server nx.muster.com 192.168.178.228:80 ssl alpn h2,http/1.1 verify none server bw.muster.com 192.168.178.231:80 ssl alpn h2,http/1.1 verify none# statistics are DISABLED