Untitled

global
    daemon
    #log /dev/log   local0
    #log /dev/log   local1 notice
    log /dev/log   syslog debug
    pidfile /var/run/haproxy.pid
    nbproc  2 #no of processes
    maxconn 128000
    user haproxy
    group haproxy
defaults
    log    global
    option log-health-checks
    # make sure log-format is on a single line
    log-format {"type":"haproxy","timestamp":%Ts,"http_status":%ST,"http_request":"%r","remote_addr":"%ci","bytes_read":%B,"upstream_addr":"%si","backend_name":"%b","retries":%rc,"bytes_uploaded":%U,"upstream_response_time":"%Tr","upstream_connect_time":"%Tc","session_duration":"%Tt","termination_state":"%ts"}
    mode   http
    option httplog
    option dontlognull
    option http-keep-alive
    option http-tunnel
    timeout connect 5000
    timeout client 50000
    timeout server 50000
    errorfile 400 /etc/haproxy/errors/400.http
    errorfile 403 /etc/haproxy/errors/403.http
    errorfile 408 /etc/haproxy/errors/408.http
    errorfile 500 /etc/haproxy/errors/500.http
    errorfile 502 /etc/haproxy/errors/502.http
    errorfile 503 /etc/haproxy/errors/503.http
    errorfile 504 /etc/haproxy/errors/504.http
        # the 1.1.1.1 ip address in the acl's below is a BODGE
        # it's there to make the GO template script easier
        # and will be removed when things are stabilised
        # :)
frontend http-in
    bind *:8080
        acl permitted_ip src   10.0.0.1   10.0.0.2   81.157.241.158    80.4.177.237   81.150.38.177
        tcp-request inspect-delay 5s
        tcp-request connection reject if !permitted_ip
# this should really be multiple acl statetments. large counts may overflow line buffer
        acl amazon_GB_users src 1.1.1.1   10.0.2.3   10.0.0.1
# this should really be multiple acl statetments. large counts may overflow line buffer
        acl hulu_GB_users src 1.1.1.1
# this should really be multiple acl statetments. large counts may overflow line buffer
        acl netflix_GB_users src 1.1.1.1
# this should really be multiple acl statetments. large counts may overflow line buffer
        acl wtf_GB_users src 1.1.1.1   81.150.38.177    80.4.177.237
        use_backend GB_server_80 if { req.hdr(host) -i amazon.com AND amazon_GB_users }
        use_backend GB_server_80 if { req.hdr(host) -i amazon.com AND hulu_GB_users }
        use_backend GB_server_80 if { req.hdr(host) -i hulu.com AND netflix_GB_users }
        use_backend GB_server_80 if { req.hdr(host) -i www.wtfismyip.com AND wtf_GB_users }
# this should really be multiple acl statetments. large counts may overflow line buffer
        acl amazon_US_users src 1.1.1.1   10.0.2.1   10.0.2.2
# this should really be multiple acl statetments. large counts may overflow line buffer
        acl hulu_US_users src 1.1.1.1   10.0.2.1   10.0.2.2
# this should really be multiple acl statetments. large counts may overflow line buffer
        acl netflix_US_users src 1.1.1.1   10.0.0.1   10.0.0.2
# this should really be multiple acl statetments. large counts may overflow line buffer
        acl wtf_US_users src 1.1.1.1   81.157.241.158
        use_backend US_server_80 if { req.hdr(host) -i amazon.com AND amazon_US_users }
        use_backend US_server_80 if { req.hdr(host) -i amazon.com AND hulu_US_users }
        use_backend US_server_80 if { req.hdr(host) -i hulu.com AND netflix_US_users }
        use_backend US_server_80 if { req.hdr(host) -i www.wtfismyip.com AND wtf_US_users }
backend GB_server_80
        server GB_server_80_0 46.101.6.173:8080 check
backend US_server_80
        server US_server_80_0 107.170.60.217:8080 check
frontend https-in
    bind *:8443
        mode tcp
        option tcplog
    log global
        acl permitted_ip src   10.0.0.1   10.0.0.2   81.157.241.158    80.4.177.237   81.150.38.177
        tcp-request inspect-delay 5s
        tcp-request connection reject if !permitted_ip
        tcp-request content accept if { req_ssl_hello_type 1 }
        acl amazon_GB_users src 1.1.1.1   10.0.2.3   10.0.0.1
        acl hulu_GB_users src 1.1.1.1
        acl netflix_GB_users src 1.1.1.1
        acl wtf_GB_users src 1.1.1.1   81.150.38.177    80.4.177.237
        use_backend GB_server_443 if { req_ssl_sni -i amazon.com AND amazon_GB_users }
        use_backend GB_server_443 if { req_ssl_sni -i amazon.com AND hulu_GB_users }
        use_backend GB_server_443 if { req_ssl_sni -i hulu.com AND netflix_GB_users }
        use_backend GB_server_443 if { req_ssl_sni -i www.wtfismyip.com AND wtf_GB_users }
        acl amazon_US_users src 1.1.1.1   10.0.2.1   10.0.2.2
        acl hulu_US_users src 1.1.1.1   10.0.2.1   10.0.2.2
        acl netflix_US_users src 1.1.1.1   10.0.0.1   10.0.0.2
        acl wtf_US_users src 1.1.1.1   81.157.241.158
        use_backend US_server_443 if { req_ssl_sni -i amazon.com AND amazon_US_users }
        use_backend US_server_443 if { req_ssl_sni -i amazon.com AND hulu_US_users }
        use_backend US_server_443 if { req_ssl_sni -i hulu.com AND netflix_US_users }
        use_backend US_server_443 if { req_ssl_sni -i www.wtfismyip.com AND wtf_US_users }
backend GB_server_443
    log global
    mode tcp
        server GB_server_443_0 46.101.6.173:8443 check
backend US_server_443
    log global
    mode tcp
        server US_server_443_0 107.170.60.217:8443 check
listen MyStats
    mode http
    bind 0.0.0.0:1000
    stats enable
    stats uri /
    stats refresh 5s
    stats show-node
    stats show-legends
    # if authentication is wanted
    acl auth_ok http_auth(stats-auth)
    http-request auth unless auth_ok
userlist stats-auth
    user admin insecure-password p4ss
root@16049e6556cb:/etc/haproxy#