#---------------------------------------------------------------------
# Global settings
#---------------------------------------------------------------------
global
    #log         127.0.0.1 local2 debug     #Log configuration
    log         127.0.0.1 local2
    pidfile     /var/run/haproxy.pid
    maxconn     4000
    nbproc          2
    cpu-map         1 0
    cpu-map         2 1
    user        haproxy             #Haproxy running under user and group "haproxy"
    group       haproxy
    daemon
    # turn on stats unix socket
    stats socket /var/lib/haproxy/stats
#---------------------------------------------------------------------
# common defaults that all the 'listen' and 'backend' sections will
# use if not designated in their block
#---------------------------------------------------------------------
defaults
    mode                    http
    log         127.0.0.1 local2
    log                     global
    option                  httplog
    option                  dontlognull
    option http-server-close
    option http-buffer-request
    option forwardfor
    option http-server-close
    option                  redispatch
    retries                 3
    timeout http-request    10s
    timeout queue           1m
    timeout connect         10s
    timeout client          1m
    timeout server          1m
    timeout http-keep-alive 10s
    timeout check           10s
#---------------------------------------------------------------------
#AProxy Monitoring Config
#---------------------------------------------------------------------
listen stats
    bind 0.0.0.0:8443 ssl crt /etc/ssl/domain.cloud/domain.cloud.pem
    stats enable
    stats uri /
    stats hide-version
    stats admin if TRUE
    stats refresh 30s
frontend HTTPFrontend
    bind 0.0.0.0:80
    mode tcp
    redirect scheme https if !{ ssl_fc }
    redirect scheme https code 301
frontend SSLFrontend
    bind 0.0.0.0:443 ssl crt /etc/ssl/domain.cloud/domain.cloud.pem
    log         127.0.0.1 local2
    mode tcp
    #mode http
    option clitcpka
#    option tcplog
    option socket-stats
    log global
    option httplog
    # option nolinger
    maxconn  300
    #tcp-request inspect-delay 5s
    tcp-request content accept if { req_ssl_hello_type 1 }
    use_backend Unifi if { ssl_fc_sni -i unifi.handsoff.cloud }
#---------------------------------------------------------------------
# Unifi Configuration
#---------------------------------------------------------------------
backend Unifi
   redirect scheme https if !{ ssl_fc }
   server unifi.domain.cloud 10.50.3.6:8443 ssl verify none check