global stats socket /var/lib/haproxy/stats stats socket *:1999 level a

1. global
2. stats socket /var/lib/haproxy/stats
3. stats socket *:1999 level admin
4. stats socket /var/run/haproxy.sock mode 600 level admin
5. server-state-file /etc/haproxy/haproxy.state
6. # tune.h2.initial-window-size 16777216
7. # lower your record size to improve Time to First Byte (TTFB)
8. log /dev/log local0
9. # set inactivity timeout to reset record size (in ms)
10. tune.idletimer 1000
11.  
12. ssl-default-bind-ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384
13. ssl-default-bind-ciphersuites TLS_AES_128_GCM_SHA256:TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256
14. ssl-default-bind-options ssl-min-ver TLSv1.2 no-tls-tickets
15.  
16. tune.ssl.default-dh-param 2048
17. tune.ssl.cachesize 100000
18. tune.ssl.lifetime 600
19. tune.ssl.maxrecord 1460
20. tune.h2.initial-window-size 1048576
21. maxconn 4000
22.  
23.  
24. defaults
25. load-server-state-from-file global
26. mode http
27. timeout connect 5s
28. timeout client 50s
29. timeout server 50s
30. option httplog
31. default-server init-addr last,libc,none
32.  
33. frontend http
34. bind *:80
35. bind *:443 ssl crt /etc/haproxy/certs/
36. http-request add-header X-Forwarded-Proto https
37. http-request add-header X-Forwarded-Port 443
38. http-response add-header Strict-Transport-Security max-age=15768000
39. ### Block PlexRipper ###
40. # http-request capture req.hdrs len 512
41. # log-format "%ci:%cp [%tr] %ft [[%hr]] %hs %{+Q}r"
42. # log global
43. option httplog
44. option forwardfor
45. use_backend %[req.hdr(host),map_dom(/etc/haproxy/maps/cdn.map)]
46.  
47. listen stats
48. bind *:8404
49. mode http
50. stats enable
51. stats uri /stats
52. stats realm HAProxy-04\ Statistics
53. stats auth
54. stats admin if TRUE
55. http-request use-service prometheus-exporter if { path /metrics }
56.  
57. listen healthcheck
58. bind *:6969
59. mode http
60. option httpchk GET /healthcheck
61. http-request return status 200 content-type "text/plain" lf-string "OK"
62.  
63. backend speedtest
64. server speedtest 172.17.0.2:80
65.  
66. backend service.domain.xyz
67. server plex-cloud.the-preserve.xyz 11.111.11.1111:45362 check
68.  
69. backend service2.domain.xyz
70. http-request set-header host service2.domain.xyz
71. server service2.domain.xyz service2.domain.xyz:443 check port 443 ssl verify none sni str(service2.domain.xyz)
72.  
73. backend service3.domain.xyz
74. http-request set-header host service3.domain.xyz
75. server service3.domain.xyz service3.domain.xyz:443 check port 443 ssl verify none sni str(service3.domain.xyz.xyz)