From 01547d570276a20d8cd31d9772d3fa7e2933d783 Mon Sep 17 00:00:00 2001
From: Nick Leffler <nick@leffler.me>
Date: Sun, 25 Oct 2020 02:22:29 +0000
Subject: [PATCH] trying to swtich backend to http

---
 haproxy.cfg.ssl | 50 +++++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 50 insertions(+)
 create mode 100644 haproxy.cfg.ssl

diff --git a/haproxy.cfg.ssl b/haproxy.cfg.ssl
new file mode 100644
index 0000000..cd5f281
--- /dev/null
+++ b/haproxy.cfg.ssl
@@ -0,0 +1,50 @@
+global
+   log /dev/log local0
+   log /dev/log local1 notice
+   chroot /var/lib/haproxy
+   stats timeout 30s
+   user haproxy
+   group haproxy
+   daemon
+
+defaults
+   log global
+#   mode tcp
+   mode http
+   option httplog
+   option dontlognull
+   timeout connect 5000
+   timeout client 50000
+   timeout server 50000
+   option http-server-close 
+
+#### Main fron end ####
+frontend https_front
+   bind *:443 ssl crt /etc/haproxy/ssl/ alpn h2,http/1.1
+
+   #### Stats Page ####
+   stats uri /haproxy?stats
+   stats auth nick:sBbGmTah67npAPvehEmi5q9NwS5GA
+
+   #### Set correct IP ####
+   acl from_cf    src -f /etc/haproxy/cloudflare_ips.lst
+   acl cf_ip_hdr  req.hdr(CF-Connecting-IP) -m found
+#   http-request set-header X-Forwarded-For %[req.hdr(CF-Connecting-IP)] if from_cf cf_ip_hdr
+   http-request set-header real-ip1 %[req.hdr(CF-Connecting-IP)] if from_cf cf_ip_hdr
+
+   #### WP admin to single server ####
+   acl url_is_wp_admin path_beg /wp-admin /wp-login.php /manage /securein
+   use_backend adminServerHTTPS if url_is_wp_admin
+
+   #### Configure Backends ####
+   default_backend webserversHTTPS
+
+#### Main Backend ####
+backend webserversHTTPS
+   balance roundrobin
+   server web01.nicks.website 10.1.96.4:443 check ssl verify none
+
+#### Admin server ####
+backend adminServerHTTPS
+   balance roundrobin
+   server web01.nicks.website 10.1.96.4:443 check ssl verify none