global log /dev/log local0 log /dev/log local1 notice chroot /var/lib/haproxy stats timeout 30s user haproxy group haproxy daemon defaults log global # mode tcp mode http option httplog option dontlognull timeout connect 5000 timeout client 50000 timeout server 50000 option http-server-close #### Main fron end #### frontend https_front bind *:443 ssl crt /etc/haproxy/ssl/ alpn h2,http/1.1 #### Stats Page #### stats uri /haproxy?stats stats auth nick:sBbGmTah67npAPvehEmi5q9NwS5GA #### Set correct IP #### acl from_cf src -f /etc/haproxy/cloudflare_ips.lst acl cf_ip_hdr req.hdr(CF-Connecting-IP) -m found # http-request set-header X-Forwarded-For %[req.hdr(CF-Connecting-IP)] if from_cf cf_ip_hdr http-request set-header real-ip1 %[req.hdr(CF-Connecting-IP)] if from_cf cf_ip_hdr #### WP admin to single server #### acl url_is_wp_admin path_beg /wp-admin /wp-login.php /manage /securein use_backend adminServerHTTPS if url_is_wp_admin #### Configure Backends #### default_backend webserversHTTPS #### Main Backend #### backend webserversHTTPS balance roundrobin server web01.nicks.website 10.1.96.4:443 check ssl verify none #### Admin server #### backend adminServerHTTPS balance roundrobin server web01.nicks.website 10.1.96.4:443 check ssl verify none