global
   log /dev/log local0
   log /dev/log local1 notice
   chroot /var/lib/haproxy
   stats timeout 30s
   user haproxy
   group haproxy
   daemon

defaults
   log global
#   mode tcp
   mode http
   option httplog
   option dontlognull
   timeout connect 5000
   timeout client 50000
   timeout server 50000
   option http-server-close 

#### Main fron end ####
frontend https_front
   bind *:443 ssl crt /etc/haproxy/ssl/ alpn h2,http/1.1

   #### Stats Page ####
   stats uri /haproxy?stats
   stats auth nick:sBbGmTah67npAPvehEmi5q9NwS5GA

   #### Set correct IP ####
   acl from_cf    src -f /etc/haproxy/cloudflare_ips.lst
   acl cf_ip_hdr  req.hdr(CF-Connecting-IP) -m found
#   http-request set-header X-Forwarded-For %[req.hdr(CF-Connecting-IP)] if from_cf cf_ip_hdr
   http-request set-header real-ip1 %[req.hdr(CF-Connecting-IP)] if from_cf cf_ip_hdr

   #### WP admin to single server ####
   acl url_is_wp_admin path_beg /wp-admin /wp-login.php /manage /securein
   use_backend adminServerHTTPS if url_is_wp_admin

   #### Configure Backends ####
   default_backend webserversHTTPS

#### Main Backend ####
backend webserversHTTPS
   balance roundrobin
   server web01.nicks.website 10.1.96.4:443 check ssl verify none

#### Admin server ####
backend adminServerHTTPS
   balance roundrobin
   server web01.nicks.website 10.1.96.4:443 check ssl verify none