#---------------------------------------------------------------------
# Example configuration for a possible web application.  See the
# full configuration options online.
#
#   https://www.haproxy.org/download/1.8/doc/configuration.txt
#
#---------------------------------------------------------------------

#---------------------------------------------------------------------
# Global settings
#---------------------------------------------------------------------
global
    # to have these messages end up in /var/log/haproxy.log you will
    # need to:
    #
    # 1) configure syslog to accept network log events.  This is done
    #    by adding the '-r' option to the SYSLOGD_OPTIONS in
    #    /etc/sysconfig/syslog
    #
    # 2) configure local2 events to go to the /var/log/haproxy.log
    #   file. A line like the following can be added to
    #   /etc/sysconfig/syslog
    #
    #    local2.*                       /var/log/haproxy.log
    #
    log         127.0.0.1 local2

    chroot      /var/lib/haproxy
    pidfile     /var/run/haproxy.pid
    maxconn     4000
    user        haproxy
    group       haproxy
    daemon

    # turn on stats unix socket
    stats socket /var/lib/haproxy/stats

    # utilize system-wide crypto-policies
    ssl-default-bind-ciphers PROFILE=SYSTEM
    ssl-default-server-ciphers PROFILE=SYSTEM

#---------------------------------------------------------------------
# common defaults that all the 'listen' and 'backend' sections will
# use if not designated in their block
#---------------------------------------------------------------------
defaults
    mode                    http
    log                     global
#    option                  httplog
    option                  dontlognull
    option http-server-close
#    option forwardfor       except 127.0.0.0/8
    option                  redispatch
    retries                 3
    timeout http-request    10s
    timeout queue           1m
    timeout connect         10s
    timeout client          1m
    timeout server          1m
    timeout http-keep-alive 10s
    timeout check           10s
    maxconn                 3000

#---------------------------------------------------------------------
# main frontend which proxys to the backends
#---------------------------------------------------------------------
frontend api
    bind *:6443
    mode tcp
    default_backend api

frontend machineconfig
    bind *:22623
    mode tcp
    default_backend machineconfig

frontend web
    bind *:80
    mode tcp
    default_backend nodes-web

frontend websecure
    bind *:443
    mode tcp
    default_backend nodes-websecure

backend api
    mode tcp
    option tcp-check
    balance roundrobin
    server bootstrap 10.32.101.3:6443 check
    server master0  10.32.101.4:6443 check

backend machineconfig
    mode tcp
    option ssl-hello-chk
    balance roundrobin
    server bootstrap 10.32.101.3:22623 check
    server master0  10.32.101.4:22623 check

backend nodes-web
    mode tcp
    option httpchk GET /_______internal_router_healthz
    balance roundrobin
    server worker0  10.32.101.5:80 check
    server worker1  10.32.101.6:80 check
    server worker2  10.32.101.7:80 check

backend nodes-websecure
    mode tcp
    option ssl-hello-chk
    balance roundrobin
    server worker0  10.32.101.5:443 check
    server worker1  10.32.101.6:443 check
    server worker2  10.32.101.7:443 check