# This configuration is a simplified example of how to use ssl on front
# and backends with additional certificates loaded from a directory for SNI
# capable clients.
global
maxconn 4096
tune.ssl.default-dh-param 1024
defaults
mode http
timeout connect 5s
timeout client 5s
timeout server 5s
option forwardfor
option http-server-close
frontend myfrontend
bind :80
default_backend mybackend
reqadd X-Forwarded-Proto:\ http
frontend myfrontend-https
# primary cert is /etc/cert/server.pem
# /etc/cert/certdir/ contains additional certificates for SNI clients
bind :443 ssl crt /usr/local/opt/haproxy/server.pem
default_backend mybackend
reqadd X-Forwarded-Proto:\ https
backend mybackend
# a http backend
redirect scheme https code 301 if !{ ssl_fc }
server gitplain 127.0.0.1:8080
# a https backend
#server s4 10.0.0.3:443 ssl verify none
How To Implement SSL Termination With HAProxy on Ubuntu 14.04 | DigitalOcean