global
log 127.0.0.1 local2
chroot /var/lib/haproxy
pidfile /var/run/haproxy.pid
maxconn 4000
user haproxy
group haproxy
daemon
# turn on stats unix socket
stats socket /var/lib/haproxy/stats
stats socket *:3126
defaults
mode http
log global
option dontlognull
retries 3
timeout http-request 10s
timeout queue 1m
timeout connect 10s
timeout client 1m
timeout server 1m
timeout http-keep-alive 10s
timeout check 10s
maxconn 30000
resolvers dns
nameserver svr1 172.16.162.194:53
listen status
bind *:3127
mode http
stats enable
stats hide-version
stats uri /
stats realm HAProxy\ Statistics
stats auth statsadmin:password
listen http_health
bind *:3129
mode health
listen http_tun
bind *:3128
mode http
option http-tunnel
default_backend http_tun_backend
backend http_tun_backend
mode http
acl acl_baidu req.hdr(host) -i www.baidu.com
use-server svr_baidu if acl_baidu
server svr_baidu www.baidu.com:80 resolvers dns
listen http_proxy
bind *:80
mode http
default_backend http_backend
backend http_backend
mode http
acl acl_baidu req.hdr(host) -i www.baidu.com
acl acl_beebank req.hdr(host) -i www.beebank.com
use-server svr_baidu if acl_baidu
use-server svr_beebank if acl_beebank
server svr_baidu www.baidu.com:80 resolvers dns
server svr_beebank www.beebank.com:80 resolvers dns
listen ssl_proxy
bind 127.0.0.1:443
mode tcp
default_backend ssl_backend
backend ssl_backend
tcp-request inspect-delay 5s
tcp-request content accept if { req_ssl_hello_type 1 }
acl acl_baidu req_ssl_sni -i www.baidu.com
acl acl_beebank req_ssl_sni -i www.beebank.com
use-server svr_baidu if acl_baidu
use-server svr_beebank if acl_beebank
server svr_baidu www.baidu.com:443 resolvers dns
server svr_beebank www.beebank.com:443 resolvers dns