global
	log	127.0.0.1 local0
	log	127.0.0.1 local1 notice
	chroot /var/lib/haproxy
	stats socket /run/haproxy/admin.sock mode 660 level admin
	stats timeout 30s
	user haproxy
	group haproxy
	daemon

	# Default SSL material locations
	ca-base /etc/ssl/certs
	crt-base /etc/ssl/private

	# Default ciphers to use on SSL-enabled listening sockets.
	# For more information, see ciphers(1SSL).
	ssl-default-bind-ciphers kEECDH+aRSA+AES:kRSA+AES:+AES256:RC4-SHA:!kEDH:!LOW:!EXP:!MD5:!aNULL:!eNULL

defaults
	log	global
	mode	http
	option	httplog
	option	dontlognull
	timeout connect 5000
	timeout client	50000
	timeout server	50000
	errorfile 400 /etc/haproxy/errors/400.http
	errorfile 403 /etc/haproxy/errors/403.http
	errorfile 408 /etc/haproxy/errors/408.http
	errorfile 500 /etc/haproxy/errors/500.http
	errorfile 502 /etc/haproxy/errors/502.http
	errorfile 503 /etc/haproxy/errors/503.http
	errorfile 504 /etc/haproxy/errors/504.http

frontend	localnodes
	bind		*:80
	mode		http
	default_backend	nodes

backend		nodes
	mode		http
	balance		roundrobin
	option		forwardfor
	http-request	set-header X-Forwarded-Port %[dst_port]
	http-request	add-header X-Forwarded-Proto https if { ssl_fc }
	option		httpchk HEAD / HTTP/1.1\r\nHost:localhost
	#server		worker_01 172.22.244.81:80 check
	{% for host in groups['worker'] %}
	  server  {{ hostvars[host]['ansible_hostname'] }}  {{ hostvars[host]['ansible_default_ipv4'].address }}:80 check
	{% endfor %}

listen stats
	bind *:1936
	stats enable
	stats uri /
	stats hide-version
	stats auth admin:admin