global
    log         127.0.0.1 local2

    chroot      /var/lib/haproxy
    pidfile     /var/run/haproxy.pid
    maxconn     4000
    user        haproxy
    group       haproxy
    daemon

    stats socket /var/lib/haproxy/stats

    ssl-default-bind-ciphers PROFILE=SYSTEM
    ssl-default-server-ciphers PROFILE=SYSTEM

defaults
    log                     global
    option                  httplog
    option                  dontlognull
    option                  http-server-close
    option                  redispatch
    retries                 3
    timeout http-request    10s
    timeout queue           1m
    timeout connect         10s
    timeout client          1m
    timeout server          1m
    timeout http-keep-alive 10s
    timeout check           10s
    maxconn                 3000

frontend https
    mode                    tcp
    option                  tcplog
    bind                    192.168.0.100:443

    tcp-request             inspect-delay 3s
    tcp-request             content accept if { req_ssl_hello_type 1 }

    acl                     SRV_ACL req.ssl_sni -i server.domain.com

    use_backend             SRV_HTTPS if SRV_ACL

backend SRV_HTTPS
    mode                    tcp
    balance                 source
    timeout tunnel          600s
    stick-table             type ip  size 1m  expire 15m
    stick                   on src

    server                  SRV01.domain.com 192.168.0.101:1443 check inter 1s fall 1 rise 2
    server                  SRV02.domain.com 192.168.0.102:1443 check inter 1s fall 1 rise 2