global log 127.0.0.1 local2 maxconn 4000 daemon defaults mode tcp log global retries 3 timeout http-request 10s timeout queue 1m timeout connect 10s timeout client 1m timeout server 1m timeout http-keep-alive 10s timeout check 10s maxconn 3000 listen stats-50000 bind :50000 mode http log global maxconn 10 timeout client 100s timeout server 100s timeout connect 100s stats enable stats hide-version stats refresh 30s stats show-node stats auth admin:password stats uri /haproxy?stats frontend apis-6443 bind :6443 mode tcp tcp-request inspect-delay 5s tcp-request content accept if { req_ssl_hello_type 1 } acl ACL_hub req_ssl_sni -i api.hub.5g-deployment.lab acl ACL_sno1 req_ssl_sni -i api.sno1.5g-deployment.lab acl ACL_sno2 req_ssl_sni -i api.sno2.5g-deployment.lab use_backend be_api_hub_6443 if ACL_hub use_backend be_api_sno1_6443 if ACL_sno1 use_backend be_api_sno2_6443 if ACL_sno2 frontend routers-http-80 bind :80 mode http acl ACL_hub hdr(host) -m reg -i ^[^\.]+\.apps\.hub\.5g-deployment\.lab acl ACL_sno1 hdr(host) -m reg -i ^[^\.]+\.apps\.sno1\.5g-deployment\.lab acl ACL_sno2 hdr(host) -m reg -i ^[^\.]+\.apps\.sno2\.5g-deployment\.lab use_backend be_ingress_hub_80 if ACL_hub use_backend be_ingress_sno1_80 if ACL_sno1 use_backend be_ingress_sno2_80 if ACL_sno2 frontend routers-https-443 bind :443 mode tcp tcp-request inspect-delay 5s tcp-request content accept if { req_ssl_hello_type 1 } acl ACL_hub req_ssl_sni -m reg -i ^[^\.]+\.apps\.hub\.5g-deployment\.lab acl ACL_sno1 req_ssl_sni -m reg -i ^[^\.]+\.apps\.sno1\.5g-deployment\.lab acl ACL_sno2 req_ssl_sni -m reg -i ^[^\.]+\.apps\.sno2\.5g-deployment\.lab use_backend be_ingress_hub_443 if ACL_hub use_backend be_ingress_sno1_443 if ACL_sno1 use_backend be_ingress_sno2_443 if ACL_sno2 backend be_api_hub_6443 mode tcp balance source option ssl-hello-chk server master0 192.168.125.20:6443 check inter 1s server master1 192.168.125.21:6443 check inter 1s server master2 192.168.125.22:6443 check inter 1s backend be_api_sno1_6443 mode tcp balance source option ssl-hello-chk server master0 192.168.125.30:6443 check inter 1s backend be_api_sno2_6443 mode tcp balance source option ssl-hello-chk server master0 192.168.125.40:6443 check inter 1s backend be_ingress_hub_80 mode http balance hdr(Host) hash-type consistent option forwardfor http-send-name-header Host server master0 192.168.125.20:80 check inter 1s server master1 192.168.125.21:80 check inter 1s server master2 192.168.125.22:80 check inter 1s backend be_ingress_hub_443 mode tcp balance source option ssl-hello-chk server master0 192.168.125.20:443 check inter 1s server master1 192.168.125.21:443 check inter 1s server master2 192.168.125.22:443 check inter 1s backend be_ingress_sno1_80 mode http balance hdr(Host) hash-type consistent option forwardfor http-send-name-header Host server master0 192.168.125.30:80 check inter 1s backend be_ingress_sno1_443 mode tcp balance source option ssl-hello-chk server master0 192.168.125.30:443 check inter 1s backend be_ingress_sno2_80 mode http balance hdr(Host) hash-type consistent option forwardfor http-send-name-header Host server master0 192.168.125.40:80 check inter 1s backend be_ingress_sno2_443 mode tcp balance source option ssl-hello-chk server master0 192.168.125.40:443 check inter 1s