global
  maxconn 4096
  tune.ssl.default-dh-param 2048

defaults
  mode http
  timeout connect 5000ms
  timeout client 50000ms
  timeout server 50000ms
  option forwardfor
  option http-server-close
  stats enable
  stats uri /stats
  stats realm Haproxy\ Statistics
  stats auth username:password

frontend www-http
  bind *:80
  reqadd X-Forwarded-Proto:\ http
  default_backend www-backend

frontend www-https
  bind *:443 ssl crt /usr/local/etc/haproxy/server.pem
  reqadd X-Forwarded-Proto:\ https
  default_backend www-backend

backend www-backend
  redirect scheme https if !{ ssl_fc }
  balance roundrobin
  server www1 www1:443 check ssl verify none
  server www2 www2:443 check ssl verify none