global
    tune.ssl.default-dh-param  2048
    ssl-default-bind-ciphers   …
    ssl-default-bind-options   …
    ssl-default-server-ciphers …
    ssl-default-server-options …
    log                        /dev/log local0 info
    pidfile                    /run/haproxy.pid
    daemon

defaults
    mode tcp
    timeout connect    5s
    timeout client     5m
    timeout server     5m
    timeout tunnel     1h
    timeout client-fin 5s
    timeout server-fin 5s
    log     global
    option  logasap
    option  log-separate-errors
    log-format "%ci:%cp [%t] %ft %b[%bi:%bp]/%s %Tw/%Tc/%Tt %B %ts %ac/%fc/%bc/%sc/%rc %sq/%bq"

frontend tls
    bind            :443 ssl crt /etc/haproxy/tls.pem
    default_backend https

backend https
    server nginx unix@/run/shared_sockets/https.pp send-proxy

frontend tls_plus
    bind            :444 ssl crt /etc/haproxy/tls.pem
    default_backend https_plus

backend https_plus
    server nginx unix@/run/shared_sockets/https+.pp send-proxy