---
- hosts: localhost
  connection: local
  vars:
    haproxy_ssl_certificates:
      www-example-com: |
        -----BEGIN CERTIFICATE-----
        test
    haproxy_frontends:
      main:
        bind:
          ip: '*'
          port: 5000
        acl:
          - url_static path_beg -i /static /images /javascript /stylesheets
          - url_static path_end -i .jpg .gif .png .css .js
      frontend-test-https:
        bind:
          ip: 127.0.0.1
          port: 80
        mode: http
        default_backend: backend-test-https
        option:
          - 'forwardfor except 127.0.0.0/8'
          - 'httplog'
          - 'http-server-close'
        acl:
          - acl_test1-https hdr(host) test1.example.net
          - acl_test2-https hdr(host) test2.example.net
        use_backend:
          - backend-test-https if acl_test1-https
          - backend-test-https if acl_test2-https
    haproxy_backends:
      backend-test-https:
        mode: http
        balance: roundrobin
        stick-table: type ip size 512k expire 30m
        stick: on src
        option:
          - 'ssl-hello-chk'
          - 'tcp-check'
          - 'log-health-checks'
          - 'forwardfor header X-Forwarded-For'
        server:
          - host1 127.0.0.1:443 ssl verify none check maxconn 1000 inter 15s
          - host2 127.0.0.1:443 ssl verify none check maxconn 1000 inter 15s

  roles:
    - ansible-role-haproxy