HTTPS-HaProxy

global
maxconn 2048
ssl-default-bind-options ssl-min-ver TLSv1.2
ssl-default-bind-ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AE>
tune.ssl.default-dh-param 2048
user haproxy
group haproxy
daemon
log /dev/log    local0
log /dev/log    local1 notice
chroot /var/lib/haproxy
ssl-server-verify none


defaults
log     global
mode http
option  httplog
option  dontlognull
option forwardfor
maxconn 2000
timeout connect 5000
timeout client 50000
timeout server 50000
errorfile 400 /etc/haproxy/errors/400.http
errorfile 403 /etc/haproxy/errors/403.http
errorfile 408 /etc/haproxy/errors/408.http
errorfile 500 /etc/haproxy/errors/500.http
errorfile 502 /etc/haproxy/errors/502.http
errorfile 503 /etc/haproxy/errors/503.http
errorfile 504 /etc/haproxy/errors/504.http


frontend http_fe
bind *:80
bind *:443 ssl crt /etc/letsencrypt/live/monsite/monsite.fr.pem
http-request redirect scheme https unless { ssl_fc }
http-response set-header Content-Security-Policy upgrade-insecure-requests
acl acl_a hdr(host) a.monsite.fr
acl acl_b hdr(host) b.monsite.fr
use_backend backend_a if acl_a
use_backend backend_b if acl_b


backend backend_a
cookie cookie_monsite.fr insert nocache
server a.monsite.fr 10.10.10.1:80 check cookie stcookie01 


backend backend_b
cookie cookie_monsite.fr insert nocache
server b.monsite.fr 10.10.10.2:80 check cookie stcookie02 

Lorsque vous effectuez une demande de certificat via certbot, vous pouvez déclarer plusieurs sous domaines pour le même certificat.

Une fois que votre certificat est généré il faudra fusionner le cert et la clé

root@CT-HAPROXY:~# cd /etc/letsencrypt/live/monsite/
root@CT-HAPROXY:/etc/letsencrypt/live/monsite/# cat fullchain.pem privkey.pem > monsite.fr.pem