global
        log /dev/log    local0
        log /dev/log    local1 notice
        chroot /var/lib/haproxy
        stats socket /run/haproxy/admin.sock mode 660 level admin expose-fd listeners
        stats timeout 30s
        user haproxy
        group haproxy
        daemon

        # Default SSL material locations
        ca-base /etc/ssl/certs
        crt-base /etc/ssl/private

defaults
        log     global
        mode    http
        option  httplog
        option  dontlognull
        timeout connect 5000
        timeout client  50000
        timeout server  50000
        # Long timeout for WebSocket connections.
        timeout tunnel 1h
        option redispatch
        option forwardfor
        errorfile 400 /etc/haproxy/errors/400.http
        errorfile 403 /etc/haproxy/errors/403.http
        errorfile 408 /etc/haproxy/errors/408.http
        errorfile 500 /etc/haproxy/errors/500.http
        errorfile 502 /etc/haproxy/errors/502.http
        errorfile 503 /etc/haproxy/errors/503.http
        errorfile 504 /etc/haproxy/errors/504.http

frontend front
        maxconn 10000
        # Using these ports for binding
        bind *:80 name http
        bind *:443 ssl crt /etc/haproxy/ssl/haproxy_certs/nlb.pem alpn h2,http/1.1
        redirect scheme https code 301 if !{ ssl_fc }
        default_backend creatio

        ## routing based on websocket protocol header
        acl hdr_connection_upgrade hdr(Connection)  -i upgrade
        acl hdr_upgrade_websocket  hdr(Upgrade)     -i websocket
        use_backend creatio_ws if hdr_connection_upgrade hdr_upgrade_websocket

backend creatio
        # Tell the backend that this is a secure connection,
        # even though it's getting plain HTTP.
        # Set balance type
        balance roundrobin
        # Generate cookie for nods
        cookie BACKENDNODE insert indirect nocache
        option httpchk HEAD /Login/Login.html
        http-response set-header X-Frame-Options SAMEORIGIN
        http-response set-header X-XSS-Protection 1;mode=block
        default-server check maxconn 5000
        server node_1 192.168.10.101:9002 check ssl verify none cookie node_1
        server node_2 192.168.10.102:9002 check ssl verify none cookie node_2
        server node_3 192.168.10.103:9002 check ssl verify none cookie node_3
        server node_4 192.168.10.104:9002 check ssl verify none cookie node_4

backend creatio_ws
        # Set balance type
        balance roundrobin
        # Generate cookie for nods
        cookie BACKENDNODE insert indirect nocache
        server node_1 192.168.10.101:9002 check ssl verify none cookie node_1
        server node_2 192.168.10.102:9002 check ssl verify none cookie node_2
        server node_3 192.168.10.103:9002 check ssl verify none cookie node_3
        server node_4 192.168.10.104:9002 check ssl verify none cookie node_4

listen stats
        # Define a listen section called "stats"
        bind *:9000
        # Listen on localhost:9000
        mode http
        stats enable
        # Enable stats page
        stats uri /haproxy_stats
        # Stats URI