global log stdout format raw local0 # turn on stats unix socket stats socket /var/lib/haproxy/stats resolvers mydns parse-resolv-conf defaults retries 3 log global timeout http-request 10s timeout queue 1m timeout connect 10s timeout client 1m timeout server 1m timeout http-keep-alive 10s timeout check 10s frontend f_https bind ipv6@:6443 mode tcp tcp-request inspect-delay 5s tcp-request content accept if { req_ssl_hello_type 1 } tcp-request content reject unless { req_ssl_sni -i k8s.ooo } tcp-request content do-resolve(txn.myip,mydns,ipv6) req_ssl_sni,lower default_backend b_https backend b_https mode tcp tcp-request content set-dst var(txn.myip) server tcp_https ipv6@*