global
    # NOTE: on startup haproxy chroot's to /var/lib/haproxy.
    #
    # Unfortunately the program will open some files prior to the call to
    # chroot never to reopen them, and some after. So looking at the on-disk
    # layout of haproxy resources you will find some resources relative to /
    # such as the admin socket, and some relative to /var/lib/haproxy such as
    # the log socket.
    #
    # The logging socket is (re-)opened after the chroot and must be relative
    # to /var/lib/haproxy.
    log /dev/log local0
    log /dev/log local1 notice
    maxconn 20000
    user haproxy
    group haproxy
    spread-checks 0
    # The admin socket is opened prior to the chroot never to be reopened, so
    # it lives outside the chroot directory in the filesystem.
    stats socket /var/run/haproxy/admin.sock mode 600 level admin
    stats timeout 2m

defaults
    log global
    mode tcp
    option tcplog
    option dontlognull
    retries 3
    timeout queue 9000
    timeout connect 9000
    timeout client 90000
    timeout server 90000

listen stats
    bind 127.0.0.1:8888
    mode http
    stats enable
    stats hide-version
    stats realm Haproxy\ Statistics
    stats uri /
    stats auth admin:FgS4JmTyXyd5wGc5GsdJm8PG43NgJVmH

frontend tcp-in_admin-port
    bind *:35357
    bind :::35357
    acl net_252.129.240.105 dst 252.129.240.105/255.0.0.0
    use_backend admin-port_252.129.240.105 if net_252.129.240.105
    default_backend admin-port_252.129.240.105

backend admin-port_252.129.240.105
    balance leastconn
    server keystone-0 252.129.240.105:35347 check
    
frontend tcp-in_public-port
    bind *:5050
    bind :::5050
    acl net_252.129.240.105 dst 252.129.240.105/255.0.0.0
    use_backend public-port_252.129.240.105 if net_252.129.240.105
    default_backend public-port_252.129.240.105

backend public-port_252.129.240.105
    balance leastconn
    server keystone-0 252.129.240.105:5040 check