kolla-ansible/ansible/roles/neutron/templates/neutron-tls-proxy.cfg.j2

#jinja2: lstrip_blocks: True
global
    chroot /var/lib/haproxy
    user neutron
    group neutron
    daemon
    log {{ syslog_server }}:{{ syslog_udp_port }} {{ syslog_neutron_tls_proxy_facility }}
    maxconn {{ neutron_tls_proxy_max_connections }}
    nbproc {{ neutron_tls_proxy_processes }}
    {% if (neutron_tls_proxy_processes | int > 1) and (neutron_tls_proxy_process_cpu_map | bool) %}
        {% for cpu_idx in range(0, neutron_tls_proxy_processes) %}
    cpu-map {{ cpu_idx + 1 }} {{ cpu_idx }}
        {% endfor %}
    {% endif %}
    ssl-default-bind-ciphers DEFAULT:!MEDIUM:!3DES
    ssl-default-bind-options no-sslv3 no-tlsv10 no-tlsv11
    tune.ssl.default-dh-param 4096

defaults
    log global
    option redispatch
    retries 3
    timeout http-request {{ neutron_tls_proxy_http_request_timeout }}
    timeout http-keep-alive {{ neutron_tls_proxy_http_keep_alive_timeout }}
    timeout queue {{ neutron_tls_proxy_queue_timeout }}
    timeout connect {{ neutron_tls_proxy_connect_timeout }}
    timeout client {{ neutron_tls_proxy_client_timeout }}
    timeout server {{ neutron_tls_proxy_server_timeout }}
    timeout check {{ neutron_tls_proxy_check_timeout }}
    balance {{ neutron_tls_proxy_defaults_balance }}
    maxconn {{ neutron_tls_proxy_defaults_max_connections }}

listen stats
   bind {{ api_interface_address }}:{{ neutron_tls_proxy_stats_port }}
   mode http
   stats enable
   stats uri /
   stats refresh 15s
   stats realm Haproxy\ Stats
   stats auth {{ haproxy_user }}:{{ haproxy_password }}

frontend neutron_backend_tls
    bind {{ api_interface_address }}:{{ neutron_server_listen_port }} ssl crt /etc/neutron/certs/neutron-cert-and-key.pem
    default_backend neutron_server

backend neutron_server
    server neutron-server 127.0.0.1:{{ neutron_server_listen_port }} check