haproxy.cfg
global
log 127.0.0.1 local0
maxconn 4000
daemon
uid 99
gid 99
defaults
log global
mode tcp
option dontlognull
timeout server 5s
timeout connect 5s
timeout client 5s
frontend ft_myapp
bind :443
mode tcp
option tcplog
tcp-request inspect-delay 5s
tcp-request content accept if { req_ssl_hello_type 1 }
acl application_1 req_ssl_sni -i domain1.org
acl application_2 req_ssl_sni -i domain2.org
use_backend bk_cert1 if application_1
use_backend bk_cert2 if application_2
default_backend bk_myapp
backend bk_myapp
mode tcp
server app1 127.0.0.1:1223 check
backend bk_cert1
mode tcp
server srv1 127.0.0.1:1234 check
backend bk_cert2
mode tcp
server srv2 127.0.0.1:1245 check