This is awesome, I'm currenly using HAProxy 1.5 in a jail on my PfSense box for SSL Termination, it works great! But, I'll be even happier to get this in an easy to install pfsense package!
Here's some stuff I learned that might help others..
HAProxy
option forwardfor
option http-server-close
reqadd X-Forwarded-Proto:\ https
The 'forwardfor' is because most backends don't yet support HAProxy's proxy protocol.
I use the 'X-Forwarded-Proto' header to see if requests are ssl in varnish / nginx.
The 'http-server-close' tells haproxy it needs to close the connection to the backend. this is so it resends the ip+protocol header for each request. This is better then closing the entire connection with 'httpclose' as the client may quickly request more stuff before the timeout and you won't have the overhead of stating a new connection.
Varnish
if ( !client.ip ~ haproxy )
{set req.http.X-Forwarded-For = client.ip; set req.http.X-Forwarded-Proto = http;}
This way clients can't spoof their IP, or that they are using https
NGINX
set_real_ip_from 192.168.1.1;
real_ip_header X-Forwarded-For;
http {
map $http_x_forwarded_proto $server_https {
default off;
https on;
}
##fastcgi_params##
fastcgi_param HTTPS $server_https;
####