ssl – HAPROXY : Redirect incoming HTTPS request to HTTP backend

I’m a newbie with HAProxy, and I want to use it to redirects HTTPS incoming requests to my HTTP backends servers.

I know, how it is possible to do it with Nginx, like this :

#SSL for all
server {
    listen 443 ssl ;
    absolute_redirect off;
    proxy_redirect off;

    access_log /var/log/nginx/;
    error_log /var/log/nginx/;

    ssl_protocols TLSv1.2 TLSv1.1 TLSv1 ;
    ssl_certificate /etc/letsencrypt/live/; 
    ssl_certificate_key /etc/letsencrypt/live/; 

    location / {

But I don’t know how I can do it with HAProxy ?

I have already tried several things. But each time I only had HTTPS to HTTPS redirects.

Can you help me ?

This is my current HAProxy configuration :

    log /dev/log    local0
    log /dev/log    local1 notice
    chroot /var/lib/haproxy
    stats socket /run/haproxy/admin.sock mode 660 level admin expose-fd listeners
    stats timeout 5s
    user haproxy
    group haproxy

    tune.ssl.default-dh-param 2048


    log     global

    mode    http
    option  httplog
    option  dontlognull
    timeout connect 5000
    timeout client  50000
    timeout server  50000
    errorfile 400 /etc/haproxy/errors/400.http
    errorfile 403 /etc/haproxy/errors/403.http
    errorfile 408 /etc/haproxy/errors/408.http
    errorfile 500 /etc/haproxy/errors/500.http
    errorfile 502 /etc/haproxy/errors/502.http
    errorfile 503 /etc/haproxy/errors/503.http
    errorfile 504 /etc/haproxy/errors/504.http
    stats enable
    stats hide-version
    stats refresh 30s
    stats uri /hastats

frontend www-http
        # Frontend listen port - 80
    bind *:80
    #Mode de fonctionnement
    mode http

    reqadd X-Forwarded-Proto: http

    # Test URI to see if its a letsencrypt request
    acl letsencrypt-acl path_beg /.well-known/acme-challenge/
    use_backend letsencrypt-backend if letsencrypt-acl

    # Set the default backend
    default_backend www-backend
    # Enable send X-Forwarded-For header
    #option forwardfor
    #option httpchk GET /
    # log reqs http
    #option httplog

    # acl
    #acl prod_acl  hdr(host) prod.local

    #use_backend apache_backend_servers if prod acl

# Define frontend ssl
frontend www-ssl
        bind *:443 ssl crt /etc/haproxy/certs/
        reqadd X-Forwarded-Proto: https
        default_backend www-backend

# define backend

backend www-backend
    mode http
    option httpchk
    option forwardfor except

    http-request add-header X-Forwarded-Proto https if { ssl_fc }
    redirect scheme http if { hdr(Host) -i } { ssl_fc }
    balance roundrobin
    #Define the backend servers
    server  web1    XXX.XXX.XXX.101  check inter 3s port 80
    server  web2    XXX.XXX.XXX.102  check inter 3s port 80

backend letsencrypt-backend
    server letsencrypt