Sysadmin HAproxy with proxy_protocol cause SSL handshaked failed?

Hi,

I have 2 VPS:

VPS 1: have 4 sites (behind cloudflare)
VPS 2: only installed haproxy

I want to set up a reverse proxy with SSL-passthrough with haproxy, so it will become like this:

Client => Cloudflare => VPS 2 (proxy) => VPS 1 (4 sites)

So, VPS 2 with haproxy installed and config as below:

Code:

global
   log /dev/log local0
   log /dev/log local1 notice
   chroot /var/lib/haproxy
   stats timeout 30s
   user haproxy
   group haproxy
   daemon

defaults
   log global
   mode tcp
   option tcplog
   option dontlognull
   timeout connect 5000
   timeout client 50000
   timeout server 50000

frontend http_front
   bind *:80
   bind *:443
   tcp-request inspect-delay 5s
   tcp-request content accept if { req.ssl_hello_type 1 }
   use_backend domain1 if { req_ssl_sni -i domain1 }
   use_backend domain2 if { req_ssl_sni -i domain2 }

frontend port80-redirect
   mode http
   bind 10.18.14.33:80
   redirect scheme https

backend domain1
   balance roundrobin
   option ssl-hello-chk
   server domain1 111.111.111.111:443 check send-proxy-v2

backend domain2
   balance roundrobin
   option ssl-hello-chk
   server domain2 111.111.111.111:443 check send-proxy-v2

And, VPS 1 (used centminmod) with 4 domains, config for Domain 1 & 2: I put "proxy_protocol" in this line in this file /usr/local/nginx/conf/conf.d/domain1(or2).ssl.conf

Code:

server {
  listen 443 ssl http2 proxy_protocol;
  server_name domain1(or2) www.domain1(or2);

...
}

Suddenly, all my sites on the same server have SSL handshakes error. After searching around, I also tried putting

Code:

proxy_protocol on;

or

Code:

proxy_ssl_server_name on;

in

Code:

/usr/local/nginx/conf/nginx.conf
/usr/local/nginx/conf/conf.d/domain1(or2).ssl.conf

But, I always have syntax error, or it did not solve the SSL handshake error.

---

How can I make this work? Thank you.