diff --git a/CHANGELOG.md b/CHANGELOG.md
index 353d5280..360945fc 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -13,6 +13,7 @@ The **patch** part changes incrementally at each release.
 ### Added
 
 * certbot: detect HAProxy cert directory
+* haproxy: add some comments to default config
 * haproxy: enable stats frontend with access lists
 * haproxy: preconfigure SSL with defaults
 * lxc-php: Install php-sqlite by default
diff --git a/haproxy/templates/haproxy.default.cfg.j2 b/haproxy/templates/haproxy.default.cfg.j2
index fb63e1f6..43576ce9 100644
--- a/haproxy/templates/haproxy.default.cfg.j2
+++ b/haproxy/templates/haproxy.default.cfg.j2
@@ -56,3 +56,27 @@ listen stats
     http-request deny if !{ src -f /etc/haproxy/stats_access_ips }
     http-request set-log-level silent
 {% endif %}
+
+# frontend http-https
+#     bind 0.0.0.0:80
+#     bind 0.0.0.0:443 ssl crt /etc/haproxy/ssl
+# 
+#     capture request header Host len 32
+# 
+#     option forwardfor
+# 
+#     acl self hdr(host) -i {{ ansible_fqdn }}
+# 
+#     # Detect Let's Encrypt challenge requests
+#     acl letsencrypt path_dir -i /.well-known/acme-challenge
+# 
+#     http-request set-header X-Forwarded-Proto https if { ssl_fc }
+#     http-request set-header X-Forwarded-Port 443 if { ssl_fc }
+# 
+#     use_backend local if letsencrypt || self
+# 
+# backend local
+#     mode http
+#     option forwardfor
+# 
+#     server localhost 127.0.0.1:81 send-proxy-v2