I'm currently setting up a HAproxy to load balance between two different web servers. The majority of pages on the site require SSL. As of today, Stunnel is taking care of the HTTPS connections and passing them to the HAproxy. The HAproxy will send requests to the web servers (using HTTP). This is also in an internal network. Is this enough to be PCI compliant? What else should I do?