docker_ssl_endpoint/haproxy_ssl.conf

57 lines
1.4 KiB
Plaintext
Raw Normal View History

global
chroot /var/lib/haproxy
stats socket /admin.sock mode 660 level admin
stats timeout 30s
user haproxy
group haproxy
daemon
ca-base /etc/ssl/certs
crt-base /crypt
ssl-default-bind-ciphers kEECDH+aRSA+AES:kRSA+AES:+AES256:!RC4:!kEDH:!LOW:!EXP:!MD5:!aNULL:!eNULL
ssl-default-bind-options no-sslv3
defaults
#log global
mode http
#option httplog
#option dontlognull
timeout connect 5000
timeout client 50000
timeout server 50000
frontend http
bind *:80
2016-12-30 10:05:42 +01:00
2016-12-29 19:14:26 +01:00
# add X-Forwarded-For Header to request
http-request add-header X-Forwarded-For %[src]
2016-12-30 10:05:42 +01:00
reqadd X-Forwarded-Proto:\ http
redirect scheme https code 301 if !{ ssl_fc }
2016-12-29 19:21:37 +01:00
acl letsencrypt-acl path_beg /.well-known/acme-challenge/
use_backend letsencrypt-backend if letsencrypt-acl
2016-12-29 19:21:37 +01:00
default_backend www-backend
frontend https
bind *:443 ssl crt /data/haproxy/cert.pem
2016-12-29 19:14:26 +01:00
# add X-Forwarded-For Header to request
http-request add-header X-Forwarded-For %[src]
2016-12-30 10:05:42 +01:00
reqadd X-Forwarded-Proto:\ https
2016-12-29 19:21:37 +01:00
acl letsencrypt-acl path_beg /.well-known/acme-challenge/
use_backend letsencrypt-backend if letsencrypt-acl
2016-12-29 19:21:37 +01:00
default_backend www-backend
backend www-backend
server one target:80
backend letsencrypt-backend
server letsencrypt 127.0.0.1:54321