docker_ssl_endpoint/haproxy_ssl.conf

52 lines
1.5 KiB
Plaintext

global
chroot /var/lib/haproxy
stats socket /admin.sock mode 660 level admin
stats timeout 30s
user haproxy
group haproxy
daemon
ca-base /etc/ssl/certs
crt-base /crypt
ssl-default-bind-ciphers kEECDH+aRSA+AES:kRSA+AES:+AES256:!RC4:!kEDH:!LOW:!EXP:!MD5:!aNULL:!eNULL
ssl-default-bind-options no-sslv3
defaults
#log global
mode http
#option httplog
#option dontlognull
timeout connect 5000
timeout client 50000
timeout server 50000
frontend http
bind *:80
reqadd X-Forwarded-Proto:\ http
acl letsencrypt-acl path_beg /.well-known/acme-challenge/
# add X-Forwarded-For Header to request
http-request add-header X-Forwarded-For %[src]
redirect scheme https code 301 if !{ ssl_fc }
use_backend letsencrypt-backend if letsencrypt-acl
default_backend www-backend
frontend https
bind *:443 ssl crt /data/haproxy/cert.pem
reqadd X-Forwarded-Proto:\ https
acl letsencrypt-acl path_beg /.well-known/acme-challenge/
# add X-Forwarded-For Header to request
http-request add-header X-Forwarded-For %[src]
use_backend letsencrypt-backend if letsencrypt-acl
default_backend www-backend
backend www-backend
server one target:80
backend letsencrypt-backend
server letsencrypt 127.0.0.1:54321