HAproxy SSL passthrough by SNI to docker container with docker embeded DNS

haproxy.cfg

global
  log /dev/log    local0
  log /dev/log    local1 notice
  stats socket /haproxy-admin.sock mode 660 level admin
  stats timeout 30s
  daemon

defaults
    mode                    tcp
    log                     global
    option                  dontlog-normal
    option                  tcpka
    retries                 3
    timeout http-request    10s
    timeout queue           1m
    timeout connect         10s
    timeout client          1m
    timeout server          1m
    timeout http-keep-alive 10s
    timeout check           5s

resolvers dns
  nameserver public-0  127.0.0.11:53
  hold valid 1s

frontend https
  bind *:443
  mode tcp

  tcp-request inspect-delay 5s
  tcp-request content accept if { req_ssl_hello_type 1 }

  acl example_acl req_ssl_sni -i example.hu
  use_backend example_https if example_acl

backend example_https
  mode tcp
  balance roundrobin

  # maximum SSL session ID length is 32 bytes.
  stick-table type binary len 32 size 30k expire 30m

  acl clienthello req_ssl_hello_type 1
  acl serverhello rep_ssl_hello_type 2

  # use tcp content accepts to detects ssl client and server hello.
  tcp-request inspect-delay 5s
  tcp-request content accept if clienthello

  # no timeout on response inspect delay by default.
  tcp-response content accept if serverhello
  stick on payload_lv(43,1) if clienthello

  # Learn on response if server hello.
  stick store-response payload_lv(43,1) if serverhello
  option ssl-hello-chk
  
  server server1 docker-container:443 resolvers dns inter 1000 init-addr none