Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?
Rancher/Docker haproxy.cfg
global
lua-load /usr/local/etc/haproxy/acme-http01-webroot.lua
ssl-default-bind-ciphers AES256+EECDH:AES256+EDH:!aNULL;
tune.ssl.default-dh-param 4096
debug
defaults
mode http
option log-health-checks
option dontlognull
option forwardfor
option httpclose
option httplog
option redispatch
retries 3
timeout check 5s
timeout client 5s
timeout connect 5s
timeout server 5s
log global
frontend http
bind *:80
acl url_acme_http01 path_beg /.well-known/acme-challenge/
http-request use-service lua.acme-http01 if METH_GET url_acme_http01
redirect scheme https code 301 if !{ ssl_fc }
stats enable
stats hide-version
frontend ft_ssl_vip
option http-server-close
option forceclose
option http-buffer-request
timeout http-request 10s
bind *:443 ssl crt /usr/local/etc/haproxy/certs/ no-sslv3 no-tls-tickets no-tlsv10 no-tlsv11
use_backend app
rspadd Strict-Transport-Security:\ max-age=15768000
resolvers docker
nameserver local 127.0.0.1:53
hold valid 1s
timeout retry 1s
resolve_retries 3
backend app
server app app:80 check inter 3s rise 1 fall 2 resolvers docker resolve-prefer ipv4
http-request add-header X-Forwarded-Proto https if { ssl_fc }
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment