sudomabider/docker-compose.yml

## docker-compose.yml
version: '3'

services:
  haproxy:
    image: haproxy:alpine
    restart: 'unless-stopped'
    logging:
      driver: 'json-file'
      options:
        max-size: 100k
        max-file: '1'
    networks:
      bridge-frontend:
    ports:
      - 80:80
      - 443:443
    volumes:
      - ./haproxy.cfg:/usr/local/etc/haproxy/haproxy.cfg
      - ./certs:/usr/local/etc/haproxy/certs

networks:
  # docker network create bridge-frontend
  bridge-frontend:
    external: true

## haproxy.cfg
global
    maxconn 4096

    # Default ciphers to use on SSL-enabled listening sockets.
    # For more information, see ciphers(1SSL). This list is from:
    #  https://hynek.me/articles/hardening-your-web-servers-ssl-ciphers/
    ssl-default-bind-options no-sslv3
    ssl-default-bind-ciphers BLAHBLAH

    ssl-default-server-options no-sslv3
    ssl-default-server-ciphers BLAHBLAH

defaults
    timeout connect 5000
    timeout client 50000
    timeout server 50000
    mode http

#resolvers docker
#    nameserver dnsmasq 127.0.0.11:53

frontend http_fe
    bind *:80
    bind *:443 ssl crt /usr/local/etc/haproxy/certs/my_cert.pem

    # UPGRADE TO HTTPS
    redirect scheme https code 301 if !{ ssl_fc }

    # Optionally
    errorfile 400 /usr/local/etc/haproxy/errors/400.http
    errorfile 403 /usr/local/etc/haproxy/errors/403.http
    errorfile 408 /usr/local/etc/haproxy/errors/408.http
    errorfile 500 /usr/local/etc/haproxy/errors/500.http
    errorfile 502 /usr/local/etc/haproxy/errors/502.http
    errorfile 503 /usr/local/etc/haproxy/errors/503.http
    errorfile 504 /usr/local/etc/haproxy/errors/504.http

    # Default headers
    option forwardfor
    http-request add-header X-Forwarded-Proto https
    http-request add-header X-Forwarded-Port 443
    http-request add-header X-Forwarded-For %[src]

    # Rules
    acl is_contact_alpha hdr_beg(host) alpha.contact.
    acl is_contact_beta hdr_beg(host) beta.contact.
    acl is_contact_prod hdr_beg(host) contact.

    use_backend contact_alpha if is_contact_alpha
    use_backend contact_beta if is_contact_beta
    use_backend contact if is_contact_prod

    # default
    default_backend default

backend contact_alpha
    server s_1 host.docker.internal:5001 check

backend contact_beta
    server s_1 host.docker.internal:5002 check

backend contact
    server s_1 host.docker.internal:5003 check

backend default
    # Create your own error
    errorfile 404 /usr/local/etc/haproxy/errors/404.http
	version: '3'

	services:
	haproxy:
	image: haproxy:alpine
	restart: 'unless-stopped'
	logging:
	driver: 'json-file'
	options:
	max-size: 100k
	max-file: '1'
	networks:
	bridge-frontend:
	ports:
	- 80:80
	- 443:443
	volumes:
	- ./haproxy.cfg:/usr/local/etc/haproxy/haproxy.cfg
	- ./certs:/usr/local/etc/haproxy/certs

	networks:
	# docker network create bridge-frontend
	bridge-frontend:
	external: true
	global
	maxconn 4096

	# Default ciphers to use on SSL-enabled listening sockets.
	# For more information, see ciphers(1SSL). This list is from:
	# https://hynek.me/articles/hardening-your-web-servers-ssl-ciphers/
	ssl-default-bind-options no-sslv3
	ssl-default-bind-ciphers BLAHBLAH

	ssl-default-server-options no-sslv3
	ssl-default-server-ciphers BLAHBLAH

	defaults
	timeout connect 5000
	timeout client 50000
	timeout server 50000
	mode http

	#resolvers docker
	# nameserver dnsmasq 127.0.0.11:53

	frontend http_fe
	bind *:80
	bind *:443 ssl crt /usr/local/etc/haproxy/certs/my_cert.pem

	# UPGRADE TO HTTPS
	redirect scheme https code 301 if !{ ssl_fc }

	# Optionally
	errorfile 400 /usr/local/etc/haproxy/errors/400.http
	errorfile 403 /usr/local/etc/haproxy/errors/403.http
	errorfile 408 /usr/local/etc/haproxy/errors/408.http
	errorfile 500 /usr/local/etc/haproxy/errors/500.http
	errorfile 502 /usr/local/etc/haproxy/errors/502.http
	errorfile 503 /usr/local/etc/haproxy/errors/503.http
	errorfile 504 /usr/local/etc/haproxy/errors/504.http

	# Default headers
	option forwardfor
	http-request add-header X-Forwarded-Proto https
	http-request add-header X-Forwarded-Port 443
	http-request add-header X-Forwarded-For %[src]

	# Rules
	acl is_contact_alpha hdr_beg(host) alpha.contact.
	acl is_contact_beta hdr_beg(host) beta.contact.
	acl is_contact_prod hdr_beg(host) contact.

	use_backend contact_alpha if is_contact_alpha
	use_backend contact_beta if is_contact_beta
	use_backend contact if is_contact_prod

	# default
	default_backend default

	backend contact_alpha
	server s_1 host.docker.internal:5001 check

	backend contact_beta
	server s_1 host.docker.internal:5002 check

	backend contact
	server s_1 host.docker.internal:5003 check

	backend default
	# Create your own error
	errorfile 404 /usr/local/etc/haproxy/errors/404.http