You cannot select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
43 lines
1.4 KiB
INI
43 lines
1.4 KiB
INI
global
|
|
maxconn 20480
|
|
############# IMPORTANT #################################
|
|
## DO NOT SET CHROOT OTHERWISE YOU HAVE TO CHANGE THE ##
|
|
## acme-http01-webroot.lua file ##
|
|
# chroot /jail ##
|
|
#########################################################
|
|
lua-load /etc/haproxy/acme-http01-webroot.lua
|
|
# SSL options
|
|
ssl-default-bind-ciphers AES256+EECDH:AES256+EDH:!aNULL;
|
|
tune.ssl.default-dh-param 4096
|
|
|
|
# DNS runt-time resolution on backend hosts
|
|
resolvers docker
|
|
nameserver dns "127.0.0.11:53"
|
|
|
|
defaults
|
|
mode http
|
|
timeout connect 5000ms
|
|
timeout client 50000ms
|
|
timeout server 50000ms
|
|
option forwardfor
|
|
option http-server-close
|
|
|
|
# never fail on address resolution
|
|
default-server init-addr last,libc,none
|
|
|
|
frontend http
|
|
bind *:80
|
|
mode http
|
|
acl url_acme_http01 path_beg /.well-known/acme-challenge/
|
|
http-request use-service lua.acme-http01 if METH_GET url_acme_http01
|
|
redirect scheme https code 301 if !{ ssl_fc }
|
|
|
|
frontend https
|
|
bind *:443 ssl crt /etc/haproxy/certs/ no-sslv3 no-tls-tickets no-tlsv10 no-tlsv11
|
|
http-response set-header Strict-Transport-Security "max-age=16000000; includeSubDomains; preload;"
|
|
default_backend www
|
|
|
|
backend www
|
|
server server1 172.17.0.1:8080 check port 8080
|
|
http-request add-header X-Forwarded-Proto https if { ssl_fc }
|