global maxconn 4096 #tune.ssl.default-dh-param 2048 defaults mode http timeout connect 5000ms timeout client 50000ms timeout server 50000ms #log global #log 127.0.0.1 local0 debug #option tcplog # https://www.haproxy.com/blog/how-to-get-ssl-with-haproxy-getting-rid-of-stunnel-stud-nginx-or-pound/ frontend https-in mode http #bind *:443 ssl crt /etc/letsencrypt/haproxy/${NEXTCLOUD_URL}.pem crt /etc/letsencrypt/haproxy/${GOGS_URL}.pem bind *:443 ssl ${HAPROXY_CERTS} acl letsencrypt-acl path_beg /.well-known/acme-challenge/ #acl nextcloud-acl ssl_fc_sni ${NEXTCLOUD_URL} #acl gogs-acl ssl_fc_sni ${GOGS_URL} acl nextcloud-acl ssl_fc_sni_reg ^${NEXTCLOUD_SERVER_NAME}\. acl gogs-acl ssl_fc_sni_reg ^${GOGS_SERVER_NAME}\. use_backend letsencrypt-backend if letsencrypt-acl use_backend nextcloud if nextcloud-acl use_backend gogs if gogs-acl default_backend nextcloud backend nextcloud # http://cbonte.github.io/haproxy-dconv/1.5/configuration.html#option%20http-server-close #option http-server-close #option forwardfor #redirect http to https #redirect scheme https if !{ ssl_fc } server nextcloud nextcloud:443 maxconn 32 check ssl verify none backend gogs #redirect http to https #redirect scheme https if !{ ssl_fc } server gogs gogs:2443 maxconn 32 check ssl verify none frontend http-in bind *:80 acl letsencrypt-acl path_beg /.well-known/acme-challenge/ #acl is_nextcloud hdr_end(host) -i ${NEXTCLOUD_URL} #acl is_gogs hdr_end(host) -i ${GOGS_URL} acl is_nextcloud hdr_reg(host) ^${NEXTCLOUD_SERVER_NAME}\. acl is_gogs hdr_reg(host) ^${GOGS_SERVER_NAME}\. use_backend letsencrypt-backend if letsencrypt-acl use_backend nextcloud-insecure if is_nextcloud use_backend gogs-insecure if is_gogs default_backend pihole-insecure backend nextcloud-insecure server nextcloud nextcloud:80 maxconn 32 backend gogs-insecure server gogs gogs:2080 maxconn 32 backend pihole-insecure server pihole pihole:80 maxconn 32 # LE Backend backend letsencrypt-backend server letsencrypt 127.0.0.1:8888 #listen admin # bind 127.0.0.1:8080 # stats enable