-
Notifications
You must be signed in to change notification settings - Fork 1
Expand file tree
/
Copy pathmy_haproxy.cfg
More file actions
25 lines (19 loc) · 802 Bytes
/
my_haproxy.cfg
File metadata and controls
25 lines (19 loc) · 802 Bytes
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
# Listen on HTTP if URI is LetsEncrypt request, then forward to Certbot else redirect rest to HTTPS
frontend http
bind *:80
# Add X-Headers necessary for HTTPS; include:[port] if not running on port 443
http-request set-header X-Forwarded-Host %[req.hdr(Host)]
http-request set-header X-Forwarded-Proto https
# Force HTTPS
acl is_letsencrypt path_beg /.well-known/acme-challenge/
redirect scheme https if !{ ssl_fc } !is_letsencrypt
use_backend LetsEncrypt if is_letsencrypt
# Listen on HTTPS and redirect to backend_default
frontend https
bind :443 ssl crt /certs/wildcard.pem
default_backend backend_default
backend backend_default
server local-server 127.0.0.1:8080 check
backend LetsEncrypt
errorfile 503 /errors/certbot.http
server certbot 127.0.0.1:8888