public
/
dotege


			
				
					
						
						
							12345678910111213141516171819202122232425262728293031323334353637383940414243444546
							global
    ssl-default-bind-ciphers ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256
    ssl-default-bind-options no-sslv3 no-tlsv10 no-tlsv11 no-tls-tickets
    ssl-default-server-ciphers ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256
    ssl-default-server-options no-sslv3 no-tlsv10 no-tlsv11 no-tls-tickets

resolvers docker_resolver
    nameserver dns 127.0.0.11:53

defaults
    log global
    mode    http
    timeout connect 5000
    timeout client 30000
    timeout server 30000
    compression algo gzip
    compression type text/plain text/css application/json application/javascript application/x-javascript text/xml application/xml application/xml+rss text/javascript
    default-server init-addr last,libc,none check resolvers docker_resolver

frontend main
    mode    http
    bind    :::443 v4v6 ssl strict-sni alpn h2,http/1.1 crt /certs/
    bind    :::80 v4v6
    http-request set-header X-Forwarded-For %[src]
    http-request set-header X-Forwarded-Proto https if { ssl_fc }
    redirect scheme https code 301 if !{ ssl_fc }
    http-response set-header Strict-Transport-Security max-age=15768000
{{- range .Hostnames }}
    use_backend {{ .Name | replace "." "_" }} if { hdr(host) -i {{ .Name }}
        {{- range $san, $_ := .Alternatives }} || hdr(host) -i {{ $san }} {{- end }} }
{{- end -}}

{{ range .Hostnames }}

backend {{ .Name | replace "." "_" }}
    mode http
    {{- range .Containers }}
        {{- if index .Labels "com.chameth.proxy" }}
    server server1 {{ .Name }}:{{ index .Labels "com.chameth.proxy" }}
        {{- end -}}
    {{- end -}}
    {{- if .RequiresAuth }}
    acl authed_{{ .Name | replace "." "_" }} http_auth({{ .AuthGroup }})
    http-request auth if !authed_{{ .Name | replace "." "_" }}
    {{- end -}}
{{ end }}