dotege/templates/haproxy.cfg.tpl

global
    ssl-default-bind-ciphers ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256
    ssl-default-bind-options no-sslv3 no-tlsv10 no-tlsv11 no-tls-tickets
    ssl-default-server-ciphers ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256
    ssl-default-server-options no-sslv3 no-tlsv10 no-tlsv11 no-tls-tickets

resolvers docker_resolver
    nameserver dns 127.0.0.11:53

defaults
    log global
    mode    http
    timeout connect 5000
    timeout client 5000
    timeout server 5000
    compression algo gzip
    compression type text/plain text/css application/json application/javascript application/x-javascript text/xml application/xml application/xml+rss text/javascript

frontend main
    mode    http
    bind    :443 ssl strict-sni alpn h2,http/1.1 crt /certs/certs/chameth.com/combined.pem
    bind    :80
    redirect scheme https code 301 if !{ ssl_fc }
    http-response set-header Strict-Transport-Security max-age=15768000
{{ range .Containers }}
    {{- if index .Labels "com.chameth.port" -}}
        {{- if index .Labels "com.chameth.vhost" }}
    use_backend {{ .Name }} if { hdr(host) -i {{ index .Labels "com.chameth.vhost" | split "," | join " || hdr(host) -i " }} }
        {{- end -}}
    {{- end -}}
{{ end }}
{{ range .Containers }}
    {{- if index .Labels "com.chameth.port" }}
backend {{ .Name }}
    mode http
    server server1 {{ .Name }}:{{ index .Labels "com.chameth.port" }} check resolvers docker_resolver
    {{- end -}}
{{ end }}