#HA Proxy Config global ulimit-n 500000 maxconn 99999 maxpipes 99999 tune.maxaccept 500 log 127.0.0.1 local0 log 127.0.0.1 local1 notice ca-base /etc/ssl/certs crt-base /etc/ssl/private ssl-default-bind-ciphers ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AESGCM:RSA+AES:RSA+3DES:!aNULL:!MD5:!DSS ssl-default-bind-options no-sslv3 defaults log global mode http timeout connect 5000ms timeout client 50000ms timeout server 50000ms timeout tunnel 1h # timeout to use with WebSocket and CONNECT default-server init-addr none #enable resolving throught docker dns and avoid crashing if service is down while proxy is starting resolvers docker_resolver nameserver dns 127.0.0.11:53 listen stats bind *:9999 stats enable stats hide-version stats uri /stats stats auth admin:admin@123 listen mqtt-in bind *:${MQTT_PORT} mode tcp option clitcpka # For TCP keep-alive timeout client 3h timeout server 3h option tcplog balance leastconn server tbMqtt1 tb-mqtt-transport1:1883 check inter 5s resolvers docker_resolver resolve-prefer ipv4 listen edges-rpc-in bind *:${EDGES_RPC_PORT} mode tcp option clitcpka # For TCP keep-alive timeout client 3h timeout server 3h option tcplog balance leastconn server tbEdgesRpc1 tb-core1:7070 check inter 5s resolvers docker_resolver resolve-prefer ipv4 frontend http-in bind *:${HTTP_PORT} alpn h2,http/1.1 option forwardfor http-request add-header "X-Forwarded-Proto" "http" acl transport_http_acl path_beg /api/v1/ acl letsencrypt_http_acl path_beg /.well-known/acme-challenge/ acl tb_api_acl path_beg /api/ /swagger /webjars /v2/ /static/rulenode/ /oauth2/ /login/oauth2/ /static/widgets/ redirect scheme https if !letsencrypt_http_acl !transport_http_acl { env(FORCE_HTTPS_REDIRECT) -m str true } use_backend letsencrypt_http if letsencrypt_http_acl use_backend tb-http-backend if transport_http_acl use_backend tb-api-backend if tb_api_acl default_backend tb-web-backend frontend dtwin-in bind *:${DTWIN_PORT} alpn h2,http/1.1 option forwardfor http-request add-header "X-Forwarded-Proto" "http" acl transport_http_acl path_beg /api/v1/ acl letsencrypt_http_acl path_beg /.well-known/acme-challenge/ acl tb_api_acl path_beg /api/ /swagger /webjars /v2/ /static/rulenode/ /oauth2/ /login/oauth2/ /static/widgets/ redirect scheme https if !letsencrypt_http_acl !transport_http_acl { env(FORCE_HTTPS_REDIRECT) -m str true } use_backend letsencrypt_http if letsencrypt_http_acl use_backend tb-http-backend if transport_http_acl use_backend tb-api-backend if tb_api_acl default_backend tb-web-dtwin-backend frontend https_in bind *:${HTTPS_PORT} ssl crt /usr/local/etc/haproxy/default.pem crt /usr/local/etc/haproxy/certs.d ciphers ECDHE-RSA-AES256-SHA:RC4-SHA:RC4:HIGH:!MD5:!aNULL:!EDH:!AESGCM alpn h2,http/1.1 option forwardfor http-request add-header "X-Forwarded-Proto" "https" acl transport_http_acl path_beg /api/v1/ acl tb_api_acl path_beg /api/ /swagger /webjars /v2/ /static/rulenode/ /oauth2/ /login/oauth2/ /static/widgets/ use_backend tb-http-backend if transport_http_acl use_backend tb-api-backend if tb_api_acl default_backend tb-web-backend backend letsencrypt_http server letsencrypt_http_srv 127.0.0.1:8080 backend tb-web-backend balance leastconn option tcp-check option log-health-checks server tbWeb1 tb-web-ui1:8080 check inter 5s resolvers docker_resolver resolve-prefer ipv4 http-request set-header X-Forwarded-Port %[dst_port] backend tb-web-dtwin-backend balance leastconn option tcp-check option log-health-checks server tbDtwin tb-web-dtwin:80 check inter 5s resolvers docker_resolver resolve-prefer ipv4 http-request set-header X-Forwarded-Port %[dst_port] backend tb-http-backend balance leastconn option tcp-check option log-health-checks server tbHttp1 tb-http-transport1:8081 check inter 5s resolvers docker_resolver resolve-prefer ipv4 backend tb-api-backend balance source option tcp-check option log-health-checks server tbApi1 tb-core1:8080 check inter 5s resolvers docker_resolver resolve-prefer ipv4 http-request set-header X-Forwarded-Port %[dst_port]