init

docker-compose.yml

+version: '3.0'
+
+services:
+  haproxy:
+    restart: always
+    container_name: "iot-mqtt-bl"
+    image: thingsboard/haproxy-certbot:1.3.0
+    volumes:
+     - ./haproxy/config:/config
+     - ./haproxy/letsencrypt:/etc/letsencrypt
+     - ./haproxy/certs.d:/usr/local/etc/haproxy/certs.d
+    ports:
+     - "1883:1883"
+    cap_add:
+     - NET_ADMIN
+    environment:
+      MQTT_PORT: 1883
+      FORCE_HTTPS_REDIRECT: "false"

haproxy/config/haproxy.cfg

+#HA Proxy Config
+global
+ ulimit-n 500000
+ maxconn 99999
+ maxpipes 99999
+ tune.maxaccept 500
+
+ log 127.0.0.1 local0
+ log 127.0.0.1 local1 notice
+
+ ca-base /etc/ssl/certs
+ crt-base /etc/ssl/private
+
+ ssl-default-bind-ciphers ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AESGCM:RSA+AES:RSA+3DES:!aNULL:!MD5:!DSS
+ ssl-default-bind-options no-sslv3
+
+defaults
+
+ log global
+
+ mode http
+
+ timeout connect 5000ms
+ timeout client 50000ms
+ timeout server 50000ms
+ timeout tunnel  1h    # timeout to use with WebSocket and CONNECT
+
+ default-server init-addr none
+
+#enable resolving throught docker dns and avoid crashing if service is down while proxy is starting
+resolvers docker_resolver
+  nameserver dns 127.0.0.11:53
+
+listen stats
+ bind *:9999
+ stats enable
+ stats hide-version
+ stats uri /stats
+ stats auth admin:admin@123
+
+listen mqtt-in
+ bind *:${MQTT_PORT}
+ mode tcp
+ option clitcpka # For TCP keep-alive
+ timeout client 3h
+ timeout server 3h
+ option tcplog
+ balance source
+ server tbMqtt1 47.99.83.75:1883 check 
+ server tbMqtt2 47.97.197.103:1883 check
+ server tbMqtt3 47.96.103.209:1883 check
\ No newline at end of file