bogdanrada
6/20/2017 - 1:50 PM

Haproxy SSL reverse proxy configuration for Docker registry

Haproxy SSL reverse proxy configuration for Docker registry

global
	log 127.0.0.1 local0 debug
	chroot /var/lib/haproxy
	user haproxy
	group haproxy
	daemon
	tune.ssl.default-dh-param 2048

defaults
	log	global
	mode	http
	option	httplog
	option	dontlognull
	option	forwardfor
	option  logasap
	timeout connect		10000
	timeout client		50000
	timeout server		100000
	maxconn			3000
	errorfile 400 /etc/haproxy/errors/400.http
	errorfile 403 /etc/haproxy/errors/403.http
	errorfile 408 /etc/haproxy/errors/408.http
	errorfile 500 /etc/haproxy/errors/500.http
	errorfile 502 /etc/haproxy/errors/502.http
	errorfile 503 /etc/haproxy/errors/503.http
	errorfile 504 /etc/haproxy/errors/504.http

frontend http
	bind *:80
	redirect scheme https if !{ ssl_fc }

frontend https
	bind *:443 ssl crt /etc/mycompany/certs/haproxy.pem
	acl host_docker hdr(host) -i docker.mycompany.com
	reqadd X-Forwarded-Port:\ 443
	reqadd X-Forwarded-Proto:\ https
	reqadd X-Forwarded-Scheme:\ https
	use_backend docker if host_docker

backend docker
	reqadd X-Forwarded-Host:\ docker.mycompany.com
	server docker localhost:5000