We are currently using HAproxy to redirect incoming traffic to our domain example.domain to our containers, which are only accessible via the local interface (e.g. 127.0.0.1:12000:8080
To achieve this our current config looks something like this:
defaults
mode http
timeout connect 5000
timeout check 5000
timeout client 20000
timeout server 20000
frontend domain
bind *:80
bind *:443 ssl crt /etc/haproxy/certs/domain.cert
bind *:11000-11199 ssl crt /etc/haproxy/certs/domain.cert
http-request redirect scheme https unless { ssl_fc } # ssl_fc returns true if the request is already using SSL
http-request set-header X-Forwarded-Port %[dst_port]
http-request add-header X-Forwarded-Proto https if { ssl_fc }
# Ports 11000-11099 are reserved for secure traffic
acl secure_0_host dst_port 11000
acl secure_1_host dst_port 11001
# Ports 11100-11199 are reserved for insecure traffic
acl insecure_0_host dst_port 11100
acl insecure_1_host dst_port 11101
# Secure Backends
use_backend secure_0 if secure_0_host
use_backend secure_1 if secure_1_host
# Insecure Backends
use_backend insecure_0 if insecure_0_host
use_backend insecure_1 if insecure_1_host
# Fallback Backend
default_backend fallback_backend
backend fallback_backend
http-request redirect location https://example.domain code 302
# Secure Backends
backend secure_0
server secure_0 127.0.0.1:12000 ssl verify none
backend secure_1
server secure_1 127.0.0.1:12001 ssl verify none
# Insecure Backends
backend insecure_0
server insecure_0 127.0.0.1:12100
backend insecure_1
server insecure_1 127.0.0.1:12101
This setup does work but it is really tedious to manually add each port-mapping and also it kinda bugs me, that I have to use different ports (12000-12099) for the docker containers, than I am listening on with HAproxy.
Is it somehow possible to just tell the config, that a given portrange (11000-11099) should be passed through to 127.0.0.1:11000-11099?
