add dockerfile and config

docker-compose.yml

@@ -0,0 +1,14 @@
+services:
+  haproxy:
+    build:
+      context: ./docker
+      dockerfile: Dockerfile
+    image: bitdeals/haproxy
+    volumes:
+      - certificates:/usr/local/etc/haproxy/certificates:ro
+    ports:
+      - "80:80"
+      - "443:443"
+    expose:
+      - "9999"
+

docker/Dockerfile

@@ -0,0 +1,5 @@
+FROM bitnami/haproxy:2
+
+# Copy config
+COPY ./haproxy.cfg /bitnami/haproxy/conf/haproxy.cfg
+

docker/haproxy.cfg

@@ -0,0 +1,46 @@
+global
+    # Enable HAProxy runtime API
+    stats socket :9999 level admin expose-fd listeners
+
+defaults
+    mode http
+    default_backend default-backend-http
+
+    timeout connect 5s
+    timeout client 1m
+    timeout server 1m
+
+    option dontlog-normal
+    option tcp-smart-accept
+    option tcp-smart-connect
+    #option forwardfor
+    option http-keep-alive
+
+    http-reuse safe
+
+frontend http
+    bind *:80
+    #http-request redirect scheme https code 301
+
+    # ACL
+    acl certbot path_beg /.well-known/acme-challenge/
+    use_backend certbot if certbot
+
+frontend https
+    bind *:443 ssl crt /usr/local/etc/haproxy/certificates/site.pem
+    http-request add-header X-Forwarded-Proto https
+
+    # ACL
+    acl certbot path_beg /.well-known/acme-challenge/
+    use_backend certbot if certbot
+
+backend default-backend-http
+    http-request set-header X-Forwarded-Proto https if { ssl_fc }
+    server main nginx:80 check
+
+backend certbot
+    server certbot certbot:380
+
+resolvers docker
+    nameserver dns1 127.0.0.11:53
+