global
    # Enable HAProxy runtime API
    stats socket :9999 level admin expose-fd listeners

defaults
    mode http
    default_backend default-backend-http

    timeout connect 5s
    timeout client 1m
    timeout server 1m

    option dontlog-normal
    option tcp-smart-accept
    option tcp-smart-connect
    #option forwardfor
    option http-keep-alive

    http-reuse safe

frontend http
    bind *:80
    #http-request redirect scheme https code 301

    # ACL
    acl certbot path_beg /.well-known/acme-challenge/
    use_backend certbot if certbot

frontend https
    bind *:443 ssl crt /usr/local/etc/haproxy/certificates/site.pem
    http-request add-header X-Forwarded-Proto https

    # ACL
    acl certbot path_beg /.well-known/acme-challenge/
    use_backend certbot if certbot

backend default-backend-http
    http-request set-header X-Forwarded-Proto https if { ssl_fc }
    server main nginx:80 check

backend certbot
    server certbot certbot:380

resolvers docker
    nameserver dns1 127.0.0.11:53