31 lines
1.1 KiB
INI
31 lines
1.1 KiB
INI
frontend http
|
|
bind *:80
|
|
|
|
acl acme_challenge path_beg /.well-known/acme-challenge
|
|
|
|
# Proxy ACME challenge requests to Lego
|
|
use_backend lego if acme_challenge
|
|
#default_backend web
|
|
|
|
|
|
# Lego listens on port 5000 when it is requresting a certificate via
|
|
# ACME. Only one DC can be requesting a certificate at a time, or
|
|
# requests may be forwarded to the wrong machine.
|
|
#
|
|
# It is imperative that the `check` option is NOT enabled for any
|
|
# server/template in this back-end, or challenge requests may get lost
|
|
# if they are initiated between HAProxy health check intervals.
|
|
backend lego
|
|
balance roundrobin
|
|
server-template dc {{ groups["samba-dc"] | length + 3 }} {{ krb5_realm|lower }}:5000 resolvers local init-addr none
|
|
retries 10
|
|
option redispatch
|
|
retry-on all-retryable-errors 404
|
|
|
|
|
|
# Although there is not currently a use case for it, it is possible to run a
|
|
# web server on the apex domain, but it has to listen on an alternate port.
|
|
#backend web
|
|
# balance roundrobin
|
|
# server-template dc 5 {{ krb5_realm|lower }}:8080 resolvers local init-addr none
|