global log stdout format raw local0 ssl-default-bind-options no-sslv3 no-tlsv10 no-tlsv11 # bez ssl-default-bind-ciphers; użyj domyślnych OpenSSL # (opcjonalnie) dla TLS1.3: ssl-default-bind-ciphersuites TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256 # (opcjonalnie) dla TLS1.2: # ssl-default-bind-ciphers ECDHE+AESGCM:EDH+AESGCM defaults log global mode http option httplog timeout connect 5s timeout client 30s timeout server 30s http-reuse safe frontend fe_http bind :80 http-request redirect scheme https code 301 frontend fe_https bind :443 ssl crt /certs/selfsigned.pem http-request set-header X-Forwarded-For %[src] http-request set-header X-Forwarded-Proto https http-response del-header Server acl host_hosts hdr(host) -i hosts.internal acl host_routerosbackup hdr(host) -i routerosbackup.internal acl host_routerosupdate hdr(host) -i routerosupdate.internal acl host_sslmonitor hdr(host) -i sslmonitor.internal acl host_portainer hdr(host) -i portainer.internal acl host_drawio hdr(host) -i drawio.internal acl host_openspeedtest hdr(host) -i speed.internal use_backend be_hosts if host_hosts use_backend be_routerosbackup if host_routerosbackup use_backend be_routerosupdate if host_routerosupdate use_backend be_sslmonitor if host_sslmonitor use_backend be_portainer if host_portainer use_backend be_drawio if host_drawio use_backend be_openspeedtest if host_openspeedtest default_backend be_404 backend be_hosts server s1 hosts_app:5580 check backend be_routerosbackup server s1 routeros_backup:5581 check backend be_routerosupdate server s1 routeros_update:5582 check backend be_sslmonitor server s1 ssl_monitor:5583 check backend be_portainer server s1 portainer:9000 check backend be_drawio server s1 drawio:8080 check backend be_openspeedtest server s1 openspeedtest:3000 check backend be_404 http-request deny deny_status 404