thingsboard/msa/docker/haproxy/config/haproxy.cfg

#HA Proxy Config
global
 maxconn 4096

 log 127.0.0.1 local0
 log 127.0.0.1 local1 notice

 ca-base /etc/ssl/certs
 crt-base /etc/ssl/private

 ssl-default-bind-ciphers ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AESGCM:RSA+AES:RSA+3DES:!aNULL:!MD5:!DSS
 ssl-default-bind-options no-sslv3

defaults

 option forwardfor

 log global

 mode http

 timeout connect 5000ms
 timeout client 50000ms
 timeout server 50000ms

listen stats
 bind *:9999
 stats enable
 stats hide-version
 stats uri /stats
 stats auth admin:admin@123

frontend http-in
 bind *:${HTTP_PORT}

 reqadd X-Forwarded-Proto:\ http

 acl transport_http_acl path_beg /api/v1/
 acl letsencrypt_http_acl path_beg /.well-known/acme-challenge/
 redirect scheme https if !letsencrypt_http_acl !transport_http_acl
 use_backend letsencrypt_http if letsencrypt_http_acl
 use_backend tb-http-backend if transport_http_acl

 default_backend tb-web-backend

frontend https_in
  bind *:${HTTPS_PORT} ssl crt /usr/local/etc/haproxy/default.pem crt /usr/local/etc/haproxy/certs.d ciphers ECDHE-RSA-AES256-SHA:RC4-SHA:RC4:HIGH:!MD5:!aNULL:!EDH:!AESGCM

  reqadd X-Forwarded-Proto:\ https

  default_backend tb-web-backend

frontend mqtt-in
  mode tcp
  bind *:${MQTT_PORT}

  default_backend tb-mqtt-backend

backend letsencrypt_http
  server letsencrypt_http_srv 127.0.0.1:8080

backend tb-web-backend
  balance leastconn
  option tcp-check
  option log-health-checks
  server tbWeb1 tb-web-ui1:8080 check
  server tbWeb2 tb-web-ui2:8080 check
  http-request set-header X-Forwarded-Port %[dst_port]

backend tb-mqtt-backend
  balance leastconn
  option tcp-check
  option log-health-checks
  server tbMqtt1 tb-mqtt-transport1:1883 check
  server tbMqtt2 tb-mqtt-transport2:1883 check

backend tb-http-backend
  balance leastconn
  option tcp-check
  option log-health-checks
  server tbHttp1 tb-http-transport1:8081 check
  server tbHttp2 tb-http-transport2:8081 check