HAProxy Config Help

I am new to the forum, and I have been reading all the posts that I can find on HAProxy configs, but they don’t seem to be addressing my specific need.

Here is my situation.

I am trying to setup next cloud on lxc / lxd containers and I need to be able to run more than 1 instance for me and my cohorts that I work with, so they have there own private cloud.

One of the major components of that is to be able to route the traffic to the correct instance of nextcloud as well as be able to run the internal nextcloud.cc command to letsencrypt each instance.

I would be grateful if someone would review my config and help me get it to where I need it. HAProxy is a bit confusing to figure out. Thanks a bunch ! :slight_smile:

frontend localhost80

bind *:80
mode http
redirect scheme https code 301 if !{ ssl_fc }

frontend localhost443

bind *:443
option tcplog
mode tcp

acl tls req.ssl_hello_type 1

tcp-request inspect-delay 5s
tcp-request content accept if tls

acl is_inhomecc hdr_end(host) -i cloud.mydomain.net
acl inhomecc_path path_beg /cloud/

acl is_brd hdr_end(host) -i brd.mydomain.net
acl brd_path path_beg /bernard/

acl letsencrypt-acl path_beg /.well-known/acme-challenge/

use_backend inhomecc_cloud if is_inhomecc !inhomecc_path
use_backend brd_cloud if is_brd !brd_path
use_backend letsencrypt-backend if letsencrypt-acl

acl is_inhomecc req.ssl_sni -i cloud.mydomain.net ;- Tried testing
acl is_brd req.ssl_sni -i brd.mydomain.net ;- Tried testing

backend inhomecc_cloud

mode tcp
option ssl-hello-chk
server 192.168.1.155:443 check

backend brd_cloud

mode tcp
option ssl-hello-chk
server brd 192.168.1.154:443 check

As a side note? Do i need to have the container encrypted before it will connect due to the :443 check call? Because I get connection refused a lot and sometimes timed out.