Running HAProxy as Reverse proxy using container

I have simple haproxy.cfg working on a VM.

frontend main
mode http
bind :80
bind :443 ssl crt /etc/haproxy/certs/current/my.pem
http-request redirect scheme https unless { ssl_fc }
default_backend app

frontend stagesvc-api
bind *:8001-8005 ssl crt /etc/haproxy/certs/current/my.pem ssl crt /etc/haproxy/certs/current
mode http
acl acl_stagesvc-api hdr(host) -i
acl acl_stagesvc-api hdr_beg(host) -i
use_backend bk_stagesvc-api if acl_stagesvc-api

backend bk_stagesvc-api
acl forwarded_proto hdr_cnt(X-Forwarded-Proto) eq 0
acl forwarded_port hdr_cnt(X-Forwarded-Port) eq 0
http-request add-header X-Forwarded-Port %[dst_port] if forwarded_port
http-request add-header X-Forwarded-Proto https if { ssl_fc } forwarded_proto
mode http
server app2 check port 8001

I would like to use HAProxy docker image instead and achieve same as above.

#ls haproxy/
drwxr-xr-x 3 haproxy haproxy 21 Jul 26 17:21 certs
-rwxr-xr-x 1 haproxy haproxy 6902 Aug 16 23:57 haproxy.cfg

#docker run -d --name haproxy-lb -p 80:80 -v $PWD/haproxy:/usr/local/etc/haproxy:ro haproxy:2.4.2

docker: Error response from daemon: driver failed programming external connectivity on endpoint haproxy-lb (06103ac6b845c6f9fcce50c76b35931756e69af5635f038c7220037fc0f10555): (iptables failed: iptables --wait -t filter -A DOCKER ! -i docker0 -o docker0 -p tcp -d --dport 80 -j ACCEPT: iptables: No chain/target/match by that name.

Any help or pointers is appreciated!


It looks like it’s more a Docker issue than a Haproxy issue. When you publish a port with Docker, an iptables rule is added to route the traffic to the published port. This part seems not working. Maybe try to restart your docker daemon or re install it.