I’ve used haproxy before in a standard environment, so I played around with the container a bit, but I didn’t find a very straightforward way to get it running with let’s encrypt. I thought about building my own custom container, but while hunting around on the net I ran across caddy and was able to get it running pretty easily. It’s running well enough for what I need, but I would be curious if anyone has a good haproxy setup running as caddy is not quite as performant and I could see wanting to switch back to haproxy in some situations. Pointers would be appreciated.
Yes you can run LetsEncrypt on HAProxy frontend (I have done it) - it is not mikrotik specific and I would suggest asking in a community forum based around those technologies for more in-depth answer.
- Make your renew script use local server on custom port
- Create backend to that webserver in haproxy
- have acl on frontend based on “/.well-known/” uri matching to redirect those requests to the letsencrypt backend
Yeah, it just seems a bit more complicated with containers. I think it’s either build your own container with the let’s encrypt bits you need, or combine two existing standard containers with a shared mount to store the certificates. I’m not a big user of containers so it was a bit more work than I wanted to deal with at the time I was trying it out. If I end up needing haproxy on a router instead of caddy for performance sake I will probably just end up building a custom container for it. I was just wondering if anyone has already worked it out and had any pointers.