My setups are similar. HAProxy as an SSL terminator for all domains. Unencrypted proxy to the services after that. Nginx can use v2 proxy which is nice.
I have a bunch of scripts that collect all the domains and then generate / renew the certs with acme.sh . HAProxy can reload certs with no downtime as well.
My setups are similar. HAProxy as an SSL terminator for all domains. Unencrypted proxy to the services after that. Nginx can use v2 proxy which is nice.
I have a bunch of scripts that collect all the domains and then generate / renew the certs with acme.sh . HAProxy can reload certs with no downtime as well.