Changes in e52787a: Updated haproxy-letsencrypt-docker.md

				haproxy-letsencrypt-docker.md
			
          @@ -186,7 +186,7 @@ backend domain2

           What's going on here then?

           * The global section logs everything to stdout, because that's what you do with docker. [rule 6](/rules#6-thou-shalt-respect-the-sanctity-of-stdout) does not apply in dockerland.

          -* We're setting the Mozilla recommended ciphers and DH values. Check the [current recommendations](https://mozilla.github.io/server-side-tls/ssl-config-generator/) if you're foolish enough to go into production with this stuff.

          +* We're setting the Mozilla recommended ciphers and DH values. Check the [current recommendations](https://mozilla.github.io/server-side-tls/ssl-config-generator/) if you're mental enough to go into production with this stuff.

           * We're using 'resolvers' and 'default-server init-addr none' to get around the problem of containers not being up at haproxy startup time. Docker with user-defined networks always puts a resolver at 127.0.0.11:53, and haproxy can use that to resolve container names at *runtime* instead of *startup* time.

           * We're *not* running 'check' on the letsencrypt backend - it will be down most of the time, and we don't care.

           * We're binding to port 8080 and 8443, and setting the cert to the Let's Encrypt cert we dumped out in the previous section. The ports will be mapped back to 80 and 443 by docker later on.

...	...	@@ -186,7 +186,7 @@ backend domain2
186	186
187	187	What's going on here then?
188	188	* The global section logs everything to stdout, because that's what you do with docker. [rule 6](/rules#6-thou-shalt-respect-the-sanctity-of-stdout) does not apply in dockerland.
189		-* We're setting the Mozilla recommended ciphers and DH values. Check the [current recommendations](https://mozilla.github.io/server-side-tls/ssl-config-generator/) if you're foolish enough to go into production with this stuff.
	189	+* We're setting the Mozilla recommended ciphers and DH values. Check the [current recommendations](https://mozilla.github.io/server-side-tls/ssl-config-generator/) if you're mental enough to go into production with this stuff.
190	190	* We're using 'resolvers' and 'default-server init-addr none' to get around the problem of containers not being up at haproxy startup time. Docker with user-defined networks always puts a resolver at 127.0.0.11:53, and haproxy can use that to resolve container names at runtime instead of startup time.
191	191	* We're not running 'check' on the letsencrypt backend - it will be down most of the time, and we don't care.
192	192	* We're binding to port 8080 and 8443, and setting the cert to the Let's Encrypt cert we dumped out in the previous section. The ports will be mapped back to 80 and 443 by docker later on.