diff --git a/Dockerfile b/Dockerfile
index d805a3b..01563cb 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -3,7 +3,7 @@
 # HAProxy image with certbot for certificate generation and renewal
 #
 # -----------------------------------------------------------------------------------------------
-FROM haproxy:2.7.8-alpine
+FROM haproxy:2.8-alpine
 MAINTAINER support@openremote.io
 
 USER root
diff --git a/haproxy.cfg b/haproxy.cfg
index df82b20..3834a09 100644
--- a/haproxy.cfg
+++ b/haproxy.cfg
@@ -15,6 +15,8 @@ global
 	ssl-default-bind-ciphersuites TLS_AES_128_GCM_SHA256:TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256
 	# Require TLS 1.2 or higher
 	ssl-default-bind-options      ssl-min-ver TLSv1.2 prefer-client-ciphers
+	# Works around breaking change in docker 23+ - just uses the old docker default value
+	fd-hard-limit 1048576
 
 defaults
     log global
@@ -58,26 +60,47 @@ frontend https
 
     # Optional: redirects for root requests with certain host names to service paths
     acl is_root path -i /
-    acl is_redirect_1 hdr(host) -i "${PROXY_HOST_REDIRECT_1_NAME}"
-    acl is_redirect_2 hdr(host) -i "${PROXY_HOST_REDIRECT_2_NAME}"
-    acl is_redirect_3 hdr(host) -i "${PROXY_HOST_REDIRECT_3_NAME}"
-    acl is_redirect_4 hdr(host) -i "${PROXY_HOST_REDIRECT_4_NAME}"
-    acl is_redirect_5 hdr(host) -i "${PROXY_HOST_REDIRECT_5_NAME}"
-    acl is_redirect_6 hdr(host) -i "${PROXY_HOST_REDIRECT_6_NAME}"
-    acl is_redirect_7 hdr(host) -i "${PROXY_HOST_REDIRECT_7_NAME}"
-    acl is_redirect_8 hdr(host) -i "${PROXY_HOST_REDIRECT_8_NAME}"
-    acl is_redirect_9 hdr(host) -i "${PROXY_HOST_REDIRECT_9_NAME}"
-    acl is_redirect_10 hdr(host) -i "${PROXY_HOST_REDIRECT_10_NAME}"
-    redirect code 302 location "https://${DOMAINNAME}${PROXY_HOST_REDIRECT_1_TARGET}" if is_root is_redirect_1
-    redirect code 302 location "https://${DOMAINNAME}${PROXY_HOST_REDIRECT_2_TARGET}" if is_root is_redirect_2
-    redirect code 302 location "https://${DOMAINNAME}${PROXY_HOST_REDIRECT_3_TARGET}" if is_root is_redirect_3
-    redirect code 302 location "https://${DOMAINNAME}${PROXY_HOST_REDIRECT_4_TARGET}" if is_root is_redirect_4
-    redirect code 302 location "https://${DOMAINNAME}${PROXY_HOST_REDIRECT_5_TARGET}" if is_root is_redirect_5
-    redirect code 302 location "https://${DOMAINNAME}${PROXY_HOST_REDIRECT_6_TARGET}" if is_root is_redirect_6
-    redirect code 302 location "https://${DOMAINNAME}${PROXY_HOST_REDIRECT_7_TARGET}" if is_root is_redirect_7
-    redirect code 302 location "https://${DOMAINNAME}${PROXY_HOST_REDIRECT_8_TARGET}" if is_root is_redirect_8
-    redirect code 302 location "https://${DOMAINNAME}${PROXY_HOST_REDIRECT_9_TARGET}" if is_root is_redirect_9
-    redirect code 302 location "https://${DOMAINNAME}${PROXY_HOST_REDIRECT_10_TARGET}" if is_root is_redirect_10
+
+	.if defined(PROXY_HOST_REDIRECT_1_TARGET)
+		acl is_redirect_1 hdr(host) -i ${PROXY_HOST_REDIRECT_1_NAME}
+		http-request redirect code 302 location https://env(DOMAINNAME)env(PROXY_HOST_REDIRECT_1_TARGET) if is_root is_redirect_1
+	.endif
+	.if defined(PROXY_HOST_REDIRECT_2_TARGET)
+		acl is_redirect_2 hdr(host) -i ${PROXY_HOST_REDIRECT_2_NAME}
+		http-request redirect code 302 location https://env(DOMAINNAME)env(PROXY_HOST_REDIRECT_2_TARGET) if is_root is_redirect_2
+	.endif
+	.if defined(PROXY_HOST_REDIRECT_3_TARGET)
+		acl is_redirect_3 hdr(host) -i ${PROXY_HOST_REDIRECT_3_NAME}
+		http-request redirect code 302 location https://env(DOMAINNAME)env(PROXY_HOST_REDIRECT_3_TARGET) if is_root is_redirect_3
+	.endif
+	.if defined(PROXY_HOST_REDIRECT_4_TARGET)
+		acl is_redirect_4 hdr(host) -i ${PROXY_HOST_REDIRECT_4_NAME}
+		http-request redirect code 302 location https://env(DOMAINNAME)env(PROXY_HOST_REDIRECT_4_TARGET) if is_root is_redirect_4
+	.endif
+	.if defined(PROXY_HOST_REDIRECT_5_TARGET)
+		acl is_redirect_5 hdr(host) -i ${PROXY_HOST_REDIRECT_5_NAME}
+		http-request redirect code 302 location https://env(DOMAINNAME)env(PROXY_HOST_REDIRECT_5_TARGET) if is_root is_redirect_5
+	.endif
+	.if defined(PROXY_HOST_REDIRECT_6_TARGET)
+		acl is_redirect_6 hdr(host) -i ${PROXY_HOST_REDIRECT_6_NAME}
+		http-request redirect code 302 location https://env(DOMAINNAME)env(PROXY_HOST_REDIRECT_6_TARGET) if is_root is_redirect_6
+	.endif
+	.if defined(PROXY_HOST_REDIRECT_7_TARGET)
+		acl is_redirect_7 hdr(host) -i ${PROXY_HOST_REDIRECT_7_NAME}
+		http-request redirect code 302 location https://env(DOMAINNAME)env(PROXY_HOST_REDIRECT_7_TARGET) if is_root is_redirect_7
+	.endif
+	.if defined(PROXY_HOST_REDIRECT_8_TARGET)
+		acl is_redirect_8 hdr(host) -i ${PROXY_HOST_REDIRECT_8_NAME}
+		http-request redirect code 302 location https://env(DOMAINNAME)env(PROXY_HOST_REDIRECT_8_TARGET) if is_root is_redirect_8
+	.endif
+	.if defined(PROXY_HOST_REDIRECT_9_TARGET)
+		acl is_redirect_9 hdr(host) -i ${PROXY_HOST_REDIRECT_9_NAME}
+		http-request redirect code 302 location https://env(DOMAINNAME)env(PROXY_HOST_REDIRECT_9_TARGET) if is_root is_redirect_9
+	.endif
+	.if defined(PROXY_HOST_REDIRECT_10_TARGET)
+		acl is_redirect_10 hdr(host) -i ${PROXY_HOST_REDIRECT_10_NAME}
+		http-request redirect code 302 location https://env(DOMAINNAME)env(PROXY_HOST_REDIRECT_10_TARGET) if is_root is_redirect_10
+	.endif
 
     # Enable X-Forwarded header(s)
     option forwardfor
@@ -86,7 +109,7 @@ frontend https
     http-request add-header X-Forwarded-Port %[dst_port]
     http-request add-header Strict-Transport-Security max-age=15768000
 
-    acl auth url_beg /auth
+    acl auth path_beg /auth
     use_backend keycloak_backend if auth
     use_backend manager_backend