Commit 8e1ab408 authored by Lukáš Lalinský's avatar Lukáš Lalinský

Fix haproxy support

parent 07ba945e
Pipeline #20198 failed with stage
in 19 seconds
......@@ -6,10 +6,11 @@ RUN go build ./cmd/docker_https_proxy
FROM ubuntu:18.04
RUN apt-get update && \
apt-get install -y dumb-init software-properties-common ssl-cert haproxy && \
apt-get install -y dumb-init software-properties-common ssl-cert && \
add-apt-repository ppa:certbot/certbot && \
add-apt-repository ppa:vbernat/haproxy-1.9 && \
apt-get update && \
apt-get install -y certbot && \
apt-get install -y certbot haproxy && \
mkdir -p /etc/https-proxy/sites
COPY --from=builder /go/src/github.com/acoustid/docker-https-proxy/docker_https_proxy /usr/local/bin/
......
......@@ -86,6 +86,10 @@ func (s *LetsEncryptServer) renewSslCerts() error {
"--max-log-backups", "0",
)
if s.dryRun {
cmd.Args = append(cmd.Args, "--dry-run")
}
log.Printf("starting certbot: %v %v", cmd.Path, cmd.Args)
output, err := cmd.CombinedOutput()
if err == nil {
......
......@@ -66,13 +66,18 @@ type siteRouteInfo struct {
const haproxyConfigTemplate = `
global
maxconn 1024
log stderr format raw daemon notice
tune.ssl.default-dh-param 2048
defaults
log global
mode http
timeout connect 60s
timeout client 1h
timeout server 1h
log stdout format raw daemon
{{- if .EnableHTTPLog}}
option httplog
{{- end}}
resolvers main
nameserver dns1 {{$.Resolver}}:53
......@@ -151,6 +156,7 @@ type ProxyServer struct {
LetsEncrypt *letsEncryptInfo
Resolver string
SSLDir string
EnableHTTPLog bool
}
// NewProxyServer creates a new ProxyServer instance.
......@@ -207,6 +213,10 @@ func (p *ProxyServer) loadSslCerts() error {
return err
}
if valid {
err = p.mergeCertificateFiles(domain, info.CertificatePath, info.PrivateKeyPath)
if err != nil {
return err
}
info.Valid = true
p.sslCerts[domain] = info
}
......@@ -446,6 +456,10 @@ func (p *ProxyServer) Run() error {
p.Resolver = resolver
}
if IsTrueValue(os.Getenv("PROXY_HTTP_LOG")) {
p.EnableHTTPLog = true
}
var err error
err = os.MkdirAll(p.SitesDir, 0755)
......
......@@ -80,6 +80,7 @@ func TestRenderTemplate(t *testing.T) {
},
},
})
proxy.EnableHTTPLog = true
var builder strings.Builder
err := proxy.haproxyConfigTmpl.Execute(&builder, proxy)
if err != nil {
......@@ -89,22 +90,25 @@ func TestRenderTemplate(t *testing.T) {
expectedOutput := `
global
maxconn 1024
log stderr format raw daemon notice
tune.ssl.default-dh-param 2048
defaults
log global
mode http
timeout connect 60s
timeout client 1h
timeout server 1h
log stdout format raw daemon
option httplog
resolvers main
nameserver dns1 127.0.0.11
nameserver dns1 127.0.0.11:53
frontend fe_http
bind *:80
acl is_letsencrypt path_beg /.well-known/acme-challenge
redirect scheme https code 301 if !is_letsencrypt
use_backend be_letsencrypt if is_letsencrypt
redirect scheme https code 301
frontend fe_https
bind *:443 ssl crt /etc/haproxy/ssl/
......
......@@ -12,6 +12,7 @@ services:
build: .
environment:
PROXY_LETSENCRYPT_SERVER_HOST: letsencrypt
PROXY_HTTP_LOG: 1
ports:
- "127.0.0.1:80:80"
- "127.0.0.1:443:443"
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment