Splits haproxy-confd in 2 images

2014-10-27 11:40:36 +00:00 · 2014-10-27 11:40:36 +00:00 · 9210f0ea75
commit 9210f0ea75
parent 57e51fbd67
6 changed files with 107 additions and 2 deletions
--- a/confd/conf.d/crt-list.toml
+++ b/confd/conf.d/crt-list.toml
@ -0,0 +1,7 @@
+[template]
+src  = "crt-list.tmpl"
+dest = "/etc/haproxy/crt-list"
+keys = [
+  "/services"
+]
+reload_cmd = "/docker kill --signal=\"SIGUSR1\" haproxy"
--- a/confd/conf.d/haproxy.toml
+++ b/confd/conf.d/haproxy.toml
@ -0,0 +1,7 @@
+[template]
+src  = "haproxy.cfg.tmpl"
+dest = "/etc/haproxy/haproxy.cfg"
+keys = [
+  "/services"
+]
+reload_cmd = "/docker kill --signal=\"SIGUSR1\" haproxy"
--- a/confd/templates/crt-list.tmpl
+++ b/confd/templates/crt-list.tmpl
@ -0,0 +1,7 @@
+{{range $app := lsdir "/services"}}
+{{$hostnames := printf "/services/%s/*" $app}}
+  {{range gets $hostnames}}
+    {{$hostname := .Key}}
+/etc/haproxy/approved-certs/{{base $hostname}}.pem {{base $hostname}}
+  {{end}}
+{{end}}
--- a/confd/templates/haproxy.cfg.tmpl
+++ b/confd/templates/haproxy.cfg.tmpl
@ -0,0 +1,63 @@
+{{$default_service_value := getv "/services/default"}}
+{{$default_service := json $default_service_value}}
+{{$default_url := printf "/services/%s/%s" $default_service.app $default_service.hostname}}
+{{$default_value := getv $default_url}}
+{{$default := json $default_value}}
+{{$default := json $default_value}}
+global
+  maxconn 4096
+  user haproxy
+  group haproxy
+
+defaults
+  mode http
+  option httplog
+  option dontlognull
+  retries 3
+  timeout connect 5000
+  timeout client 50000
+  timeout server 50000
+
+frontend https-in
+mode http
+  bind *:443 ssl crt-list /etc/haproxy/crt-list crt /etc/haproxy/approved-certs/{{$default_service.hostname}}.pem
+  reqadd X-Forwarded-Proto:\ https
+{{range $app := lsdir "/services"}}
+{{$hostnames := printf "/services/%s/*" $app}}
+  {{range gets $hostnames}}
+    {{$hostname := .Key}}
+    {{$data := json .Value}}
+# {{base $hostname}}:
+  acl https_{{base $hostname}} hdr(host) -i {{base $hostname}}
+  use_backend {{base $hostname}} if https_{{base $hostname}}
+  {{end}}
+{{end}}
+
+default_backend {{$default_service.hostname}}
+
+frontend http-in
+  bind *:80
+{{range $app := lsdir "/services"}}
+{{$hostnames := printf "/services/%s/*" $app}}
+  {{range gets $hostnames}}
+    {{$hostname := .Key}}
+    {{$data := json .Value}}
+# {{base $hostname}}:
+  acl is_{{base $hostname}} hdr(host) -i {{base $hostname}}
+  use_backend {{base $hostname}} if is_{{base $hostname}}
+  {{end}}
+{{end}}
+
+{{range $app := lsdir "/services"}}
+{{$hostnames := printf "/services/%s/*" $app}}
+  {{range gets $hostnames}}
+    {{$hostname := .Key}}
+    {{$data := json .Value}}
+# {{base $hostname}}:
+backend {{base $hostname}}
+  cookie SERVERID insert nocache indirect
+  option httpclose
+  option forwardfor
+  server Server {{$data.ip}}:{{$data.port}} cookie Server
+  {{end}}
+{{end}}
--- a/unit-files/haproxy-confd.service
+++ b/unit-files/haproxy-confd.service
@ -0,0 +1,21 @@
+[Unit]
+Description=%p
+After=docker.service
+Requires=docker.service
+
+[Service]
+Restart=always
+TimeoutStartSec=0
+ExecStartPre=-/usr/bin/docker kill %p
+ExecStartPre=-/usr/bin/docker rm %p
+ExecStart=/usr/bin/docker run\
+--name %p\
+-v /data/server-wide/haproxy/:/etc/haproxy/\
+-v /data/indiehosters/confd/:/etc/confd/\
+-v /var/run/docker.sock:/var/run/docker.sock\
+indiehosters/confd
+ExecReload=/usr/bin/docker restart %p
+ExecStop=/usr/bin/docker stop %p
+
+[Install]
+WantedBy=multi-user.target
--- a/unit-files/haproxy.service
+++ b/unit-files/haproxy.service
@ -10,10 +10,10 @@ ExecStartPre=-/usr/bin/docker kill %p
 ExecStartPre=-/usr/bin/docker rm %p
 ExecStart=/usr/bin/docker run\
 --name %p\
+-v /data/server-wide/haproxy:/etc/haproxy\
 -p 80:80\
 -p 443:443\
-v /data/server-wide/haproxy/approved-certs/:/etc/haproxy/approved-certs\
-indiehosters/haproxy-confd
+indiehosters/haproxy
 ExecReload=/usr/bin/docker restart %p
 ExecStop=/usr/bin/docker stop %p