Splits haproxy-confd in 2 images
This commit is contained in:
parent
57e51fbd67
commit
9210f0ea75
6 changed files with 107 additions and 2 deletions
7
confd/conf.d/crt-list.toml
Normal file
7
confd/conf.d/crt-list.toml
Normal file
|
@ -0,0 +1,7 @@
|
||||||
|
[template]
|
||||||
|
src = "crt-list.tmpl"
|
||||||
|
dest = "/etc/haproxy/crt-list"
|
||||||
|
keys = [
|
||||||
|
"/services"
|
||||||
|
]
|
||||||
|
reload_cmd = "/docker kill --signal=\"SIGUSR1\" haproxy"
|
7
confd/conf.d/haproxy.toml
Normal file
7
confd/conf.d/haproxy.toml
Normal file
|
@ -0,0 +1,7 @@
|
||||||
|
[template]
|
||||||
|
src = "haproxy.cfg.tmpl"
|
||||||
|
dest = "/etc/haproxy/haproxy.cfg"
|
||||||
|
keys = [
|
||||||
|
"/services"
|
||||||
|
]
|
||||||
|
reload_cmd = "/docker kill --signal=\"SIGUSR1\" haproxy"
|
7
confd/templates/crt-list.tmpl
Normal file
7
confd/templates/crt-list.tmpl
Normal file
|
@ -0,0 +1,7 @@
|
||||||
|
{{range $app := lsdir "/services"}}
|
||||||
|
{{$hostnames := printf "/services/%s/*" $app}}
|
||||||
|
{{range gets $hostnames}}
|
||||||
|
{{$hostname := .Key}}
|
||||||
|
/etc/haproxy/approved-certs/{{base $hostname}}.pem {{base $hostname}}
|
||||||
|
{{end}}
|
||||||
|
{{end}}
|
63
confd/templates/haproxy.cfg.tmpl
Normal file
63
confd/templates/haproxy.cfg.tmpl
Normal file
|
@ -0,0 +1,63 @@
|
||||||
|
{{$default_service_value := getv "/services/default"}}
|
||||||
|
{{$default_service := json $default_service_value}}
|
||||||
|
{{$default_url := printf "/services/%s/%s" $default_service.app $default_service.hostname}}
|
||||||
|
{{$default_value := getv $default_url}}
|
||||||
|
{{$default := json $default_value}}
|
||||||
|
{{$default := json $default_value}}
|
||||||
|
global
|
||||||
|
maxconn 4096
|
||||||
|
user haproxy
|
||||||
|
group haproxy
|
||||||
|
|
||||||
|
defaults
|
||||||
|
mode http
|
||||||
|
option httplog
|
||||||
|
option dontlognull
|
||||||
|
retries 3
|
||||||
|
timeout connect 5000
|
||||||
|
timeout client 50000
|
||||||
|
timeout server 50000
|
||||||
|
|
||||||
|
frontend https-in
|
||||||
|
mode http
|
||||||
|
bind *:443 ssl crt-list /etc/haproxy/crt-list crt /etc/haproxy/approved-certs/{{$default_service.hostname}}.pem
|
||||||
|
reqadd X-Forwarded-Proto:\ https
|
||||||
|
{{range $app := lsdir "/services"}}
|
||||||
|
{{$hostnames := printf "/services/%s/*" $app}}
|
||||||
|
{{range gets $hostnames}}
|
||||||
|
{{$hostname := .Key}}
|
||||||
|
{{$data := json .Value}}
|
||||||
|
# {{base $hostname}}:
|
||||||
|
acl https_{{base $hostname}} hdr(host) -i {{base $hostname}}
|
||||||
|
use_backend {{base $hostname}} if https_{{base $hostname}}
|
||||||
|
{{end}}
|
||||||
|
{{end}}
|
||||||
|
|
||||||
|
default_backend {{$default_service.hostname}}
|
||||||
|
|
||||||
|
frontend http-in
|
||||||
|
bind *:80
|
||||||
|
{{range $app := lsdir "/services"}}
|
||||||
|
{{$hostnames := printf "/services/%s/*" $app}}
|
||||||
|
{{range gets $hostnames}}
|
||||||
|
{{$hostname := .Key}}
|
||||||
|
{{$data := json .Value}}
|
||||||
|
# {{base $hostname}}:
|
||||||
|
acl is_{{base $hostname}} hdr(host) -i {{base $hostname}}
|
||||||
|
use_backend {{base $hostname}} if is_{{base $hostname}}
|
||||||
|
{{end}}
|
||||||
|
{{end}}
|
||||||
|
|
||||||
|
{{range $app := lsdir "/services"}}
|
||||||
|
{{$hostnames := printf "/services/%s/*" $app}}
|
||||||
|
{{range gets $hostnames}}
|
||||||
|
{{$hostname := .Key}}
|
||||||
|
{{$data := json .Value}}
|
||||||
|
# {{base $hostname}}:
|
||||||
|
backend {{base $hostname}}
|
||||||
|
cookie SERVERID insert nocache indirect
|
||||||
|
option httpclose
|
||||||
|
option forwardfor
|
||||||
|
server Server {{$data.ip}}:{{$data.port}} cookie Server
|
||||||
|
{{end}}
|
||||||
|
{{end}}
|
21
unit-files/haproxy-confd.service
Normal file
21
unit-files/haproxy-confd.service
Normal file
|
@ -0,0 +1,21 @@
|
||||||
|
[Unit]
|
||||||
|
Description=%p
|
||||||
|
After=docker.service
|
||||||
|
Requires=docker.service
|
||||||
|
|
||||||
|
[Service]
|
||||||
|
Restart=always
|
||||||
|
TimeoutStartSec=0
|
||||||
|
ExecStartPre=-/usr/bin/docker kill %p
|
||||||
|
ExecStartPre=-/usr/bin/docker rm %p
|
||||||
|
ExecStart=/usr/bin/docker run\
|
||||||
|
--name %p\
|
||||||
|
-v /data/server-wide/haproxy/:/etc/haproxy/\
|
||||||
|
-v /data/indiehosters/confd/:/etc/confd/\
|
||||||
|
-v /var/run/docker.sock:/var/run/docker.sock\
|
||||||
|
indiehosters/confd
|
||||||
|
ExecReload=/usr/bin/docker restart %p
|
||||||
|
ExecStop=/usr/bin/docker stop %p
|
||||||
|
|
||||||
|
[Install]
|
||||||
|
WantedBy=multi-user.target
|
|
@ -10,10 +10,10 @@ ExecStartPre=-/usr/bin/docker kill %p
|
||||||
ExecStartPre=-/usr/bin/docker rm %p
|
ExecStartPre=-/usr/bin/docker rm %p
|
||||||
ExecStart=/usr/bin/docker run\
|
ExecStart=/usr/bin/docker run\
|
||||||
--name %p\
|
--name %p\
|
||||||
|
-v /data/server-wide/haproxy:/etc/haproxy\
|
||||||
-p 80:80\
|
-p 80:80\
|
||||||
-p 443:443\
|
-p 443:443\
|
||||||
-v /data/server-wide/haproxy/approved-certs/:/etc/haproxy/approved-certs\
|
indiehosters/haproxy
|
||||||
indiehosters/haproxy-confd
|
|
||||||
ExecReload=/usr/bin/docker restart %p
|
ExecReload=/usr/bin/docker restart %p
|
||||||
ExecStop=/usr/bin/docker stop %p
|
ExecStop=/usr/bin/docker stop %p
|
||||||
|
|
||||||
|
|
Loading…
Reference in a new issue