Adds confd support!
This commit is contained in:
pierreozoux
parent
dca19440a6
commit
c92a39ea60
19 changed files with 261 additions and 84 deletions
3
.gitignore
vendored
3
.gitignore
vendored
|
|
@ -1 +1,2 @@
|
|||
.vagrant
|
||||
.vagrant
|
||||
docker-haproxy-confd
|
||||
|
|
|
|||
2
Vagrantfile
vendored
2
Vagrantfile
vendored
|
|
@ -40,6 +40,7 @@ Vagrant.configure(VAGRANTFILE_API_VERSION) do |config|
|
|||
end
|
||||
|
||||
core.vm.hostname = HOSTNAME
|
||||
core.hostsupdater.aliases = ["example.dev"]
|
||||
core.vm.network :private_network, ip: "#{BASE_IP_ADDR}.#{i+1}"
|
||||
core.vm.synced_folder ".", "/data/infrastructure"
|
||||
core.vm.synced_folder "/data/per-user", "/data/per-user"
|
||||
|
|
@ -47,6 +48,7 @@ Vagrant.configure(VAGRANTFILE_API_VERSION) do |config|
|
|||
core.vm.synced_folder "/data/per-user", "/data/per-user", id: "coreos-per-user", :nfs => true, :mount_options => ['nolock,vers=3,udp']
|
||||
core.vm.provision :file, source: "./config/user-data", destination: "/tmp/vagrantfile-user-data"
|
||||
core.vm.provision :shell, path: "./scripts/setup.sh"
|
||||
core.vm.provision :shell, inline: "etcdctl set /services/default '{\"app\":\"nginx\", \"hostname\":\"#{HOSTNAME}\"}'"
|
||||
core.vm.provision :shell, path: "./scripts/approve-user.sh", args: [HOSTNAME, "nginx"]
|
||||
end
|
||||
end
|
||||
|
|
|
|||
|
|
@ -3,3 +3,9 @@
|
|||
coreos:
|
||||
update:
|
||||
reboot-strategy: best-effort
|
||||
etcd:
|
||||
addr: $public_ipv4:4001
|
||||
peer-addr: $public_ipv4:7001
|
||||
units:
|
||||
- name: etcd.service
|
||||
command: start
|
||||
|
|
|
|||
|
|
@ -3,29 +3,3 @@
|
|||
# Start service for new site (and create the user)
|
||||
systemctl enable $2@$1.service
|
||||
systemctl start $2@$1.service
|
||||
|
||||
sleep 10
|
||||
|
||||
# Configure new site in HAproxy
|
||||
IP=`docker inspect --format '{{.NetworkSettings.IPAddress}}' $2-$1`
|
||||
|
||||
echo IP address of new container \'$2-$1\' is \'$IP\'
|
||||
|
||||
if [ -f /data/per-user/$1/combined.pem ]; then
|
||||
echo Importing cert from /data/per-user/$1/combined.pem
|
||||
echo TODO: enforce validity check at this point!
|
||||
echo Please run scripts/check-cert.sh $1 to make sure it\'s OK
|
||||
mkdir -p /data/server-wide/haproxy/approved-certs
|
||||
cp /data/per-user/$1/combined.pem /data/server-wide/haproxy/approved-certs/$1.pem
|
||||
echo /haproxy-override/approved-certs/$1.pem $1 >> /data/server-wide/haproxy/certs/list.txt
|
||||
sed s/%HOSTNAME%/$1/g /data/infrastructure/templates/haproxy-cert.part >> /data/server-wide/haproxy/certs.part
|
||||
else
|
||||
echo WARNING: TLS cert /data/per-user/$1/combined.pem not found! Not enabling SNI for this domain.
|
||||
fi
|
||||
|
||||
sed s/%HOSTNAME%/$1/g /data/infrastructure/templates/haproxy-frontend.part >> /data/server-wide/haproxy/frontends.part
|
||||
|
||||
sed s/%HOSTNAME%/$1/g /data/infrastructure/templates/haproxy-backend.part | sed s/%IP%/$IP/g >> /data/server-wide/haproxy/backends.part
|
||||
|
||||
cat /data/server-wide/haproxy/haproxy-1.part /data/server-wide/haproxy/hostname.part /data/server-wide/haproxy/haproxy-2.part /data/server-wide/haproxy/certs.part /data/server-wide/haproxy/haproxy-3.part /data/server-wide/haproxy/hostname.part /data/server-wide/haproxy/haproxy-4.part /data/server-wide/haproxy/frontends.part /data/server-wide/haproxy/backends.part > /data/server-wide/haproxy/haproxy.cfg
|
||||
systemctl reload haproxy.service
|
||||
|
|
|
|||
|
|
@ -8,21 +8,13 @@ cp /data/infrastructure/unit-files/* /etc/systemd/system
|
|||
systemctl daemon-reload
|
||||
|
||||
# Pull relevant docker images
|
||||
docker pull pierreozoux/haproxy-confd
|
||||
docker pull tutum/mysql
|
||||
docker pull tutum/wordpress-stackable
|
||||
docker pull tutum/nginx
|
||||
|
||||
# Configure and start HAproxy
|
||||
docker pull dockerfile/haproxy
|
||||
mkdir -p /data/server-wide/haproxy/certs
|
||||
touch /data/server-wide/haproxy/certs/list.txt
|
||||
cp /data/infrastructure/templates/haproxy-*.part /data/server-wide/haproxy/
|
||||
rm /data/server-wide/haproxy/*.part
|
||||
#rm /etc/systemd/system/multi-user.target.wants/*
|
||||
touch /data/server-wide/haproxy/certs.part
|
||||
touch /data/server-wide/haproxy/frontends.part
|
||||
touch /data/server-wide/haproxy/backends.part
|
||||
hostname > /data/server-wide/haproxy/hostname.part
|
||||
cp /data/infrastructure/templates/haproxy-*.part /data/server-wide/haproxy/
|
||||
mkdir -p /data/server-wide/haproxy/approved-certs
|
||||
cp /data/infrastructure/scripts/unsecure-certs/*.pem /data/server-wide/haproxy/approved-certs
|
||||
systemctl enable haproxy.service
|
||||
systemctl start haproxy.service
|
||||
|
|
|
|||
83
scripts/unsecure-certs/example.dev.pem
Normal file
83
scripts/unsecure-certs/example.dev.pem
Normal file
|
|
@ -0,0 +1,83 @@
|
|||
-----BEGIN CERTIFICATE-----
|
||||
MIIFjDCCA3QCCQDmo57ouPDhnTANBgkqhkiG9w0BAQUFADCBhzELMAkGA1UEBhMC
|
||||
UFQxETAPBgNVBAgTCFBvcnR1Z2FsMQ8wDQYDVQQHEwZMaXNib24xFTATBgNVBAoT
|
||||
DEluZGllSG9zdGVyczEUMBIGA1UEAxMLZXhhbXBsZS5kZXYxJzAlBgkqhkiG9w0B
|
||||
CQEWGGNvbnRhY3RAaW5kaWVob3N0ZXJzLm5ldDAeFw0xNDEwMTAxNTA3MDVaFw0x
|
||||
NTEwMTAxNTA3MDVaMIGHMQswCQYDVQQGEwJQVDERMA8GA1UECBMIUG9ydHVnYWwx
|
||||
DzANBgNVBAcTBkxpc2JvbjEVMBMGA1UEChMMSW5kaWVIb3N0ZXJzMRQwEgYDVQQD
|
||||
EwtleGFtcGxlLmRldjEnMCUGCSqGSIb3DQEJARYYY29udGFjdEBpbmRpZWhvc3Rl
|
||||
cnMubmV0MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAm/gbDGFtfMzT
|
||||
nVZaPBQNl7SqMUMhTlDoR2C24W53QPslLuqBGkatbBs+9jWKGm2XPWeuK0uC2ot6
|
||||
fIie72wghFepmzIdAb7SU0lpFVw49dk1nGVHIqwbFA3G6pYL7hY5ocD4HziNKnuj
|
||||
ZA42a+rjpYl3zx/4GgcWnNyuawlsIMI8rdvuv5Mg77fGaVSXriJKQ1nTJ/Z65CDU
|
||||
U6c9vzXSGkye3i0gv/8tZ0VA8xgV9FoXsLWhP7NLWDAh5+X/4aJpIFjvwzYSJLBr
|
||||
3O9siP17NZuJI+7zB6KVlBeoSt2Dmt3k7fG2YrpwTzFlFBMr4Hq6T+wp+Q2J1JQP
|
||||
Jm1s3lr2vJwmLVKlUspgT+zpuTAsUHOv2xxmbb+8k8ZE5II9IzAcE85C75bvL3An
|
||||
fG0xQlF2+dOcXgvYFtRyeJ8fCIEjQBkOoUJq4H2inTwM2IYo060FF32jEVgFB5ZP
|
||||
xuEsxEOGusUmOFsm8dIwaXv/WCPXopt1EGKFcNZWLSMC0jX0d4jZP74D1K0u4VPV
|
||||
/kkQS6lUCK4qrq6tNm1R4TQlquefbfcwEhE8hVyUGcyDX6FOCL5z4lXal3gyUgbC
|
||||
B50WrOST4hShb8+cWngcvDTO78kLg/OhqYZZVbpAshcF60sugEYke0xGNArWMQMU
|
||||
5uxaWqPA3/gA3u4rJfWhLOwFIU+4ewsCAwEAATANBgkqhkiG9w0BAQUFAAOCAgEA
|
||||
JiUIK43wZ6PHYrinKZu1wgDSbL7g3mNxSf2NiTMbu11J0JvypJc19DZHoSq5S0XH
|
||||
yalW9Xeml9U8u/zHaciTwAaxWyj/gzqWyLBbd1xHTmdx+WvoG+OjcnYJYelrFzDH
|
||||
bd4XumR+oHBXUsCiCIyF0d4gJZRUH8OxpDN/dD828FlcmMaeaPBl/xLm1G5ZXnPE
|
||||
KNA8VR6ylo4w4HayQCjXI6qef29Y9I2Jvt9lREEpR5YoEnc1aj1ZJofeEzISfmhm
|
||||
3D2BiI2Hx6mMlBwE95D+c9HZZAQyvdPyUdcTto7dOiJUGGt3EqhBRPebhe0HNlj8
|
||||
L5h2/w1zChlQKWoFCZ4Uz6AJeibvPMZTEgihWtNWPyRAbjWL39GH1Emb/0m8ydaR
|
||||
NmQEFL9VApMAsUm0mNHjWZQOTL5PYwgfKloXWMJ+rCd9N54sUUj5tt+Zc7G4irUN
|
||||
Lnu8fYAaFC2BljANwQdy0H7pkVCYBcwwqvtKsrhX+FBGukkUjMo43FWep+fA82BU
|
||||
uU6mlnPKm9vRYHC9gkKJejzFNgDZaC7p+xiwOO53oY/mFPgEVoCWwO0zAc1AXaZV
|
||||
mJkkeYhRWpqmuxvqP+tpXFSfHu2Ee/RKBrrowWDOad3IlWuV7gt7Bo5ZBj+iqbPf
|
||||
Km1Y5oFRF+Kp1NoIL527LHGj7dDV8eXinRIb7CPtbL4=
|
||||
-----END CERTIFICATE-----
|
||||
-----BEGIN RSA PRIVATE KEY-----
|
||||
MIIJKQIBAAKCAgEAm/gbDGFtfMzTnVZaPBQNl7SqMUMhTlDoR2C24W53QPslLuqB
|
||||
GkatbBs+9jWKGm2XPWeuK0uC2ot6fIie72wghFepmzIdAb7SU0lpFVw49dk1nGVH
|
||||
IqwbFA3G6pYL7hY5ocD4HziNKnujZA42a+rjpYl3zx/4GgcWnNyuawlsIMI8rdvu
|
||||
v5Mg77fGaVSXriJKQ1nTJ/Z65CDUU6c9vzXSGkye3i0gv/8tZ0VA8xgV9FoXsLWh
|
||||
P7NLWDAh5+X/4aJpIFjvwzYSJLBr3O9siP17NZuJI+7zB6KVlBeoSt2Dmt3k7fG2
|
||||
YrpwTzFlFBMr4Hq6T+wp+Q2J1JQPJm1s3lr2vJwmLVKlUspgT+zpuTAsUHOv2xxm
|
||||
bb+8k8ZE5II9IzAcE85C75bvL3AnfG0xQlF2+dOcXgvYFtRyeJ8fCIEjQBkOoUJq
|
||||
4H2inTwM2IYo060FF32jEVgFB5ZPxuEsxEOGusUmOFsm8dIwaXv/WCPXopt1EGKF
|
||||
cNZWLSMC0jX0d4jZP74D1K0u4VPV/kkQS6lUCK4qrq6tNm1R4TQlquefbfcwEhE8
|
||||
hVyUGcyDX6FOCL5z4lXal3gyUgbCB50WrOST4hShb8+cWngcvDTO78kLg/OhqYZZ
|
||||
VbpAshcF60sugEYke0xGNArWMQMU5uxaWqPA3/gA3u4rJfWhLOwFIU+4ewsCAwEA
|
||||
AQKCAgBGDvYnY4QIsQDFBcrWfbN1V4OzSRIm2ZTcqwa60CHlIGqdXlzLbr/rdXmc
|
||||
ooP8RwnOXUoQzIRkoo5MbhnmNc2NZMscmTAKXqqfGrSHEbvMQtsf+yYu3tvy8BVP
|
||||
vkJxma4diE5rx70xPgQwp2muo/3Jl6wnb5bEKjbwEviNv9fABz+2YLond3Et/IC1
|
||||
Q3g2kdSF2E1PABpHaq+1O8QypXxQr+YUqnSxiW/dmXAJQeJqtiU6DPv3XxQS8tvo
|
||||
DJoZwhgynYBlUV5o+I4a2bkI98NmWw0JBQZJgbBqqw2/Qy0gXVe9wftI8bINAIUE
|
||||
tW/aD4as68oWwwwMXs1HV5O1dWqqrncx9SGNUSO+oqZPzjPBUtGpBj8sBOA6AgaU
|
||||
ohnUhx4NLd3KEl+3yLgyv16VsW3XkOCCdtEwKfhLMfPM95LtOx0z1YsGP2DHQIb1
|
||||
Q7lv81n5YCThIBxiRbDi46GgOAFukORb7rKfzu18qxiWyLLJ79QyONCdDZWU2jgA
|
||||
8t3Fwzv28nXIetfxoRj8v0+B3NPxWS2StZ8Gltj/zVdbqiUyAU4TeV655la9bI2R
|
||||
5NEQWW0q66BdJsSEnJ+6etM3yvaJ6rGw0Fz28JJuIwmc2uod14MgXFv3/ylg3bBK
|
||||
Ddhuaw78iOz+hYq2rOk6xGB1q+HTTc61bFe1iKouTrVKT2jBoQKCAQEAyzfVyfzv
|
||||
NS43ZcEe/MC+S8+zbjoxsS6b57hB6+lyokz2/YmliTpsmMgHnPSAWDUtXanGQjFY
|
||||
IsDpt3r1x9wyOuNblKN4Xj/LqK+8ZS+qIwmFc84r9b7I8Evm3YOsYkUSRoroDhz1
|
||||
eU09Df0YdLJaSTcJTvMm2LX+h3Yy6UTkHAg8nxI3PDF4SonV4QSf1LDWw1HGPiLv
|
||||
quBPHGOrgcXvEpNOuOCzjmW90LKrRyk1V1rX9F+8e+Dr1rWpJKLFYVz6DgB5NFEI
|
||||
rlz3PaZwQSdaeTMURt2Z9MErC3GHtGc+saf1vLdhQjoD2KAwG9FsqdtiaGX86Qh0
|
||||
3Llblry0FkOHQwKCAQEAxHqkuAWS9DOcZPTs4VlQHItnHI+qRcp8hQZtz/8R204O
|
||||
x8IbmMc7BQLLNKZj8yOP13d1uL+2RB3wJON6Z+GzfwLPG5ZuaklZv1j0c1r6/WZf
|
||||
E9AMxO3IgC0o5tYxfB9JIPUfDbm7fpm2EZvlIK//29m5iC5Ii6E9PIbWenTjXpvy
|
||||
NjDzRJDXoEa7lDzY0nKdwiiDrK+Hfte2CkS+4ESQALw8l84B8EPJ9mXFiFR4l6CG
|
||||
ZlI8uLdb/FraChC1qgOknonEGS7WLwfxKhXoEo2X0cTDjR7awUtrXVB0yfpEGzsu
|
||||
gxvmDMKudwBGM6BotkLuE337t44gUajiG/GB7syMmQKCAQEAuHespzfkY9/aBZHy
|
||||
cPj9RI/7jplgtjda6lLF9EHq/wziP2+NRi40mdMppf4D6w4KajVMdJWaLaH0Bcum
|
||||
A5AMQIxVe22QO+2pDyzG1QsZY8imzWJfYSmX+RjNLlLyThno5wP8daMv6LaGL4aJ
|
||||
hpTHhCJjXrk1kA5UR96xhDI25oNLlBHS9d7qFK9d6G5sL4N+z7oRPCI2cGRBK8IF
|
||||
0z07MR9qnEPMefw8+47UDzqG4w7hbUDiNYkMS9CHA2yFw0XE7qTbYPQV70EQZXQJ
|
||||
/fqdE9ucEl/h+tzGGBMsXkRCEr4mQPItZRKIn0F5qibGfsFYaO/7TgWRHzNawk/1
|
||||
ISiXRQKCAQBGXBkSoURf2P+fk6okhORQZId3TedO+NUgmg3HF3OgklJurI9PZcE3
|
||||
6Sk14IQYdNq08V2h3F18BTCTNTcHbmbmC+541aUSwNO31zYq/SC2j+tqX+3Cs9hC
|
||||
NmnYSEoORfHdMIp/UszW6Fqv8aDa1MwOQejT4KcwAXy5aRvzXFpz7eqOB3eGTUw6
|
||||
ZDoWOrf2nP7robCNrYobHUpeYQHts//Rk5crUaWWEeCIMSfMy1soCV830ylViKwT
|
||||
McG1KwizKnzQHUuxLPmce/6b8J5bzoLYptrUdYEnCUgYcZBxKAMtsULVxq7aUPlD
|
||||
OkDpif8VjeBN8Kass+PU+mKGWTULfAq5AoIBAQCRd1bJmD/nAB90B19yzat7i1eZ
|
||||
r6BUpMQ6vTMDA/u9uxn7A92kcZ6PFIPN3ez4ThIgSonAQHBKQYIblrDgPEQ/ixqe
|
||||
YoKmvVQg5/fEXcpBZbKy3oNr437ZDWShbkPVsV7SvIsye3ckFQf/ASSOtKLY6E2Z
|
||||
YQC1S9lXaIv7LOpZpIbGnrQuw/uXkuuW682vIjOsS+zGaq+UdLHVv0ZcTqbbmurh
|
||||
HaWktTlH8htMK65JgvRv2Ze4a+xe83vCtinmK45yFdFJvkyVkTGGtE7wVeKaCyH/
|
||||
2PRNVB8SMzV2lmvsr0jXi7FS8slvxzsLeMbLe+sYStIhatOYoBggnhSi/p9j
|
||||
-----END RSA PRIVATE KEY-----
|
||||
83
scripts/unsecure-certs/indiehosters.dev.pem
Normal file
83
scripts/unsecure-certs/indiehosters.dev.pem
Normal file
|
|
@ -0,0 +1,83 @@
|
|||
-----BEGIN CERTIFICATE-----
|
||||
MIIFljCCA34CCQDXgLjASWHpmDANBgkqhkiG9w0BAQUFADCBjDELMAkGA1UEBhMC
|
||||
UFQxETAPBgNVBAgTCFBvcnR1Z2FsMQ8wDQYDVQQHEwZMaXNib24xFTATBgNVBAoT
|
||||
DEluZGllSG9zdGVyczEZMBcGA1UEAxMQaW5kaWVob3N0ZXJzLmRldjEnMCUGCSqG
|
||||
SIb3DQEJARYYY29udGFjdEBpbmRpZWhvc3RlcnMubmV0MB4XDTE0MTAxMDE0MzY1
|
||||
NVoXDTE1MTAxMDE0MzY1NVowgYwxCzAJBgNVBAYTAlBUMREwDwYDVQQIEwhQb3J0
|
||||
dWdhbDEPMA0GA1UEBxMGTGlzYm9uMRUwEwYDVQQKEwxJbmRpZUhvc3RlcnMxGTAX
|
||||
BgNVBAMTEGluZGllaG9zdGVycy5kZXYxJzAlBgkqhkiG9w0BCQEWGGNvbnRhY3RA
|
||||
aW5kaWVob3N0ZXJzLm5ldDCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIB
|
||||
AKBOylYEoL1P3q7skTJsRA8yQj6fVHWHS3kPg6tcVavZawc6tRxIiDc41/EWjL7i
|
||||
Owb6io2UbKaD/g8695CFER9FvcW1iukrC/tUV5/AVd0SDcvS3RnGUndKh82HCNrM
|
||||
rUDU/XH8smEpfjuXrq0YPuiGbY1zSLQKirjYTiasJODfGkxSbobNfjdL7aEo+3HX
|
||||
BQq5mGIj9A4PYmeyFGkHCN8tRvf4lY1KfPJoWtDL4kmO4SFNZ4FAehH9AJ6vTN8y
|
||||
MFcHtFzpp2636TYTBQsLu48nrKs6MqOOyU0R/Ufw9QjiWDLo3Co6pcCTmVf16skO
|
||||
odg9BNdEhMXefpiEE1NOL6ZOkSUG5WSY0Q5Il649QcJOYzw2A0Nk3IOxoIexXat4
|
||||
siCgSlNfgyRmBn5HNcZo5aEDf9+3gEqFzEFSyH3ClIApC7RePbpPvsCAgpagBOXC
|
||||
PgO2w2VW9HfNHkwpF3Yqn7cqw0FQKwKREufVdnSvs9fgFlMZnqA3sMym8o99Fcvq
|
||||
WBaTuh54ePfNGmawPt1N8vUZUYXXOasWKmnjfan3S1rsNAf5M2ntLqEJRDwihdSm
|
||||
ZSO+B51hDO5jzHoqxHwA71CwUAp4hRO83xR6ziB1KR2834I/7LBzbpZ0EWm9adez
|
||||
8V+dwgBhTt0LYEUGLJN22XRi9d4RPhnRJpSLPV/h0Fa/AgMBAAEwDQYJKoZIhvcN
|
||||
AQEFBQADggIBAFzYeGiomhKZW//aUM4V4RLMVIf0B4uixSMxZGQIUWVtYckmyG2N
|
||||
t8qNBHAQ3gl811NqnqestIQ4DpGkNQRCv/iDa5OwdLJHTOQUxajUE/1xmidHtpzR
|
||||
ReBZvW48k0dLEM2gmIrt7qQwqqecjlWjvSQlvJxYWrn6TBAkFL6Quu8gfoPK9/cE
|
||||
HG/aRQ0PCywGV20LSZ+J03LN7MlACClgVTB7dJuWIN0dNi7TsqpIupk11ZQ3ybBY
|
||||
WPQmLnIiCAijL69kBmBynLvJT5XDy2C4ChyzZ5Y73CXhgJwCqOZJwbO7Doig9PZQ
|
||||
yVLtui18W3uVQ7ZlIxCAQUeFzSkZf3/XNlr2FkP+efw4LLGH8kiKMsyKuoLuthO1
|
||||
1YrXvI0sjuDOxQwrlNQ2CLVANLBpUMH2U1aiYbA6iICSHr8ORAc84StgG9mFLeyN
|
||||
w32/04MGPvZfset8gRCOuvA2sLTjylqh0IpaPWlnT77neqOFtETtzJ+3UuOcdfnN
|
||||
t2bxqimHT8WhBB823WajWlLdXcc902e9LLhe9M1/bwOqFIIlKDqtCndjyXpe/qhA
|
||||
s0YB8TqJLxJQqvdnmYiBFfGrDTgNBpjt6AKJHRGd4xgsYsmQ3zLJ0Z8mNNQhlLf/
|
||||
osGXa2s/ZX7ernfvSDQIOB70gohCLFtBok0unyBJhtHxXmZ7UmpuIanx
|
||||
-----END CERTIFICATE-----
|
||||
-----BEGIN RSA PRIVATE KEY-----
|
||||
MIIJKAIBAAKCAgEAoE7KVgSgvU/eruyRMmxEDzJCPp9UdYdLeQ+Dq1xVq9lrBzq1
|
||||
HEiINzjX8RaMvuI7BvqKjZRspoP+Dzr3kIURH0W9xbWK6SsL+1RXn8BV3RINy9Ld
|
||||
GcZSd0qHzYcI2sytQNT9cfyyYSl+O5eurRg+6IZtjXNItAqKuNhOJqwk4N8aTFJu
|
||||
hs1+N0vtoSj7cdcFCrmYYiP0Dg9iZ7IUaQcI3y1G9/iVjUp88mha0MviSY7hIU1n
|
||||
gUB6Ef0Anq9M3zIwVwe0XOmnbrfpNhMFCwu7jyesqzoyo47JTRH9R/D1COJYMujc
|
||||
KjqlwJOZV/XqyQ6h2D0E10SExd5+mIQTU04vpk6RJQblZJjRDkiXrj1Bwk5jPDYD
|
||||
Q2Tcg7Ggh7Fdq3iyIKBKU1+DJGYGfkc1xmjloQN/37eASoXMQVLIfcKUgCkLtF49
|
||||
uk++wICClqAE5cI+A7bDZVb0d80eTCkXdiqftyrDQVArApES59V2dK+z1+AWUxme
|
||||
oDewzKbyj30Vy+pYFpO6Hnh4980aZrA+3U3y9RlRhdc5qxYqaeN9qfdLWuw0B/kz
|
||||
ae0uoQlEPCKF1KZlI74HnWEM7mPMeirEfADvULBQCniFE7zfFHrOIHUpHbzfgj/s
|
||||
sHNulnQRab1p17PxX53CAGFO3QtgRQYsk3bZdGL13hE+GdEmlIs9X+HQVr8CAwEA
|
||||
AQKCAgEAgDpF8sRE5ukqUHV+Nv0O+7DR+FFuN4x/PFjCk6GKDaodyGyXTgZenv1j
|
||||
Db9h2ZYQbSafCVy+A/v0jq42NG2cIo2gnLL4aEY8kU8HwAsTI4A7dNw4a1ONx0ng
|
||||
ku/+jzXFJ+S2ziS5cqrEBFryKBcKyugsXUbn0svT5sNuz9RGs3ECEialrkJVQVoE
|
||||
vDKR3p+Fsux+DZKAt3Zq2lNBrDkqSYpoCBXZWmlIxIXgjr9nRDt7rS3DK0ot2pGr
|
||||
m0LRlH8K17Kb/O4RNaj6bHyOPiWmY33yygwFUXr3XiSTmqYM+oxCzIYjBcxfpUjr
|
||||
EcbthOGlZ9h3NNHj+npcfRa4dpxF09c8gW2AVG+nXVhciZpcnLDZ5z/Nd/510axU
|
||||
0m0PlCPfh+3L5tiia9k7zlRxjyzER/GofNiJ6v8oo8YZFvhVdbBBQoGs8aadSLH9
|
||||
5Kf3fPwm8ZhmmOTVWbFJZul/3o0Ho3yFxMVMq86Qu8Pm+h6Q1Pn7yZsXMg/ECXP/
|
||||
/ErBaWA+zuBZkgCSbdZk58cxkN45PGWGkoHHACVUvCbG8IuYQ989JeCy5w01FgFV
|
||||
IXm4squNtWgyhLZgvkhl2Hnc4pR+iYJRgh+ouyv7nELQde7hpM6YJLLUpMfjo7r5
|
||||
lJyWasZtb9E4iEl4/JrdQYMJCDEyBfDN6sTKr1Ai2txjzQA4uOECggEBAM9LDpJ+
|
||||
RR+b1rdYgtS6VL5OR1bWUHSi1W9L8Xz20wSQGbRxfEJfWmSslOU0COXvA01eOxQ9
|
||||
OvHcWxISiHdiM3QxpYNtbsgATCQbsSgegMHpbaEgJPadEkUWxdWejbtpA1ypKmGg
|
||||
iFB5H5IIcz65wWNFC3g29wrXyBsRevi+K/PTbwOzOlad7AAcbuuHiv73wxi5xo1P
|
||||
i6IZfjgQMKzD9AJbACAAqyvg70XT+3vlIo5ABKOw1kLuejbNBaXd1af7OfVXReL7
|
||||
BGGJmG6IzI0qP9q7fX3Iq4Gx34Sf0TSomSyW4kxtsDMPXVURMU4ssxeshh0zYFsZ
|
||||
GQgsr36mOW5cvbkCggEBAMX5gJTrAW47GgObnQWtYIHRvYO0g7Ge1fN12VzHLiap
|
||||
3a3RfhEDTVKkiugO1GxRC1NY0tcDUwrUzS/00ovDZ/8dVqMHITFj6zfA8aX6vnzA
|
||||
TnoUWINawPxFBB6FrEuXyGIVbykinuvFyk+z/DzgKzL8X5MaLymYSV+eT+9jjLHO
|
||||
pJ37S86evkljq24Ow6KB1rKb8mMsk8GDZB4JalDdGWzlG1qJkHMg7ULkEHx2lDTW
|
||||
mcuHwRtMimFPCBGqH0i+p3O1IUkodJPNYbldrEfAkzRdD4lH9B+DNYBgxP4FWhY2
|
||||
d9DTHAGCa9ZV0HjnGgPOILRmV69+9yQhNhu5010qNDcCggEABq1VP9S/Z0A+z1MT
|
||||
i8SgvCyLUbm/h7JDC723fp34uBnoKg7JwN2PbNS+Sw+9BaMISTKy1nkOcAH4EQH1
|
||||
0Vqha6m5uh0JR3ny+erGbxNkdFqPhHQjnKn8j6snHjVoPVQpno94ZQKlwWnVYX/S
|
||||
LoAPQaJUtz+V/4xpzq1md6Kwib8SwVzBkU6u7mX8EKwiBwp2B1LcmWqphcQqc6XZ
|
||||
24bIUlcaDu3Wlag+LNKiNCByV4CqZZdpn2hNGXzLJMebfTizajqwbppFTtr+xPi1
|
||||
Fgr5WZNWfHm9RIU1PPFk7LxNisklau7RkSN6jyXpn6oC7s1I2KHyBZ0uWDwQPxUd
|
||||
nndwSQKCAQA/gmrdWwZ6djtCLQmSaKws+TvypFYbBPldwNCaEsubW6Lhv/LRQl3r
|
||||
xR1KlHdQyC757eS1VTuundW1LLTeYTFbhe3lHsRnM8ahfCQJOwcgvhBu2VgLy3Fd
|
||||
fEZ2BCvhlC+UR4wBhjm1KR5dsz+Xx9IT6SI/7oZysYfYRNEf2q+n2sK0a4lGH2ar
|
||||
5G16QQJBf6WAZsa7SfGcgqn7eMnCZytg456CzN6qEEYMz1z6kI+6450yzboFJ+i8
|
||||
jr3n7Mtcas0NMW4cKf477AcNkB9UZVLT2YbCY3LNKSpgpKqNUuozdgW51/+D/HLb
|
||||
r2vRXVHbJqUXOj2m7vQZgw34lwRXPtLBAoIBAChJgVltpcWKUWqltYXCQsdPPbb4
|
||||
DQMb4bb2vV2iON2kl+UlcCdhr0f5yWoAyKjs49lcHBN2Ny4zVR0vIu/IDeX47Fx7
|
||||
n0OfcFgcnqiqiFhXkWGcfU2JHq/q5tmk5M04aCgkFM8IyEsG6ZLoi849Km9r8quu
|
||||
VfclpJ6SsMGnWo/A2eIVP9GsfqRys9ZWKJ9inZRP5Lmx6pCZa12Mn6ey0h/kxOqh
|
||||
ruJQDdV0O4PsvZhTQFhahSVyNmSKnLguq3zsyBwKRsNI9TVXMv/hs0nnwfFgtBK1
|
||||
K61c7AL4+9dtAWEnuwqy/1srZEeBr/jgTqyFyr+GQFYUMuE/uXNKCDWlIRI=
|
||||
-----END RSA PRIVATE KEY-----
|
||||
|
|
@ -1,20 +0,0 @@
|
|||
global
|
||||
log 127.0.0.1 local0
|
||||
log 127.0.0.1 local1 notice
|
||||
maxconn 4096
|
||||
user haproxy
|
||||
group haproxy
|
||||
|
||||
defaults
|
||||
log global
|
||||
mode http
|
||||
option httplog
|
||||
option dontlognull
|
||||
retries 3
|
||||
timeout connect 5000
|
||||
timeout client 50000
|
||||
timeout server 50000
|
||||
|
||||
frontend https-in
|
||||
mode http
|
||||
bind *:443 ssl crt-list /haproxy-override/certs/list.txt crt /haproxy-override/approved-certs/
|
||||
|
|
@ -1,4 +0,0 @@
|
|||
/combined.pem
|
||||
reqadd X-Forwarded-Proto:\ https
|
||||
|
||||
|
||||
|
|
@ -1 +0,0 @@
|
|||
default_backend
|
||||
|
|
@ -1,4 +0,0 @@
|
|||
|
||||
frontend http-in
|
||||
bind *:80
|
||||
|
||||
|
|
@ -1,7 +0,0 @@
|
|||
|
||||
# %HOSTNAME%:
|
||||
backend %HOSTNAME%
|
||||
cookie SERVERID insert nocache indirect
|
||||
option httpclose
|
||||
option forwardfor
|
||||
server Server %IP%:80 cookie Server
|
||||
|
|
@ -1,4 +0,0 @@
|
|||
|
||||
# %HOSTNAME%:
|
||||
acl https_%HOSTNAME% hdr_end(host) -i %HOSTNAME%
|
||||
use_backend %HOSTNAME% if https_%HOSTNAME%
|
||||
|
|
@ -1,4 +0,0 @@
|
|||
|
||||
# %HOSTNAME%:
|
||||
acl is_%HOSTNAME% hdr_end(host) -i %HOSTNAME%
|
||||
use_backend %HOSTNAME% if is_%HOSTNAME%
|
||||
|
|
@ -12,8 +12,8 @@ ExecStart=/usr/bin/docker run\
|
|||
--name %p\
|
||||
-p 80:80\
|
||||
-p 443:443\
|
||||
-v /data/server-wide/%p:/haproxy-override\
|
||||
dockerfile/haproxy
|
||||
-v /data/server-wide/haproxy/approved-certs/:/etc/haproxy/approved-certs\
|
||||
pierreozoux/haproxy-confd
|
||||
ExecReload=/usr/bin/docker restart %p
|
||||
ExecStop=/usr/bin/docker stop %p
|
||||
|
||||
|
|
|
|||
36
unit-files/nginx-discovery@.service
Normal file
36
unit-files/nginx-discovery@.service
Normal file
|
|
@ -0,0 +1,36 @@
|
|||
[Unit]
|
||||
Description=%p for %i etcd registration
|
||||
|
||||
# Requirements
|
||||
Requires=etcd.service
|
||||
Requires=nginx@%i.service
|
||||
|
||||
# Dependency ordering and binding
|
||||
After=etcd.service
|
||||
After=nginx@%i.service
|
||||
BindsTo=nginx@%i.service
|
||||
|
||||
[Service]
|
||||
|
||||
EnvironmentFile=/etc/environment
|
||||
TimeoutStartSec=0
|
||||
# Start
|
||||
## Test whether service is accessible and then register useful information
|
||||
ExecStart=/bin/bash -c '\
|
||||
sleep 3; \
|
||||
while true; do \
|
||||
app=`echo %p | cut -d"-" -f1`; \
|
||||
ip=`docker inspect --format \'{{.NetworkSettings.IPAddress}}\' $app-%i`; \
|
||||
curl -f $ip; \
|
||||
if [ $? -eq 0 ]; then \
|
||||
etcdctl set /services/$app/%i \'{"ip":"\'$ip\'", "port":"80"}\' --ttl 30; \
|
||||
else \
|
||||
etcdctl rm /services/$app/%i; \
|
||||
fi; \
|
||||
sleep 20; \
|
||||
done'
|
||||
|
||||
# Stop
|
||||
ExecStop=/bin/bash -ceux '\
|
||||
app=`echo %p | cut -d"-" -f1`;\
|
||||
/usr/bin/etcdctl rm /services/$app/%i
|
||||
|
|
@ -2,8 +2,11 @@
|
|||
Description=%p-%i
|
||||
After=docker.service
|
||||
Requires=docker.service
|
||||
Requires=etcd.service
|
||||
Requires=%p-importer@%i.service
|
||||
After=%p-importer@%i.service
|
||||
Requires=%p-discovery@%i.service
|
||||
Before=%p-discovery@%i.service
|
||||
|
||||
[Service]
|
||||
Restart=always
|
||||
|
|
|
|||
36
unit-files/wordpress-discovery@.service
Normal file
36
unit-files/wordpress-discovery@.service
Normal file
|
|
@ -0,0 +1,36 @@
|
|||
[Unit]
|
||||
Description=%p for %i etcd registration
|
||||
|
||||
# Requirements
|
||||
Requires=etcd.service
|
||||
Requires=wordpress@%i.service
|
||||
|
||||
# Dependency ordering and binding
|
||||
After=etcd.service
|
||||
After=wordpress@%i.service
|
||||
BindsTo=wordpress@%i.service
|
||||
|
||||
[Service]
|
||||
|
||||
EnvironmentFile=/etc/environment
|
||||
TimeoutStartSec=0
|
||||
# Start
|
||||
## Test whether service is accessible and then register useful information
|
||||
ExecStart=/bin/bash -c '\
|
||||
sleep 3; \
|
||||
while true; do \
|
||||
app=`echo %p | cut -d"-" -f1`; \
|
||||
ip=`docker inspect --format \'{{.NetworkSettings.IPAddress}}\' $app-%i`; \
|
||||
curl -f $ip; \
|
||||
if [ $? -eq 0 ]; then \
|
||||
etcdctl set /services/$app/%i \'{"ip":"\'$ip\'", "port":"80"}\' --ttl 30; \
|
||||
else \
|
||||
etcdctl rm /services/$app/%i; \
|
||||
fi; \
|
||||
sleep 20; \
|
||||
done'
|
||||
|
||||
# Stop
|
||||
ExecStop=/bin/bash -ceux '\
|
||||
app=`echo %p | cut -d"-" -f1`;\
|
||||
/usr/bin/etcdctl rm /services/$app/%i
|
||||
|
|
@ -1,11 +1,16 @@
|
|||
[Unit]
|
||||
Description=%p-%i
|
||||
After=docker.service
|
||||
|
||||
Requires=etcd.service
|
||||
Requires=docker.service
|
||||
Requires=mysql@%i.service
|
||||
After=mysql@%i.service
|
||||
Requires=%p-importer@%i.service
|
||||
Requires=%p-discovery@%i.service
|
||||
|
||||
After=%p-importer@%i.service
|
||||
Before=%p-discovery@%i.service
|
||||
|
||||
[Service]
|
||||
Restart=always
|
||||
|
|
|
|||
Loading…
Reference in a new issue