Skip to content
Snippets Groups Projects
Commit a867ca84 authored by Pierre Ozoux's avatar Pierre Ozoux
Browse files

Updates confd

parent a450375d
No related branches found
No related tags found
No related merge requests found
[template]
src = "crt-list.tmpl"
dest = "/etc/haproxy/crt-list"
keys = [
"/services"
]
reload_cmd = "/docker kill --signal=\"SIGUSR1\" haproxy"
[template]
src = "haproxy.cfg.tmpl"
dest = "/etc/haproxy/haproxy.cfg"
keys = [
"/services"
]
reload_cmd = "/docker kill --signal=\"SIGUSR1\" haproxy"
{{range $app := lsdir "/services"}}
{{$hostnames := printf "/services/%s/*" $app}}
{{range gets $hostnames}}
{{$hostname := .Key}}
/etc/haproxy/approved-certs/{{base $hostname}}.pem {{base $hostname}}
/etc/haproxy/approved-certs/{{base $hostname}}.pem www.{{base $hostname}}
{{end}}
{{end}}
global
maxconn 4096
user haproxy
group haproxy
defaults
mode http
option forwardfor
option httpclose
option httplog
option dontlognull
retries 3
timeout connect 5000
timeout client 50000
timeout server 50000
frontend https-in
mode http
bind *:443 ssl crt-list /etc/haproxy/crt-list crt /etc/haproxy/approved-certs/default.pem
reqadd X-Forwarded-Proto:\ https
{{range $app := lsdir "/services"}}
{{$hostnames := printf "/services/%s/*" $app}}
{{range gets $hostnames}}
{{$hostname := .Key}}
{{$data := json .Value}}
# {{base $hostname}}:
acl https_{{base $hostname}} hdr(host) -i {{base $hostname}}
acl https_{{base $hostname}} hdr(host) -i www.{{base $hostname}}
use_backend {{base $hostname}} if https_{{base $hostname}}
{{end}}
{{end}}
frontend http-in
bind *:80
redirect scheme https code 301
{{range $app := lsdir "/services"}}
{{$hostnames := printf "/services/%s/*" $app}}
{{range gets $hostnames}}
{{$hostname := .Key}}
{{$data := json .Value}}
# {{base $hostname}}:
backend {{base $hostname}}
cookie SERVERID insert nocache indirect
server Server {{$data.ip}}:{{$data.port}} cookie Server
{{end}}
{{end}}
......@@ -3,5 +3,6 @@
{{range gets $hostnames}}
{{$hostname := .Key}}
/etc/haproxy/approved-certs/{{base $hostname}}.pem {{base $hostname}}
/etc/haproxy/approved-certs/{{base $hostname}}.pem www.{{base $hostname}}
{{end}}
{{end}}
{{$default_service_value := getv "/services/default"}}
{{$default_service := json $default_service_value}}
{{$default_url := printf "/services/%s/%s" $default_service.app $default_service.hostname}}
{{$default_value := getv $default_url}}
{{$default := json $default_value}}
{{$default := json $default_value}}
global
maxconn 4096
user haproxy
......@@ -11,6 +5,8 @@ global
defaults
mode http
option forwardfor
option httpclose
option httplog
option dontlognull
retries 3
......@@ -20,7 +16,7 @@ defaults
frontend https-in
mode http
bind *:443 ssl crt-list /etc/haproxy/crt-list crt /etc/haproxy/approved-certs/{{$default_service.hostname}}.pem
bind *:443 ssl crt-list /etc/haproxy/crt-list crt /etc/haproxy/approved-certs/default.pem
reqadd X-Forwarded-Proto:\ https
{{range $app := lsdir "/services"}}
{{$hostnames := printf "/services/%s/*" $app}}
......@@ -29,24 +25,14 @@ mode http
{{$data := json .Value}}
# {{base $hostname}}:
acl https_{{base $hostname}} hdr(host) -i {{base $hostname}}
acl https_{{base $hostname}} hdr(host) -i www.{{base $hostname}}
use_backend {{base $hostname}} if https_{{base $hostname}}
{{end}}
{{end}}
default_backend {{$default_service.hostname}}
frontend http-in
bind *:80
{{range $app := lsdir "/services"}}
{{$hostnames := printf "/services/%s/*" $app}}
{{range gets $hostnames}}
{{$hostname := .Key}}
{{$data := json .Value}}
# {{base $hostname}}:
acl is_{{base $hostname}} hdr(host) -i {{base $hostname}}
use_backend {{base $hostname}} if is_{{base $hostname}}
{{end}}
{{end}}
redirect scheme https code 301
{{range $app := lsdir "/services"}}
{{$hostnames := printf "/services/%s/*" $app}}
......@@ -56,8 +42,6 @@ frontend http-in
# {{base $hostname}}:
backend {{base $hostname}}
cookie SERVERID insert nocache indirect
option httpclose
option forwardfor
server Server {{$data.ip}}:{{$data.port}} cookie Server
{{end}}
{{end}}
......@@ -17,7 +17,6 @@ ExecStartPre=-/usr/bin/docker rm %p
ExecStart=/usr/bin/docker run \
--name %p \
-v /data/runtime/haproxy/:/etc/haproxy/ \
-v /data/indiehosters/confd/:/etc/confd/ \
-v /var/run/docker.sock:/var/run/docker.sock \
indiehosters/confd
ExecReload=/usr/bin/docker restart %p
......
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment