Updates confd

a867ca84 · Pierre Ozoux · a450375d · a450375d · a450375d · a450375d
Commit a867ca84 authored 10 years ago by Pierre Ozoux
--- a/confd/conf.d/crt-list.toml
+++ b/confd/conf.d/crt-list.toml
-[template]
-src  = "crt-list.tmpl"
-dest = "/etc/haproxy/crt-list"
-keys = [
-  "/services"
-]
-reload_cmd = "/docker kill --signal=\"SIGUSR1\" haproxy"
--- a/confd/conf.d/haproxy.toml
+++ b/confd/conf.d/haproxy.toml
-[template]
-src  = "haproxy.cfg.tmpl"
-dest = "/etc/haproxy/haproxy.cfg"
-keys = [
-  "/services"
-]
-reload_cmd = "/docker kill --signal=\"SIGUSR1\" haproxy"
--- a/confd/templates/crt-list.tmpl
+++ b/confd/templates/crt-list.tmpl
-{{range $app := lsdir "/services"}}
-{{$hostnames := printf "/services/%s/*" $app}}
-  {{range gets $hostnames}}
-    {{$hostname := .Key}}
-/etc/haproxy/approved-certs/{{base $hostname}}.pem {{base $hostname}}
-/etc/haproxy/approved-certs/{{base $hostname}}.pem www.{{base $hostname}}
-  {{end}}
-{{end}}
--- a/confd/templates/haproxy.cfg.tmpl
+++ b/confd/templates/haproxy.cfg.tmpl
-global
-  maxconn 4096
-  user haproxy
-  group haproxy
-defaults
-  mode http
-  option forwardfor
-  option httpclose
-  option httplog
-  option dontlognull
-  retries 3
-  timeout connect 5000
-  timeout client 50000
-  timeout server 50000
-frontend https-in
-mode http
-  bind *:443 ssl crt-list /etc/haproxy/crt-list crt /etc/haproxy/approved-certs/default.pem
-  reqadd X-Forwarded-Proto:\ https
-{{range $app := lsdir "/services"}}
-{{$hostnames := printf "/services/%s/*" $app}}
-  {{range gets $hostnames}}
-    {{$hostname := .Key}}
-    {{$data := json .Value}}
-# {{base $hostname}}:
-  acl https_{{base $hostname}} hdr(host) -i {{base $hostname}}
-  acl https_{{base $hostname}} hdr(host) -i www.{{base $hostname}}
-  use_backend {{base $hostname}} if https_{{base $hostname}}
-  {{end}}
-{{end}}
-frontend http-in
-  bind *:80
-  redirect scheme https code 301
-{{range $app := lsdir "/services"}}
-{{$hostnames := printf "/services/%s/*" $app}}
-  {{range gets $hostnames}}
-    {{$hostname := .Key}}
-    {{$data := json .Value}}
-# {{base $hostname}}:
-backend {{base $hostname}}
-  cookie SERVERID insert nocache indirect
-  server Server {{$data.ip}}:{{$data.port}} cookie Server
-  {{end}}
-{{end}}
--- a/dockerfiles/load-balancer/confd/confd/templates/crt-list.tmpl
+++ b/dockerfiles/load-balancer/confd/confd/templates/crt-list.tmpl
@@ -3,5 +3,6 @@
  {{range gets $hostnames}}
    {{$hostname := .Key}}
 /etc/haproxy/approved-certs/{{base $hostname}}.pem {{base $hostname}}
+/etc/haproxy/approved-certs/{{base $hostname}}.pem www.{{base $hostname}}
  {{end}}
 {{end}}
--- a/dockerfiles/load-balancer/confd/confd/templates/haproxy.cfg.tmpl
+++ b/dockerfiles/load-balancer/confd/confd/templates/haproxy.cfg.tmpl
-{{$default_service_value := getv "/services/default"}}
-{{$default_service := json $default_service_value}}
-{{$default_url := printf "/services/%s/%s" $default_service.app $default_service.hostname}}
-{{$default_value := getv $default_url}}
-{{$default := json $default_value}}
-{{$default := json $default_value}}
 global
  maxconn 4096
  user haproxy
@@ -11,6 +5,8 @@ global
 defaults
  mode http
+  option forwardfor
+  option httpclose
  option httplog
  option dontlognull
  retries 3
@@ -20,7 +16,7 @@ defaults
 frontend https-in
 mode http
-  bind *:443 ssl crt-list /etc/haproxy/crt-list crt /etc/haproxy/approved-certs/{{$default_service.hostname}}.pem
+  bind *:443 ssl crt-list /etc/haproxy/crt-list crt /etc/haproxy/approved-certs/default.pem
  reqadd X-Forwarded-Proto:\ https
 {{range $app := lsdir "/services"}}
 {{$hostnames := printf "/services/%s/*" $app}}
@@ -29,24 +25,14 @@ mode http
    {{$data := json .Value}}
 # {{base $hostname}}:
  acl https_{{base $hostname}} hdr(host) -i {{base $hostname}}
+  acl https_{{base $hostname}} hdr(host) -i www.{{base $hostname}}
  use_backend {{base $hostname}} if https_{{base $hostname}}
  {{end}}
 {{end}}
-default_backend {{$default_service.hostname}}
 frontend http-in
  bind *:80
-{{range $app := lsdir "/services"}}
+  redirect scheme https code 301
-{{$hostnames := printf "/services/%s/*" $app}}
-  {{range gets $hostnames}}
-    {{$hostname := .Key}}
-    {{$data := json .Value}}
-# {{base $hostname}}:
-  acl is_{{base $hostname}} hdr(host) -i {{base $hostname}}
-  use_backend {{base $hostname}} if is_{{base $hostname}}
-  {{end}}
-{{end}}
 {{range $app := lsdir "/services"}}
 {{$hostnames := printf "/services/%s/*" $app}}
@@ -56,8 +42,6 @@ frontend http-in
 # {{base $hostname}}:
 backend {{base $hostname}}
  cookie SERVERID insert nocache indirect
-  option httpclose
-  option forwardfor
  server Server {{$data.ip}}:{{$data.port}} cookie Server
  {{end}}
 {{end}}
--- a/unit-files/haproxy-confd.service
+++ b/unit-files/haproxy-confd.service
@@ -17,7 +17,6 @@ ExecStartPre=-/usr/bin/docker rm %p
 ExecStart=/usr/bin/docker run \
  --name %p \
  -v /data/runtime/haproxy/:/etc/haproxy/ \
-  -v /data/indiehosters/confd/:/etc/confd/ \
  -v /var/run/docker.sock:/var/run/docker.sock \
  indiehosters/confd
 ExecReload=/usr/bin/docker restart %p