jlusiardi/docker_ssl_endpoint
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Merge branch 'add_X-Forwarded-For_header' into 'master'

Browse Source 
Add x forwarded for header

See merge request !3
This commit is contained in:
Joachim Lusiardi 2016-12-30 10:46:17 +01:00
commit 2daf41afdc
4 changed files with 27 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
README.md
View File

@ -15,7 +15,7 @@ This image translates between plain http and https using HAProxy.
+---+ | +------------+-+ +-------------+ +---+ | +------------+-+ +-------------+
--->+ 80| | | | | | --->+ 80| | | | | |
+---+ | +---+ docker nginx | +----+ | +---+ | +---+ docker nginx | +----+ |
| +----->+ 80| auto proxy +--------> 80| Wordpress | | SSL Proxy +----->+ 80| auto proxy +--------> 80| Wordpress |
+---+ | +---+ | +----+ | +---+ | +---+ | +----+ |
--->+443| | | | | | --->+443| | | | | |
+---+ | +--+---------+-+ +-------------+ +---+ | +--+---------+-+ +-------------+

4
haproxy.conf
View File

@ -23,6 +23,10 @@ defaults
frontend http frontend http
bind *:80 bind *:80
# add X-Forwarded-For Header to request
http-request add-header X-Forwarded-For %[src]
reqadd X-Forwarded-Proto:\ http reqadd X-Forwarded-Proto:\ http
acl letsencrypt-acl path_beg /.well-known/acme-challenge/ acl letsencrypt-acl path_beg /.well-known/acme-challenge/
use_backend letsencrypt-backend if letsencrypt-acl use_backend letsencrypt-backend if letsencrypt-acl

15
haproxy_ssl.conf
View File

@ -23,17 +23,30 @@ defaults
frontend http frontend http
bind *:80 bind *:80
# add X-Forwarded-For Header to request
http-request add-header X-Forwarded-For %[src]
reqadd X-Forwarded-Proto:\ http reqadd X-Forwarded-Proto:\ http
acl letsencrypt-acl path_beg /.well-known/acme-challenge/
redirect scheme https code 301 if !{ ssl_fc } redirect scheme https code 301 if !{ ssl_fc }
acl letsencrypt-acl path_beg /.well-known/acme-challenge/
use_backend letsencrypt-backend if letsencrypt-acl use_backend letsencrypt-backend if letsencrypt-acl
default_backend www-backend default_backend www-backend
frontend https frontend https
bind *:443 ssl crt /data/haproxy/cert.pem bind *:443 ssl crt /data/haproxy/cert.pem
# add X-Forwarded-For Header to request
http-request add-header X-Forwarded-For %[src]
reqadd X-Forwarded-Proto:\ https reqadd X-Forwarded-Proto:\ https
acl letsencrypt-acl path_beg /.well-known/acme-challenge/ acl letsencrypt-acl path_beg /.well-known/acme-challenge/
use_backend letsencrypt-backend if letsencrypt-acl use_backend letsencrypt-backend if letsencrypt-acl
default_backend www-backend default_backend www-backend
backend www-backend backend www-backend

8
start.py
View File

@ -122,12 +122,20 @@ def create_haproxy_cert():
logging.info('using %s as base dir', youngest_directory) logging.info('using %s as base dir', youngest_directory)
# read fullchain.pem and privkey.pem # read fullchain.pem and privkey.pem
if not os.path.exists(youngest_directory + '/fullchain.pem') or not os.path.exists(youngest_directory + '/privkey.pem'):
logging.info('either fullchain.pem or privkey.pem is missing.')
return
fullchain = read_file(youngest_directory + '/fullchain.pem') fullchain = read_file(youngest_directory + '/fullchain.pem')
privkey = read_file(youngest_directory + '/privkey.pem') privkey = read_file(youngest_directory + '/privkey.pem')
write_file(cert_file, fullchain + privkey) write_file(cert_file, fullchain + privkey)
logging.info('file written') logging.info('file written')
def create_cert_data_standalone(domains): def create_cert_data_standalone(domains):
if len(domains) == 0:
logging.info('no domains for SSL found.')
return
domains = " -d ".join(domains) domains = " -d ".join(domains)
# we should use tls-sni-01 if ssl is already running! # we should use tls-sni-01 if ssl is already running!