Initial commit

initial commit
2016-04-03 09:08:55 +02:00 · 2016-04-03 09:08:55 +02:00 · 574c94b8ac
commit 574c94b8ac
5 changed files with 76 additions and 0 deletions
--- a/.gitignore
+++ b/.gitignore
@ -0,0 +1 @@
+cert
--- a/16
+++ b/16
@ -0,0 +1,16 @@
+FROM debian
+
+MAINTAINER Joachim Lusiardi
+
+RUN apt-get update; \
+    apt-get install -y haproxy;
+
+ADD haproxy.conf /haproxy.conf
+
+ADD start.sh /start.sh
+RUN chmod +x /start.sh
+
+VOLUME ["/data"]
+
+EXPOSE 443
+ENTRYPOINT /start.sh
--- a/README.md
+++ b/README.md
@ -0,0 +1,26 @@
+# SSL Termination using haproxy
+This image translates between plain http and https using haproxy.
+
+## How it works
+```
+       +---------------------+         +--------+
+   +---+                     |      +--+        |
+-->|443| docker_ssl_endpoint |<---->|80| target |
+   +---+                     |      +--+        |
+       +----------+----------+         +--------+
+                  |
+                  |
+            +-----+-----+
+            | cert data |
+            +-----------+
+
+```
+
+The *docker_ssl_endpoint* Container listens on port 443 (expose this port for
+public) availability. All secure connections coming in on this port are handled
+using the certificates form the *cert data* volume and passed on to the *target*
+container's port 80.
+
+## Starting the container
+
+`docker run --name ssl_endpoint -v $PATH_TO_CERT_DATA:/data -p $IP:443:443 d --link nginx:target  docker_ssl_endpoint`
--- a/haproxy.conf
+++ b/haproxy.conf
@ -0,0 +1,30 @@
+global
+        chroot /var/lib/haproxy
+        stats socket /admin.sock mode 660 level admin
+        stats timeout 30s
+        user haproxy
+        group haproxy
+        daemon
+
+        ca-base /etc/ssl/certs
+        crt-base /crypt
+
+        ssl-default-bind-ciphers kEECDH+aRSA+AES:kRSA+AES:+AES256:RC4-SHA:!kEDH:!LOW:!EXP:!MD5:!aNULL:!eNULL
+        ssl-default-bind-options no-sslv3
+
+defaults
+        #log     global
+        mode    http
+        #option  httplog
+        #option  dontlognull
+        timeout connect 5000
+        timeout client  50000
+        timeout server  50000
+
+frontend https
+        bind *:443 ssl crt /data/cert.pem
+        reqadd X-Forwarded-Proto:\ https
+        default_backend www-backend
+
+backend www-backend
+        server one target:80
--- a/start.sh
+++ b/start.sh
@ -0,0 +1,3 @@
+#!/bin/bash
+
+/usr/sbin/haproxy -f /haproxy.conf -p /haproxy.pid -db