commit 574c94b8ac0dc074a870248c01c85cfc2d542d01
Author: Joachim Lusiardi <joachim@lusiardi.de>
Date:   Sun Apr 3 09:08:55 2016 +0200

    Initial commit
    
    initial commit

diff --git a/.gitignore b/.gitignore
new file mode 100644
index 0000000..057edb5
--- /dev/null
+++ b/.gitignore
@@ -0,0 +1 @@
+cert
diff --git a/Dockerfile b/Dockerfile
new file mode 100644
index 0000000..f5ca275
--- /dev/null
+++ b/Dockerfile
@@ -0,0 +1,16 @@
+FROM debian
+
+MAINTAINER Joachim Lusiardi
+
+RUN apt-get update; \
+    apt-get install -y haproxy;
+
+ADD haproxy.conf /haproxy.conf
+
+ADD start.sh /start.sh
+RUN chmod +x /start.sh
+
+VOLUME ["/data"]
+
+EXPOSE 443
+ENTRYPOINT /start.sh
diff --git a/README.md b/README.md
new file mode 100644
index 0000000..5d8a69c
--- /dev/null
+++ b/README.md
@@ -0,0 +1,26 @@
+# SSL Termination using haproxy
+This image translates between plain http and https using haproxy.
+
+## How it works
+```
+       +---------------------+         +--------+
+   +---+                     |      +--+        |
+-->|443| docker_ssl_endpoint |<---->|80| target |
+   +---+                     |      +--+        |
+       +----------+----------+         +--------+
+                  |
+                  |
+            +-----+-----+
+            | cert data |
+            +-----------+
+
+```
+
+The *docker_ssl_endpoint* Container listens on port 443 (expose this port for
+public) availability. All secure connections coming in on this port are handled
+using the certificates form the *cert data* volume and passed on to the *target*
+container's port 80.
+
+## Starting the container
+
+`docker run --name ssl_endpoint -v $PATH_TO_CERT_DATA:/data -p $IP:443:443 d --link nginx:target  docker_ssl_endpoint`
diff --git a/haproxy.conf b/haproxy.conf
new file mode 100644
index 0000000..c54033d
--- /dev/null
+++ b/haproxy.conf
@@ -0,0 +1,30 @@
+global
+        chroot /var/lib/haproxy
+        stats socket /admin.sock mode 660 level admin
+        stats timeout 30s
+        user haproxy
+        group haproxy
+        daemon
+
+        ca-base /etc/ssl/certs
+        crt-base /crypt
+
+        ssl-default-bind-ciphers kEECDH+aRSA+AES:kRSA+AES:+AES256:RC4-SHA:!kEDH:!LOW:!EXP:!MD5:!aNULL:!eNULL
+        ssl-default-bind-options no-sslv3
+
+defaults
+        #log     global
+        mode    http
+        #option  httplog
+        #option  dontlognull
+        timeout connect 5000
+        timeout client  50000
+        timeout server  50000
+
+frontend https
+        bind *:443 ssl crt /data/cert.pem
+        reqadd X-Forwarded-Proto:\ https
+        default_backend www-backend
+
+backend www-backend
+        server one target:80
diff --git a/start.sh b/start.sh
new file mode 100644
index 0000000..c3f3e75
--- /dev/null
+++ b/start.sh
@@ -0,0 +1,3 @@
+#!/bin/bash
+
+/usr/sbin/haproxy -f /haproxy.conf -p /haproxy.pid -db