Initial commit
initial commit
This commit is contained in:
commit
574c94b8ac
1
.gitignore
vendored
Normal file
1
.gitignore
vendored
Normal file
@ -0,0 +1 @@
|
|||||||
|
cert
|
||||||
16
Dockerfile
Normal file
16
Dockerfile
Normal file
@ -0,0 +1,16 @@
|
|||||||
|
FROM debian
|
||||||
|
|
||||||
|
MAINTAINER Joachim Lusiardi
|
||||||
|
|
||||||
|
RUN apt-get update; \
|
||||||
|
apt-get install -y haproxy;
|
||||||
|
|
||||||
|
ADD haproxy.conf /haproxy.conf
|
||||||
|
|
||||||
|
ADD start.sh /start.sh
|
||||||
|
RUN chmod +x /start.sh
|
||||||
|
|
||||||
|
VOLUME ["/data"]
|
||||||
|
|
||||||
|
EXPOSE 443
|
||||||
|
ENTRYPOINT /start.sh
|
||||||
26
README.md
Normal file
26
README.md
Normal file
@ -0,0 +1,26 @@
|
|||||||
|
# SSL Termination using haproxy
|
||||||
|
This image translates between plain http and https using haproxy.
|
||||||
|
|
||||||
|
## How it works
|
||||||
|
```
|
||||||
|
+---------------------+ +--------+
|
||||||
|
+---+ | +--+ |
|
||||||
|
-->|443| docker_ssl_endpoint |<---->|80| target |
|
||||||
|
+---+ | +--+ |
|
||||||
|
+----------+----------+ +--------+
|
||||||
|
|
|
||||||
|
|
|
||||||
|
+-----+-----+
|
||||||
|
| cert data |
|
||||||
|
+-----------+
|
||||||
|
|
||||||
|
```
|
||||||
|
|
||||||
|
The *docker_ssl_endpoint* Container listens on port 443 (expose this port for
|
||||||
|
public) availability. All secure connections coming in on this port are handled
|
||||||
|
using the certificates form the *cert data* volume and passed on to the *target*
|
||||||
|
container's port 80.
|
||||||
|
|
||||||
|
## Starting the container
|
||||||
|
|
||||||
|
`docker run --name ssl_endpoint -v $PATH_TO_CERT_DATA:/data -p $IP:443:443 d --link nginx:target docker_ssl_endpoint`
|
||||||
30
haproxy.conf
Normal file
30
haproxy.conf
Normal file
@ -0,0 +1,30 @@
|
|||||||
|
global
|
||||||
|
chroot /var/lib/haproxy
|
||||||
|
stats socket /admin.sock mode 660 level admin
|
||||||
|
stats timeout 30s
|
||||||
|
user haproxy
|
||||||
|
group haproxy
|
||||||
|
daemon
|
||||||
|
|
||||||
|
ca-base /etc/ssl/certs
|
||||||
|
crt-base /crypt
|
||||||
|
|
||||||
|
ssl-default-bind-ciphers kEECDH+aRSA+AES:kRSA+AES:+AES256:RC4-SHA:!kEDH:!LOW:!EXP:!MD5:!aNULL:!eNULL
|
||||||
|
ssl-default-bind-options no-sslv3
|
||||||
|
|
||||||
|
defaults
|
||||||
|
#log global
|
||||||
|
mode http
|
||||||
|
#option httplog
|
||||||
|
#option dontlognull
|
||||||
|
timeout connect 5000
|
||||||
|
timeout client 50000
|
||||||
|
timeout server 50000
|
||||||
|
|
||||||
|
frontend https
|
||||||
|
bind *:443 ssl crt /data/cert.pem
|
||||||
|
reqadd X-Forwarded-Proto:\ https
|
||||||
|
default_backend www-backend
|
||||||
|
|
||||||
|
backend www-backend
|
||||||
|
server one target:80
|
||||||
Loading…
Reference in New Issue
Block a user