jlusiardi/docker_ssl_endpoint
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

fixed minor issues

Browse Source
This commit is contained in:
Joachim Lusiardi 2016-12-30 10:05:42 +01:00
parent 40b9b26fa9
commit 810436a2f5
3 changed files with 16 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
haproxy.conf
View File

@ -23,11 +23,11 @@ defaults
frontend http frontend http
bind *:80 bind *:80
reqadd X-Forwarded-Proto:\ http
# add X-Forwarded-For Header to request # add X-Forwarded-For Header to request
http-request add-header X-Forwarded-For %[src] http-request add-header X-Forwarded-For %[src]
reqadd X-Forwarded-Proto:\ http
acl letsencrypt-acl path_beg /.well-known/acme-challenge/ acl letsencrypt-acl path_beg /.well-known/acme-challenge/
use_backend letsencrypt-backend if letsencrypt-acl use_backend letsencrypt-backend if letsencrypt-acl
default_backend www-backend default_backend www-backend

6
haproxy_ssl.conf
View File

@ -23,11 +23,12 @@ defaults
frontend http frontend http
bind *:80 bind *:80
reqadd X-Forwarded-Proto:\ http
# add X-Forwarded-For Header to request # add X-Forwarded-For Header to request
http-request add-header X-Forwarded-For %[src] http-request add-header X-Forwarded-For %[src]
reqadd X-Forwarded-Proto:\ http
redirect scheme https code 301 if !{ ssl_fc } redirect scheme https code 301 if !{ ssl_fc }
acl letsencrypt-acl path_beg /.well-known/acme-challenge/ acl letsencrypt-acl path_beg /.well-known/acme-challenge/
@ -37,11 +38,12 @@ frontend http
frontend https frontend https
bind *:443 ssl crt /data/haproxy/cert.pem bind *:443 ssl crt /data/haproxy/cert.pem
reqadd X-Forwarded-Proto:\ https
# add X-Forwarded-For Header to request # add X-Forwarded-For Header to request
http-request add-header X-Forwarded-For %[src] http-request add-header X-Forwarded-For %[src]
reqadd X-Forwarded-Proto:\ https
acl letsencrypt-acl path_beg /.well-known/acme-challenge/ acl letsencrypt-acl path_beg /.well-known/acme-challenge/
use_backend letsencrypt-backend if letsencrypt-acl use_backend letsencrypt-backend if letsencrypt-acl

8
start.py
View File

@ -122,12 +122,20 @@ def create_haproxy_cert():
logging.info('using %s as base dir', youngest_directory) logging.info('using %s as base dir', youngest_directory)
# read fullchain.pem and privkey.pem # read fullchain.pem and privkey.pem
if not os.path.exists(youngest_directory + '/fullchain.pem') or not os.path.exists(youngest_directory + '/privkey.pem'):
logging.info('either fullchain.pem or privkey.pem is missing.')
return
fullchain = read_file(youngest_directory + '/fullchain.pem') fullchain = read_file(youngest_directory + '/fullchain.pem')
privkey = read_file(youngest_directory + '/privkey.pem') privkey = read_file(youngest_directory + '/privkey.pem')
write_file(cert_file, fullchain + privkey) write_file(cert_file, fullchain + privkey)
logging.info('file written') logging.info('file written')
def create_cert_data_standalone(domains): def create_cert_data_standalone(domains):
if len(domains) == 0:
logging.info('no domains for SSL found.')
return
domains = " -d ".join(domains) domains = " -d ".join(domains)
# we should use tls-sni-01 if ssl is already running! # we should use tls-sni-01 if ssl is already running!