39 lines
2.5 KiB
Markdown
39 lines
2.5 KiB
Markdown
# SSL Termination using HAProxy
|
|
This image translates between plain http and https using HAProxy.
|
|
|
|
## How it works
|
|
|
|
```plain
|
|
+-------------+
|
|
| |
|
|
+----+ |
|
|
+--------->+8080| Tomcat |
|
|
| +----+ |
|
|
| | |
|
|
+-------------------------+ | +-------------+
|
|
| | |
|
|
+---+ | +------------+-+ +-------------+
|
|
--->+ 80| | | | | |
|
|
+---+ | +---+ docker nginx | +----+ |
|
|
| SSL Proxy +----->+ 80| auto proxy +--------> 80| Wordpress |
|
|
+---+ | +---+ | +----+ |
|
|
--->+443| | | | | |
|
|
+---+ | +--+---------+-+ +-------------+
|
|
| | | |
|
|
+---------+------------+--+ | | +-------------+
|
|
| | | | | |
|
|
v | | | +-----+ Flask |
|
|
+--+-+ | +------+ | +-------->+5000|| |
|
|
|Cert| | |Docker| | +-----+ App |
|
|
|Data| +-->+Socket+<----+ | |
|
|
+----+ +------+ +-------------+
|
|
```
|
|
|
|
The *docker_ssl_endpoint* Container listens on port 443 (expose this port for
|
|
public) availability. All secure connections coming in on this port are handled
|
|
using the certificates form the *cert data* volume and passed on to the *target*
|
|
container's port 80.
|
|
|
|
## Starting the container
|
|
|
|
`docker run --name ssl_endpoint -v $PATH_TO_CERT_DATA:/data -v /var/run/docker.sock:/var/run/docker.sock -p $IP:443:443 -p $IP:80:80 -d --link nginx:target docker_ssl_endpoint` |