jlusiardi/docker_ssl_endpoint
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
13 Commits 1 Branch 0 Tags 98 KiB
Python 95.5%
Dockerfile 4.5%
6d93f9094b
Go to file
Joachim Lusiardi 6d93f9094b rework / refactoring / documentation 
* rename letencrypt.conf to letsencrypt.conf
* Move more options to letsencrypt configurations file
* Done lot of rework / refactoring / documentation
2016-04-12 07:05:24 +02:00
.gitignore Removed unsecure RC4 2016-04-10 09:36:03 +02:00
Dockerfile rework / refactoring / documentation 2016-04-12 07:05:24 +02:00
haproxy_ssl.conf Removed unsecure RC4 2016-04-10 09:36:03 +02:00
haproxy.conf First semiworking iteration 2016-04-06 20:26:08 +02:00
letsencrypt.conf rework / refactoring / documentation 2016-04-12 07:05:24 +02:00
list_domains.py first step to refactor 2016-04-10 12:36:43 +02:00
NOTES add code to extract all resolving domains from the containers 2016-04-07 08:03:13 +02:00
README.md changed spelling of HAProxy 2016-04-12 07:02:15 +02:00
start.py rework / refactoring / documentation 2016-04-12 07:05:24 +02:00

README.md

SSL Termination using HAProxy

This image translates between plain http and https using HAProxy.

How it works

                                                                          +-------------+
                                                                          |             |
                                                                     +----+             |
                                                          +--------->+8080|   Tomcat    |
                                                          |          +----+             |
                                                          |               |             |
        +-------------------------+                       |               +-------------+
        |                         |                       |
    +---+                         |          +------------+-+             +-------------+
--->+ 80|                         |          |              |             |             |
    +---+                         |      +---+ docker nginx |        +----+             |
        |                         +----->+ 80|  auto proxy  +-------->  80|  Wordpress  |
    +---+                         |      +---+              |        +----+             |
--->+443|                         |          |              |             |             |
    +---+                         |          +--+---------+-+             +-------------+
        |                         |             |         |
        +---------+------------+--+             |         |               +-------------+
                  |            |                |         |               |             |
                  v            |                |         |         +-----+    Flask    |
               +--+-+          |   +------+     |         +-------->+5000||             |
               |Cert|          |   |Docker|     |                   +-----+     App     |
               |Data|          +-->+Socket+<----+                         |             |
               +----+              +------+                               +-------------+

The docker_ssl_endpoint Container listens on port 443 (expose this port for public) availability. All secure connections coming in on this port are handled using the certificates form the cert data volume and passed on to the target container's port 80.

Starting the container

docker run --name ssl_endpoint -v $PATH_TO_CERT_DATA:/data -v /var/run/docker.sock:/var/run/docker.sock -p $IP:443:443 -p $IP:80:80 -d --link nginx:target docker_ssl_endpoint