Go to file
Joachim Lusiardi a57fa08340 First semiworking iteration
Container can be started with empty data directory.
After using docker exec the commands from the NOTES file can be
used to create a first cert and additional certs after that.
2016-04-06 20:26:08 +02:00
.gitignore Initial commit 2016-04-03 09:08:55 +02:00
Dockerfile First semiworking iteration 2016-04-06 20:26:08 +02:00
haproxy_ssl.conf First semiworking iteration 2016-04-06 20:26:08 +02:00
haproxy.conf First semiworking iteration 2016-04-06 20:26:08 +02:00
letencrypt.conf First semiworking iteration 2016-04-06 20:26:08 +02:00
NOTES First semiworking iteration 2016-04-06 20:26:08 +02:00
README.md Initial commit 2016-04-03 09:08:55 +02:00
start.py First semiworking iteration 2016-04-06 20:26:08 +02:00
start.sh First semiworking iteration 2016-04-06 20:26:08 +02:00

SSL Termination using haproxy

This image translates between plain http and https using haproxy.

How it works

       +---------------------+         +--------+
   +---+                     |      +--+        |
-->|443| docker_ssl_endpoint |<---->|80| target |
   +---+                     |      +--+        |
       +----------+----------+         +--------+
                  |
                  |
            +-----+-----+
            | cert data |
            +-----------+

The docker_ssl_endpoint Container listens on port 443 (expose this port for public) availability. All secure connections coming in on this port are handled using the certificates form the cert data volume and passed on to the target container's port 80.

Starting the container

docker run --name ssl_endpoint -v $PATH_TO_CERT_DATA:/data -p $IP:443:443 d --link nginx:target docker_ssl_endpoint