Go to file

Joachim Lusiardi b1c32049a0 Removed unsecure RC4 RC4-SHA was marked insecure by https://sslanalyzer.comodoca.com		2016-04-10 09:36:03 +02:00
.gitignore	Removed unsecure RC4	2016-04-10 09:36:03 +02:00
Dockerfile	add code to extract all resolving domains from the containers	2016-04-07 08:03:13 +02:00
NOTES	add code to extract all resolving domains from the containers	2016-04-07 08:03:13 +02:00
README.md	Updated diagramm	2016-04-08 07:36:51 +02:00
haproxy.conf	First semiworking iteration	2016-04-06 20:26:08 +02:00
haproxy_ssl.conf	Removed unsecure RC4	2016-04-10 09:36:03 +02:00
letencrypt.conf	First semiworking iteration	2016-04-06 20:26:08 +02:00
list_domains.py	Removed unsecure RC4	2016-04-10 09:36:03 +02:00
start.py	Removed unsecure RC4	2016-04-10 09:36:03 +02:00

README.md

SSL Termination using haproxy

This image translates between plain http and https using haproxy.

How it works

                                                                          +-------------+
                                                                          |             |
                                                                     +----+             |
                                                          +--------->+8080|   Tomcat    |
                                                          |          +----+             |
                                                          |               |             |
        +-------------------------+                       |               +-------------+
        |                         |                       |
    +---+                         |          +------------+-+             +-------------+
--->+ 80|                         |          |              |             |             |
    +---+                         |      +---+ docker nginx |        +----+             |
        |                         +----->+ 80|  auto proxy  +-------->  80|  Wordpress  |
    +---+                         |      +---+              |        +----+             |
--->+443|                         |          |              |             |             |
    +---+                         |          +--+---------+-+             +-------------+
        |                         |             |         |
        +---------+------------+--+             |         |               +-------------+
                  |            |                |         |               |             |
                  v            |                |         |         +-----+    Flask    |
               +--+-+          |   +------+     |         +-------->+5000||             |
               |Cert|          |   |Docker|     |                   +-----+     App     |
               |Data|          +-->+Socket+<----+                         |             |
               +----+              +------+                               +-------------+

The docker_ssl_endpoint Container listens on port 443 (expose this port for public) availability. All secure connections coming in on this port are handled using the certificates form the cert data volume and passed on to the target container's port 80.

Starting the container

docker run --name ssl_endpoint -v $PATH_TO_CERT_DATA:/data -v /var/run/docker.sock:/var/run/docker.sock -p $IP:443:443 -p $IP:80:80 -d --link nginx:target docker_ssl_endpoint