Please note that this repository has been deprecated and is no longer actively maintained by Polyverse Corporation. It may be removed in the future, but for now remains public for the benefit of any users.
Importantly, as the repository has not been maintained, it may contain unpatched security issues and other critical issues. Use at your own risk.
While it is not maintained, we would graciously consider any pull requests in accordance with our Individual Contributor License Agreement. https://github.com/polyverse/contributor-license-agreement
For any other issues, please feel free to contact info@polyverse.com
This docker container provides highly efficient load balancer which is HAproxy combined with Let's Encrypt, and uses rsyslog to log to console (so you can get kubectl logs
or docker logs
.)
At the moment the docker image contains only single tag - which is latest and points to latest from HAproxy repository.
docker pull rafpe/docker-haproxy-rsyslog
In order to run container (assuming you have an haproxy config file) you can just run the following
docker run -d -P -v ${PWD}/haproxy.cfg:/usr/local/etc/haproxy/haproxy.cfg rafpe/docker-haproxy-rsyslog
This is of course only basic example since you will for sure need to adjust it to your requirements like ports/networks/volumes etc.
Example configuration from Play With Polyverse
global
maxconn 256
### BEGIN: Let's Encrypt static blob
lua-load /usr/local/etc/haproxy/acme-http01-webroot.lua
chroot /jail
ssl-default-bind-ciphers AES256+EECDH:AES256+EDH:!aNULL;
tune.ssl.default-dh-param 4096
### END: Let's Encrypt static blob
### BEGIN: Send logs to rsyslog local (they'll just show up on console)
log 127.0.0.1 local2 debug
### END: Send logs to rsyslog local (they'll just show up on console)
log-send-hostname
defaults
mode http
log global
option httplog
option logasap
log-format %Ci:%Cp\ [%t]\ %ft\ %b/%s\ %Tq/%Tw/%Tc/%Tr/%Tt\ %st\ %B\ %cc\ %cs\ %tsc\ %ac/%fc/%bc/%sc/%rc\ %sq/%bq\ %hr\ %hs\ %{+Q}r\ %[src]
timeout connect 5000ms
timeout client 50000ms
timeout server 50000ms
option forwardfor
option http-server-close
frontend http-in
bind *:80
### BEGIN: Generate let's encrypt cert for incoming host
capture request header Host len 1024
acl url_acme_http01 path_beg /.well-known/acme-challenge/
http-request use-service lua.acme-http01 if METH_GET url_acme_http01
### END: Generate let's encrypt cert for incoming host
### BEGIN: Redirect all traffic to https
redirect scheme https code 301 if !{ ssl_fc } !host_direct
### BEGIN: Redirect all traffic to https
acl host_direct hdr_reg(host) -i ^.*\.direct\..*$
use_backend l2 if host_direct
default_backend pwd
frontend ft_ssl_vip
bind *:443 ssl crt /usr/local/etc/haproxy/certs/ no-sslv3 no-tls-tickets no-tlsv10 no-tlsv11
capture request header Host len 1024
http-request set-header X-Forwarded-Proto https
rspadd Strict-Transport-Security:\ max-age=15768000
default_backend pwd
backend pwd
server node1 pwd:3000
backend l2
server node2 l2:443