Skip to content

HA Proxy container with Let's Encrypt pre-configured, and rsyslog that logs to console

License

Notifications You must be signed in to change notification settings

polyverse/docker-haproxy-letsencrypt-rsyslog

 
 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

14 Commits
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

DEPRECATION NOTICE

Please note that this repository has been deprecated and is no longer actively maintained by Polyverse Corporation. It may be removed in the future, but for now remains public for the benefit of any users.

Importantly, as the repository has not been maintained, it may contain unpatched security issues and other critical issues. Use at your own risk.

While it is not maintained, we would graciously consider any pull requests in accordance with our Individual Contributor License Agreement. https://github.com/polyverse/contributor-license-agreement

For any other issues, please feel free to contact info@polyverse.com


HAproxy with rsyslog and Let's Encrypt

This docker container provides highly efficient load balancer which is HAproxy combined with Let's Encrypt, and uses rsyslog to log to console (so you can get kubectl logs or docker logs.)

Pulling image from docker hub

At the moment the docker image contains only single tag - which is latest and points to latest from HAproxy repository.

docker pull rafpe/docker-haproxy-rsyslog

Running container

In order to run container (assuming you have an haproxy config file) you can just run the following

docker run -d -P -v ${PWD}/haproxy.cfg:/usr/local/etc/haproxy/haproxy.cfg rafpe/docker-haproxy-rsyslog

This is of course only basic example since you will for sure need to adjust it to your requirements like ports/networks/volumes etc.

Example configuration from Play With Polyverse

global
    maxconn 256
    
    ### BEGIN: Let's Encrypt static blob
    lua-load /usr/local/etc/haproxy/acme-http01-webroot.lua
    chroot /jail
    ssl-default-bind-ciphers AES256+EECDH:AES256+EDH:!aNULL;
    tune.ssl.default-dh-param 4096
    ### END: Let's Encrypt static blob
    
    ### BEGIN: Send logs to rsyslog local (they'll just show up on console)
    log 127.0.0.1 local2 debug
    ### END: Send logs to rsyslog local (they'll just show up on console)
    
    log-send-hostname

defaults
    mode http
    log global
    option  httplog
    option logasap
    log-format %Ci:%Cp\ [%t]\ %ft\ %b/%s\ %Tq/%Tw/%Tc/%Tr/%Tt\ %st\ %B\ %cc\ %cs\ %tsc\ %ac/%fc/%bc/%sc/%rc\ %sq/%bq\ %hr\ %hs\ %{+Q}r\ %[src]
    timeout connect 5000ms
    timeout client 50000ms
    timeout server 50000ms
    option forwardfor
    option http-server-close


frontend http-in
    bind *:80

    ### BEGIN: Generate let's encrypt cert for incoming host
    capture request header Host len 1024
    acl url_acme_http01 path_beg /.well-known/acme-challenge/
    http-request use-service lua.acme-http01 if METH_GET url_acme_http01
    ### END: Generate let's encrypt cert for incoming host

    ### BEGIN: Redirect all traffic to https
    redirect scheme https code 301 if !{ ssl_fc } !host_direct 
    ### BEGIN:  Redirect all traffic to https


    acl host_direct hdr_reg(host) -i ^.*\.direct\..*$
    use_backend l2 if host_direct

    default_backend pwd 

frontend ft_ssl_vip
    bind *:443 ssl crt /usr/local/etc/haproxy/certs/ no-sslv3 no-tls-tickets no-tlsv10 no-tlsv11

    capture request header Host len 1024
    http-request set-header X-Forwarded-Proto https

    rspadd Strict-Transport-Security:\ max-age=15768000

    default_backend pwd

backend pwd
    server node1 pwd:3000

backend l2
    server node2 l2:443

About

HA Proxy container with Let's Encrypt pre-configured, and rsyslog that logs to console

Resources

License

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published

Languages

  • Dockerfile 71.3%
  • Shell 28.7%