From a9ad5144748cb1b4c7f18d9316acee7a966b556e Mon Sep 17 00:00:00 2001 From: Adam Mohammed Date: Wed, 25 Oct 2023 01:39:13 +0000 Subject: [PATCH] init --- Dockerfile | 2 ++ Makefile | 6 ++++++ README.org | 10 ++++++++++ docker-compose.yml | 30 ++++++++++++++++++++++++++++++ haproxy.cfg | 29 +++++++++++++++++++++++++++++ renew.sh | 3 +++ static-container/Dockerfile | 4 ++++ static-container/index.html | 1 + 8 files changed, 85 insertions(+) create mode 100644 Dockerfile create mode 100644 Makefile create mode 100644 README.org create mode 100644 docker-compose.yml create mode 100644 haproxy.cfg create mode 100755 renew.sh create mode 100644 static-container/Dockerfile create mode 100644 static-container/index.html diff --git a/Dockerfile b/Dockerfile new file mode 100644 index 0000000..694cf58 --- /dev/null +++ b/Dockerfile @@ -0,0 +1,2 @@ +FROM haproxy:2.7-bullseye +COPY haproxy.cfg /usr/local/etc/haproxy/haproxy.cfg diff --git a/Makefile b/Makefile new file mode 100644 index 0000000..3c2ee82 --- /dev/null +++ b/Makefile @@ -0,0 +1,6 @@ +.PHONY: test-config build run +test-config: build + docker run -it --rm --name haproxy-syntax-check fixer-grid-haproxy haproxy -c -f /usr/local/etc/haproxy/haproxy.cfg + +build: + docker build -t fixer-grid-haproxy . diff --git a/README.org b/README.org new file mode 100644 index 0000000..9ea0f1b --- /dev/null +++ b/README.org @@ -0,0 +1,10 @@ +#+TITLE: HAproxy Configuration + + +* Renewing certificates + +1. Run =renew.sh= +2. Files are now in =/etc/letsencrypt/live/fixergrid.net= +3. Create a =combined.pem= by concatenating =fullchain.pem= and =privkey.pem= +4. Copy the file into the running container at =/certs/combined.pem= +5. Restart the container diff --git a/docker-compose.yml b/docker-compose.yml new file mode 100644 index 0000000..5191f87 --- /dev/null +++ b/docker-compose.yml @@ -0,0 +1,30 @@ +version: "3" + +services: + proxy: + image: fixer-grid-haproxy + build: + context: . + ports: + - "100.115.147.109:443:443" + - "145.40.65.245:443:443" + volumes: + - type: volume + source: tls-certs + target: /certs + networks: + - localprox + + static: + image: fixer-grid-static + build: + context: ./static-container + networks: + - localprox + + +volumes: + tls-certs: + +networks: + localprox: diff --git a/haproxy.cfg b/haproxy.cfg new file mode 100644 index 0000000..8f24e04 --- /dev/null +++ b/haproxy.cfg @@ -0,0 +1,29 @@ +global + daemon + maxconn 256 + log stdout format raw daemon debug + +defaults + mode http + timeout connect 5000ms + timeout client 50000ms + timeout server 50000ms + log global + +frontend https-in + bind *:443 ssl crt /certs/combined.pem + acl host_gitea hdr_beg(host) -i git + acl host_plex hdr_beg(host) -i tv + use_backend gitea if host_gitea + use_backend plex if host_plex + default_backend static-content + + +backend static-content + server server1 static:80 maxconn 32 + +backend gitea + server gitea1 garage-nas:3000 maxconn 16 + +backend plex + server plex1 garage-nas:32400 maxconn 16 diff --git a/renew.sh b/renew.sh new file mode 100755 index 0000000..c5bc75d --- /dev/null +++ b/renew.sh @@ -0,0 +1,3 @@ +#!/bin/bash + +certbot certonly --server https://acme-v02.api.letsencrypt.org/directory --manual --preferred-challenges dns -d 'fixergrid.net,*.fixergrid.net' diff --git a/static-container/Dockerfile b/static-container/Dockerfile new file mode 100644 index 0000000..f36dbe8 --- /dev/null +++ b/static-container/Dockerfile @@ -0,0 +1,4 @@ +FROM nginx +RUN mkdir -p /usr/share/html/ +COPY *.html /usr/share/nginx/html/ +COPY .well-known/acme-challenge /usr/share/nginx/html/.well-known/acme-challenge/ diff --git a/static-container/index.html b/static-container/index.html new file mode 100644 index 0000000..596ef80 --- /dev/null +++ b/static-container/index.html @@ -0,0 +1 @@ +hello, static content