init
This commit is contained in:
Adam Mohammed
2
Dockerfile
Normal file
2
Dockerfile
Normal file
@@ -0,0 +1,2 @@
|
|||||||
|
FROM haproxy:2.7-bullseye
|
||||||
|
COPY haproxy.cfg /usr/local/etc/haproxy/haproxy.cfg
|
||||||
6
Makefile
Normal file
6
Makefile
Normal file
@@ -0,0 +1,6 @@
|
|||||||
|
.PHONY: test-config build run
|
||||||
|
test-config: build
|
||||||
|
docker run -it --rm --name haproxy-syntax-check fixer-grid-haproxy haproxy -c -f /usr/local/etc/haproxy/haproxy.cfg
|
||||||
|
|
||||||
|
build:
|
||||||
|
docker build -t fixer-grid-haproxy .
|
||||||
10
README.org
Normal file
10
README.org
Normal file
@@ -0,0 +1,10 @@
|
|||||||
|
#+TITLE: HAproxy Configuration
|
||||||
|
|
||||||
|
|
||||||
|
* Renewing certificates
|
||||||
|
|
||||||
|
1. Run =renew.sh=
|
||||||
|
2. Files are now in =/etc/letsencrypt/live/fixergrid.net=
|
||||||
|
3. Create a =combined.pem= by concatenating =fullchain.pem= and =privkey.pem=
|
||||||
|
4. Copy the file into the running container at =/certs/combined.pem=
|
||||||
|
5. Restart the container
|
||||||
30
docker-compose.yml
Normal file
30
docker-compose.yml
Normal file
@@ -0,0 +1,30 @@
|
|||||||
|
version: "3"
|
||||||
|
|
||||||
|
services:
|
||||||
|
proxy:
|
||||||
|
image: fixer-grid-haproxy
|
||||||
|
build:
|
||||||
|
context: .
|
||||||
|
ports:
|
||||||
|
- "100.115.147.109:443:443"
|
||||||
|
- "145.40.65.245:443:443"
|
||||||
|
volumes:
|
||||||
|
- type: volume
|
||||||
|
source: tls-certs
|
||||||
|
target: /certs
|
||||||
|
networks:
|
||||||
|
- localprox
|
||||||
|
|
||||||
|
static:
|
||||||
|
image: fixer-grid-static
|
||||||
|
build:
|
||||||
|
context: ./static-container
|
||||||
|
networks:
|
||||||
|
- localprox
|
||||||
|
|
||||||
|
|
||||||
|
volumes:
|
||||||
|
tls-certs:
|
||||||
|
|
||||||
|
networks:
|
||||||
|
localprox:
|
||||||
29
haproxy.cfg
Normal file
29
haproxy.cfg
Normal file
@@ -0,0 +1,29 @@
|
|||||||
|
global
|
||||||
|
daemon
|
||||||
|
maxconn 256
|
||||||
|
log stdout format raw daemon debug
|
||||||
|
|
||||||
|
defaults
|
||||||
|
mode http
|
||||||
|
timeout connect 5000ms
|
||||||
|
timeout client 50000ms
|
||||||
|
timeout server 50000ms
|
||||||
|
log global
|
||||||
|
|
||||||
|
frontend https-in
|
||||||
|
bind *:443 ssl crt /certs/combined.pem
|
||||||
|
acl host_gitea hdr_beg(host) -i git
|
||||||
|
acl host_plex hdr_beg(host) -i tv
|
||||||
|
use_backend gitea if host_gitea
|
||||||
|
use_backend plex if host_plex
|
||||||
|
default_backend static-content
|
||||||
|
|
||||||
|
|
||||||
|
backend static-content
|
||||||
|
server server1 static:80 maxconn 32
|
||||||
|
|
||||||
|
backend gitea
|
||||||
|
server gitea1 garage-nas:3000 maxconn 16
|
||||||
|
|
||||||
|
backend plex
|
||||||
|
server plex1 garage-nas:32400 maxconn 16
|
||||||
3
renew.sh
Executable file
3
renew.sh
Executable file
@@ -0,0 +1,3 @@
|
|||||||
|
#!/bin/bash
|
||||||
|
|
||||||
|
certbot certonly --server https://acme-v02.api.letsencrypt.org/directory --manual --preferred-challenges dns -d 'fixergrid.net,*.fixergrid.net'
|
||||||
4
static-container/Dockerfile
Normal file
4
static-container/Dockerfile
Normal file
@@ -0,0 +1,4 @@
|
|||||||
|
FROM nginx
|
||||||
|
RUN mkdir -p /usr/share/html/
|
||||||
|
COPY *.html /usr/share/nginx/html/
|
||||||
|
COPY .well-known/acme-challenge /usr/share/nginx/html/.well-known/acme-challenge/
|
||||||
1
static-container/index.html
Normal file
1
static-container/index.html
Normal file
@@ -0,0 +1 @@
|
|||||||
|
hello, static content
|
||||||
Reference in New Issue
Block a user