init

2023-10-25 01:39:13 +00:00
commit a9ad514474
8 changed files with 85 additions and 0 deletions
--- a/2
+++ b/2
@@ -0,0 +1,2 @@
+FROM haproxy:2.7-bullseye
+COPY haproxy.cfg /usr/local/etc/haproxy/haproxy.cfg
--- a/6
+++ b/6
@@ -0,0 +1,6 @@
+.PHONY: test-config build run
+test-config: build
+	docker run -it --rm --name haproxy-syntax-check fixer-grid-haproxy haproxy -c -f /usr/local/etc/haproxy/haproxy.cfg
+
+build:
+	docker build -t fixer-grid-haproxy .
--- a/README.org
+++ b/README.org
@@ -0,0 +1,10 @@
+#+TITLE: HAproxy Configuration
+
+
+* Renewing certificates
+
+1. Run =renew.sh=
+2. Files are now in =/etc/letsencrypt/live/fixergrid.net=
+3. Create a =combined.pem= by concatenating =fullchain.pem= and =privkey.pem=
+4. Copy the file into the running container at =/certs/combined.pem=
+5. Restart the container
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -0,0 +1,30 @@
+version: "3"
+
+services:
+  proxy:
+    image: fixer-grid-haproxy
+    build:
+      context: .
+    ports:
+      - "100.115.147.109:443:443"
+      - "145.40.65.245:443:443"
+    volumes:
+      - type: volume
+        source: tls-certs
+        target: /certs
+    networks:
+      - localprox
+
+  static:
+    image: fixer-grid-static
+    build:
+      context: ./static-container
+    networks:
+      - localprox
+
+
+volumes:
+  tls-certs:
+
+networks:
+  localprox:
--- a/haproxy.cfg
+++ b/haproxy.cfg
@@ -0,0 +1,29 @@
+global
+	daemon
+	maxconn 256
+	log stdout format raw daemon debug
+
+defaults
+	mode http
+	timeout connect 5000ms
+	timeout client 50000ms
+	timeout server 50000ms
+	log global
+
+frontend https-in
+	 bind *:443 ssl crt /certs/combined.pem
+	 acl host_gitea hdr_beg(host) -i git
+	 acl host_plex  hdr_beg(host) -i tv
+	 use_backend gitea if host_gitea
+	 use_backend plex if host_plex
+	 default_backend static-content
+
+
+backend static-content
+	server server1 static:80 maxconn 32
+
+backend gitea
+	server gitea1 garage-nas:3000 maxconn 16
+
+backend plex
+	server plex1 garage-nas:32400 maxconn 16
--- a/renew.sh
+++ b/renew.sh
@@ -0,0 +1,3 @@
+#!/bin/bash
+
+certbot certonly --server https://acme-v02.api.letsencrypt.org/directory --manual --preferred-challenges dns -d 'fixergrid.net,*.fixergrid.net'
--- a/static-container/Dockerfile
+++ b/static-container/Dockerfile
@@ -0,0 +1,4 @@
+FROM nginx
+RUN mkdir -p /usr/share/html/
+COPY *.html /usr/share/nginx/html/
+COPY .well-known/acme-challenge /usr/share/nginx/html/.well-known/acme-challenge/
--- a/static-container/index.html
+++ b/static-container/index.html
@@ -0,0 +1 @@
+hello, static content