commit d60140ae784a1a66e512ce3801332e3bfd169fee Author: status404 Date: Sat Nov 2 17:12:45 2024 +0300 add dockerfile and config diff --git a/docker-compose.yml b/docker-compose.yml new file mode 100644 index 0000000..dfedb75 --- /dev/null +++ b/docker-compose.yml @@ -0,0 +1,14 @@ +services: + haproxy: + build: + context: ./docker + dockerfile: Dockerfile + image: bitdeals/haproxy + volumes: + - certificates:/usr/local/etc/haproxy/certificates:ro + ports: + - "80:80" + - "443:443" + expose: + - "9999" + diff --git a/docker/Dockerfile b/docker/Dockerfile new file mode 100644 index 0000000..4a0acec --- /dev/null +++ b/docker/Dockerfile @@ -0,0 +1,5 @@ +FROM bitnami/haproxy:2 + +# Copy config +COPY ./haproxy.cfg /bitnami/haproxy/conf/haproxy.cfg + diff --git a/docker/haproxy.cfg b/docker/haproxy.cfg new file mode 100644 index 0000000..7f98958 --- /dev/null +++ b/docker/haproxy.cfg @@ -0,0 +1,46 @@ +global + # Enable HAProxy runtime API + stats socket :9999 level admin expose-fd listeners + +defaults + mode http + default_backend default-backend-http + + timeout connect 5s + timeout client 1m + timeout server 1m + + option dontlog-normal + option tcp-smart-accept + option tcp-smart-connect + #option forwardfor + option http-keep-alive + + http-reuse safe + +frontend http + bind *:80 + #http-request redirect scheme https code 301 + + # ACL + acl certbot path_beg /.well-known/acme-challenge/ + use_backend certbot if certbot + +frontend https + bind *:443 ssl crt /usr/local/etc/haproxy/certificates/site.pem + http-request add-header X-Forwarded-Proto https + + # ACL + acl certbot path_beg /.well-known/acme-challenge/ + use_backend certbot if certbot + +backend default-backend-http + http-request set-header X-Forwarded-Proto https if { ssl_fc } + server main nginx:80 check + +backend certbot + server certbot certbot:380 + +resolvers docker + nameserver dns1 127.0.0.11:53 +