HAProxy

February 26, 2019 ยท View on GitHub

Build Status Tag Gitter Discourse License

This repository provides a customized HAProxy which acts as a SSL-terminating frontend to Varnish. HAProxy will generate SSL certificates based on Devilbox CA to ensure you have valid HTTPS for local development.

This Docker image is very customized to fit the Devilbox and will probably not work without it.

Docker HubUpstream Project

Documentation

In case you seek help, go and visit the community pages.

Documentation

Chat

Forum
devilbox.readthedocs.io gitter.im/devilbox devilbox.discourse.group

Build

# Build the Docker image locally
make build

# Rebuild the Docker image locally without cache
make rebuild

# Test the Docker image after building
make test

Environment variables

Note: All variables are required for HAProxy to startup.

VariableDefault valueDescription
BACKEND_ADDR``Hostname or IP of backend service to connect to over HTTP.
BACKEND_PORT``HTTP port of backend service to connectto over HTTP.
DEVILBOX_UI_SSL_CN``Comma separated list of domain names and/or wildcards for which to generate SSL certificates by default
TLD_SUFFIX``Devilbox TLD_SUFFIX (e.g.: loc) to append to all domains, which is required for SSL certificate generation

Mount points

Note: All mountpoints are required for HAProxy to startup.

Container pathDescription
/ca/Expects Devilbox CA files to be mounted there. Two files must be present: devilbox-ca.key and devilbox-ca.crt
/shared/httpdExpects Devilbox project directories to be present for SSL certificate generation via watcherd

Ports

By default HAProxy will be available via 80 (for HTTP) and via 443 (for HTTPS offloading).

Examples

The following shows a Docker Compose example to use Varnish and HAProxy as an SSL offloading proxy in front of it.

version: '2.1'

services:

  varnish:
    image: devilbox/varnish:${VARNISH_SERVER:-6}-0.3
    hostname: varnish
    ports:
      - "${LOCAL_LISTEN_ADDR}${HOST_PORT_VARNISH:-6081}:6081"
    networks:
      app_net:
        ipv4_address: 172.16.238.230
    environment:
      - VARNISH_CONFIG=/etc/varnish/default.vcl
      - CACHE_SIZE=${VARNISH_CACHE_SIZE:-128m}
      - VARNISHD_PARAMS=${VARNISH_PARAMS:--p default_ttl=3600 -p default_grace=3600}
      - BACKEND_HOST=httpd
      - BACKEND_PORT=80
    volumes:
      - ${DEVILBOX_PATH}/cfg/varnish-${VARNISH_SERVER:-6}:/etc/varnish.d
    depends_on:
      - bind
      - php
      - httpd

  haproxy:
    image: devilbox/haproxy:0.1
    hostname: haproxy
    ports:
      - "${LOCAL_LISTEN_ADDR}${HOST_PORT_HAPROXY:-8080}:80"
      - "${LOCAL_LISTEN_ADDR}${HOST_PORT_HAPROXY_SSL:-8443}:443"
    networks:
      app_net:
        ipv4_address: 172.16.238.231
    environment:
      - BACKEND_ADDR=varnish
      - BACKEND_PORT=6081
      - DEVILBOX_UI_SSL_CN
      - TLD_SUFFIX
    volumes:
      # Certificate Authority public key
      - ${DEVILBOX_PATH}/ca:/ca:rw${MOUNT_OPTIONS}
      # Mount custom mass virtual hosting
      - ${HOST_PATH_HTTPD_DATADIR}:/shared/httpd:rw${MOUNT_OPTIONS}
    depends_on:
      - bind
      - php
      - httpd
      - varnish

License

MIT License

Copyright (c) 2019 cytopia