diff --git a/Dockerfile b/Dockerfile new file mode 100644 index 0000000..f8f1e46 --- /dev/null +++ b/Dockerfile @@ -0,0 +1,4 @@ +FROM haproxy-2.5.4 +MAINTAINER gyurix +COPY haproxy-loadbalancer.cfg /etc/haproxy/haproxy.cfg +ENTRYPOINT ["haproxy", "-f", "/etc/haproxy/haproxy.cfg", "-p", "/var/run/haproxy.pid"] diff --git a/firewall-localloadbalancer-dns.json b/firewall-localloadbalancer-dns.json new file mode 100644 index 0000000..4e9059e --- /dev/null +++ b/firewall-localloadbalancer-dns.json @@ -0,0 +1,63 @@ +{ + "main": { + "SERVICE_NAME": "firewalls", + "DOMAIN": "null" + }, + "containers": [ + { + "IMAGE": "registry.format.hu/firewall", + "UDAPE": "true", + "NAME": "firewall", + "MEMORY": "64M", + "NETWORK": "host", + "SCALE": "0", + "VOLUMES": [ + { + "SOURCE": "/run/", + "DEST": "/run/", + "TYPE": "rw" + }, + { + "SOURCE": "/etc/user/config/services", + "DEST": "/services", + "TYPE": "ro" + }, + { + "SOURCE": "/etc/system/data/dns/hosts.local", + "DEST": "/etc/dns/hosts.local", + "TYPE": "ro" + }, + { + "SOURCE": "/var/run/docker.sock", + "DEST": "/var/run/docker.sock", + "TYPE": "rw" + }, + { + "SOURCE": "/usr/bin/docker", + "DEST": "/usr/bin/docker", + "TYPE": "ro" + } + ], + "PORTS": [ ], + "READYNESS": [ + {"tcp": ""}, + {"HTTP": ""}, + {"EXEC": "/ready.sh"} + ], + "ENVS": [ + { "CHAIN": "DOCKER-USER" }, + { "SOURCE": "localloadbalancer" }, + { "TARGET": "coredns" }, + { "TYPE": "udp" }, + { "TARGET_PORT": "53" }, + { "COMMENT": "local loadbalancer access for local dns" } + ], + "EXTRA": "--privileged --rm", + "DEPEND": "null", + "START_ON_BOOT": "false", + "CMD": "", + "PRE_START": [], + "POST_START": [] + } + ] +} diff --git a/firewall-localloadbalancer-to-smarthostbackend.json b/firewall-localloadbalancer-to-smarthostbackend.json new file mode 100644 index 0000000..40313ce --- /dev/null +++ b/firewall-localloadbalancer-to-smarthostbackend.json @@ -0,0 +1,64 @@ +{ + "main": { + "SERVICE_NAME": "firewalls", + "DOMAIN": "null" + }, + "containers": [ + { + "IMAGE": "registry.format.hu/firewall", + "NAME": "firewall", + "MEMORY": "64M", + "IP": "null", + "NETWORK": "host", + "SCALE": "0", + "VOLUMES": [ + { + "SOURCE": "/run/", + "DEST": "/run/", + "TYPE": "rw" + }, + { + "SOURCE": "/etc/user/config/services", + "DEST": "/services", + "TYPE": "ro" + }, + { + "SOURCE": "/etc/system/data/dns/hosts.local", + "DEST": "/etc/dns/hosts.local", + "TYPE": "ro" + }, + { + "SOURCE": "/var/run/docker.sock", + "DEST": "/var/run/docker.sock", + "TYPE": "rw" + }, + { + "SOURCE": "/usr/bin/docker", + "DEST": "/usr/bin/docker", + "TYPE": "ro" + } + ], + "PORTS": [ ], + "READYNESS": [ + {"tcp": ""}, + {"HTTP": ""}, + {"EXEC": "/ready.sh"} + ], + "ENVS": [ + { "CHAIN": "DOCKER-USER" }, + { "SOURCE": "localloadbalancer" }, + { "TARGET": "smarthostbackend" }, + { "TYPE": "tcp" }, + { "TARGET_PORT_1": "80" }, + { "TARGET_PORT_2": "443" }, + { "COMMENT": "local proxy to smarthost backends" } + ], + "EXTRA": "--privileged --rm", + "DEPEND": "null", + "START_ON_BOOT": "false", + "CMD": "null", + "PRE_START": "null", + "POST_START": "null" + } + ] +} diff --git a/haproxy-loadbalancer.cfg b/haproxy-loadbalancer.cfg new file mode 100644 index 0000000..924342c --- /dev/null +++ b/haproxy-loadbalancer.cfg @@ -0,0 +1,57 @@ +global + log stdout format raw local0 info +defaults + mode http + option redispatch + option http-server-close + log global + timeout connect 5s + timeout client 24h + timeout server 24h + option srvtcpka + option clitcpka + +frontend default + +bind :80 + mode http + option httpclose + option httplog + http-request add-header X-Forwarded-For %[src] + +acl letsencrypt path_beg /.well-known/acme-challenge/ +use_backend letsencrypt if letsencrypt + +default_backend backend-default + +backend letsencrypt + server letsencrypt $letsencrypt:80 send-proxy + +backend backend-default + mode http + option httplog + option log-health-checks + option redispatch + log global + balance roundrobin + server backend-1 smarthostbackend-1:80 check send-proxy + server backend-2 smarthostbackend-2:80 check send-proxy + +frontend default_https + +bind :443 + mode tcp + option forwardfor + option tcplog + option dontlognull + +default_backend backend_default_https +backend backend_default_https + mode tcp + option tcplog + option log-health-checks + option redispatch + log global + balance roundrobin + server backend-1 smarthostbackend-1:443 check send-proxy + server backend-2 smarthostbackend-2:443 check send-proxy diff --git a/local-proxy.json b/local-proxy.json new file mode 100644 index 0000000..0e4d8ef --- /dev/null +++ b/local-proxy.json @@ -0,0 +1,51 @@ +{ + "main": { + "SERVICE_NAME": "local-loadbalancer", + "DOMAIN": "null" + }, + "containers": [ + { + "IMAGE": "registry.format.hu/local-loadbalancer:2.5.4", + "NAME": "localloadbalancer", + "SELECTOR": "localloadbalancer", + "UPDATE": "true", + "ROLES": "frontend-proxy", + "MEMORY": "256M", + "NETWORK": "localloadbalancer", + "DNS": [ "coredns" ], + "READYNESS": [ + {"tcp": "80"}, + {"HTTP": "8080"}, + {"EXEC": "/ready.sh"} + ], + "PORTS": [ + { + "SOURCE": "80", + "DEST": "80", + "TYPE": "tcp" + }, + { + "SOURCE": "443", + "DEST": "443", + "TYPE": "tcp" + } + ], + "VOLUMES": [ + ], + "READYNESS": [ + {"tcp": "80"}, + {"HTTP": "8080"}, + {"EXEC": "/ready.sh"} + ], + "EXTRA": "--restart on-failure --log-opt max-size=500m --label ROLES=loadbalancer" , + "DEPEND": [ ], + "START_ON_BOOT": "true", + "CMD": "null", + "PRE_START": [ ], + "POST_START": [ + "firewall-localloadbalancer-dns", + "firewall-localloadbalancer-to-smarthostbackend" + ] + } + ] +}