Skip to content

Commit

Permalink
Updated to haproxy 2.8
Browse files Browse the repository at this point in the history
  • Loading branch information
richturner committed Jan 31, 2024
1 parent 065f58c commit 7a35a98
Show file tree
Hide file tree
Showing 2 changed files with 45 additions and 22 deletions.
2 changes: 1 addition & 1 deletion Dockerfile
Original file line number Diff line number Diff line change
Expand Up @@ -3,7 +3,7 @@
# HAProxy image with certbot for certificate generation and renewal
#
# -----------------------------------------------------------------------------------------------
FROM haproxy:2.7.8-alpine
FROM haproxy:2.8-alpine
MAINTAINER [email protected]

USER root
Expand Down
65 changes: 44 additions & 21 deletions haproxy.cfg
Original file line number Diff line number Diff line change
Expand Up @@ -15,6 +15,8 @@ global
ssl-default-bind-ciphersuites TLS_AES_128_GCM_SHA256:TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256
# Require TLS 1.2 or higher
ssl-default-bind-options ssl-min-ver TLSv1.2 prefer-client-ciphers
# Works around breaking change in docker 23+ - just uses the old docker default value
fd-hard-limit 1048576

defaults
log global
Expand Down Expand Up @@ -58,26 +60,47 @@ frontend https

# Optional: redirects for root requests with certain host names to service paths
acl is_root path -i /
acl is_redirect_1 hdr(host) -i "${PROXY_HOST_REDIRECT_1_NAME}"
acl is_redirect_2 hdr(host) -i "${PROXY_HOST_REDIRECT_2_NAME}"
acl is_redirect_3 hdr(host) -i "${PROXY_HOST_REDIRECT_3_NAME}"
acl is_redirect_4 hdr(host) -i "${PROXY_HOST_REDIRECT_4_NAME}"
acl is_redirect_5 hdr(host) -i "${PROXY_HOST_REDIRECT_5_NAME}"
acl is_redirect_6 hdr(host) -i "${PROXY_HOST_REDIRECT_6_NAME}"
acl is_redirect_7 hdr(host) -i "${PROXY_HOST_REDIRECT_7_NAME}"
acl is_redirect_8 hdr(host) -i "${PROXY_HOST_REDIRECT_8_NAME}"
acl is_redirect_9 hdr(host) -i "${PROXY_HOST_REDIRECT_9_NAME}"
acl is_redirect_10 hdr(host) -i "${PROXY_HOST_REDIRECT_10_NAME}"
redirect code 302 location "https://${DOMAINNAME}${PROXY_HOST_REDIRECT_1_TARGET}" if is_root is_redirect_1
redirect code 302 location "https://${DOMAINNAME}${PROXY_HOST_REDIRECT_2_TARGET}" if is_root is_redirect_2
redirect code 302 location "https://${DOMAINNAME}${PROXY_HOST_REDIRECT_3_TARGET}" if is_root is_redirect_3
redirect code 302 location "https://${DOMAINNAME}${PROXY_HOST_REDIRECT_4_TARGET}" if is_root is_redirect_4
redirect code 302 location "https://${DOMAINNAME}${PROXY_HOST_REDIRECT_5_TARGET}" if is_root is_redirect_5
redirect code 302 location "https://${DOMAINNAME}${PROXY_HOST_REDIRECT_6_TARGET}" if is_root is_redirect_6
redirect code 302 location "https://${DOMAINNAME}${PROXY_HOST_REDIRECT_7_TARGET}" if is_root is_redirect_7
redirect code 302 location "https://${DOMAINNAME}${PROXY_HOST_REDIRECT_8_TARGET}" if is_root is_redirect_8
redirect code 302 location "https://${DOMAINNAME}${PROXY_HOST_REDIRECT_9_TARGET}" if is_root is_redirect_9
redirect code 302 location "https://${DOMAINNAME}${PROXY_HOST_REDIRECT_10_TARGET}" if is_root is_redirect_10

.if defined(PROXY_HOST_REDIRECT_1_TARGET)
acl is_redirect_1 hdr(host) -i ${PROXY_HOST_REDIRECT_1_NAME}
http-request redirect code 302 location https://env(DOMAINNAME)env(PROXY_HOST_REDIRECT_1_TARGET) if is_root is_redirect_1
.endif
.if defined(PROXY_HOST_REDIRECT_2_TARGET)
acl is_redirect_2 hdr(host) -i ${PROXY_HOST_REDIRECT_2_NAME}
http-request redirect code 302 location https://env(DOMAINNAME)env(PROXY_HOST_REDIRECT_2_TARGET) if is_root is_redirect_2
.endif
.if defined(PROXY_HOST_REDIRECT_3_TARGET)
acl is_redirect_3 hdr(host) -i ${PROXY_HOST_REDIRECT_3_NAME}
http-request redirect code 302 location https://env(DOMAINNAME)env(PROXY_HOST_REDIRECT_3_TARGET) if is_root is_redirect_3
.endif
.if defined(PROXY_HOST_REDIRECT_4_TARGET)
acl is_redirect_4 hdr(host) -i ${PROXY_HOST_REDIRECT_4_NAME}
http-request redirect code 302 location https://env(DOMAINNAME)env(PROXY_HOST_REDIRECT_4_TARGET) if is_root is_redirect_4
.endif
.if defined(PROXY_HOST_REDIRECT_5_TARGET)
acl is_redirect_5 hdr(host) -i ${PROXY_HOST_REDIRECT_5_NAME}
http-request redirect code 302 location https://env(DOMAINNAME)env(PROXY_HOST_REDIRECT_5_TARGET) if is_root is_redirect_5
.endif
.if defined(PROXY_HOST_REDIRECT_6_TARGET)
acl is_redirect_6 hdr(host) -i ${PROXY_HOST_REDIRECT_6_NAME}
http-request redirect code 302 location https://env(DOMAINNAME)env(PROXY_HOST_REDIRECT_6_TARGET) if is_root is_redirect_6
.endif
.if defined(PROXY_HOST_REDIRECT_7_TARGET)
acl is_redirect_7 hdr(host) -i ${PROXY_HOST_REDIRECT_7_NAME}
http-request redirect code 302 location https://env(DOMAINNAME)env(PROXY_HOST_REDIRECT_7_TARGET) if is_root is_redirect_7
.endif
.if defined(PROXY_HOST_REDIRECT_8_TARGET)
acl is_redirect_8 hdr(host) -i ${PROXY_HOST_REDIRECT_8_NAME}
http-request redirect code 302 location https://env(DOMAINNAME)env(PROXY_HOST_REDIRECT_8_TARGET) if is_root is_redirect_8
.endif
.if defined(PROXY_HOST_REDIRECT_9_TARGET)
acl is_redirect_9 hdr(host) -i ${PROXY_HOST_REDIRECT_9_NAME}
http-request redirect code 302 location https://env(DOMAINNAME)env(PROXY_HOST_REDIRECT_9_TARGET) if is_root is_redirect_9
.endif
.if defined(PROXY_HOST_REDIRECT_10_TARGET)
acl is_redirect_10 hdr(host) -i ${PROXY_HOST_REDIRECT_10_NAME}
http-request redirect code 302 location https://env(DOMAINNAME)env(PROXY_HOST_REDIRECT_10_TARGET) if is_root is_redirect_10
.endif

# Enable X-Forwarded header(s)
option forwardfor
Expand All @@ -86,7 +109,7 @@ frontend https
http-request add-header X-Forwarded-Port %[dst_port]
http-request add-header Strict-Transport-Security max-age=15768000

acl auth url_beg /auth
acl auth path_beg /auth
use_backend keycloak_backend if auth
use_backend manager_backend

Expand Down

0 comments on commit 7a35a98

Please sign in to comment.