From 51096c5e70a0e2b227b3233bbdc4ea78953c8c70 Mon Sep 17 00:00:00 2001 From: Amir Zarrinkafsh Date: Fri, 17 Feb 2023 15:05:48 +1100 Subject: [PATCH] refactor(suites): utilise pki certs in haproxy suite (#4945) This utilises the certs provided within the pki section of the repo for the HAProxy suite. --- internal/suites/example/compose/haproxy/Dockerfile | 8 ++------ .../suites/example/compose/haproxy/docker-compose.yml | 1 + internal/suites/example/compose/haproxy/haproxy.cfg | 8 ++++++-- 3 files changed, 9 insertions(+), 8 deletions(-) diff --git a/internal/suites/example/compose/haproxy/Dockerfile b/internal/suites/example/compose/haproxy/Dockerfile index 86c365331..f66975208 100644 --- a/internal/suites/example/compose/haproxy/Dockerfile +++ b/internal/suites/example/compose/haproxy/Dockerfile @@ -3,10 +3,6 @@ USER root RUN \ apk add --no-cache \ - curl \ - lua-json4 \ - openssl && \ -openssl req -new -newkey rsa:4096 -days 365 -nodes -x509 -subj "/C=AU/ST=Victoria/L=Melbourne/O=Authelia/CN=*.example.com" -keyout haproxy.key -out haproxy.crt && \ -cat haproxy.key haproxy.crt > /usr/local/etc/haproxy/haproxy.pem + lua-json4 -USER haproxy \ No newline at end of file +USER haproxy diff --git a/internal/suites/example/compose/haproxy/docker-compose.yml b/internal/suites/example/compose/haproxy/docker-compose.yml index 3681cdcd4..980292556 100644 --- a/internal/suites/example/compose/haproxy/docker-compose.yml +++ b/internal/suites/example/compose/haproxy/docker-compose.yml @@ -7,6 +7,7 @@ services: - ./example/compose/haproxy/haproxy.cfg:/usr/local/etc/haproxy/haproxy.cfg:ro - ./example/compose/haproxy/http.lua:/usr/local/etc/haproxy/haproxy-lua-http/http.lua - ./example/compose/haproxy/auth-request.lua:/usr/local/etc/haproxy/auth-request.lua + - ./common/pki:/pki networks: authelianet: # Set the IP to be able to query on port 8080 diff --git a/internal/suites/example/compose/haproxy/haproxy.cfg b/internal/suites/example/compose/haproxy/haproxy.cfg index 529920b8a..ae9529d2c 100644 --- a/internal/suites/example/compose/haproxy/haproxy.cfg +++ b/internal/suites/example/compose/haproxy/haproxy.cfg @@ -2,10 +2,14 @@ global lua-prepend-path /usr/local/etc/haproxy/?/http.lua lua-load /usr/local/etc/haproxy/auth-request.lua log stdout format raw local0 debug + maxconn 2000 defaults default-server init-addr none mode http + timeout connect 5000ms + timeout client 50000ms + timeout server 50000ms log global option forwardfor option httplog @@ -16,7 +20,7 @@ resolvers docker nameserver ip 127.0.0.11:53 frontend fe_api - bind *:8081 ssl crt /usr/local/etc/haproxy/haproxy.pem + bind *:8081 ssl crt /pki/private.chain.pem stats enable stats uri /api @@ -24,7 +28,7 @@ frontend fe_api stats admin if LOCALHOST frontend fe_http - bind *:8080 ssl crt /usr/local/etc/haproxy/haproxy.pem + bind *:8080 ssl crt /pki/private.chain.pem acl api-path path_beg -i /api acl devworkflow-path path -i -m end /devworkflow