refactor(suites): utilise pki certs in haproxy suite (#4945)

This utilises the certs provided within the pki section of the repo for the HAProxy suite.
pull/4943/head
Amir Zarrinkafsh 2023-02-17 15:05:48 +11:00 committed by GitHub
parent 891f1de9f2
commit 51096c5e70
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
3 changed files with 9 additions and 8 deletions

View File

@ -3,10 +3,6 @@ USER root
RUN \
apk add --no-cache \
curl \
lua-json4 \
openssl && \
openssl req -new -newkey rsa:4096 -days 365 -nodes -x509 -subj "/C=AU/ST=Victoria/L=Melbourne/O=Authelia/CN=*.example.com" -keyout haproxy.key -out haproxy.crt && \
cat haproxy.key haproxy.crt > /usr/local/etc/haproxy/haproxy.pem
lua-json4
USER haproxy

View File

@ -7,6 +7,7 @@ services:
- ./example/compose/haproxy/haproxy.cfg:/usr/local/etc/haproxy/haproxy.cfg:ro
- ./example/compose/haproxy/http.lua:/usr/local/etc/haproxy/haproxy-lua-http/http.lua
- ./example/compose/haproxy/auth-request.lua:/usr/local/etc/haproxy/auth-request.lua
- ./common/pki:/pki
networks:
authelianet:
# Set the IP to be able to query on port 8080

View File

@ -2,10 +2,14 @@ global
lua-prepend-path /usr/local/etc/haproxy/?/http.lua
lua-load /usr/local/etc/haproxy/auth-request.lua
log stdout format raw local0 debug
maxconn 2000
defaults
default-server init-addr none
mode http
timeout connect 5000ms
timeout client 50000ms
timeout server 50000ms
log global
option forwardfor
option httplog
@ -16,7 +20,7 @@ resolvers docker
nameserver ip 127.0.0.11:53
frontend fe_api
bind *:8081 ssl crt /usr/local/etc/haproxy/haproxy.pem
bind *:8081 ssl crt /pki/private.chain.pem
stats enable
stats uri /api
@ -24,7 +28,7 @@ frontend fe_api
stats admin if LOCALHOST
frontend fe_http
bind *:8080 ssl crt /usr/local/etc/haproxy/haproxy.pem
bind *:8080 ssl crt /pki/private.chain.pem
acl api-path path_beg -i /api
acl devworkflow-path path -i -m end /devworkflow