-
Notifications
You must be signed in to change notification settings - Fork 10
/
Copy pathDockerfile
67 lines (56 loc) · 2.31 KB
/
Dockerfile
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
# -----------------------------------------------------------------------------------------------
#
# HAProxy image with certbot for certificate generation and renewal
#
# -----------------------------------------------------------------------------------------------
FROM haproxy:2.9-alpine
MAINTAINER [email protected]
USER root
ENV DOMAINNAME ${DOMAINNAME}
ENV DOMAINNAMES ${DOMAINNAMES}
ENV TERM xterm
ENV HAPROXY_USER_PARAMS ${HAPROXY_USER_PARAMS}
ENV HAPROXY_CONFIG ${HAPROXY_CONFIG:-/etc/haproxy/haproxy.cfg}
ENV PROXY_LOGLEVEL ${PROXY_LOGLEVEL:-notice}
ENV MANAGER_HOST ${MANAGER_HOST:-manager}
ENV MANAGER_WEB_PORT ${MANAGER_WEB_PORT:-8080}
ENV MANAGER_MQTT_PORT ${MANAGER_MQTT_PORT:-1883}
ENV KEYCLOAK_HOST ${KEYCLOAK_HOST:-keycloak}
ENV KEYCLOAK_PORT ${KEYCLOAK_PORT:-8080}
ENV LOGFILE ${LOGFILE}
ENV CERT_DIR /deployment/certs
ENV LE_DIR /deployment/letsencrypt
ENV CHROOT_DIR /etc/haproxy/webroot
# Install certbot and Route53 DNS plugin
RUN apk update \
&& apk add --no-cache certbot py-pip inotify-tools tar curl openssl \
&& rm -f /var/cache/apk/* \
&& pip install certbot-dns-route53 --break-system-packages
# Add ACME LUA plugin
ADD acme-plugin.tar.gz /etc/haproxy/lua/
RUN mkdir -p ${CHROOT_DIR} \
&& mkdir -p ${CERT_DIR} \
&& mkdir -p /var/log/letsencrypt \
&& mkdir -p ${LE_DIR} && chown haproxy:haproxy ${LE_DIR} \
&& mkdir -p /etc/letsencrypt \
&& mkdir -p /var/lib/letsencrypt \
&& touch /etc/periodic/daily/cert-renew \
&& printf "#!/bin/sh\n/entrypoint.sh auto-renew\n" > /etc/periodic/daily/cert-renew \
&& chmod +x /etc/periodic/daily/cert-renew \
&& chown -R haproxy:haproxy /etc/letsencrypt \
&& chown -R haproxy:haproxy /etc/haproxy \
&& chown -R haproxy:haproxy /var/lib/letsencrypt \
&& chown -R haproxy:haproxy /var/log/letsencrypt \
&& chown -R haproxy:haproxy ${CHROOT_DIR} \
&& chown -R haproxy:haproxy ${CERT_DIR}
RUN apk del tar && \
rm -f /var/cache/apk/*
ADD haproxy.cfg /etc/haproxy/haproxy.cfg
ADD certs /etc/haproxy/certs
ADD cli.ini /root/.config/letsencrypt/
ADD entrypoint.sh /
RUN chmod +x /entrypoint.sh
HEALTHCHECK --interval=5s --timeout=3s --start-period=5s --retries=10 CMD curl --fail --silent http://127.0.0.1/docker-health || exit 1
RUN chown -R haproxy:haproxy /etc/haproxy
ENTRYPOINT ["/entrypoint.sh"]
CMD ["run"]