EDUCATIC
/
digitaldemocratic
mirror of https://gitlab.com/digitaldemocratic/digitaldemocratic
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

[haproxy] Remove leftovers, fix config selection 

dd-apps/docker/haproxy seems to be a leftover and is not being used
anywhere.

Also fix the config selection for HAProxy.
mejoras_instalacion
Evilham 2022-08-30 21:34:32 +02:00
parent 72f9d927e1
commit 075529f472
No known key found for this signature in database
GPG Key ID: AE3EE30D970886BF
18 changed files with 4 additions and 610 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

34
dd-apps/docker/haproxy/Dockerfile
View File

@ -1,34 +0,0 @@
#
# Copyright © 2021,2022 IsardVDI S.L.
#
# This file is part of DD
#
# DD is free software: you can redistribute it and/or modify
# it under the terms of the GNU Affero General Public License as published by
# the Free Software Foundation, either version 3 of the License, or (at your
# option) any later version.
#
# DD is distributed in the hope that it will be useful, but WITHOUT ANY
# WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
# FOR A PARTICULAR PURPOSE. See the GNU Affero General Public License for more
# details.
#
# You should have received a copy of the GNU Affero General Public License
# along with DD. If not, see <https://www.gnu.org/licenses/>.
#
# SPDX-License-Identifier: AGPL-3.0-or-later
FROM haproxy:2.3-alpine as production
RUN apk add openssl certbot py-pip
RUN pip install pip install certbot-plugin-gandi
ADD letsencrypt.sh /
ADD letsencrypt-check.sh /
ADD deploy-hook.sh /etc/letsencrypt/renewal-hooks/deploy/
COPY auto-generate-certs.sh /usr/local/bin/
COPY docker-entrypoint.sh /usr/local/bin/
COPY auto-generate-certs.sh /
RUN rm /docker-entrypoint.sh
RUN ln -s /usr/local/bin/docker-entrypoint.sh /
RUN chmod 775 docker-entrypoint.sh
ADD haproxy.conf /usr/local/etc/haproxy/haproxy.cfg

51
dd-apps/docker/haproxy/_common/auto-generate-certs.sh
View File

@ -1,51 +0,0 @@
#
# Copyright © 2021,2022 IsardVDI S.L.
#
# This file is part of DD
#
# DD is free software: you can redistribute it and/or modify
# it under the terms of the GNU Affero General Public License as published by
# the Free Software Foundation, either version 3 of the License, or (at your
# option) any later version.
#
# DD is distributed in the hope that it will be useful, but WITHOUT ANY
# WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
# FOR A PARTICULAR PURPOSE. See the GNU Affero General Public License for more
# details.
#
# You should have received a copy of the GNU Affero General Public License
# along with DD. If not, see <https://www.gnu.org/licenses/>.
#
# SPDX-License-Identifier: AGPL-3.0-or-later
cd /certs
# Self signed cert generic data
C=CA
L=Barcelona
O=localdomain
CN_CA=$O
CN_HOST=*.$O
OU=$O
echo '#### Creating 2048-bit RSA key:'
openssl genrsa -out ca-key.pem 2048
echo '#### Using the key to create a self-signed certificate to your CA:'
openssl req -new -x509 -days 9999 -key ca-key.pem -out ca-cert.pem -sha256 \
-subj "/C=$C/L=$L/O=$O/CN=$CN_CA"
echo '#### Creating server certificate:'
openssl genrsa -out server-key.pem 2048
echo '#### Creating a certificate signing request for the server:'
openssl req -new -key server-key.pem -sha256 -out server-key.csr \
-subj "/CN=$CN_HOST"
echo '#### Creating server certificate:'
RND=$(( ( RANDOM % 1000 ) + 1 ))
openssl x509 -req -days 9999 -in server-key.csr -CA ca-cert.pem -CAkey ca-key.pem \
-set_serial $RND -sha256 -out server-cert.pem
echo '#### Concatenate certs for haprox'
cat server-cert.pem server-key.pem > chain.pem
chmod 440 *

42
dd-apps/docker/haproxy/_common/haproxy-docker-entrypoint.sh
View File

@ -1,42 +0,0 @@
#!/bin/sh
#
# Copyright © 2021,2022 IsardVDI S.L.
#
# This file is part of DD
#
# DD is free software: you can redistribute it and/or modify
# it under the terms of the GNU Affero General Public License as published by
# the Free Software Foundation, either version 3 of the License, or (at your
# option) any later version.
#
# DD is distributed in the hope that it will be useful, but WITHOUT ANY
# WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
# FOR A PARTICULAR PURPOSE. See the GNU Affero General Public License for more
# details.
#
# You should have received a copy of the GNU Affero General Public License
# along with DD. If not, see <https://www.gnu.org/licenses/>.
#
# SPDX-License-Identifier: AGPL-3.0-or-later
set -e
prepare.sh
if [ ! -f /certs/chain.pem ]; then
auto-generate-certs.sh
fi
# first arg is `-f` or `--some-option`
if [ "${1#-}" != "$1" ]; then
set -- haproxy "$@"
fi
if [ "$1" = 'haproxy' ]; then
shift # "haproxy"
# if the user wants "haproxy", let's add a couple useful flags
# -W -- "master-worker mode" (similar to the old "haproxy-systemd-wrapper"; allows for reload via "SIGUSR2")
# -db -- disables background mode
set -- haproxy -W -db "$@"
fi
exec "$@"

23
dd-apps/docker/haproxy/_common/letsencrypt-hook-deploy-concatenante.sh
View File

@ -1,23 +0,0 @@
#!/bin/sh
#
# Copyright © 2021,2022 IsardVDI S.L.
#
# This file is part of DD
#
# DD is free software: you can redistribute it and/or modify
# it under the terms of the GNU Affero General Public License as published by
# the Free Software Foundation, either version 3 of the License, or (at your
# option) any later version.
#
# DD is distributed in the hope that it will be useful, but WITHOUT ANY
# WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
# FOR A PARTICULAR PURPOSE. See the GNU Affero General Public License for more
# details.
#
# You should have received a copy of the GNU Affero General Public License
# along with DD. If not, see <https://www.gnu.org/licenses/>.
#
# SPDX-License-Identifier: AGPL-3.0-or-later
cat $RENEWED_LINEAGE/fullchain.pem $RENEWED_LINEAGE/privkey.pem > /certs/chain.pem
kill -SIGUSR2 1

21
dd-apps/docker/haproxy/_common/letsencrypt-renew-cron.sh
View File

@ -1,21 +0,0 @@
#!/bin/sh
#
# Copyright © 2021,2022 IsardVDI S.L.
#
# This file is part of DD
#
# DD is free software: you can redistribute it and/or modify
# it under the terms of the GNU Affero General Public License as published by
# the Free Software Foundation, either version 3 of the License, or (at your
# option) any later version.
#
# DD is distributed in the hope that it will be useful, but WITHOUT ANY
# WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
# FOR A PARTICULAR PURPOSE. See the GNU Affero General Public License for more
# details.
#
# You should have received a copy of the GNU Affero General Public License
# along with DD. If not, see <https://www.gnu.org/licenses/>.
#
# SPDX-License-Identifier: AGPL-3.0-or-later
certbot renew --cert-name $LETSENCRYPT_DOMAIN

37
dd-apps/docker/haproxy/_common/letsencrypt.sh
View File

@ -1,37 +0,0 @@
#!/bin/sh
#
# Copyright © 2021,2022 IsardVDI S.L.
#
# This file is part of DD
#
# DD is free software: you can redistribute it and/or modify
# it under the terms of the GNU Affero General Public License as published by
# the Free Software Foundation, either version 3 of the License, or (at your
# option) any later version.
#
# DD is distributed in the hope that it will be useful, but WITHOUT ANY
# WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
# FOR A PARTICULAR PURPOSE. See the GNU Affero General Public License for more
# details.
#
# You should have received a copy of the GNU Affero General Public License
# along with DD. If not, see <https://www.gnu.org/licenses/>.
#
# SPDX-License-Identifier: AGPL-3.0-or-later
if [ -f /letsencrypt-hook-deploy-concatenante.sh ]
then
mkdir -p /etc/letsencrypt/renewal-hooks/deploy/
mv /letsencrypt-hook-deploy-concatenante.sh /etc/letsencrypt/renewal-hooks/deploy/concatenate.sh
fi
if [ -n "$LETSENCRYPT_DOMAIN" -a -n "$LETSENCRYPT_EMAIL" ]
then
LETSENCRYPT_DOMAIN="$LETSENCRYPT_DOMAIN" crond
if [ ! -f /certs/chain.pem ]
then
if certbot certonly --standalone -d "$LETSENCRYPT_DOMAIN" -m "$LETSENCRYPT_EMAIL" -n --agree-tos
then
RENEWED_LINEAGE="/etc/letsencrypt/live/$LETSENCRYPT_DOMAIN" /etc/letsencrypt/renewal-hooks/deploy/concatenate.sh
fi
fi
fi

55
dd-apps/docker/haproxy/auto-generate-certs.sh
View File

@ -1,55 +0,0 @@
#
# Copyright © 2021,2022 IsardVDI S.L.
#
# This file is part of DD
#
# DD is free software: you can redistribute it and/or modify
# it under the terms of the GNU Affero General Public License as published by
# the Free Software Foundation, either version 3 of the License, or (at your
# option) any later version.
#
# DD is distributed in the hope that it will be useful, but WITHOUT ANY
# WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
# FOR A PARTICULAR PURPOSE. See the GNU Affero General Public License for more
# details.
#
# You should have received a copy of the GNU Affero General Public License
# along with DD. If not, see <https://www.gnu.org/licenses/>.
#
# SPDX-License-Identifier: AGPL-3.0-or-later
mkdir /certs
cd /certs
# Self signed cert generic data
C=CA
L=Barcelona
O=localdomain
CN_CA=$O
CN_HOST=*.$O
OU=$O
echo '#### Creating 2048-bit RSA key:'
openssl genrsa -out ca-key.pem 2048
echo '#### Using the key to create a self-signed certificate to your CA:'
openssl req -new -x509 -days 9999 -key ca-key.pem -out ca-cert.pem -sha256 \
-subj "/C=$C/L=$L/O=$O/CN=$CN_CA"
echo '#### Creating server certificate:'
openssl genrsa -out server-key.pem 2048
echo '#### Creating a certificate signing request for the server:'
openssl req -new -key server-key.pem -sha256 -out server-key.csr \
-subj "/CN=$CN_HOST"
echo '#### Creating server certificate:'
RND=$(( ( RANDOM % 1000 ) + 1 ))
openssl x509 -req -days 9999 -in server-key.csr -CA ca-cert.pem -CAkey ca-key.pem \
-set_serial $RND -sha256 -out server-cert.pem
chmod 440 *
echo '#### Concatenate certs for haprox'
cat server-cert.pem server-key.pem > /certs/chain.pem
cd /

27
dd-apps/docker/haproxy/deploy-hook.sh
View File

@ -1,27 +0,0 @@
#!/bin/sh
#
# Copyright © 2021,2022 IsardVDI S.L.
#
# This file is part of DD
#
# DD is free software: you can redistribute it and/or modify
# it under the terms of the GNU Affero General Public License as published by
# the Free Software Foundation, either version 3 of the License, or (at your
# option) any later version.
#
# DD is distributed in the hope that it will be useful, but WITHOUT ANY
# WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
# FOR A PARTICULAR PURPOSE. See the GNU Affero General Public License for more
# details.
#
# You should have received a copy of the GNU Affero General Public License
# along with DD. If not, see <https://www.gnu.org/licenses/>.
#
# SPDX-License-Identifier: AGPL-3.0-or-later
echo "Domain(s) $LETSENCRYPT_DNS renewed. Restarting haproxy..."
cat /etc/letsencrypt/live/$LETSENCRYPT_DNS/fullchain.pem /etc/letsencrypt/live/$LETSENCRYPT_DNS/privkey.pem > /certs/chain.pem
chmod 440 /certs/chain.pem
mkdir -p /certs/letsencrypt/$LETSENCRYPT_DNS
cp /etc/letsencrypt/live/$LETSENCRYPT_DNS/* /certs/letsencrypt/$LETSENCRYPT_DNS/
kill -SIGUSR2 1

46
dd-apps/docker/haproxy/docker-entrypoint.sh
View File

@ -1,46 +0,0 @@
#!/bin/sh
#
# Copyright © 2021,2022 IsardVDI S.L.
#
# This file is part of DD
#
# DD is free software: you can redistribute it and/or modify
# it under the terms of the GNU Affero General Public License as published by
# the Free Software Foundation, either version 3 of the License, or (at your
# option) any later version.
#
# DD is distributed in the hope that it will be useful, but WITHOUT ANY
# WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
# FOR A PARTICULAR PURPOSE. See the GNU Affero General Public License for more
# details.
#
# You should have received a copy of the GNU Affero General Public License
# along with DD. If not, see <https://www.gnu.org/licenses/>.
#
# SPDX-License-Identifier: AGPL-3.0-or-later
set -e
# Set debug path password
PASSWD=$(python3 -c 'import os,crypt,getpass; print(crypt.crypt(os.environ["ADMINAPP_PASSWORD"], crypt.mksalt(crypt.METHOD_SHA512)))')
sed -i "/^ user admin password/c\ user admin password $ADMINAPP_PASSWORD" /usr/local/etc/haproxy/haproxy.cfg
#/bin/sh /letsencrypt.sh
if [ ! -e "/certs/chain.pem" ]; then
auto-generate-certs.sh
fi
# first arg is `-f` or `--some-option`
if [ "${1#-}" != "$1" ]; then
set -- haproxy "$@"
fi
if [ "$1" = 'haproxy' ]; then
shift # "haproxy"
# if the user wants "haproxy", let's add a couple useful flags
# -W -- "master-worker mode" (similar to the old "haproxy-systemd-wrapper"; allows for reload via "SIGUSR2")
# -db -- disables background mode
set -- haproxy -W -db "$@"
fi
exec "$@"

101
dd-apps/docker/haproxy/haproxy.conf
View File

@ -1,101 +0,0 @@
#
# Copyright © 2021,2022 IsardVDI S.L.
#
# This file is part of DD
#
# DD is free software: you can redistribute it and/or modify
# it under the terms of the GNU Affero General Public License as published by
# the Free Software Foundation, either version 3 of the License, or (at your
# option) any later version.
#
# DD is distributed in the hope that it will be useful, but WITHOUT ANY
# WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
# FOR A PARTICULAR PURPOSE. See the GNU Affero General Public License for more
# details.
#
# You should have received a copy of the GNU Affero General Public License
# along with DD. If not, see <https://www.gnu.org/licenses/>.
#
# SPDX-License-Identifier: AGPL-3.0-or-later
resolvers mydns
nameserver dns1 127.0.0.11:53
global
# debug
daemon
log 127.0.0.1 local0
tune.ssl.default-dh-param 2048
defaults
mode http
timeout connect 120s
timeout client 120s
timeout client-fin 120s
timeout server 120s
timeout tunnel 7200s
option http-server-close
option httpclose
log global
option httplog
backlog 4096
maxconn 2000
option tcpka
frontend website
mode http
bind :80
redirect scheme https if !{ ssl_fc }
bind :443 ssl crt /certs/chain.pem
acl is_nextcloud hdr_beg(host) nextcloud.
acl is_moodle hdr_beg(host) moodle.
acl is_jitsi hdr_beg(host) jitsi.
use_backend be_nextcloud if is_nextcloud
use_backend be_moodle if is_moodle
use_backend be_jitsi if is_jitsi
default_backend be_moodle
backend be_moodle
mode http
acl existing-x-forwarded-host req.hdr(X-Forwarded-Host) -m found
acl existing-x-forwarded-proto req.hdr(X-Forwarded-Proto) -m found
http-request add-header X-Forwarded-Host %[req.hdr(Host)] unless existing-x-forwarded-host
http-request add-header X-Forwarded-Proto https unless existing-x-forwarded-proto
server moodle moodle:8080 check port 8080 inter 5s rise 2 fall 10 resolvers mydns init-addr none
backend be_nextcloud
mode http
acl existing-x-forwarded-host req.hdr(X-Forwarded-Host) -m found
acl existing-x-forwarded-proto req.hdr(X-Forwarded-Proto) -m found
http-request add-header X-Forwarded-Host %[req.hdr(Host)] unless existing-x-forwarded-host
http-request add-header X-Forwarded-Proto https unless existing-x-forwarded-proto
server nextcloud nextcloud:80 check port 80 inter 5s rise 2 fall 10 resolvers mydns init-addr none
backend be_jitsi
mode http
acl existing-x-forwarded-host req.hdr(X-Forwarded-Host) -m found
acl existing-x-forwarded-proto req.hdr(X-Forwarded-Proto) -m found
http-request add-header X-Forwarded-Host %[req.hdr(Host)] unless existing-x-forwarded-host
http-request add-header X-Forwarded-Proto https unless existing-x-forwarded-proto
server jitsi jitsi:80 check port 80 inter 5s rise 2 fall 10 resolvers mydns init-addr none
listen stats
bind 0.0.0.0:8888
mode http
stats enable
option httplog
stats show-legends
stats uri /haproxy
stats realm Haproxy\ Statistics
stats refresh 5s
#stats auth staging:pep1n1ll0
#acl authorized http_auth(AuthUsers)
#stats http-request auth unless authorized
timeout connect 5000ms
timeout client 50000ms
timeout server 50000ms
userlist AuthUsers
user admin password $6$grgQMVfwI0XSGAQl$2usaQC9LVXXXYHtSkGUf74CIGsiH8fi/K.V6DuKSq0twPkmFGP2vL/b//Ulp2I4xBEZ3eYDhUbwBPK8jpmsbo.

40
dd-apps/docker/haproxy/haproxy.yml
View File

@ -1,40 +0,0 @@
#
# Copyright © 2021,2022 IsardVDI S.L.
#
# This file is part of DD
#
# DD is free software: you can redistribute it and/or modify
# it under the terms of the GNU Affero General Public License as published by
# the Free Software Foundation, either version 3 of the License, or (at your
# option) any later version.
#
# DD is distributed in the hope that it will be useful, but WITHOUT ANY
# WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
# FOR A PARTICULAR PURPOSE. See the GNU Affero General Public License for more
# details.
#
# You should have received a copy of the GNU Affero General Public License
# along with DD. If not, see <https://www.gnu.org/licenses/>.
#
# SPDX-License-Identifier: AGPL-3.0-or-later
version: '3.7'
services:
dd-apps-haproxy:
build:
context: ${BUILD_APPS_ROOT_PATH}/docker/haproxy
dockerfile: Dockerfile
target: production
container_name: dd-apps-haproxy
restart: unless-stopped
environment:
- ADMINAPP_PASSWORD=${ADMINAPP_PASSWORD}
volumes:
- /etc/localtime:/etc/localtime:ro
- ${SRC_FOLDER}/haproxy:/certs:rw
networks:
- dd_net
ports:
- published: 80
target: 80
- published: 443
target: 443

26
dd-apps/docker/haproxy/letsencrypt-check.sh
View File

@ -1,26 +0,0 @@
#!/bin/sh
#
# Copyright © 2021,2022 IsardVDI S.L.
#
# This file is part of DD
#
# DD is free software: you can redistribute it and/or modify
# it under the terms of the GNU Affero General Public License as published by
# the Free Software Foundation, either version 3 of the License, or (at your
# option) any later version.
#
# DD is distributed in the hope that it will be useful, but WITHOUT ANY
# WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
# FOR A PARTICULAR PURPOSE. See the GNU Affero General Public License for more
# details.
#
# You should have received a copy of the GNU Affero General Public License
# along with DD. If not, see <https://www.gnu.org/licenses/>.
#
# SPDX-License-Identifier: AGPL-3.0-or-later
trap exit TERM
while :
do
sleep 12h
certbot renew --http-01-port 8888
done

34
dd-apps/docker/haproxy/letsencrypt.sh
View File

@ -1,34 +0,0 @@
#
# Copyright © 2021,2022 IsardVDI S.L.
#
# This file is part of DD
#
# DD is free software: you can redistribute it and/or modify
# it under the terms of the GNU Affero General Public License as published by
# the Free Software Foundation, either version 3 of the License, or (at your
# option) any later version.
#
# DD is distributed in the hope that it will be useful, but WITHOUT ANY
# WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
# FOR A PARTICULAR PURPOSE. See the GNU Affero General Public License for more
# details.
#
# You should have received a copy of the GNU Affero General Public License
# along with DD. If not, see <https://www.gnu.org/licenses/>.
#
# SPDX-License-Identifier: AGPL-3.0-or-later
RENEW=0
if [[ ! -f /certs/chain.pem && ! -z "$LETSENCRYPT_EMAIL" && ! -z "$LETSENCRYPT_DNS" ]]; then
/usr/bin/certbot certonly --standalone -d "$LETSENCRYPT_DNS" -m "$LETSENCRYPT_EMAIL" -n --agree-tos
if [[ $? == 0 ]] ; then
cat /etc/letsencrypt/live/$LETSENCRYPT_DNS/fullchain.pem /etc/letsencrypt/live/$LETSENCRYPT_DNS/privkey.pem > /certs/chain.pem
chmod 440 /certs/chain.pem
mkdir -p /certs/letsencrypt/$LETSENCRYPT_DNS
cp /etc/letsencrypt/live/$LETSENCRYPT_DNS/* /certs/letsencrypt/$LETSENCRYPT_DNS/
RENEW=1
fi
fi
if [ $RENEW == 1 ]; then
/bin/sh -c '/letsencrypt-check.sh' &
fi

26
dd-apps/docker/haproxy/prepare.sh
View File

@ -1,26 +0,0 @@
#!/bin/sh
#
# Copyright © 2021,2022 IsardVDI S.L.
#
# This file is part of DD
#
# DD is free software: you can redistribute it and/or modify
# it under the terms of the GNU Affero General Public License as published by
# the Free Software Foundation, either version 3 of the License, or (at your
# option) any later version.
#
# DD is distributed in the hope that it will be useful, but WITHOUT ANY
# WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
# FOR A PARTICULAR PURPOSE. See the GNU Affero General Public License for more
# details.
#
# You should have received a copy of the GNU Affero General Public License
# along with DD. If not, see <https://www.gnu.org/licenses/>.
#
# SPDX-License-Identifier: AGPL-3.0-or-later
# Set debug path password
PASSWD=$(python3 -c 'import os,crypt,getpass; print(crypt.crypt(os.environ["WEBAPP_ADMIN_PWD"], crypt.mksalt(crypt.METHOD_SHA512)))')
sed -i "/^ user admin password/c\ user admin password $ADMIN_PWD" /usr/local/etc/haproxy/haproxy.cfg
#LETSENCRYPT_DOMAIN="$WEBAPP_LETSENCRYPT_DNS" LETSENCRYPT_EMAIL="$WEBAPP_LETSENCRYPT_EMAIL"
letsencrypt.sh

3
dd-sso/docker/haproxy/Dockerfile
View File

@ -33,4 +33,5 @@ COPY docker-entrypoint.sh /usr/local/bin/
RUN ln -s /usr/local/bin/docker-entrypoint.sh / RUN ln -s /usr/local/bin/docker-entrypoint.sh /
RUN chmod 775 docker-entrypoint.sh RUN chmod 775 docker-entrypoint.sh
ADD ${HAPROXY_CONF:-haproxy.conf} /usr/local/etc/haproxy/haproxy.cfg ADD haproxy.conf /usr/local/etc/haproxy/haproxy.normal.cfg
ADD haproxy.proxy-protocol.conf /usr/local/etc/haproxy/haproxy.proxy-protocol.cfg

5
dd-sso/docker/haproxy/docker-entrypoint.sh
View File

@ -1,6 +1,7 @@
#!/bin/sh #!/bin/sh
# #
# Copyright © 2021,2022 IsardVDI S.L. # Copyright © 2021,2022 IsardVDI S.L.
# Copyright © 2022 Evilham <contact@evilham.com>
# #
# This file is part of DD # This file is part of DD
# #
@ -20,9 +21,7 @@
# SPDX-License-Identifier: AGPL-3.0-or-later # SPDX-License-Identifier: AGPL-3.0-or-later
set -e set -e
# Set debug path password ln -sf /usr/local/etc/haproxy/${HAPROXY_CFG:-haproxy.normal.cfg} /usr/local/etc/haproxy/haproxy.cfg
PASSWD=$(python3 -c 'import os,crypt,getpass; print(crypt.crypt(os.environ["KEYCLOAK_PASSWORD"], crypt.mksalt(crypt.METHOD_SHA512)))')
sed -i "/^ user admin password/c\ user admin password $PASSWD" /usr/local/etc/haproxy/haproxy.cfg
LETSENCRYPT_DOMAIN="$DOMAIN" letsencrypt.sh LETSENCRYPT_DOMAIN="$DOMAIN" letsencrypt.sh

42
dd-sso/docker/haproxy/haproxy-docker-entrypoint.sh
View File

@ -1,42 +0,0 @@
#!/bin/sh
#
# Copyright © 2021,2022 IsardVDI S.L.
#
# This file is part of DD
#
# DD is free software: you can redistribute it and/or modify
# it under the terms of the GNU Affero General Public License as published by
# the Free Software Foundation, either version 3 of the License, or (at your
# option) any later version.
#
# DD is distributed in the hope that it will be useful, but WITHOUT ANY
# WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
# FOR A PARTICULAR PURPOSE. See the GNU Affero General Public License for more
# details.
#
# You should have received a copy of the GNU Affero General Public License
# along with DD. If not, see <https://www.gnu.org/licenses/>.
#
# SPDX-License-Identifier: AGPL-3.0-or-later
set -e
prepare.sh
if [ ! -f /certs/chain.pem ]; then
auto-generate-certs.sh
fi
# first arg is `-f` or `--some-option`
if [ "${1#-}" != "$1" ]; then
set -- haproxy "$@"
fi
if [ "$1" = 'haproxy' ]; then
shift # "haproxy"
# if the user wants "haproxy", let's add a couple useful flags
# -W -- "master-worker mode" (similar to the old "haproxy-systemd-wrapper"; allows for reload via "SIGUSR2")
# -db -- disables background mode
set -- haproxy -W -db "$@"
fi
exec "$@"

1
dd-sso/docker/haproxy/haproxy.proxy-protocol.conf
View File

@ -84,7 +84,6 @@ frontend website
use_backend be_wp if is_wp use_backend be_wp if is_wp
use_backend be_etherpad if is_pad use_backend be_etherpad if is_pad
use_backend be_admin if is_sso { path_beg /socket.io } use_backend be_admin if is_sso { path_beg /socket.io }
use_backend be_adminer if is_sso { path_beg /dd-sso-adminer }
use_backend be_admin if is_admin use_backend be_admin if is_admin
use_backend be_sso if is_sso use_backend be_sso if is_sso
use_backend be_api if is_api use_backend be_api if is_api