Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Certbot integration? #28

Closed
gregbkr opened this issue Aug 16, 2016 · 3 comments
Closed

Certbot integration? #28

gregbkr opened this issue Aug 16, 2016 · 3 comments
Labels
Request Request for image modification or feature

Comments

@gregbkr
Copy link

gregbkr commented Aug 16, 2016

Hello,

Just wondering if certbot(let's encrypt) support in this image was possible/a good idea for a future release.
For the moment I stop haproxy container, create/update the cert with cerbot mapped on 80/443, then restart haproxy with the new cert.
Cert last only 3 months so need to automate the stop/start of haproxy in script, which makes me worried if something goes wrong during the night.

Any feedback on this?

Thank you!
Greg.
@jamshid
Copy link

jamshid commented Dec 20, 2016

I'd also like to see letsencrypt support. Maybe this lua plugin for haproxy could be used:

https://github.com/janeczku/haproxy-acme-validation-plugin

Unfortunately the https://hub.docker.com/_/haproxy images were not compiled with lua.

PS: I tried using these instructions to get a prebuilt deb of haproxy 1.7 with lua:
https://haproxy.debian.net/#?distribution=Debian&release=jessie&version=1.7

#    https://haproxy.debian.net/#?distribution=Debian&release=jessie&version=1.7
RUN  echo deb http://httpredir.debian.org/debian jessie-backports main | \
      sed 's/\(.*-backports\) \(.*\)/&@\1-sloppy \2/' | tr @ '\n' | \
      tee /etc/apt/sources.list.d/backports.list && \
      curl -f https://haproxy.debian.net/bernat.debian.org.gpg | \
      apt-key add - && \
      echo deb http://haproxy.debian.net jessie-backports-1.7 main | \
      tee /etc/apt/sources.list.d/haproxy.list
ENV HAPROXY_ADDL="-t jessie-backports-1.7"
RUN mkdir -p /run/haproxy && apt-get update && apt-get install -y haproxy ${HAPROXY_ADDL}

but it fails with:

[pound-swarm:latest] W: Failed to fetch http://httpredir.debian.org/debian/dists/jessie-backports-sloppy/main/binary-amd64/Packages  404  Not Found

@tianon
Copy link
Member

tianon commented Dec 22, 2016

We strive to keep our implementation as close to what upstream officially recommends as possible. At the moment, I don't think upstream has built-in ACME support, and doesn't officially recommend any particular plugin for doing so that I'm aware of.

If there's something simple we can do to enable Lua support (assuming it's officially supported) to make using the external plugin easier, I'm all for doing so! (likely just adding a new flag to ./configure and potentially adding more build-time dependencies for headers, right?)

@yajo yajo mentioned this issue Jan 13, 2017
Merged
@wglambert wglambert added the Request Request for image modification or feature label Apr 24, 2018
@tianon
Copy link
Member

tianon commented Apr 25, 2018

Lua support was added in #38. 👍

@tianon tianon closed this as completed Apr 25, 2018
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
Request Request for image modification or feature
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@jamshid @tianon @gregbkr @wglambert