million12 / docker-haproxy Goto Github PK

View Code? Open in Web Editor NEW

103.0 9.0 42.0 291 KB

Fully customisable HAProxy load balancer with HTTP/2 and ALPN support. Built on CentOS-7.

Home Page: https://registry.hub.docker.com/u/million12/haproxy/

Shell 51.50% Dockerfile 48.50%

docker-haproxy's Introduction

HAProxy Load Balancer

Felling like supporting me in my projects use donate button. Thank You!

HAProxy docker container million12/haproxy with ALPN and HTTP/2 support.

Features

Support for HTTP/2 with ALPN
RockyLinux based (migrated at 2.4.16)
Ability to provide any arguments to haproxy process Any extra parameters provided to docker run will be passed directly to haproxy command. For example, if you run docker run [run options] million12/haproxy -n 1000 you pass -n 1000 to haproxy daemon.
Pretty lightweight, only ~100M (with OpenSSL and HAProxy compiled from source).
Default haproxy.cfg provided for demonstration purposes. You can easily mount your own or point to different location using HAPROXY_CONFIG env.
Auto restart when config changes This container comes with inotify to monitor changes in HAProxy config and reload HAProxy daemon. The reload is done in a way that no connection is lost.

ENV variables

Variable	Default Settings	Notes
`HAPROXY_CONFIG`	`/etc/haproxy/haproxy.cfg`	If you mount your config to different location, simply edit it.
`HAPROXY_PORTS`	`80,443`	Comma separated ports
`HAPROXY_ADDITIONAL_CONFIG`	Empty	List of file that inotify should monitor for changes divided by space. Example below. Space separated
`HAPROXY_PRE_RESTART_CMD`	Empty	Command to execute before restarting haproxy
`HAPROXY_POST_RESTART_CMD`	Empty	Command to execute after successfully restarting haproxy

Usage

Basic

docker run -ti \
  -p 80:80 \
  -p 443:443 \
  million12/haproxy

Mount custom config , override some options

docker run -d \
  -p 80:80 \
  -v /my-haproxy.cfg:/etc/haproxy/haproxy.cfg \
  million12/haproxy \
  -n 10000

Note: in this case config is mounted to its default location, so you don't need to modify HAPROXY_CONFIG variable.

Monitor additional config files

docker run -d \
  -p 80:80 \
  -e HAPROXY_ADDITIONAL_CONFIG='/etc/haproxy/custom1 /etc/haproxy/custom2' \
  million12/haproxy

Check version and build options

docker run -ti million12/haproxy -vv

Stats

The default URL for stats is http://CONTAINER_IP/admin?stats with username:password ser to admin:admin.

Authors

Author: Marcin ryzy Ryzycki ([email protected])
Author: Przemyslaw Ozgo ([email protected])

docker-haproxy's People

Contributors

Stargazers

Watchers

Forkers

erwasambo athenahealth rit-paas gesellix alexstanovsky akram dumdan cloudxtreme nicholasklem nicolaihald sonkyokukou zhfnjust kioco mesosinfo duanshuaimin valdiz777 mkhutornenko loncarales f4-group joseanluo swapnilsm ajcdevops colorwalf houstek ligzy ivanxia gjhernandez1234 bbathow jsunj0nes skyformat99 golang-alex-alex2006hw eric-ackles sharmaansh21 aguerrave dheerajjoshi minicodemonkey tsoenen binrick guochangfei20 digimono dexterl

docker-haproxy's Issues

Docker Container Still Running While Haproxy Got OOM and Exited Out

When Haproxy received out of memory error and exited out, the docker container is still running without quitting or restarting.
It was probably caused by inotifywait in WHILE loop in bootstrap.sh. It does not try to detect if Haproxy is up or not.

The expected behavior should be that when Haproxy errors out and exited out inside Docker container, the docker container should either exit out so that the docker container could be relaunched by systemd service, or restart Haproxy inside the container.

Update to 2.3

CI tests failed

The command "docker run --cap-add NET_ADMIN -ti million12/haproxy -vv" exited with 0.
0.77s$ docker run --cap-add NET_ADMIN -ti million12/haproxy -vv | grep "HA-Proxy version"
The command "docker run --cap-add NET_ADMIN -ti million12/haproxy -vv | grep "HA-Proxy version"" exited with 1.
0.77s$ docker run --cap-add NET_ADMIN -ti million12/haproxy -vv | grep "Encrypted password support"
The command "docker run --cap-add NET_ADMIN -ti million12/haproxy -vv | grep "Encrypted password support"" exited with 1.
0.76s$ docker run --cap-add NET_ADMIN -ti million12/haproxy -vv | grep "OpenSSL 1.0.2"
The command "docker run --cap-add NET_ADMIN -ti million12/haproxy -vv | grep "OpenSSL 1.0.2"" exited with 1.

inotifywait does not account all files that haproxy read

ie. errorfiles or certificates that are being specified in haproxy.cfg.
those are being read only once - on haproxy start.

two possible solutions for this:

monitor /etc/haproxy (or whichever dir where haproxy.cfg resides) - this assumes that most people place entire haproxy configuration under etc, ie. inotifywait -r -q -e create,delete,modify,attrib $(dirname $HAPROXY_CONFIG) /etc/hosts
parse haproxy.cfg and add files and directories (crt directive might specify directory to watch) - unfortunately haproxy's own src/cfgparse.c doesn't have an abstract function for reading files, so this would require to reparse in bash.

Support /etc/hosts linked containers

Docker automatically updates the file /etc/hosts whenever a container changes if you are using linked containers. If you could modify your inotify command to monitor /etc/hosts, it would make haproxy updates happen automatically with linked containers.

More details at:
https://docs.docker.com/userguide/dockerlinks/#updating-the-etchosts-file

Thanks!

Master branch not pushing latest image to Docker Hub

Pre and Post reload hooks

@ryzy @pozgo I think we should allow some pre and post reload hooks to run some commands inside the container.
This will make supporting few use cases such as following possible.
Seamless server reload section of - https://www.haproxy.com/blog/whats-new-in-haproxy-1-6/

One way of implementing this is by taking in few extra environment variables and executing those accordingly.

I can take this up if you like to.

HA-Proxy version 1.5.4 2014/09/02

Seems a bit old no ?
Could you upgrade the image to the latest 1.5.x ?

Thanks!

Update HAProxy to 2.8.1

Workflow:

Update haproxy to 2.8.1
Update openssl to 3.1.1
Switch to debian 12

HAProxy exits immediately - inotifywait prevents container exiting

For some reason haproxy exits immediately but the return code is 0. When I attach to the container and run "ps -ef" there is no haproxy process. The container eventually exits when the file changes and it can't find the PID file.

One other issue is that you allow the ports to be overridden using HAPROXY_PORTS but the Dockerfile exposes 80 and 443. I don't think it is possible to extend your container and un-expose those ports (see issue 3465) and expose different ports.

CircleCI Builds are failing

I think we should remove circle.yml since we migrated all tests to Travis.

Update OpenSSL to 3.x

config : 'http-request' rules ignored for backend 'nodes-http2' as they require HTTP mode.

In the default configuration, there is

backend nodes-http2
    mode tcp
    http-request add-header X-Forwarded-Proto https
    server node1 web.server:81 check send-proxy

Using a similar conf I get [WARNING] 122/144630 (11) : config : 'http-request' rules ignored for backend 'nodes-http2' as they require HTTP mode.
So i was wondering if it should be working or if there's something in the config that somehow make this work

Update to 2.1.2

Configuring logging

Big thanks for putting it all together! This has been very helpful in enabling our e2e gRPC-based channel.

The only issue that we found lacking in this example is the explicit support for configurable logging/tracing. This could be invaluable in troubleshooting edge cases like SSL termination or backend SSL. Has anyone solved this before and willing to share their experience? Are you using rsyslog or a some kind of sidecar container solution (e.g.: dockerfile/haproxy#3)?