million12 / docker-haproxy Goto Github PK

Workflow:

• Update haproxy to 2.8.1
• Update openssl to 3.1.1
• Switch to debian 12

@ryzy @pozgo I think we should allow some pre and post reload hooks to run some commands inside the container.
This will make supporting few use cases such as following possible.
Seamless server reload section of - https://www.haproxy.com/blog/whats-new-in-haproxy-1-6/

One way of implementing this is by taking in few extra environment variables and executing those accordingly.

I can take this up if you like to.

For some reason haproxy exits immediately but the return code is 0. When I attach to the container and run "ps -ef" there is no haproxy process. The container eventually exits when the file changes and it can't find the PID file.

One other issue is that you allow the ports to be overridden using HAPROXY_PORTS but the Dockerfile exposes 80 and 443. I don't think it is possible to extend your container and un-expose those ports (see issue 3465) and expose different ports.

In the default configuration, there is

backend nodes-http2
    mode tcp
    http-request add-header X-Forwarded-Proto https
    server node1 web.server:81 check send-proxy

Using a similar conf I get [WARNING] 122/144630 (11) : config : 'http-request' rules ignored for backend 'nodes-http2' as they require HTTP mode.
So i was wondering if it should be working or if there's something in the config that somehow make this work

Please :)

Docker automatically updates the file /etc/hosts whenever a container changes if you are using linked containers. If you could modify your inotify command to monitor /etc/hosts, it would make haproxy updates happen automatically with linked containers.

More details at:
https://docs.docker.com/userguide/dockerlinks/#updating-the-etchosts-file

Thanks!

I think we should remove circle.yml since we migrated all tests to Travis.

http://engineeringblog.yelp.com/2015/04/true-zero-downtime-haproxy-reloads.html

What do you think?

Big thanks for putting it all together! This has been very helpful in enabling our e2e gRPC-based channel.

The only issue that we found lacking in this example is the explicit support for configurable logging/tracing. This could be invaluable in troubleshooting edge cases like SSL termination or backend SSL. Has anyone solved this before and willing to share their experience? Are you using rsyslog or a some kind of sidecar container solution (e.g.: dockerfile/haproxy#3)?

Seems a bit old no ?
Could you upgrade the image to the latest 1.5.x ?

Thanks!

ie. errorfiles or certificates that are being specified in haproxy.cfg.
those are being read only once - on haproxy start.

two possible solutions for this:

1. monitor /etc/haproxy (or whichever dir where haproxy.cfg resides) - this assumes that most people place entire haproxy configuration under etc, ie. inotifywait -r -q -e create,delete,modify,attrib $(dirname $HAPROXY_CONFIG) /etc/hosts
2. parse haproxy.cfg and add files and directories (crt directive might specify directory to watch) - unfortunately haproxy's own src/cfgparse.c doesn't have an abstract function for reading files, so this would require to reparse in bash.

When Haproxy received out of memory error and exited out, the docker container is still running without quitting or restarting.
It was probably caused by inotifywait in WHILE loop in bootstrap.sh. It does not try to detect if Haproxy is up or not.

The expected behavior should be that when Haproxy errors out and exited out inside Docker container, the docker container should either exit out so that the docker container could be relaunched by systemd service, or restart Haproxy inside the container.