Public | Automated Build

Last pushed: a month ago
Short Description
haproxy with built-in ACME plugin and zero-downtime auto-reload on configuration/certificate changes
Full Description


haproxy docker image based on Debian Stretch haproxy 1.7 package with built-in acme-plugin and zero-downtime auto-reload on configuration / certificate changes. This image was created for use with letsencrypt-manager.

For integrating the acme-plugin, see its documentation.

Example haproxy config file using acme webroot plugin:

    log /dev/log local0
  log /dev/log local1 notice
    chroot /var/lib/haproxy

    # Default SSL material locations
    crt-base /etc/letsencrypt/live

    lua-load /etc/haproxy/acme-http01-webroot.lua

    # Default ciphers to use on SSL-enabled listening sockets.
    # For more information, see ciphers(1SSL).
    ssl-default-bind-ciphers AES256+EECDH:AES256+EDH:!aNULL;

    tune.ssl.default-dh-param 4096

      log    global
      mode    http

frontend http
    bind *:80
    mode http
    acl url_acme_http01 path_beg /.well-known/acme-challenge/
    http-request use-service lua.acme-http01 if METH_GET url_acme_http01
    redirect scheme https if !url_acme_http01

frontend https
    bind :443 ssl no-tls-tickets crt no-sslv3 no-tls-tickets no-tlsv10 no-tlsv11
    mode http

  reqadd X-Forwarded-Proto:\ https
    rspadd Strict-Transport-Security:\ max-age=15768000

use_backend        www    if { hdr(host) or }

backend www
    redirect prefix code 301 unless { hdr(host) }
    option forwardfor
    server node1


This image is setup for haproxy logging to rsyslog. You can access the log file using the following command:

$ docker-compose exec haproxy tail -f /var/log/haproxy.log
Docker Pull Command