Public Repository

Last pushed: a year ago
Short Description
Image for running HAProxy with TLS certificte and private key stored in Fortanix SDKMS.
Full Description

This container runs an HAProxy with a certificate and private key stored in SDKMS.


To run this container, you need to have access to Fortanix SDKMS. Please create an account at, or use a service instance hosted in your environment.

Configure docker.env

Customize the following docker.env file with the appropriate API key of the application added to SDKMS.

FORTANIX_API_KEY=<insert your API key>

HAProxy configuration file

To specify a private key and certificate stored in SDKMS to be used by HAProxy, use the following syntax to specify the location instead of a file name pkcs11:slot_1-label-<key_name>. See the following haproxy.cfg file for example:

# Example haproxy.cfg file
    maxconn 100
    tune.ssl.default-dh-param 2048

    mode http
    timeout connect 5s
    timeout client 5s
    timeout server 5s

frontend myfrontend
    bind :443 ssl crt pkcs11:slot_1-label_4096-key:pkcs11:slot_1-label_4096-cert
    default_backend mybackend

backend mybackend
    server sdkms ssl verify none

Using this image by creating another image with the configuration file

Create a Dockerfile

FROM fortanix/sdkms-haproxy
COPY haproxy.cfg /usr/local/etc/haproxy/haproxy.cfg

Build the container

$ docker build -t my-haproxy .

Run the container

sudo docker run -d --name my-running-haproxy --env-file docker.env -p 8443:443 my-haproxy

Using this image directly using bind mount

sudo docker run -d --name my-running-haproxy --env-file docker.env -p 8443:443 -v /path/to/etc/haproxy:/usr/local/etc/haproxy fortanix/sdkms-haproxy
Note that your host's /path/to/etc/haproxy folder should be populated with a file named haproxy.cfg.


Go to website at https://localhost:8443

Docker Pull Command