travix/gocd-haproxy

By travix

Updated almost 7 years ago

A HAProxy container tailored for gocd-server; listens to default http and https.

Image
1

9.0K

Usage

To run this docker container use the following command

docker run -d travix/gocd-haproxy:latest

Environment variables

In order to configure the haproxy load balancer for providing ssl on port 443 for your gocd server you can use the following environment variables

NameDescriptionDefault value
BACKEND_SERVERThe ip address of the gocd serverlocalhost
BACKEND_SERVER_PORTThe http port the gocd server listens to8153
SSL_CERTIFICATE_NAMEThe pem filename for the ssl certificate used on port 443self-signed-certificate.pem

To run haproxy to redirect to ssl and provide access through normal https port (443) to gocd server run the following command

docker run -d \
    -e "BACKEND_SERVER=gocd-origin.yourdomain.com" \
    -e "BACKEND_SERVER_PORT=8153" \
    -e "SSL_CERTIFICATE_NAME=gocd.yourdomain.com.pem" \
    travix/gocd-haproxy:latest

Mounting volumes

In order to keep your ssl certificate outside of the container on the host machine you can mount the following directories

DirectoryDescriptionImportance
/etc/haproxyConfiguration for haproxyIf configuration needs to be different from the one in the container
/etc/ssl/certsCA certificatesKeep these files safe
/etc/ssl/private/SSL certificatesKeep these files safe

Start the container like this to mount the directories

docker run -d \
    -e "BACKEND_SERVER=gocd-origin.yourdomain.com" \
    -e "BACKEND_SERVER_PORT=8153" \
    -e "SSL_CERTIFICATE_NAME=gocd.yourdomain.com.pem" \
    -v /mnt/persistent-disk/gocd-haproxy/config:/etc/haproxy
    -v /mnt/persistent-disk/gocd-haproxy/ssl-certs:/etc/ssl/certs
    -v /mnt/persistent-disk/gocd-haproxy/ssl-private:/etc/ssl/private
    travix/gocd-haproxy:latest

To make sure the process in the container can read and write to those directories create a user and group with same gid and uid on the host machine

groupadd -r -g 999 haproxy
useradd -r -g haproxy -u 999 haproxy

And then change the owner of the host directories

chown -R haproxy:haproxy /mnt/persistent-disk/gocd-haproxy/config
chown -R haproxy:haproxy /mnt/persistent-disk/gocd-haproxy/ssl-certs
chown -R haproxy:haproxy /mnt/persistent-disk/gocd-haproxy/ssl-private

Docker Pull Command

docker pull travix/gocd-haproxy