From 8c5e6a7c4cd42ec2dec0821f117e35b63318b411 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Mateusz=20Gruszczy=C5=84ski?= Date: Mon, 22 Sep 2025 09:24:49 +0200 Subject: [PATCH] push --- docker-compose.yml | 8 ++++++-- haproxy/haproxy.cfg | 8 ++++---- 2 files changed, 10 insertions(+), 6 deletions(-) diff --git a/docker-compose.yml b/docker-compose.yml index f6d1b3d..a567966 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -7,13 +7,17 @@ services: sh -euc ' mkdir -p /certs; apk add --no-cache openssl; - [ -f /certs/selfsigned.pem ] || { + gen() { openssl req -x509 -nodes -newkey rsa:2048 -days 825 \ -subj "/CN=*.internal" \ -addext "subjectAltName=DNS:*.internal,DNS:hosts.internal,DNS:routerosbackup.internal,DNS:routerosupdate.internal,DNS:sslmonitor.internal" \ -keyout /certs/selfsigned.key -out /certs/selfsigned.crt; - cat /certs/selfsigned.key /certs/selfsigned.crt > /certs/selfsigned.pem; + cat /certs/selfsigned.crt /certs/selfsigned.key > /certs/selfsigned.pem; # CERT -> KEY } + # jeśli brak lub nieprawidłowy PEM to wygeneruj + if ! [ -f /certs/selfsigned.pem ] || ! openssl x509 -in /certs/selfsigned.pem -noout >/dev/null 2>&1; then + gen + fi ' volumes: - ./certs:/certs diff --git a/haproxy/haproxy.cfg b/haproxy/haproxy.cfg index 6321e34..121815e 100644 --- a/haproxy/haproxy.cfg +++ b/haproxy/haproxy.cfg @@ -11,12 +11,13 @@ defaults timeout client 30s timeout server 30s http-reuse safe - option httpchk GET / + +frontend fe_http + bind :80 + http-request redirect scheme https code 301 frontend fe_https bind :443 ssl crt /certs/selfsigned.pem - bind :80 - http-request set-header X-Forwarded-For %[src] http-request set-header X-Forwarded-Proto https http-response del-header Server @@ -32,7 +33,6 @@ frontend fe_https use_backend be_sslmonitor if host_sslmonitor default_backend be_404 -# backendy po nazwach usług w tej samej sieci "intranet" backend be_hosts server s1 hosts_app:5580 check