docker-haproxy-certbot icon indicating copy to clipboard operation
docker-haproxy-certbot copied to clipboard
verified publisher icon nmarus

haproxy 2.1 supports dynamic update of ssl certificates without reloading

Open dbu opened this issue 5 years ago • 0 comments

hi, thanks for this repo. it was helpful for me when trying to figure out what setup i want to build.

with haproxy 2.1, the following would work, instead of restarting haproxy:

haproxy.cfg needs to declare that admin commands through its socket should be allowed:

global
    stats socket /var/run/haproxy mode 600 level admin

#!/bin/bash

set -e

LE_DIR=/etc/letsencrypt/live
HA_DIR=/usr/local/etc/haproxy/certs.d
DOMAINS=$(ls ${LE_DIR})

# update certs for HA Proxy
for DOMAIN in ${DOMAINS}
do
  cat ${LE_DIR}/${DOMAIN}/fullchain.pem ${LE_DIR}/${DOMAIN}/privkey.pem > ${HA_DIR}/${DOMAIN}.pem
  echo -e "set ssl cert ${HA_DIR}/${DOMAIN}.pem <<\n$(cat ${HA_DIR}/${DOMAIN}.pem)\n" | socat stdio /var/run/haproxy
  echo -e "commit ssl cert ${HA_DIR}/${DOMAIN}.pem" | socat stdio /var/run/haproxy
done

dbu avatar May 06 '20 14:05 dbu