Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Haproxy SSL Configuration #172

Closed
ghost opened this issue Jun 10, 2016 · 2 comments
Closed

Haproxy SSL Configuration #172

ghost opened this issue Jun 10, 2016 · 2 comments

Comments

@ghost
Copy link

ghost commented Jun 10, 2016
edited by ghost
Loading

Interlock successfully configures Nginx for SSL, but using the same parameters for Haproxy leads to connection refused.

Labels I am using in my app:

  • 'interlock.ssl=true'
  • 'interlock.ssl_only=true'
  • 'interlock.ssl_cert=/etc/docker/cert.pem'
  • 'interlock.ssl_cert_key=/etc/docker/key.pem'

Interlock Environment Variables:
environment:
INTERLOCK_CONFIG: |
ListenAddr = ":8080"
DockerURL = "${SWARM_HOST}"
TLSCACert = "/etc/docker/ca.pem"
TLSCert = "/etc/docker/cert.pem"
TLSKey = #"/etc/docker/key.pem"
[[Extensions]]
Name = "nginx"
ConfigPath = "/etc/nginx/nginx.conf"
PidPath = "/etc/nginx/nginx.pid"
MaxConn = 1024
Port = 80
SSLCertPath = ""
SSLPort = 443
User = "www-data"
WorkerProcesses = 2
RLimitNoFile = 65535
ProxyConnectTimeout = 600
ProxySendTimeout = 600
ProxyReadTimeout = 600
SendTimeout = 600
SSLCiphers = "HIGH:!aNULL:!MD5"
SSLProtocols = "SSLv3 TLSv1 TLSv1.1 TLSv1.2"
@ehazlett
Copy link
Owner

Check the HAProxy container. Typically the Docker cert and key will not be
valid for HAProxy.

On Fri, Jun 10, 2016 at 12:51 PM, nhester1 notifications@github.com wrote:

Interlock successfully configures Nginx for SSL, but using the same
parameters for Haproxy leads to connection refused.

Labels I am using in my app:

  • 'interlock.ssl=true'
  • 'interlock.ssl_only=true'
  • 'interlock.ssl_cert=/etc/docker/cert.pem'
  • 'interlock.ssl_cert_key=/etc/docker/key.pem'

Interlock Environment Variables:
environment:
INTERLOCK_CONFIG: |
ListenAddr = ":8080"
DockerURL = "${SWARM_HOST}"
TLSCACert = "/etc/docker/ca.pem"
TLSCert = "/etc/docker/cert.pem"
TLSKey = "/etc/docker/key.pem"

    [[Extensions]]
    Name = "nginx"
    ConfigPath = "/etc/nginx/nginx.conf"
    PidPath = "/etc/nginx/nginx.pid"
    MaxConn = 1024
    Port = 80
    SSLCertPath = ""
    SSLPort = 443
    User = "www-data"
    WorkerProcesses = 2
    RLimitNoFile = 65535
    ProxyConnectTimeout = 600
    ProxySendTimeout = 600
    ProxyReadTimeout = 600
    SendTimeout = 600
    SSLCiphers = "HIGH:!aNULL:!MD5"
    SSLProtocols = "SSLv3 TLSv1 TLSv1.1 TLSv1.2"


You are receiving this because you are subscribed to this thread.
Reply to this email directly, view it on GitHub
#172, or mute the thread
https://github.com/notifications/unsubscribe/AAP6IgKtsgKCi5Ke3F1qIliwiKYF-dRZks5qKZX4gaJpZM4IzIXa
.

@ghost
Copy link
Author

ghost commented Jun 10, 2016

Is there anyway to make HAProxy behave the same as NGINX with regards to the certs?

@ghost ghost closed this as completed Sep 9, 2016
This issue was closed.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@ehazlett