Why bouncer and not HAproxy

[pierreozoux]

I think this is concerning from a security point of view to use this piece of software for the most important part - namely serving ssl certificates. Especially when there is something Industry proven that is doing great job.

[michielbdejong]

ok, let's switch to haproxy! good point. I assume it supports SNI in combination with SPDY and WebSockets?

[pierreozoux]

It could actually be made by nginx also.

[michielbdejong]

i realized later, we need a hook to start containers if they are stopped (so we don't need to keep all containers running all the time). In nodejs, we know we can do whatever we want. In haproxy or nginx, we depend on their APIs to offer all the hooks we need. We can decide to "maybe switch to haproxy in the future", but not make it a priority?

[pierreozoux]

yes, I'm fine with that.

[pierreozoux]

Systemd with socket activation and docker is the way: moby/moby#3105

[pierreozoux]

Let me be clear about that, I'll never run bouncer on my server.
Except if you prove me, that it solves a particular problem, that nobody thought about before.

You said, we write the strict minum of code. And when we speak about VirtualHost, SNI, and static web site, you offer two pieces of software written by you. For me, we just need to configure the in the way we want/need. This is DevOps, you cde your infrastructure by configuring it. The code is just configuration, and automation.

We are speaking about basic functionalities that are written by people 100k smarter than us (maybe because they are thousands of maintaining such pieces of software also).

[michielbdejong]

ok, if we can do socket activation of containers then that's really cool. we still need a good way to link the containers together, right now we have to link each one with an explicit --link run option, which is not optimal. if you can make it work with haproxy then that would be great!