This image starts an ha-proxy that reads rancher-metadata so it autoconfigures a default load balancer based on labels on other stacks.
The idea is forked from https://github.com/rawmind0/rancher-vamp-haproxy
- Create your custom stack as usual
- Add labels to those containers to be proxied. You need to define two labels:
- io.rancher_haproxy.exposed_port: port number to be proxied. This is where your internal service is listening
- io.rancher_haproxy.server_names: dns domain names for this service. More than one DNS domain name must be separated with comma
- io.rancher_haproxy.force_ssl.:: force specific domain to use ssl. Set this label to activate it
- io.rancher_haproxy.ssl_verify_none:: don’t check the validity of a server certificate. Set this label to activate it
nginx:
labels:
io.rancher_haproxy.exposed_port: 80
io.rancher_haproxy.server_names: example.net,www.example.net
io.rancher_haproxy.force_ssl.www.example.net: true
io.rancher_haproxy.ssl_verify_none: true
image: nginxThe above example will configure a reverse proxy:
- Accept connections to http://example.net and http://www.example.net
- Connections on http://www.example.net will be redirected to use https
- Won't check the validity of the forwarded server's certificate
A sample docker-compose.yml considering SSL support will be:
lb:
ports:
- 80:80/tcp
labels:
io.rancher.scheduler.global: 'true'
io.rancher.container.pull_image: always
tty: true
image: mikroways/rancher-haproxy:1.1.1
stdin_open: true
ssl:
ports:
- 443:80
labels:
io.rancher.loadbalancer.ssl.ports: '443'
tty: true
image: rancher/load-balancer-service
links:
- lb:lb
stdin_open: trueYou must configure a default rancher load balancer that only accept connections over SSL and redirects them to lb