eea · nguyenhiepvan · Apr 16, 2021 · Apr 19, 2021
diff --git a/conf.d/.gitignore b/conf.d/.gitignore
@@ -0,0 +1 @@
+*.cfg
diff --git a/conf.d/haproxy b/conf.d/haproxy
@@ -0,0 +1,26 @@
+#COMMON CONFIG
+
+global
+  maxconn 4096
+  log 127.0.0.1   local0
+  log 127.0.0.1   local1 notice 
+  pidfile /run/haproxy.pid
+  daemon
+
+defaults
+  log global
+  mode http
+  option httplog
+  option dontlognull
+
+  timeout connect 10s
+  timeout client 30s
+  timeout server 30s
+
+  stats enable
+  # option forwardfor
+  # option http-server-close
+  stats uri /haproxyStats             # URL trang thống kê
+  stats auth admin:admin123           # user/pass truy cập trang thống kê http://localhost:8080/haproxyStats
+
+#END COMMON CONFIG
diff --git a/conf.d/test b/conf.d/test
@@ -0,0 +1,43 @@
+# FONTEND xử lý yêu cầu gửi đến port 80
+frontend http-in
+        bind *:80
+        acl host_test1 hdr_dom(host) -i  testhaproxy1.com  # nếu truy cập bằng domain testaproxy1.com
+        acl host_test2 hdr_dom(host) -i  testhaproxy2.com  # nếu truy cập bằng domain testaproxy2.com
+
+        use_backend bke_80_test1 if host_test1             # gửi đến backend bke_80_test1 nếu host_test1 thỏa mãn
+        use_backend bke_80_test2 if host_test2             # gửi đến backend bke_80_test2 nếu host_test2 thỏa mãn
+
+# FONTEND xử lý yêu cầu gửi đến port 443
+frontend https-in
+        bind *:443
+        mode tcp                                            # chế độ cân bằng tải tcp
+        option tcplog
+        tcp-request inspect-delay 10s
+        tcp-request content accept if { req_ssl_hello_type 1 }
+
+        acl acl1 req.ssl_sni -m end testhaproxy1.com        # nếu truy cập bằng domain testaproxy1.com
+        acl acl2 req.ssl_sni -m end testhaproxy2.com        # nếu truy cập bằng domain testaproxy1.com
+
+        use_backend bke_443 if acl1 || acl2                 # gửi request đến bke_443 nếu acl1 hoặc acl2 thỏa mãn
+
+
+backend bke_80_test1
+        balance roundrobin 
+        option httpclose
+        option forwardfor
+        server server1 yahoo.com:80 check
+
+backend bke_80_test2
+        balance roundrobin
+        option httpclose
+        option forwardfor
+        server server1 wikipedia.org:80 check
+        server server2 bing.com:80 check
+        server server3 google.com:80 check
+
+ backend bke_443
+        mode tcp
+        balance source
+        option ssl-hello-chk
+        server server1 wikipedia.org:443 check
+        #redirect scheme https if !{ ssl_fc }
diff --git a/docker-compose.yml b/docker-compose.yml
@@ -1,21 +1,14 @@
 version: "2"
 services:
   haproxy:
-    image: eeacms/haproxy
-    depends_on:
-    - webapp
+    image: hiepnguyenvan/haproxy:latest
+    volumes:
+     - ./conf.d/haproxy:/usr/local/etc/haproxy/conf.d/haproxy.cfg
+     - ./conf.d/test:/usr/local/etc/haproxy/conf.d/test.cfg
     ports:
-    - "80:8080"
-    - "1936:1936"
+     - "8080:80"                         # Mở cổng 8080 public -> 80
+     - "443:443"                         # Mở cổng 443  public -> 443
+    restart: always
     environment:
-      FRONTEND_PORT: "8080"
-      BACKENDS: "webapp"
-      BACKENDS_PORT: "8080"
-      DNS_ENABLED: "True"
-      HTTPCHK: "GET /"
-      INTER: "5s"
+      DNS_ENABLED: "true"
       LOG_LEVEL: "info"
-  webapp:
-    image: eeacms/hello
-    environment:
-      PORT: "8080"
diff --git a/haproxy/Dockerfile b/haproxy/Dockerfile
@@ -1,5 +1,6 @@
 FROM haproxy:1.8.29
 LABEL maintainer="EEA: IDM2 A-Team <eea-edw-a-team-alerts@googlegroups.com>"
+LABEL contributor="Nguyễn Văn Hiệp <nguyenhiepvan.bka@gmail.com>"
 
 RUN apt-get update \
  && apt-get install -y --no-install-recommends \
@@ -18,7 +19,8 @@ RUN apt-get update \
  && mv /usr/local/bin/docker-entrypoint.sh /usr/local/bin/haproxy-entrypoint.sh 
 
 COPY src/haproxy.cfg /tmp/
-COPY src/configure.py src/track_hosts src/track_dns /
+COPY src/configure.py src/track_hosts src/track_dns src/append.py /
 COPY docker-entrypoint.sh /usr/local/bin/
 
 
+
diff --git a/haproxy/docker-entrypoint.sh b/haproxy/docker-entrypoint.sh
@@ -1,7 +1,6 @@
 #!/bin/bash
 
 
-
 # haproxy not directly configured within /usr/local/etc/haproxy/haproxy.cfg
 if ! test -e /usr/local/etc/haproxy/haproxy.cfg; then
     if [ ! -z "$DNS_ENABLED" ]; then
@@ -57,7 +56,8 @@ if ! test -e /usr/local/etc/haproxy/haproxy.cfg; then
     if [ ! -z "$TIMEOUT_SERVER" ]; then echo "export TIMEOUT_SERVER=\"$TIMEOUT_SERVER\""  >> /etc/environment; fi
 fi
 
-
+# merge config file
+python3 /append.py
 #start logging
 service rsyslog restart
 

diff --git a/haproxy/src/append.py b/haproxy/src/append.py
@@ -0,0 +1,18 @@
+import glob
+import os
+
+paths = glob.glob('/usr/local/etc/haproxy/conf.d/*.cfg')
+file ='/usr/local/etc/haproxy/haproxy.cfg'
+
+with open(file, 'a+') as outfile:
+ for path in paths:
+  with open(path) as infile:
+   outfile.write("\n")
+   outfile.write(infile.read())
+ if os.path.exists(path):
+  os.remove(path)
+
+f = open(file, "a+")
+f.write("\n")
+f.close()
+