diff --git a/confd/README.md b/confd/README.md index b42a36d..e6ab374 100644 --- a/confd/README.md +++ b/confd/README.md @@ -5,17 +5,14 @@ This folder contains examples of using Confd with StackEngine for an nginx rever You can download confd from http://www.confd.io/. You may need to build confd with gb until the StackEngine backend is accepted into the new release. -Create 2 folders: -a) sudo mkdir /etc/confd -b) sudo mkdir /etc/confd/templates -c) sudo mkdir /etc/confd/conf.d +To build confd, you will need to install [gb](http://getgb.io) `go get github.com/constabulary/gb` -Place your *.tmpl files in the /etc/confd/templates folder and the *.toml files in the /etc/confd/conf.d directory. +Clone confd, cd to it and run `gb build all` -To start up confd using StackEngine as a backend, you can run this command: +To start up confd using StackEngine as a backend, you can run this command: ``` -sudo ./bin/confd -backend stackengine -node -scheme https -auth-token +sudo ./bin/confd -backend stackengine -confdir /path/to/examples/confd/haproxy -node -scheme https -auth-token ``` Example: @@ -23,4 +20,9 @@ Example: sudo ./bin/confd -backend stackengine -node mesh-01:8443 -scheme https -auth-token 48de1cc472b6a81f ``` -On the stackengine side, you can run this example with a docker image named "karthequian:helloworld/latest" saved as a component called "hello". At config time, map the stack to a dynamic port for the host, and container port to :80. You'll want to call your instance "i1". You can call this something else, but will need to update your toml and tmpl files to associate correctly with appropriate service discovery sections from StackEngine. \ No newline at end of file +On the stackengine side, you can run this example with a docker image named "karthequian:helloworld/latest" saved as a component called "hello". At config time, map the stack to a dynamic port for the host, and container port to :80. You'll want to call your instance "i1". You can call this something else, but will need to update your toml and tmpl files to associate correctly with appropriate service discovery sections from StackEngine. + +To configure haproxy for only one app, add it to the keys section of the `haproxy.toml` file. In this file, there is a commented line `perpool-wordpress-80`. Remove the line `"",` and uncomment this line. The resulting haproxy config should only list the containers up for the "perpool-wordpress-80" application. + +Check HAproxy +HAProxy runs a stats page at ${HAPROXY_HOST}:1936. This is helpful for debugging your configuration. diff --git a/confd/haproxy/haproxy.toml b/confd/haproxy/conf.d/haproxy.toml similarity index 82% rename from confd/haproxy/haproxy.toml rename to confd/haproxy/conf.d/haproxy.toml index 438dc52..4281efc 100644 --- a/confd/haproxy/haproxy.toml +++ b/confd/haproxy/conf.d/haproxy.toml @@ -1,9 +1,10 @@ # File location: sudo vim /etc/confd/conf.d/haproxy.toml [template] +prefix = "apps" src = "haproxy.cfg.tmpl" dest = "/etc/haproxy/haproxy.cfg" keys = [ -"apps/i1-hello-80/containers", +"perpool-wordpress-80", ] reload_cmd = "/usr/sbin/service haproxy reload" diff --git a/confd/haproxy/example_haproxy.cfg b/confd/haproxy/example_haproxy.cfg deleted file mode 100644 index 512845d..0000000 --- a/confd/haproxy/example_haproxy.cfg +++ /dev/null @@ -1,62 +0,0 @@ -# Typically lives in /etc/haproxy/haproxy.cfg - -global - log /dev/log local0 - log /dev/log local1 notice - chroot /var/lib/haproxy - stats socket /run/haproxy/admin.sock mode 660 level admin - stats timeout 30s - user haproxy - group haproxy - daemon - - # Default SSL material locations - #ca-base /etc/ssl/certs - #crt-base /etc/ssl/private - - # Default ciphers to use on SSL-enabled listening sockets. - # For more information, see ciphers(1SSL). This list is from: - # https://hynek.me/articles/hardening-your-web-servers-ssl-ciphers/ - #ssl-default-bind-ciphers ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AESGCM:RSA+AES:RSA+3DES:!aNULL:!MD5:!DSS - #ssl-default-bind-options no-sslv3 - -defaults - log global - mode http - option forwardfor - option http-server-close - option httplog - option dontlognull - timeout connect 5000 - timeout client 50000 - timeout server 50000 - errorfile 400 /etc/haproxy/errors/400.http - errorfile 403 /etc/haproxy/errors/403.http - errorfile 408 /etc/haproxy/errors/408.http - errorfile 500 /etc/haproxy/errors/500.http - errorfile 502 /etc/haproxy/errors/502.http - errorfile 503 /etc/haproxy/errors/503.http - errorfile 504 /etc/haproxy/errors/504.http - -frontend localnodes - bind *:9090 - mode http - default_backend nodes - -backend nodes - mode http - balance roundrobin - option forwardfor - http-request set-header X-Forwarded-Port %[dst_port] - http-request add-header X-Forwarded-Proto https if { ssl_fc } - option httpchk HEAD / HTTP/1.1\r\nHost:localhost - - server condescending_einstein 192.168.71.135:32769 check - server hungry_almeida 192.168.71.135:32770 check - - -listen stats *:1936 - stats enable - stats uri /haproxy?stats - stats hide-version - stats auth user:password diff --git a/confd/haproxy/haproxy.cfg.tmpl b/confd/haproxy/templates/haproxy.cfg.tmpl similarity index 81% rename from confd/haproxy/haproxy.cfg.tmpl rename to confd/haproxy/templates/haproxy.cfg.tmpl index 63c008c..9a7905a 100644 --- a/confd/haproxy/haproxy.cfg.tmpl +++ b/confd/haproxy/templates/haproxy.cfg.tmpl @@ -20,13 +20,11 @@ backend nodes balance roundrobin option httpchk HEAD / HTTP/1.1\r\nHost:localhost # Iterate through all the keys from service discovery and place them in the format of "server check" like you would in haproxy - {{range gets "/apps/i1-hello-80/containers/*"}} - server {{base .Key}} {{.Value}} check - {{end}} - + {{range gets "/*/*/*"}} + server {{base .Key}} {{.Value}} check{{end}} listen stats *:1936 stats enable stats uri /haproxy?stats stats hide-version - stats auth user:password \ No newline at end of file + stats auth user:password