Per-host naming, priviledge dropping and connection accepting after first request

2019-12-27 15:14:04 +01:00 · 2019-12-27 15:14:04 +01:00 · f127005958
parent 5c98ec0360
commit f127005958
2 changed files with 7 additions and 2 deletions
--- a/base.yml
+++ b/base.yml
@ -39,6 +39,8 @@ services:
    image: localhost:5000/haproxy-rx
    deploy: *gt2 ## HAProxy really dislikes if it's overlapped
    logging: *json-log
+    enironment:
+      HOSTNAME: "{{.Node.Hostname}}"
    volumes:
      - 'haproxysock:/haproxy:rw' ## Telegraf monitoring
    networks:
--- a/build/HAProxy/haproxy.conf
+++ b/build/HAProxy/haproxy.conf
@ -2,7 +2,10 @@ global
  tune.ssl.default-dh-param 2048
  maxconn 2048
  maxconnrate 40
-  stats socket /haproxy/haproxy.sock mode 660 level admin
+  uid 65534
+  gid 65533
+  node "$HOSTNAME"
+  stats socket /haproxy/haproxy.sock mode 660 level admin show-node

 defaults
  mode http
@ -32,7 +35,7 @@ resolvers dockerdns

 frontend https
  mode http
-  bind *:80
+  bind *:80 defer-accept

  acl is_cf req.hdr_ip(x-forwarded-for) -m found
  acl dav url_beg /.well-known/carddav /.well-known/caldav