From f12700595811efff5aea3d7fe54ba55f2dc97c29 Mon Sep 17 00:00:00 2001 From: caskd Date: Fri, 27 Dec 2019 15:14:04 +0100 Subject: [PATCH] Per-host naming, priviledge dropping and connection accepting after first request --- base.yml | 2 ++ build/HAProxy/haproxy.conf | 7 +++++-- 2 files changed, 7 insertions(+), 2 deletions(-) diff --git a/base.yml b/base.yml index 20f2771..904709d 100644 --- a/base.yml +++ b/base.yml @@ -39,6 +39,8 @@ services: image: localhost:5000/haproxy-rx deploy: *gt2 ## HAProxy really dislikes if it's overlapped logging: *json-log + enironment: + HOSTNAME: "{{.Node.Hostname}}" volumes: - 'haproxysock:/haproxy:rw' ## Telegraf monitoring networks: diff --git a/build/HAProxy/haproxy.conf b/build/HAProxy/haproxy.conf index 34523f2..4e1d492 100644 --- a/build/HAProxy/haproxy.conf +++ b/build/HAProxy/haproxy.conf @@ -2,7 +2,10 @@ global tune.ssl.default-dh-param 2048 maxconn 2048 maxconnrate 40 - stats socket /haproxy/haproxy.sock mode 660 level admin + uid 65534 + gid 65533 + node "$HOSTNAME" + stats socket /haproxy/haproxy.sock mode 660 level admin show-node defaults mode http @@ -32,7 +35,7 @@ resolvers dockerdns frontend https mode http - bind *:80 + bind *:80 defer-accept acl is_cf req.hdr_ip(x-forwarded-for) -m found acl dav url_beg /.well-known/carddav /.well-known/caldav