Thanks to visit codestin.com
Credit goes to github.com

Skip to content

Support for NC_HAPROXY_PASSWORD_FILE env variable #26

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
bigcat88 merged 2 commits into from
Jun 11, 2024
Merged

Support for NC_HAPROXY_PASSWORD_FILE env variable #26

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
8f707e4
add support for `NC_HAPROXY_PASSWORD_FILE` env variable
bigcat88 Jun 11, 2024
44040f0
not create the "haproxy.cfg" each time. replaced the "insecure passwo…
bigcat88 Jun 11, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
7 changes: 4 additions & 3 deletions Dockerfile
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -19,12 +19,13 @@ RUN set -ex; \
openssl \
bind-tools \
nano \
vim; \
vim \
envsubst; \
chmod -R 777 /tmp

COPY --chmod=775 *.sh /
COPY --chmod=664 haproxy.cfg /haproxy.cfg
COPY --chmod=664 haproxy_ex_apps.cfg /haproxy_ex_apps.cfg
COPY --chmod=664 haproxy.cfg.template /haproxy.cfg.template
COPY --chmod=664 haproxy_ex_apps.cfg.template /haproxy_ex_apps.cfg.template

WORKDIR /
ENTRYPOINT ["/bin/bash", "start.sh"]
Expand Down
6 changes: 6 additions & 0 deletions README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -69,6 +69,12 @@ You should set `BIND_ADDRESS` to the IP on which server with ExApps can accept r

`TIMEOUT_SERVER`: timeout for ExApp to start responding to NC request, default: **30s**

`NC_HAPROXY_PASSWORD_FILE`: Specifies path to a file containing the password for HAProxy.

> [!NOTE]
> This file should be mounted into the container, and the password will be read from this file.
> If both NC_HAPROXY_PASSWORD and NC_HAPROXY_PASSWORD_FILE are specified, the container will exit with an error.

#### Only for ExApp installs with TLS:

* `EX_APPS_NET`: determines destination of requests to ExApps for HaProxy. Default:`localhost`
Expand Down
8 changes: 4 additions & 4 deletions haproxy.cfg → haproxy.cfg.template
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -9,12 +9,12 @@ defaults
log global
option httplog
option dontlognull
timeout connect TIMEOUT_CONNECT
timeout client TIMEOUT_CLIENT
timeout server TIMEOUT_SERVER
timeout connect ${TIMEOUT_CONNECT}
timeout client ${TIMEOUT_CLIENT}
timeout server ${TIMEOUT_SERVER}

userlist app_api_credentials
user app_api_haproxy_user insecure-password "NC_PASSWORD_PLACEHOLDER"
user app_api_haproxy_user password ${NC_HAPROXY_PASSWORD}

frontend docker_engine
mode http
Expand Down
0 haproxy_ex_apps.cfg → haproxy_ex_apps.cfg.template
View file
Open in desktop
File renamed without changes.
47 changes: 35 additions & 12 deletions start.sh
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,19 +1,42 @@
#!/bin/sh

sed -i "s|NC_PASSWORD_PLACEHOLDER|$NC_HAPROXY_PASSWORD|" /haproxy.cfg
sed -i "s|TIMEOUT_CONNECT|$TIMEOUT_CONNECT|" /haproxy.cfg
sed -i "s|TIMEOUT_CLIENT|$TIMEOUT_CLIENT|" /haproxy.cfg
sed -i "s|TIMEOUT_SERVER|$TIMEOUT_SERVER|" /haproxy.cfg
if [ ! -f "/haproxy.cfg" ]; then

if [ -f "/certs/cert.pem" ]; then
EX_APPS_COUNT_PADDED=$(printf "%03d" "$EX_APPS_COUNT")
sed -i "s|BIND_ADDRESS_PLACEHOLDER|bind $BIND_ADDRESS:$HAPROXY_PORT v4v6 ssl crt /certs/cert.pem|" /haproxy.cfg
sed -i "s|BIND_ADDRESS_PLACEHOLDER|bind $BIND_ADDRESS:23000-23$EX_APPS_COUNT_PADDED v4v6 ssl crt /certs/cert.pem|" /haproxy_ex_apps.cfg
sed -i "s|EX_APPS_NET_PLACEHOLDER|$EX_APPS_NET|" /haproxy_ex_apps.cfg
# Chmod certs to be accessible by haproxy
chmod 644 /certs/cert.pem
echo "Creating HaProxy config.."

if [ -n "$NC_HAPROXY_PASSWORD_FILE" ] && [ ! -f "$NC_HAPROXY_PASSWORD_FILE" ]; then
echo "Error: NC_HAPROXY_PASSWORD_FILE is specified but the file does not exist."
exit 1
fi

if [ -n "$NC_HAPROXY_PASSWORD" ] && [ -n "$NC_HAPROXY_PASSWORD_FILE" ]; then
echo "Error: Only one of NC_HAPROXY_PASSWORD or NC_HAPROXY_PASSWORD_FILE should be specified."
exit 1
fi

if [ -n "$NC_HAPROXY_PASSWORD_FILE" ]; then
NC_HAPROXY_PASSWORD=$(mkpasswd -m sha-256 < "$NC_HAPROXY_PASSWORD_FILE")
else
NC_HAPROXY_PASSWORD=$(echo "$NC_HAPROXY_PASSWORD" | mkpasswd -m sha-256)
fi

export NC_HAPROXY_PASSWORD

envsubst < /haproxy.cfg.template > /haproxy.cfg
envsubst < /haproxy_ex_apps.cfg.template > /haproxy_ex_apps.cfg

if [ -f "/certs/cert.pem" ]; then
EX_APPS_COUNT_PADDED=$(printf "%03d" "$EX_APPS_COUNT")
sed -i "s|BIND_ADDRESS_PLACEHOLDER|bind $BIND_ADDRESS:$HAPROXY_PORT v4v6 ssl crt /certs/cert.pem|" /haproxy.cfg
sed -i "s|BIND_ADDRESS_PLACEHOLDER|bind $BIND_ADDRESS:23000-23$EX_APPS_COUNT_PADDED v4v6 ssl crt /certs/cert.pem|" /haproxy_ex_apps.cfg
sed -i "s|EX_APPS_NET_PLACEHOLDER|$EX_APPS_NET|" /haproxy_ex_apps.cfg
# Chmod certs to be accessible by haproxy
chmod 644 /certs/cert.pem
else
sed -i "s|BIND_ADDRESS_PLACEHOLDER|bind $BIND_ADDRESS:$HAPROXY_PORT v4v6|" /haproxy.cfg
fi
else
sed -i "s|BIND_ADDRESS_PLACEHOLDER|bind $BIND_ADDRESS:$HAPROXY_PORT v4v6|" /haproxy.cfg
echo "HaProxy config already present."
fi

echo "HaProxy config:"
Expand Down