Skip to content

Commit 1efae75

Browse files
authored
Support for NC_HAPROXY_PASSWORD_FILE env variable (#26)
* add support for `NC_HAPROXY_PASSWORD_FILE` env variable Signed-off-by: Alexander Piskun <[email protected]> * not create the "haproxy.cfg" each time. replaced the "insecure password" with "password" Signed-off-by: Alexander Piskun <[email protected]> --------- Signed-off-by: Alexander Piskun <[email protected]>
1 parent 124dd30 commit 1efae75

File tree

5 files changed

+49
-19
lines changed

5 files changed

+49
-19
lines changed

Dockerfile

Lines changed: 4 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -19,12 +19,13 @@ RUN set -ex; \
1919
openssl \
2020
bind-tools \
2121
nano \
22-
vim; \
22+
vim \
23+
envsubst; \
2324
chmod -R 777 /tmp
2425

2526
COPY --chmod=775 *.sh /
26-
COPY --chmod=664 haproxy.cfg /haproxy.cfg
27-
COPY --chmod=664 haproxy_ex_apps.cfg /haproxy_ex_apps.cfg
27+
COPY --chmod=664 haproxy.cfg.template /haproxy.cfg.template
28+
COPY --chmod=664 haproxy_ex_apps.cfg.template /haproxy_ex_apps.cfg.template
2829

2930
WORKDIR /
3031
ENTRYPOINT ["/bin/bash", "start.sh"]

README.md

Lines changed: 6 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -69,6 +69,12 @@ You should set `BIND_ADDRESS` to the IP on which server with ExApps can accept r
6969

7070
`TIMEOUT_SERVER`: timeout for ExApp to start responding to NC request, default: **30s**
7171

72+
`NC_HAPROXY_PASSWORD_FILE`: Specifies path to a file containing the password for HAProxy.
73+
74+
> [!NOTE]
75+
> This file should be mounted into the container, and the password will be read from this file.
76+
> If both NC_HAPROXY_PASSWORD and NC_HAPROXY_PASSWORD_FILE are specified, the container will exit with an error.
77+
7278
#### Only for ExApp installs with TLS:
7379

7480
* `EX_APPS_NET`: determines destination of requests to ExApps for HaProxy. Default:`localhost`

haproxy.cfg renamed to haproxy.cfg.template

Lines changed: 4 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -9,12 +9,12 @@ defaults
99
log global
1010
option httplog
1111
option dontlognull
12-
timeout connect TIMEOUT_CONNECT
13-
timeout client TIMEOUT_CLIENT
14-
timeout server TIMEOUT_SERVER
12+
timeout connect ${TIMEOUT_CONNECT}
13+
timeout client ${TIMEOUT_CLIENT}
14+
timeout server ${TIMEOUT_SERVER}
1515

1616
userlist app_api_credentials
17-
user app_api_haproxy_user insecure-password "NC_PASSWORD_PLACEHOLDER"
17+
user app_api_haproxy_user password ${NC_HAPROXY_PASSWORD}
1818

1919
frontend docker_engine
2020
mode http
File renamed without changes.

start.sh

Lines changed: 35 additions & 12 deletions
Original file line numberDiff line numberDiff line change
@@ -1,19 +1,42 @@
11
#!/bin/sh
22

3-
sed -i "s|NC_PASSWORD_PLACEHOLDER|$NC_HAPROXY_PASSWORD|" /haproxy.cfg
4-
sed -i "s|TIMEOUT_CONNECT|$TIMEOUT_CONNECT|" /haproxy.cfg
5-
sed -i "s|TIMEOUT_CLIENT|$TIMEOUT_CLIENT|" /haproxy.cfg
6-
sed -i "s|TIMEOUT_SERVER|$TIMEOUT_SERVER|" /haproxy.cfg
3+
if [ ! -f "/haproxy.cfg" ]; then
74

8-
if [ -f "/certs/cert.pem" ]; then
9-
EX_APPS_COUNT_PADDED=$(printf "%03d" "$EX_APPS_COUNT")
10-
sed -i "s|BIND_ADDRESS_PLACEHOLDER|bind $BIND_ADDRESS:$HAPROXY_PORT v4v6 ssl crt /certs/cert.pem|" /haproxy.cfg
11-
sed -i "s|BIND_ADDRESS_PLACEHOLDER|bind $BIND_ADDRESS:23000-23$EX_APPS_COUNT_PADDED v4v6 ssl crt /certs/cert.pem|" /haproxy_ex_apps.cfg
12-
sed -i "s|EX_APPS_NET_PLACEHOLDER|$EX_APPS_NET|" /haproxy_ex_apps.cfg
13-
# Chmod certs to be accessible by haproxy
14-
chmod 644 /certs/cert.pem
5+
echo "Creating HaProxy config.."
6+
7+
if [ -n "$NC_HAPROXY_PASSWORD_FILE" ] && [ ! -f "$NC_HAPROXY_PASSWORD_FILE" ]; then
8+
echo "Error: NC_HAPROXY_PASSWORD_FILE is specified but the file does not exist."
9+
exit 1
10+
fi
11+
12+
if [ -n "$NC_HAPROXY_PASSWORD" ] && [ -n "$NC_HAPROXY_PASSWORD_FILE" ]; then
13+
echo "Error: Only one of NC_HAPROXY_PASSWORD or NC_HAPROXY_PASSWORD_FILE should be specified."
14+
exit 1
15+
fi
16+
17+
if [ -n "$NC_HAPROXY_PASSWORD_FILE" ]; then
18+
NC_HAPROXY_PASSWORD=$(mkpasswd -m sha-256 < "$NC_HAPROXY_PASSWORD_FILE")
19+
else
20+
NC_HAPROXY_PASSWORD=$(echo "$NC_HAPROXY_PASSWORD" | mkpasswd -m sha-256)
21+
fi
22+
23+
export NC_HAPROXY_PASSWORD
24+
25+
envsubst < /haproxy.cfg.template > /haproxy.cfg
26+
envsubst < /haproxy_ex_apps.cfg.template > /haproxy_ex_apps.cfg
27+
28+
if [ -f "/certs/cert.pem" ]; then
29+
EX_APPS_COUNT_PADDED=$(printf "%03d" "$EX_APPS_COUNT")
30+
sed -i "s|BIND_ADDRESS_PLACEHOLDER|bind $BIND_ADDRESS:$HAPROXY_PORT v4v6 ssl crt /certs/cert.pem|" /haproxy.cfg
31+
sed -i "s|BIND_ADDRESS_PLACEHOLDER|bind $BIND_ADDRESS:23000-23$EX_APPS_COUNT_PADDED v4v6 ssl crt /certs/cert.pem|" /haproxy_ex_apps.cfg
32+
sed -i "s|EX_APPS_NET_PLACEHOLDER|$EX_APPS_NET|" /haproxy_ex_apps.cfg
33+
# Chmod certs to be accessible by haproxy
34+
chmod 644 /certs/cert.pem
35+
else
36+
sed -i "s|BIND_ADDRESS_PLACEHOLDER|bind $BIND_ADDRESS:$HAPROXY_PORT v4v6|" /haproxy.cfg
37+
fi
1538
else
16-
sed -i "s|BIND_ADDRESS_PLACEHOLDER|bind $BIND_ADDRESS:$HAPROXY_PORT v4v6|" /haproxy.cfg
39+
echo "HaProxy config already present."
1740
fi
1841

1942
echo "HaProxy config:"

0 commit comments

Comments
 (0)