This container provides an HAProxy instance with Let's Encrypt certificates generated
at startup, as well as renewed (if necessary) once a week with an internal cron job. It calls Flux API every few munites and updates HAProxy server list for the provided flux APP_NAME and APP_PORT.
docker pull alihmahdavi/flux-lb:latest
docker build -t flux-lb:latest .
Example of run command (replace APP_NAME, APP_PORT, CERTS, EMAIL values and volume paths with yours)
docker run --name lb -d \
-e APP_NAME=my-flux-app-name \
-e APP_PORT=my-flux-app-port \
-e CERT1=my-common-name.domain \
-e EMAIL=my.email@my.domain \
-e STAGING=false \
-p 80:80 -p 443:443 -p 8080:8080 \
alihmahdavi/flux-lb:latest
docker run [...] -v <override-conf-file>:/etc/haproxy/haproxy.cfg alihmahdavi/flux-lb:latest
Once a week a cron job checks for expiring certificates with certbot agent and reload haproxy if a certificate is renewed. No container restart needed.