haproxy 2.1 supports dynamic update of ssl certificates without reloading
dbu opened this issue · 0 comments
dbu commented
hi, thanks for this repo. it was helpful for me when trying to figure out what setup i want to build.
with haproxy 2.1, the following would work, instead of restarting haproxy:
haproxy.cfg needs to declare that admin commands through its socket should be allowed:
global
stats socket /var/run/haproxy mode 600 level admin
#!/bin/bash
set -e
LE_DIR=/etc/letsencrypt/live
HA_DIR=/usr/local/etc/haproxy/certs.d
DOMAINS=$(ls ${LE_DIR})
# update certs for HA Proxy
for DOMAIN in ${DOMAINS}
do
cat ${LE_DIR}/${DOMAIN}/fullchain.pem ${LE_DIR}/${DOMAIN}/privkey.pem > ${HA_DIR}/${DOMAIN}.pem
echo -e "set ssl cert ${HA_DIR}/${DOMAIN}.pem <<\n$(cat ${HA_DIR}/${DOMAIN}.pem)\n" | socat stdio /var/run/haproxy
echo -e "commit ssl cert ${HA_DIR}/${DOMAIN}.pem" | socat stdio /var/run/haproxy
done