adding haproxy configuration; working on enabling https - issue #18

Former-commit-id: 7cfc7c25cc4292f08d0ce3362b0672478ad69ce8 [formerly 8937183]
Former-commit-id: 261ae5e
Former-commit-id: a5be96f

common/haproxy/browser.pem

@@ -0,0 +1,59 @@
+Bag Attributes
+    friendlyName: ssl.repo
+    localKeyID: 54 69 6D 65 20 31 33 34 34 37 35 38 38 33 38 35 39 33 
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+MIICXAIBAAKBgQCX67H7604bPWaBpmfSrQMlQamw/25gGpH9skaKOIv0gHDXzYRY
+KRvGusQwHEDpf2IE5PoSPcsbmc7T6fqHsCcUjtE5qTv56i+qTz6FBFoh5VWZjBJG
+HRs6VLQ8Jk9Emz73cgod9fUR+xqquGQ59SYce0yrnCIuseytGW3irqYKiwIDAQAB
+AoGARvYdCOL8dNTVULH9xPZzha+KJ9boI5PFpY7kTCPlm6tzChpBOzzYcJdElIRd
+/bM2gbrC5Epg2N+bMHkWQNMTLVgUISR0pSeqGgCDEdbRVnk8xxRnwdEwQbu+fv95
+PNCmZkVb5Wvlqr4afpYspzsZ1C/aU0cDoVsyLUhO6ql/YsECQQDqmDVNnCo3HgHj
+D5bcygwypTbRiUojGyS10Syt1fw2Snbwj7+T0mgAgPcTnDJx3aUTOlT70Hrwv4Th
+6bQ84YP5AkEApchYFKjuEgJKPIG8Mk61+S0nrYhL8yiz8aSEiEtJDC7Q4/B+f3rA
+bSjVH1oZCw0yhFmhLVuADJy2Qx9EwLHbowJBAN0lZvomgNU8gGLfy0OPZDhJ7odQ
+eIbni4+qBAhLdFppj/3uRJbA/jGbYU8nK5aTbo3Vq09GlN5mbInamYHaxWECQDdE
+StjYWEV4rfbt6Sd8Rf4Dp66aOXeeoh50kho9vuRo1wqmKgWljnDVo/cHukGM7MJi
+fvD4CAAsXjaSPgFfSbECQF7s1WinVNcNiRB2+Lt1XQuZLmadHDR1E7MoVqpUkG7K
+TISWmCrQOIakdAwfKJNvt0akKb0BB1450cE6XbqVLUM=
+-----END RSA PRIVATE KEY-----
+Bag Attributes
+    friendlyName: CN=Alfresco Repository,OU=Unknown,O=Alfresco Software Ltd.,L=Maidenhead,ST=UK,C=GB
+    localKeyID: 54 69 6D 65 20 31 33 34 34 37 35 38 38 33 38 35 39 33 
+subject=/C=GB/ST=UK/L=Maidenhead/O=Alfresco Software Ltd./OU=Unknown/CN=Alfresco Repository
+issuer=/C=GB/ST=UK/L=Maidenhead/O=Alfresco Software Ltd./CN=Alfresco CA
+-----BEGIN CERTIFICATE-----
+MIICYDCCAckCCQD/87za5Xu6IjANBgkqhkiG9w0BAQUFADBmMQswCQYDVQQGEwJH
+QjELMAkGA1UECAwCVUsxEzARBgNVBAcMCk1haWRlbmhlYWQxHzAdBgNVBAoMFkFs
+ZnJlc2NvIFNvZnR3YXJlIEx0ZC4xFDASBgNVBAMMC0FsZnJlc2NvIENBMCAXDTEy
+MDgxMDE2MjEwMFoYDzIxMTIwNzE3MTYyMTAwWjCBgDELMAkGA1UEBhMCR0IxCzAJ
+BgNVBAgTAlVLMRMwEQYDVQQHEwpNYWlkZW5oZWFkMR8wHQYDVQQKExZBbGZyZXNj
+byBTb2Z0d2FyZSBMdGQuMRAwDgYDVQQLEwdVbmtub3duMRwwGgYDVQQDExNBbGZy
+ZXNjbyBSZXBvc2l0b3J5MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCX67H7
+604bPWaBpmfSrQMlQamw/25gGpH9skaKOIv0gHDXzYRYKRvGusQwHEDpf2IE5PoS
+Pcsbmc7T6fqHsCcUjtE5qTv56i+qTz6FBFoh5VWZjBJGHRs6VLQ8Jk9Emz73cgod
+9fUR+xqquGQ59SYce0yrnCIuseytGW3irqYKiwIDAQABMA0GCSqGSIb3DQEBBQUA
+A4GBAGAN0/9mLAmCF6LgYFumyoDYZmzqUGDTvaCyIBC56stSe4Z+WuM0/oaTzwxg
+KfksudPBGAbfBKkH0rNQbLhh4YIUxdsgNHojVSUBK5qzd10xykKH/70uHIE2ZZ3u
+FnFUvKYPPlOh6doy0bkeZhDgjUK587YT19L/URAGuvd4osgz
+-----END CERTIFICATE-----
+Bag Attributes
+    friendlyName: CN=Alfresco CA,O=Alfresco Software Ltd.,L=Maidenhead,ST=UK,C=GB
+subject=/C=GB/ST=UK/L=Maidenhead/O=Alfresco Software Ltd./CN=Alfresco CA
+issuer=/C=GB/ST=UK/L=Maidenhead/O=Alfresco Software Ltd./CN=Alfresco CA
+-----BEGIN CERTIFICATE-----
+MIICnDCCAgWgAwIBAgIJAILUY/ZsJjzXMA0GCSqGSIb3DQEBBQUAMGYxCzAJBgNV
+BAYTAkdCMQswCQYDVQQIDAJVSzETMBEGA1UEBwwKTWFpZGVuaGVhZDEfMB0GA1UE
+CgwWQWxmcmVzY28gU29mdHdhcmUgTHRkLjEUMBIGA1UEAwwLQWxmcmVzY28gQ0Ew
+IBcNMTIwODEwMTYxNzM0WhgPMjExMjA3MTcxNjE3MzRaMGYxCzAJBgNVBAYTAkdC
+MQswCQYDVQQIDAJVSzETMBEGA1UEBwwKTWFpZGVuaGVhZDEfMB0GA1UECgwWQWxm
+cmVzY28gU29mdHdhcmUgTHRkLjEUMBIGA1UEAwwLQWxmcmVzY28gQ0EwgZ8wDQYJ
+KoZIhvcNAQEBBQADgY0AMIGJAoGBAOoocnTBBh88zAbSNUb292F4Hgwe/4jqyBnU
+I/uj2Js6247Sulcm9IjgbijK1y6ZC+sGeTwBQoJ67/tNS4f/Gibc4SuUnIooFvnP
+NbpRnebzWKcUxiK9gApzRtmqAJrgaTOBIBV3P0QB5snD8Uc5ZwhCgf3joXtn73Kj
+yZFgJXnXAgMBAAGjUDBOMB0GA1UdDgQWBBQDGp8/OEY7gLx9BhR/2wiMheoV2TAf
+BgNVHSMEGDAWgBQDGp8/OEY7gLx9BhR/2wiMheoV2TAMBgNVHRMEBTADAQH/MA0G
+CSqGSIb3DQEBBQUAA4GBAKKwXcAeLn+viE+iXTIN1SHxRBDJ4+zW2N7ClheJ1om3
+ONNWBo3HlDZFYoL3kjm5UC25KF0/wxEBg6Fb6On+j7AqgXXsYbLTqrtJP57qLTja
+gyoEHBezH1+ZLVOqZ+934/5yO7qNdH/6cu38VCtGbQfrqfwxgCJ5L5OpK2U3sVrk
+-----END CERTIFICATE-----

common/haproxy/haproxy.cfg

@@ -1,19 +1,80 @@
 global
-    daemon
-    maxconn 256
+  pidfile /var/run/haproxy.pid
+  log 127.0.0.1 local2 info
+  stats socket /var/run/haproxy.stat mode 600 level admin
+  daemon
+  maxconn 256
 
 defaults
-    mode http
-    timeout connect 5000ms
-    timeout client 50000ms
-    timeout server 50000ms
-
-frontend http-in
-    bind *:80
-    default_backend static
-
-backend static
-    mode http
-    balance roundrobin
-    server share1 share1.alfresco-share.demo.acme.com:8080 maxconn 32
-    server share2 share2.alfresco-share.demo.acme.com:8080 maxconn 32
+  mode http
+  log global
+
+  timeout http-request 10s
+  timeout queue 1m
+  timeout connect 5s
+  timeout client 2m
+  timeout server 2m
+  timeout http-keep-alive 10s
+  timeout check 5s
+  retries 3
+
+  option httplog
+  option dontlognull
+  option forwardfor
+  option http-server-close
+  option redispatch
+  option tcp-smart-accept
+  option tcp-smart-connect
+
+  compression algo gzip
+  compression type text/html text/html;charset=utf-8 text/plain text/css text/javascript application/x-javascript application/javascript application/ecmascript application/rss+xml application/atomsvc+xml application/atom+xml application/atom+xml;type=entry application/atom+xml;type=feed application/cmisquery+xml application/cmisallowableactions+xml application/cmisatom+xml application/cmistree+xml application/cmisacl+xml application/msword application/vnd.ms-excel application/vnd.ms-powerpoint
+
+# Front end for http to https redirect
+frontend http
+  bind *:80
+#  redirect location https://lb.haproxy.demo.acme.com/share/
+  default_backend share
+
+# Main front end for all services
+# frontend https
+#   bind *:443 ssl crt /haproxy-override/browser.pem
+#   capture request header X-Forwarded-For len 64
+#   capture request header User-agent len 256
+#   capture request header Cookie len 64
+#   capture request header Accept-Language len 64
+
+  # ACL for backend mapping based on url paths
+  acl robots path_reg ^/robots.txt$
+  acl alfresco_path path_reg ^/alfresco/.*
+  acl share_path path_reg ^/share/.*/proxy/alfresco/api/solr/.*
+  acl share_redirect path_reg ^$|^/$
+
+  # Changes to header responses
+  rspadd Strict-Transport-Security:\ max-age=15768000
+
+backend share
+  stats enable
+  stats hide-version
+  stats auth <user>:<password>
+  stats uri /monitor
+  stats refresh 2s
+
+  mode http
+
+  option httpchk GET /share
+  balance leastconn
+  cookie JSESSIONID prefix
+  server share1 share1.alfresco-share.demo.acme.com:8080 cookie share1 check inter 5000
+  server share2 share2.alfresco-share.demo.acme.com:8080 cookie share2 check inter 5000
+
+#backend webdav
+#  option httpchk GET /alfresco
+#  reqrep ^([^\ ]*)\ /(.*) \1\ /alfresco/webdav/\2
+#  server share1 share1.alfresco-share.demo.acme.com:8080 check inter 5000
+#  server share2 share2.alfresco-share.demo.acme.com:8080 check inter 5000
+
+#backend sharepoint
+#  balance url_param VTISESSIONID check_post
+#  cookie VTISESSIONID prefix
+#  server tomcat1 server1:7070 cookie share1 check inter 5000
+#  server tomcat2 server2:7070 cookie share2 check inter 5000

docker/scripts/run/distributed-arch.sh

@@ -32,4 +32,8 @@ docker run --name share2 --dns $DNS_IP -d -p 8082:8080 -p 5701 -v /alfboxes/dock
 docker run --name solr1 --dns $DNS_IP -d -p 8083:8080 -p 5701 -v /alfboxes/docker/license/alf42.lic:/alflicense/alf42.lic --volumes-from data maoo/alfresco-solr:latest /bin/sh -c "/etc/init.d/tomcat7 start ; sleep 1 ; tail -f /var/log/tomcat7/catalina.out"
 
 # Using HA Proxy balancer
-# docker run --name lb --dns $DNS_IP -d -v /alfboxes/common/haproxy:/haproxy-override -p 80:80 dockerfile/haproxy:latest
+docker run --name lb --dns $DNS_IP -d -v /alfboxes/common/haproxy:/haproxy-override -p 80:80 dockerfile/haproxy /bin/sh -c "chmod +x /haproxy-start; /haproxy-start ; tail -f /var/log/bootstrap.log"
+
+# Debugging
+# docker run --name lb --dns $DNS_IP -t -i -v /alfboxes/common/haproxy:/haproxy-override -p 80:80 dockerfile/haproxy /bin/bash
+# docker run --name share3 --dns $DNS_IP -t -i -p 8084:8080 -p 5701 -v /alfboxes/docker/license/alf42.lic:/alflicense/alf42.lic --volumes-from data maoo/alfresco-share:latest /bin/bash