Comments (3)
@trompx I'm running multiple haproxy containers in production and using AWS EFS as a backing store for the webroot directory. This way it doesn't matter where I run the certbot container as all of the haproxy containers can see the challenge data.
from haproxy-acme-validation-plugin.
Hi @ryansch
I have a similar setup (without Docker) with a shared filesystem for my haproxy servers. But unfortunately the Haproxy servers aren't serving the challenge keys properly. The keys are created on the shared filesystem, but somehow Haproxy can't find these keys. I mounted the shared fileystem as a folder under the root folder of each server (/sharedkey). After that I created a symlink named .well-know in /var/lib/haproxy that points to the /sharedkey folder.
I've also created an issue over here: #16 where you can see the Haproxy log. It seems that Haproxy doesn't recognize this folder properly. Not sure what's causing this. I've managed to enroll certificates without the shared filesystem previously. So probably it has to do something with that.
Could you explain how you configured your Haproxy environment?
from haproxy-acme-validation-plugin.
Hey @ryansch, thanks for your feedback. I had so much to do that I did not implemented ssl right away, but what you are suggesting just help to be able to not care if the request is coming to one or the other load balancer.
My problem was more how to share the certificates once they have been generated to all load balancers. Guess I will back them up to some cloud storage then download them to all load balancers in a post hook script.
from haproxy-acme-validation-plugin.
Related Issues (17)
- Problems getting up and running… HOT 15
- Define some variables
- use certbot-auto --non-interactive flag
- conflict with /etc/cron.d/certbot?
- lua doesn't capture authorization requests HOT 1
- Multiple domains or frontents (using crt-list) HOT 2
- Issue with the certbot validation on a two node Haproxy setup (shared filesystem) with IP loadbalancer in front HOT 1
- No SSL enforce HOT 1
- Is plugin required if Certbot is running on server behind HAProxy
- Wildcard and ACME v2 support? HOT 6
- use_backend seems to get prio…? HOT 6
- LUA does not find files HOT 4
- License? HOT 1
- failed to create haproxy.pem file! HOT 1
- haproxy crashes with a segmentation fault HOT 4
- Is it possible to have several SSL certificates (SNI)? HOT 3
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from haproxy-acme-validation-plugin.