diff --git a/plugins/haproxy-vhosts/docker-args-process-deploy b/plugins/haproxy-vhosts/docker-args-process-deploy index 430fd188b..f343879e0 100755 --- a/plugins/haproxy-vhosts/docker-args-process-deploy +++ b/plugins/haproxy-vhosts/docker-args-process-deploy @@ -10,8 +10,7 @@ trigger-haproxy-vhosts-docker-args-process-deploy() { declare APP="$1" IMAGE_SOURCE_TYPE="$2" IMAGE_TAG="$3" PROC_TYPE="$4" CONTAINER_INDEX="$5" local app_domains haproxy_domains is_app_listening letsencrypt_email output proxy_container_port proxy_host_port port_map proxy_port_map proxy_scheme proxy_schemes scheme tls_internal local proxy_container_http_port proxy_container_http_port_candidate proxy_host_http_port_candidate - local proxy_container_https_port proxy_container_https_port_candidate proxy_host_https_port_candidate - local app_urls_path="$DOKKU_ROOT/$APP/URLS" + local proxy_container_https_port proxy_container_https_port_candidate proxy_host_https_port_candidate proxy_redirect_ssl local STDIN=$(cat) if [[ "$PROC_TYPE" != "web" ]]; then @@ -36,14 +35,10 @@ trigger-haproxy-vhosts-docker-args-process-deploy() { # ensure we have a port mapping plugn trigger proxy-configure-ports "$APP" - app_domains="$(plugn trigger domains-list "$APP")" - if [[ -n "$app_domains" ]]; then - haproxy_domains="$(echo "$app_domains" | xargs)" - haproxy_domains="${haproxy_domains// /,}" - fi - - output="" # gather port mapping information + # we only support proxying a single port for http and https listeners + # so this block parses the port mappings and tries to find the correct + # mapping to expose is_app_listening="false" proxy_port_map="$(plugn trigger config-get "$APP" DOKKU_PROXY_PORT_MAP)" for port_map in $proxy_port_map; do @@ -51,34 +46,84 @@ trigger-haproxy-vhosts-docker-args-process-deploy() { proxy_host_port="$(awk -F ':' '{ print $2 }' <<<"$port_map")" proxy_container_port="$(awk -F ':' '{ print $3 }' <<<"$port_map")" - # ignore https for now - if [[ "$proxy_scheme" != "http" ]] && [[ "$proxy_scheme" != "tcp" ]]; then - continue + if [[ "$proxy_scheme" == "http" ]]; then + is_app_listening="true" + if [[ -z "$proxy_container_http_port_candidate" ]]; then + proxy_container_http_port_candidate="$proxy_container_port" + proxy_host_http_port_candidate="$proxy_host_port" + fi + + if [[ "$proxy_host_port" == "80" ]] && [[ -z "$proxy_container_http_port" ]]; then + proxy_container_http_port="$proxy_container_port" + fi fi - # ignore 443 for now - if [[ "$proxy_host_port" == "443" ]]; then - continue - fi + if [[ "$proxy_scheme" == "https" ]]; then + is_app_listening="true" + if [[ -z "$proxy_container_https_port_candidate" ]]; then + proxy_container_https_port_candidate="$proxy_container_port" + proxy_host_https_port_candidate="$proxy_host_port" + fi - # ignore everything but 80 for now - if [[ "$proxy_host_port" != "80" ]]; then - continue + if [[ "$proxy_host_port" == "443" ]] && [[ -z "$proxy_container_https_port" ]]; then + proxy_container_https_port="$proxy_container_port" + fi fi - - is_app_listening="true" - output="$output --label haproxy.$APP-$PROC_TYPE.mode=$proxy_scheme" - output="$output --label haproxy.$APP-$PROC_TYPE.port=$proxy_host_port" - output="$output --label haproxy.$APP-$PROC_TYPE.localport=$proxy_container_port" - output="$output --label haproxy.$APP-$PROC_TYPE.host=$haproxy_domains" done + letsencrypt_email="$(fn-haproxy-letsencrypt-email)" + if [[ -n "$letsencrypt_email" ]] && [[ -z "$proxy_container_https_port" ]]; then + proxy_container_https_port_candidate="$proxy_container_http_port_candidate" + proxy_host_https_port_candidate="$proxy_host_http_port_candidate" + if [[ -n "$proxy_container_http_port" ]]; then + proxy_container_https_port_candidate="$proxy_container_http_port" + proxy_host_http_port_candidate=443 + fi + fi + # add the labels for haproxy here - # prefer the https:443 mapping to http:80 mapping - if [[ -n "$is_app_listening" ]] && [[ -n "$haproxy_domains" ]]; then - scheme="http" - echo "# THIS FILE IS GENERATED BY DOKKU - DO NOT EDIT, YOUR CHANGES WILL BE OVERWRITTEN" >"$app_urls_path" - xargs -I{} echo "$scheme://{}" <<<"$(echo "${app_domains}" | tr ' ' '\n' | sort -u)" >>"$app_urls_path" + # any `http:80` port mapping is treated as a `http` traefik entrypoint + # any `https:443` port mapping is treated as a `https` traefik entrypoint + if [[ -n "$is_app_listening" ]]; then + app_domains="$(plugn trigger domains-list "$APP")" + if [[ -n "$app_domains" ]]; then + haproxy_domains="$(echo "$app_domains" | xargs)" + haproxy_domains="${haproxy_domains// /,}" + fi + + if [[ -n "$proxy_container_http_port" ]] || [[ -n "$proxy_container_http_port_candidate" ]]; then + if [[ -z "$proxy_container_http_port" ]]; then + dokku_log_warn "Warning: http:80 port mapping not found" + dokku_log_warn "Utilizing first http port mapping, http:$proxy_host_http_port_candidate:$proxy_container_http_port_candidate" + proxy_container_http_port="$proxy_container_http_port_candidate" + fi + + output="$output --label haproxy.$APP-$PROC_TYPE.localport=$proxy_container_http_port" + output="$output --label haproxy.$APP-$PROC_TYPE.mode=http" + output="$output --label haproxy.$APP-$PROC_TYPE.port=80" + if [[ -n "$haproxy_domains" ]]; then + output="$output --label haproxy.$APP-$PROC_TYPE.host=$haproxy_domains" + fi + fi + + if [[ -n "$proxy_container_https_port" ]] || [[ -n "$proxy_container_https_port_candidate" ]]; then + if [[ -z "$proxy_container_https_port" ]]; then + dokku_log_warn "Warning: https:443 port mapping not found" + dokku_log_warn "Utilizing first https port mapping, http:$proxy_host_https_port_candidate:$proxy_container_https_port_candidate" + proxy_container_https_port="$proxy_container_https_port_candidate" + fi + + + output="$output --label haproxy.$APP-$PROC_TYPE.redirect_ssl=true" + output="$output --label haproxy.$APP-$PROC_TYPE-https.localport=$proxy_container_https_port" + output="$output --label haproxy.$APP-$PROC_TYPE-https.letsencrypt=true" + output="$output --label haproxy.$APP-$PROC_TYPE-https.mode=http" + output="$output --label haproxy.$APP-$PROC_TYPE-https.port=443" + + if [[ -n "$haproxy_domains" ]]; then + output="$output --label haproxy.$APP-$PROC_TYPE-https.host=$haproxy_domains" + fi + fi fi echo -n "$STDIN$output"