address review

Signed-off-by: Simon L <szaimen@e.mail.de>
2024-12-27 01:02:10 +08:00 · 2023-08-30 15:13:08 +02:00 · 2023-08-30 15:13:08 +02:00 · a56fbb6045
commit a56fbb6045
parent cac797114a
5 changed files with 25 additions and 13 deletions
--- a/Containers/docker-socket-proxy/Dockerfile
+++ b/Containers/docker-socket-proxy/Dockerfile
@ -1,10 +1,16 @@
 FROM haproxy:2.8.2-alpine3.18

 USER root
-RUN apk add --no-cache ca-certificates tzdata bind-tools
+ENV NEXTCLOUD_HOST nextcloud-aio-nextcloud
+RUN set -ex; \
+    apk add --no-cache \
+        ca-certificates \
+        tzdata \
+        bind-tools; \
+    chmod -R 777 /tmp

-COPY --chmod=775 start.sh /start.sh
-COPY --chmod=664 haproxy.cfg /conf/haproxy.cfg
+COPY --chmod=775 *.sh /
+COPY --chmod=664 haproxy.cfg /haproxy.cfg

 ENTRYPOINT ["/start.sh"]
-HEALTHCHECK CMD [ "$(wget http://127.0.0.1:2375/v1.41/_ping -qO -)" = "OK" ] || exit 1
+HEALTHCHECK CMD /healthcheck.sh
--- a/Containers/docker-socket-proxy/haproxy.cfg
+++ b/Containers/docker-socket-proxy/haproxy.cfg
@ -1,3 +1,5 @@
+# Inspiration: https://github.com/Tecnativa/docker-socket-proxy/blob/master/haproxy.cfg
+
 defaults
    timeout connect 10s
    timeout client 10s
@ -8,7 +10,6 @@ frontend http
    bind :2375
    http-request deny unless { src 127.0.0.1 } || { src ::1 } || { src NC_IPV4_PLACEHOLDER } || { src NC_IPV6_PLACEHOLDER }
    http-request allow if { path,url_dec -m reg -i ^(/v[\d\.]+)?/containers/[a-zA-Z0-9_.-]+/((start)|(stop)|(restart)|(kill)) }
-    http-request allow if { path,url_dec -m reg -i ^(/v[\d\.]+)?/auth }
    http-request allow if { path,url_dec -m reg -i ^(/v[\d\.]+)?/containers }
    http-request allow if { path,url_dec -m reg -i ^(/v[\d\.]+)?/images }
    http-request allow if { path,url_dec -m reg -i ^(/v[\d\.]+)?/info }
--- a/Containers/docker-socket-proxy/healthcheck.sh
+++ b/Containers/docker-socket-proxy/healthcheck.sh
@ -0,0 +1,6 @@
+#!/bin/bash
+
+nc -z "$NEXTCLOUD_HOST" 9000 || exit 0
+if [ "$(wget http://127.0.0.1:2375/v1.41/_ping -qO -)" != "OK" ]; then
+    exit 1
+fi
--- a/Containers/docker-socket-proxy/start.sh
+++ b/Containers/docker-socket-proxy/start.sh
@ -8,12 +8,13 @@ done

 set -x
 IPv4_ADDRESS_NC="$(dig nextcloud-aio-nextcloud IN A +short | grep '^[0-9.]\+$' | sort | head -n1)"
-sed -i "s|NC_IPV4_PLACEHOLDER|$IPv4_ADDRESS_NC|g"
-sed -i "s# || { src NC_IPV4_PLACEHOLDER }##g" /conf/haproxy.cfg
+HAPROXYFILE="$(sed "s|NC_IPV4_PLACEHOLDER|$IPv4_ADDRESS_NC|" /haproxy.cfg)" 
+echo "$HAPROXYFILE" > /tmp/haproxy.cfg

 IPv6_ADDRESS_NC="$(dig nextcloud-aio-nextcloud AAAA +short | grep '^[0-9a-f:]\+$' | sort | head -n1)"
-sed -i "s|NC_IPV6_PLACEHOLDER|$IPv6_ADDRESS_NC|g"
-sed -i "s# || { src NC_IPV6_PLACEHOLDER }##g" /conf/haproxy.cfg
+HAPROXYFILE="$(sed "s# || { src NC_IPV6_PLACEHOLDER }##g" /tmp/haproxy.cfg)"
+HAPROXYFILE="$(echo "$HAPROXYFILE" | sed "s|NC_IPV6_PLACEHOLDER|$IPv6_ADDRESS_NC|")" 
+echo "$HAPROXYFILE" > /tmp/haproxy.cfg
 set +x

-haproxy -f /conf/haproxy.cfg -db
+haproxy -f /tmp/haproxy.cfg -db
--- a/php/containers.json
+++ b/php/containers.json
@ -661,9 +661,7 @@
      "restart": "unless-stopped",
      "read_only": true,
      "tmpfs": [
-        "/run",
-        "/conf",
-        "/var/lib/haproxy"
+        "/tmp"
      ]
    }
  ]