一条命令用docker 运行haproxy反代端口

docker run -d –name my-ha -p 8015:8888 -v /home/haproxy:/usr/local/etc/haproxy:ro haproxy:1.7

把haproxy.cfg配置文件放到/home/haproxy下

haproxy.cfg参考:

# Simple configuration for an HTTP proxy listening on port 80 on all     
# interfaces and forwarding requests to a single backend "servers" with a # single server "server1" listening on 127.0.0.1:8000
global
daemon maxconn 256
defaults mode http

timeout connect 5000ms
timeout client 50000ms
timeout server 50000ms

frontend http-in
bind *:80
default_backend servers

backend servers
server server1 127.0.0.1:8000 maxconn 32

Docker部署haproxy

部署:


docker run -d --name haproxy \ -p 80:80 \ -p 443:443 \ -p 2222:2222 \ -p 9090:9090 \ --restart=always \ -v /home/haproxy:/usr/local/etc/haproxy \ haproxy:alpine

/home/haproxy下的配置文件名必须为:haproxy.cfg

配置参考:


global #daemon log 127.0.0.1 local0 log 127.0.0.1 local1 notice maxconn 4096 defaults mode http maxconn 2000 log global option dontlognull option http-server-close option redispatch retries 3 timeout connect 5s timeout client 50s timeout server 50s listen stats bind *:9090 balance mode http stats enable stats uri /stats stats auth admin:password frontend in_http_80 bind *:80 mode http default_backend backend_http acl is_1 hdr_beg(host) -i example.com use_backend backend_sz if is_1 frontend in_https_443 bind *:443 mode tcp default_backend backend_https frontend in_http_da bind *:2222 mode http default_backend backend_da backend backend_http balance roundrobin option forwardfor http-request set-header X-Forwarded-Port %[dst_port] http-request add-header X-Forwarded-Proto https if { ssl_fc } option httpchk HEAD / HTTP/1.1\r\nHost:localhost server node1 199.99.99.81:80 check backend backend_sz balance roundrobin option forwardfor http-request set-header X-Forwarded-Port %[dst_port] http-request add-header X-Forwarded-Proto https if { ssl_fc } option httpchk HEAD / HTTP/1.1\r\nHost:localhost server node2 199.99.99.82:8888 check backend backend_da mode http server srv1 199.99.99.81:2222 check backend backend_https mode tcp server srv2 199.99.99.81:443 check

此配置用于反代Directadmin,注意,后端要把Haproxy的IP置于白名单,一处是防火墙的白名单,根据防火墙设置;

另外一处是Directadmin的白名单,位于/usr/local/directadmin/data/admin/ip_whitelist

参考:https://help.directadmin.com/item.php?id=306

否则因为恶意扫描,反代的IP会被后端Ban。

如果后端需要获取真实IP,参考这里:

Docker 运行带PHP的Caddy

Caddy是一个使用 Go语言写的 HTTP Server,上手非常简单,并且 Caddy支持 自动签订Let’s Encrypt SSL证书,只需要提供一个邮箱,剩下的他会自己申请、配置和续约 SSL证书!。这里用Docker来运行是因为可以直接运行集成PHP的docker分支,运行一些小的php应用非常方便。


docker run -d \
--name=caddy \
--restart=always \
-e ACME_AGREE=true \
-v /home/caddy/Caddyfile:/etc/Caddyfile \
-v /home/caddy/.caddy:/root/.caddy \
-v /home/caddy/www:/srv \
-p 80:80 -p 443:443 -p 2015:2015 \
abiosoft/caddy:php

Caddyfile 配置文件路径: /home/caddy/Caddyfile;

SSL证书存放路径:/home/caddy/.caddy;

网站程序存放路径/home/caddy/www,映射到Docker里的/srv,可以在此目录下建立子目录,Caddyfile文件里根据不同域名指定不同的子目录,建立多站点。

Caddyfile示例:


example.com {
gzip
root /srv
fastcgi / 127.0.0.1:9000 php # php variant only
on startup php-fpm7 # php variant only
}