0ff8a85684
- HAProxy: api/stream/web backends with blue+green servers (backup) - docker-compose.prod: backend-api-blue/green, stream-server-blue/green, web-blue/green - haproxy-blue.cfg, haproxy-green.cfg: config variants for active stack - scripts/deploy-blue-green.sh: switch traffic via config copy + HUP reload |
||
|---|---|---|
| .. | ||
| haproxy-blue.cfg | ||
| haproxy-green.cfg | ||
| haproxy.cfg | ||
| README.md | ||
HAProxy Configuration
Production (haproxy.cfg)
- HTTP (port 80): Redirects all traffic to HTTPS (301)
- HTTPS (port 443): Serves traffic with TLS. Certificates from
config/ssl/mounted at/etc/ssl/veza/ - Stats (port 8404): Restricted to localhost and Docker network (172.20.0.0/16)
SSL Certificates
Before starting production, add at least one certificate to config/ssl/. See config/ssl/README.md for instructions.
For quick local testing with self-signed cert:
cd config/ssl
openssl req -x509 -nodes -days 365 -newkey rsa:2048 \
-keyout key.pem -out cert.pem -subj "/CN=veza.local"
cat cert.pem key.pem > veza.pem
Development Without HTTPS
For local development without SSL, use docker-compose.yml (not prod) or create a haproxy.dev.cfg that omits the HTTPS frontend and HTTP redirect.