Update haproxy dockerfile for newer lua and fix ca-certificate installation

Add verify_none option in server registration (for development testing of SSL backends)
2025-05-09 02:05:37 +00:00 · 2025-03-16 22:49:00 +11:00
parent fdbd19ba30
commit 842df64c5e
6 changed files with 29 additions and 14 deletions
--- a/src/lua/scripts/register-servers.lua
+++ b/src/lua/scripts/register-servers.lua
@@ -19,6 +19,7 @@ function setup_servers()
 	local handle = io.open("/etc/haproxy/map/hosts.map", "r")
 	local line = handle:read("*line")
 	local verify_backend_ssl = os.getenv("VERIFY_BACKEND_SSL")
+	local verify_none = os.getenv("VERIFY_BACKEND_SSL_VERIFYNONE")
 	local counter = 1
 	-- NOTE: using tcp socket to interact with runtime API because lua can't add servers
 	local tcp = core.tcp();
@@ -40,9 +41,15 @@ function setup_servers()
 		local server_name = "servers/websrv" .. counter
 		--NOTE: if you have a proper CA setup,
 		if verify_backend_ssl ~= nil then
-			tcp:send(string.format(
-				"add server %s %s check ssl verify required ca-file ca-certificates.crt sni req.hdr(Host);",
-				server_name, backend_host))
+			if verify_none ~= nil then -- for development use only
+				tcp:send(string.format(
+					"add server %s %s check ssl verify none ca-file ca-certificates.crt sni req.hdr(Host);",
+					server_name, backend_host))
+			else
+				tcp:send(string.format(
+					"add server %s %s check ssl verify required ca-file ca-certificates.crt sni req.hdr(Host);",
+					server_name, backend_host))
+			end
 		else
 			tcp:send(string.format("add server %s %s;", server_name, backend_host))
 		end
--- a/src/lua/scripts/templates.lua
+++ b/src/lua/scripts/templates.lua
@@ -49,7 +49,7 @@ _M.body = string.format([[
 			%%s
 		</noscript>
 		<div class="powstatus"></div>
-		<canvas id="canvas" width="250" height="40"></canvas>
+		<!-- <canvas id="canvas" width="250" height="40"></canvas> -->
 		<footer>
 			<p>Node: <code>%%s</code></p>
 			<p>%%s</p>