From 235e22d4234c1547b6c5d3c841f9a718ecdf8072 Mon Sep 17 00:00:00 2001 From: Andrey Arapov Date: Thu, 12 Jul 2018 00:18:50 +0200 Subject: [PATCH] update readme --- README.md | 27 ++++++++++++++++++++++++++- 1 file changed, 26 insertions(+), 1 deletion(-) diff --git a/README.md b/README.md index 6bb3678..958fb74 100644 --- a/README.md +++ b/README.md @@ -38,7 +38,7 @@ used by the client in order to validate the server's certificate. ## Examples -### Minio and Docker Registry services with Traefik reverse proxy +### Minio and Docker Registry services behind Traefik reverse proxy - docker-compose.yml @@ -81,6 +81,31 @@ services: - registry ``` +### helloworld with socat + +> socat could be handy when you need to see the flow between the client and the +> backend. Minimum socat version should be [1.7.3.2](https://fossies.org/linux/privat/socat-1.7.3.2.tar.gz/socat-1.7.3.2/CHANGES) so it will work with the +> ECDHE- OpenSSL ciphers. + +``` +services: + helloworld: + image: dockercloud/hello-world + volumes: + - /srv/services/gencert/gencert.sh:/gencert.sh:ro + entrypoint: sh -c "mkdir /certs && cd /certs && /gencert.sh --cn helloworld && apk --update add socat && ( nohup /run.sh & ) && echo '@edge http://nl.alpinelinux.org/alpine/edge/main' | tee -a /etc/apk/repositories && apk --update add socat@edge && socat -v -v -d -d OPENSSL-LISTEN:443,reuseaddr,verify=0,cafile=./ca.crt,cert=./public.crt,key=./private.key,fork tcp4-connect:127.0.0.1:80" + labels: + traefik.enable: 'true' + traefik.frontend.rule: 'Host: hello.example.com' + traefik.frontend.entryPoints: 'http,https' + # traefik.port: '80' + traefik.backend.loadbalancer.stickiness: 'true' + traefik.port: '443' + traefik.protocol: 'https' + # traefik.frontend.passTLSCert: 'true' + # traefik.frontend.passHostHeader: 'true' +``` + ## Testing I have added a simplistic script [testme.sh](testme.sh) that helps to test this