haproxytech / haproxy-lua-acme

Apache License 2.0
105 stars 15 forks source link

Is this working with haproxy:latest docker image? #5

Open EthraZa opened 4 years ago

EthraZa commented 4 years ago

I'm trying all day long, but it just does not work. The instructions are insufficient.

I don't understand why the haproxy docker image can't come with lua-ossl, but ok, I build one image just to add this one. The instruction say to put the files in the right LUA_PATH, but don't tell us where it is or how to find it within haproxy, but ok, after some hours, I find out it could be /usr/local/share/lua/5.3/. So I droped all the lua files there, just to find out the lua-load config.lua does not find the file. Ok, lua-load /usr/local/share/lua/5.3/config.lua seens to work. But, lua-load /usr/local/share/lua/5.3/acme.lua will tell me it can't load the damn http.lua file that is there, with all the rest.

[ALERT] 187/185031 (1) : parsing [/usr/local/etc/haproxy/haproxy.cfg:6] : Lua runtime error: error loading module 'http' from file '/usr/local/share/lua/5.3':
    cannot read /usr/local/share/lua/5.3: Is a directory
[ALERT] 187/185031 (1) : Error(s) found in configuration file : /usr/local/etc/haproxy/haproxy.cfg
[ALERT] 187/185031 (1) : Fatal errors found in configuration.

That is it. And I still don't understand why haproxy guys thinks SSL is not cool enough in 2020 to not get it bundled in a working state with haproxy docker image. If someone can point me where I'm getting it wrong, I can try again. Till there, acme.sh docker image works out of the box.

anezirovic commented 4 years ago

While I'm not authoritative on Docker issues, it can be hard to deploy third party software, especially when it is not packaged upstream (I think luaossl is packaged only in Debian Buster or later). I don't think we've officially considered using this script with Docker, but that could be quite useful indeed.

As for Lua paths, HAProxy inherits the usual LUA_PATH and LUA_CPATH, as defined in Lua source tarball (src/luaconf.h). Before, you could play with 'package.path' in your Lua script, and add that with lua-load before loading our script. Starting with HAProxy 2.2, you can use new directive, lua-prepend-path for the same purpose: https://cbonte.github.io/haproxy-dconv/2.2/configuration.html#lua-prepend-path

Last, but not the least, currently, this module does not work with upstream ACMEv2 servers (there were quite a few changes in the last months), so it will need some updating.