I'm currently working on getting this setup myself. I eventually decided to expo... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		djsumdog on Nov 2, 2017 \| parent \| context \| favorite \| on: HAProxy 1.8 I'm currently working on getting this setup myself. I eventually decided to exposing /var/run/docker.sock to my Certbot container and have a posthook that sends -HUP to the HAProxy container, which has a wrapper script that forwards HUP to haproxy's PID. It would be nice if I could just do this via the HAProxy admin socket .. or not even reloading the whole config but just tell it to rescan the SSL certs.

mschuster91 on Nov 2, 2017 [–]

> I eventually decided to exposing /var/run/docker.sock to my Certbot container

Don't do this, please. It is a security risk as access to the docker socket can be used to take over the entire system as root.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact