458f4968761785ff09e98858bdd63d10e9c8fd64
haproxy-letsencrypt-docker.md
| ... | ... | @@ -221,7 +221,7 @@ Here we have: |
| 221 | 221 | * The container_name is 'haproxy'. We'll be referring to this container name later on for sending signals when certs are renewed. |
| 222 | 222 | * The 'haproxy/bind' dir is mounted at /usr/local/etc/haproxy, so the haproxy.cfg file we created is in the right place for haproxy to read it. Mounted read-only, and with the 'Z' selinux flag (I'm running RedHat-ish host OSes here, so it's required - leave off the ',Z' if docker complains). |
| 223 | 223 | * The letsencrypt volume is mounted at /etc/letsencrypt so haproxy can read the cert file. |
| 224 | -* We're creating a user-defined network called 'haproxy' so we an talk to other containers. |
|
| 224 | +* We're creating a user-defined network called 'haproxy' so we an talk to other containers and have built-in dns work. |
|
| 225 | 225 | * The high port numbers are mapped down to the usual 80/443 . |
| 226 | 226 | * We're setting a non-priv UID to run as. Because [containers don't need to run as root](https://medium.com/@mccode/processes-in-containers-should-not-run-as-root-2feae3f0df3b). |
| 227 | 227 |