Changes in 5306bb6: Updated haproxy-letsencrypt-docker.md

				haproxy-letsencrypt-docker.md
			
          @@ -223,7 +223,7 @@ Here we have:

           * The container_name is 'haproxy'. We'll be referring to this container name later on for sending signals when certs are renewed.

           * The 'haproxy/bind' dir is mounted at /usr/local/etc/haproxy, so the haproxy.cfg file we created is in the right place for haproxy to read it. Mounted read-only, and with the 'Z' selinux flag (I'm running RedHat-ish host OSes here, so it's required - leave off the ',Z' if docker complains).

           * The letsencrypt volume is mounted at /etc/letsencrypt so haproxy can read the cert file.

          -* We're creating a user-defined network called 'haproxy' so we an talk to other containers and have built-in dns work.

          +* We're creating a user-defined network called 'haproxy' so we can talk to other containers and have built-in dns work.

           * The high port numbers are mapped down to the usual 80/443 .

           * We're setting a non-priv UID to run as. Because [containers don't need to run as root](https://medium.com/@mccode/processes-in-containers-should-not-run-as-root-2feae3f0df3b).

          @@ -267,7 +267,7 @@ services:

                 - 443:8443

               user: '1001'

          -letsencrypt:

          +  letsencrypt:

               build: ./letsencrypt

               image: letsencrypt

               container_name: letsencrypt

          @@ -297,7 +297,7 @@ What doing?

           Run `docker-compose up` to bring up haproxy and the letsencrypt container. certbot will (after 10 seconds) read the current certs and decide there's nothing to do, then go to sleep for a day. haproxy should start up and tell you nice things about the letsencrypt backend being up.

           # Next?

          -Add your choice of backends and containers to docker-compose.yml and haproxy.cfg, and go about your business.

          +Add your choice of backends and containers to haproxy.cfg and docker-compose.yml, and go about your business.

           # Relax

...	...	@@ -223,7 +223,7 @@ Here we have:
223	223	* The container_name is 'haproxy'. We'll be referring to this container name later on for sending signals when certs are renewed.
224	224	* The 'haproxy/bind' dir is mounted at /usr/local/etc/haproxy, so the haproxy.cfg file we created is in the right place for haproxy to read it. Mounted read-only, and with the 'Z' selinux flag (I'm running RedHat-ish host OSes here, so it's required - leave off the ',Z' if docker complains).
225	225	* The letsencrypt volume is mounted at /etc/letsencrypt so haproxy can read the cert file.
226		-* We're creating a user-defined network called 'haproxy' so we an talk to other containers and have built-in dns work.
	226	+* We're creating a user-defined network called 'haproxy' so we can talk to other containers and have built-in dns work.
227	227	* The high port numbers are mapped down to the usual 80/443 .
228	228	* We're setting a non-priv UID to run as. Because [containers don't need to run as root](https://medium.com/@mccode/processes-in-containers-should-not-run-as-root-2feae3f0df3b).
229	229
...	...	@@ -267,7 +267,7 @@ services:
267	267	- 443:8443
268	268	user: '1001'
269	269
270		-letsencrypt:
	270	+ letsencrypt:
271	271	build: ./letsencrypt
272	272	image: letsencrypt
273	273	container_name: letsencrypt
...	...	@@ -297,7 +297,7 @@ What doing?
297	297	Run `docker-compose up` to bring up haproxy and the letsencrypt container. certbot will (after 10 seconds) read the current certs and decide there's nothing to do, then go to sleep for a day. haproxy should start up and tell you nice things about the letsencrypt backend being up.
298	298
299	299	# Next?
300		-Add your choice of backends and containers to docker-compose.yml and haproxy.cfg, and go about your business.
	300	+Add your choice of backends and containers to haproxy.cfg and docker-compose.yml, and go about your business.
301	301
302	302	# Relax
303	303