Skip to content

Commit 18eacc9

Browse files
h4x3rotabh4x3rotab
authored
Merge pull request #91 from Dstack-TEE/fix/dstack-ingress-2.1
2 parents 781869b + 66abdd9 commit 18eacc9

File tree

5 files changed

+14
-8
lines changed

5 files changed

+14
-8
lines changed

custom-domain/dstack-ingress/README.md

Lines changed: 3 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -35,7 +35,7 @@ You can use a wildcard domain (e.g. `*.myapp.com`) to route all subdomains to a
3535
```yaml
3636
services:
3737
dstack-ingress:
38-
image: dstacktee/dstack-ingress:2.0@sha256:9fb13c42dceaba91d2e2e7de3a06700a2cf507f4335ae70f3f1db4574a5ad552
38+
image: dstacktee/dstack-ingress:2.1
3939
ports:
4040
- "443:443"
4141
environment:
@@ -64,7 +64,7 @@ volumes:
6464
```yaml
6565
services:
6666
dstack-ingress:
67-
image: dstacktee/dstack-ingress:2.0@sha256:9fb13c42dceaba91d2e2e7de3a06700a2cf507f4335ae70f3f1db4574a5ad552
67+
image: dstacktee/dstack-ingress:2.1
6868
ports:
6969
- "443:443"
7070
environment:
@@ -102,7 +102,7 @@ Use `ROUTING_MAP` to route different domains to different backends via SNI:
102102
```yaml
103103
services:
104104
ingress:
105-
image: dstacktee/dstack-ingress:2.0@sha256:9fb13c42dceaba91d2e2e7de3a06700a2cf507f4335ae70f3f1db4574a5ad552
105+
image: dstacktee/dstack-ingress:2.1
106106
ports:
107107
- "443:443"
108108
environment:

custom-domain/dstack-ingress/docker-compose.multi.yaml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1,6 +1,6 @@
11
services:
22
ingress:
3-
image: dstacktee/dstack-ingress:2.0@sha256:9fb13c42dceaba91d2e2e7de3a06700a2cf507f4335ae70f3f1db4574a5ad552
3+
image: dstacktee/dstack-ingress:2.1
44
ports:
55
- "443:443"
66
environment:

custom-domain/dstack-ingress/docker-compose.yaml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1,6 +1,6 @@
11
services:
22
dstack-ingress:
3-
image: dstacktee/dstack-ingress:2.0@sha256:9fb13c42dceaba91d2e2e7de3a06700a2cf507f4335ae70f3f1db4574a5ad552
3+
image: dstacktee/dstack-ingress:2.1
44
ports:
55
- "443:443"
66
environment:

custom-domain/dstack-ingress/scripts/build-combined-pems.sh

Lines changed: 3 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -4,14 +4,16 @@
44

55
set -e
66

7+
source /scripts/functions.sh
8+
79
CERT_DIR="/etc/haproxy/certs"
810
mkdir -p "$CERT_DIR"
911

1012
all_domains=$(get-all-domains.sh)
1113

1214
while IFS= read -r domain; do
1315
[[ -n "$domain" ]] || continue
14-
le_dir="/etc/letsencrypt/live/${domain}"
16+
le_dir="/etc/letsencrypt/live/$(cert_dir_name "$domain")"
1517
combined="${CERT_DIR}/${domain}.pem"
1618
if [ -f "${le_dir}/fullchain.pem" ] && [ -f "${le_dir}/privkey.pem" ]; then
1719
cat "${le_dir}/fullchain.pem" "${le_dir}/privkey.pem" > "$combined"

custom-domain/dstack-ingress/scripts/entrypoint.sh

Lines changed: 6 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -155,9 +155,13 @@ EOF
155155
if [ "$EVIDENCE_SERVER" = "true" ]; then
156156
cat <<'EVIDENCE_BLOCK' >>/etc/haproxy/haproxy.cfg
157157
158-
# Route /evidences requests to local evidence HTTP server
158+
# Route /evidences requests to the local evidence HTTP server.
159+
# inspect-delay sets the upper bound for buffering; the accept rule
160+
# fires as soon as any application data is present in the buffer
161+
# (after SSL termination a full TLS record is decrypted atomically,
162+
# so the complete HTTP request is available on first evaluation).
159163
tcp-request inspect-delay 5s
160-
tcp-request content accept if WAIT_END
164+
tcp-request content accept if { req.len gt 0 }
161165
acl is_evidence payload(0,0) -m beg "GET /evidences"
162166
acl is_evidence payload(0,0) -m beg "HEAD /evidences"
163167
use_backend be_evidence if is_evidence

0 commit comments

Comments
 (0)