Support custom global settings via env (#46)

docker-compose.test.yml

@@ -16,10 +16,11 @@ lb:
     KONTENA_LB_SSL_CIPHERS: ECDHE-RSA-AES128-GCM-SHA256
     KONTENA_LB_CUSTOM_SETTINGS: |
       option dontlognull
-
+    KONTENA_LB_GLOBAL_SETTINGS: |
+      ssl-default-bind-options force-tlsv12
     ACME_CHALLENGE_LoqXcYV8q5ONbJQxbmR7SCTNo3tiAXDfowyjxAjEuX0: |
       LoqXcYV8q5ONbJQxbmR7SCTNo3tiAXDfowyjxAjEuX0.9jg46WB3rR_AHD-EBXdN7cBkH1WOu0tA3M9fm21mqTI
-      
+
     SSL_CERT_test1: |
       -----BEGIN CERTIFICATE-----
       MIIC9TCCAd2gAwIBAgIJAK94fUzfHt1pMA0GCSqGSIb3DQEBCwUAMBExDzANBgNV

lib/kontena/templates/haproxy/main.text.erb

@@ -7,6 +7,11 @@ global
     tune.ssl.default-dh-param 2048
     ssl-default-bind-ciphers <%= ENV['KONTENA_LB_SSL_CIPHERS'] || 'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA' %>
     stats socket <%= Kontena::Actors::HaproxySpawner::ADMIN_SOCK %> mode 660 level admin expose-fd listeners
+    <% if ENV['KONTENA_LB_GLOBAL_SETTINGS'] %>
+    <% ENV['KONTENA_LB_GLOBAL_SETTINGS'].split("\n").each do |setting| %>
+    <%= setting %>
+    <% end %>
+    <% end %>
 
 defaults
     log                     global

test/global_settings_test.bats

@@ -0,0 +1,10 @@
+#!/usr/bin/env bats
+
+load "common"
+
+@test "supports custom global settings via env" {
+
+  run config
+  assert_output_contains "ssl-default-bind-options force-tlsv12"
+
+}