├── confd ├── templates │ ├── certs.tmpl │ └── haproxy.tmpl ├── confd.toml └── conf.d │ ├── 001-haproxy_certs.toml │ └── 002-haproxy.toml ├── cert_splitter.sh ├── entrypoint.sh ├── Dockerfile ├── README.md └── LICENSE /confd/templates/certs.tmpl: -------------------------------------------------------------------------------- 1 | {{range getvs "/services/*/cert"}}{{.}}{{end}} 2 | -------------------------------------------------------------------------------- /confd/confd.toml: -------------------------------------------------------------------------------- 1 | interval = 10 2 | debug = false 3 | verbose = false 4 | quiet = true 5 | -------------------------------------------------------------------------------- /confd/conf.d/001-haproxy_certs.toml: -------------------------------------------------------------------------------- 1 | [template] 2 | keys = [ 3 | "services" 4 | ] 5 | 6 | owner = "haproxy" 7 | mode = "0644" 8 | src = "certs.tmpl" 9 | dest = "/tmp/certs.pem" 10 | 11 | reload_cmd = "cert_splitter.sh && haproxy -f /etc/haproxy/haproxy.cfg -p /var/run/haproxy.pid -D -sf $(cat /var/run/haproxy.pid)" 12 | -------------------------------------------------------------------------------- /confd/conf.d/002-haproxy.toml: -------------------------------------------------------------------------------- 1 | [template] 2 | prefix = "" 3 | keys = [ 4 | "services", 5 | "tcp-services", 6 | "certs" 7 | ] 8 | 9 | owner = "haproxy" 10 | mode = "0644" 11 | src = "haproxy.tmpl" 12 | dest = "/etc/haproxy/haproxy.cfg" 13 | 14 | check_cmd = "cat {{ .src }} && haproxy -c -f {{ .src }}" 15 | reload_cmd = "haproxy -f /etc/haproxy/haproxy.cfg -p /var/run/haproxy.pid -D -sf $(cat /var/run/haproxy.pid)" 16 | -------------------------------------------------------------------------------- /cert_splitter.sh: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | echo "Splitting bundled certificates..." 3 | cd /tmp 4 | sed '/^$/d' certs.pem > certs_tmp.pem && csplit --elide-empty-files -s -f cert -b %02d_gen.pem certs_tmp.pem "/-----END .* PRIVATE KEY-----/+1" 5 | rm /etc/haproxy/certs/cert*_gen.pem 6 | mv cert*_gen.pem /etc/haproxy/certs/ 7 | if [ -f cert00_gen.pem ]; 8 | then 9 | curl -L -X PUT http://$ETCD_NODE/v2/keys/haproxy-$HAPROXY_ID/certs -d value=true 10 | else 11 | curl -L -X PUT http://$ETCD_NODE/v2/keys/haproxy-$HAPROXY_ID/certs -d dir=true 12 | fi 13 | rm cert*_gen.pem 14 | echo "...done. New certificates updated into HAProxy." 15 | -------------------------------------------------------------------------------- /entrypoint.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | if [ -z "$ETCD_NODE" ] 4 | then 5 | echo "Missing ETCD_NODE env var" 6 | exit -1 7 | fi 8 | 9 | if [ -z "$HAPROXY_ID" ] 10 | then 11 | echo "Missing HAPROXY_ID env var" 12 | exit -1 13 | fi 14 | 15 | DNS_SERVERS=$(cat /etc/resolv.conf | grep nameserver | cut -d " " -f2) 16 | echo "Using DNS servers: $DNS_SERVERS" 17 | 18 | set -eo pipefail 19 | 20 | # Create base dir structure in etcd as confd will complain about missing keys that are watched 21 | echo "Creating base structure for etcd..." 22 | curl -sL $ETCD_NODE/v2/keys/haproxy-$HAPROXY_ID/services -XPUT -d dir=true 23 | curl -sL $ETCD_NODE/v2/keys/haproxy-$HAPROXY_ID/tcp-services -XPUT -d dir=true 24 | curl -sL $ETCD_NODE/v2/keys/haproxy-$HAPROXY_ID/certs -XPUT -d dir=true 25 | echo "..done" 26 | 27 | echo "[haproxy-confd] booting HAProxy $HAPROXY_ID. Reading configuration from ETCD: $ETCD_NODE" 28 | DNS_SERVERS=$DNS_SERVERS confd -backend="etcd" -prefix="/haproxy-$HAPROXY_ID" -node "$ETCD_NODE" -interval=$BACKEND_POLLING_INTERVAL "$@" 29 | -------------------------------------------------------------------------------- /Dockerfile: -------------------------------------------------------------------------------- 1 | FROM gliderlabs/alpine:3.2 2 | 3 | MAINTAINER jussi.nummelin@digia.com 4 | 5 | # Default to grid internal etcd 6 | ENV ETCD_NODE http://etcd.kontena.local:2379 7 | ENV confd_ver 0.10.0 8 | ENV CERT_SPLIT_TOKEN ==================== 9 | ENV BACKEND_POLLING_INTERVAL 10 10 | 11 | # Install needed packages 12 | RUN apk update && apk --update add ca-certificates \ 13 | libssl1.0 openssl bash coreutils curl pcre && \ 14 | mkdir -p /etc/haproxy/certs/ 15 | 16 | # Install HAProxy 1.6 17 | RUN apk --update add --virtual build-dependencies build-base linux-headers pcre-dev openssl-dev && \ 18 | wget http://www.haproxy.org/download/1.6/src/haproxy-1.6.0.tar.gz && \ 19 | tar zxvf haproxy-1.6.0.tar.gz && cd haproxy-1.6.0 && \ 20 | make TARGET=linux2628 USE_PCRE=1 USE_OPENSSL=1 USE_ZLIB=1 USE_CRYPT_H=1 USE_LIBCRYPT=1 && \ 21 | make install-bin && cd .. && \ 22 | rm -rf haproxy-1.6.0* && \ 23 | apk del build-dependencies 24 | 25 | RUN adduser -D haproxy 26 | 27 | # Install confd 28 | RUN wget https://github.com/jnummelin/confd/releases/download/v0.11.0/confd_alpine -O /bin/confd && \ 29 | chmod +x /bin/confd 30 | 31 | ADD confd /etc/confd 32 | 33 | # Expose ports. 34 | EXPOSE 80 35 | EXPOSE 443 36 | 37 | ADD entrypoint.sh /entrypoint.sh 38 | ADD cert_splitter.sh /bin/cert_splitter.sh 39 | RUN chmod +x /bin/cert_splitter.sh 40 | ENTRYPOINT ["/entrypoint.sh"] 41 | -------------------------------------------------------------------------------- /confd/templates/haproxy.tmpl: -------------------------------------------------------------------------------- 1 | global 2 | pidfile /var/run/haproxy.pid 3 | user haproxy 4 | group haproxy 5 | maxconn 100000 6 | tune.ssl.default-dh-param 2048 7 | # Updated cipher suites to cover FREAK attack 8 | ssl-default-bind-ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA 9 | 10 | defaults 11 | mode http 12 | option splice-auto 13 | option http-keep-alive 14 | option redispatch 15 | retries 3 16 | # disconnect slow handshake clients early, protect from 17 | # resources exhaustion attacks 18 | timeout http-request 5s 19 | timeout queue 1m 20 | timeout connect 5s 21 | timeout client 1m 22 | timeout server 1m 23 | timeout http-keep-alive 10s 24 | timeout check 10s 25 | 26 | 27 | resolvers dns 28 | {{range $dns := split (getenv "DNS_SERVERS") "\n" }} 29 | nameserver dns_{{$dns}} {{$dns}} 30 | {{end}} 31 | resolve_retries 3 32 | timeout retry 1s 33 | hold valid 10s 34 | 35 | 36 | listen http-in 37 | bind *:80 38 | {{if exists "/certs"}} 39 | bind *:443 ssl crt /etc/haproxy/certs/ no-sslv3 40 | {{end}} 41 | reqadd X-Forwarded-Proto:\ https if { ssl_fc } 42 | reqadd X-Forwarded-Port:\ 443 if { ssl_fc } 43 | 44 | {{range $service := ls "/services"}} 45 | {{$key := printf "/services/%s/domain" $service}} {{if exists $key}} 46 | acl host_{{$service}} hdr(host) -i {{getv $key}} 47 | acl host_{{$service}} hdr(host) -i {{getv $key}}:80 48 | {{end}} 49 | {{$key := printf "/services/%s/url_beg" $service}} {{if exists $key}} 50 | acl host_{{$service}} url_beg {{getv $key}} 51 | {{end}} 52 | {{if exists "/certs" }} 53 | acl host_{{$service}} req_ssl_sni -i {{getv $key}} 54 | acl host_{{$service}} req_ssl_sni -i {{getv $key}}:443 55 | {{end}} 56 | {{end}} 57 | 58 | {{range $service := ls "/services"}} 59 | use_backend {{$service}} if host_{{$service}} 60 | {{end}} 61 | 62 | {{range $service := ls "/services"}} 63 | backend {{$service}} 64 | option forwardfor 65 | {{$key := printf "/services/%s/balance" $service}} {{if exists $key}} 66 | balance {{getv $key}} 67 | {{else}} 68 | balance roundrobin 69 | {{end}} 70 | {{$key := printf "/services/%s/url_beg" $service}} {{if exists $key}} 71 | reqrep ^([^\ :]*)\ {{getv $key}}[/]?(.*) \1\ /\2 72 | {{end}} 73 | server {{$service}} {{$service}}:{{printf "/services/%s/port" $service | getv}} check resolvers dns 74 | {{end}} 75 | 76 | # TCP Services 77 | {{range $service := ls "/tcp-services"}} 78 | listen {{$service}} 79 | mode tcp 80 | 81 | {{$key := printf "/tcp-services/%s/balance" $service}} {{if exists $key}} 82 | balance {{getv $key}} 83 | {{else}} 84 | balance roundrobin 85 | {{end}} 86 | 87 | bind *:{{printf "/tcp-services/%s/external_port" $service | getv}} 88 | {{range lookupIP $service}} 89 | server {{$service}}_{{.}} {{.}}:{{printf "/tcp-services/%s/internal_port" $service | getv}} check 90 | {{end}} 91 | {{end}} 92 | 93 | listen stats 94 | mode http 95 | bind 0.0.0.0:1000 96 | stats enable 97 | stats uri / 98 | stats refresh 5s 99 | stats show-node 100 | stats show-legends 101 | 102 | # if authentication is wanted 103 | acl auth_ok http_auth(stats-auth) 104 | http-request auth unless auth_ok 105 | 106 | userlist stats-auth 107 | user admin insecure-password {{getenv "STATS_PASSWORD"}} 108 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | HAProxy combined with confd for HTTP load balancing with automatic service discovery and reconfiguration throuh etcd. 2 | 3 | ## Pre-requisites 4 | 5 | This setup depends on finding the service backends through DNS. If you are using Docker to run your services we highly suggest to use some orchestration layer such as Kontena. At least consider using for example weave to network your containers and to give them addressable DNS entries. 6 | 7 | ## Features 8 | 9 | * HAProxy 1.5.x backed by Confd 0.10.0 10 | * ConfD from jnummelin/confd fork for time being since that has pre-build package for Alpine Linux 11 | * Uses zero-downtime reconfiguration (e.g - instead of harpy reload, which will drop all connections, will gradually transfer new connections to the new config) 12 | * Added validation for existence of keys in backing kv store, to prevent failures 13 | * Supports certificates from etcd as well 14 | * For time being the certs are not encrypted so make sure the access to your etcd is secure in other ways. 15 | 16 | ## Configuration through etcd 17 | 18 | Create the paths allowing confd to find the services: 19 | ```bash 20 | etcdctl mkdir "/haproxy-/services" 21 | etcdctl mkdir "/haproxy-/tcp-services" 22 | ``` 23 | 24 | ### Basic configuration 25 | 26 | Depending on your needs, create one or more services or tcp-services. 27 | For instance, to create an http service named *myapp* linked to the domain *example.org*. 28 | ```bash 29 | etcdctl set "/haproxy-/services/myapp/domain" "example.org" 30 | etcdctl set "/haproxy-/services/myapp/port" "80" 31 | ``` 32 | 33 | The dynamic backend resolving expects to find your backend IPs from DNS using the given service name. This is achieved using the new DNS resolving functionality of HAProxy 1.6. 34 | 35 | ### Backend selection through URL matching 36 | 37 | Currently this HAProxy setup supports URL beginning matching (url_beg). This can be very handy e.g. in cases where HAProxy is used as API proxy. In this case you can route requests for same domain but for different paths to different backends: 38 | ``` 39 | http://domain/api_A 40 | http://domain/api_B 41 | ``` 42 | To achieve this setup following config on etcd: 43 | ```bash 44 | etcdctl set "/haproxy-/services/myapi/url_beg" "/api_A" 45 | etcdctl set "/haproxy-/services/myapi/port" "80" 46 | etcdctl set "/haproxy-/services/otherapi/url_beg" "/api_B" 47 | etcdctl set "/haproxy-/services/otherapi/port" "80" 48 | ``` 49 | 50 | ### Selecting load balancing strategy 51 | 52 | As we all know you sometimes need to select different lb strategy for different apps and you can do that easily with this setup: 53 | 54 | ```bash 55 | etcdctl set "/haproxy-/services/myapp/balancing" "cookie" 56 | ``` 57 | If you do not set the strategy the load balancer will default to `roundrobin` 58 | 59 | For description on different modes see HAProxy docs: 60 | 61 | # Creating the proxy 62 | 63 | Create and start the service making sure to expose port 80 and 443 on the host machine and open them in your firewall. 64 | 65 | **REMEMBER to set the environment variable *HAPROXY-ID* so that each proxy service will read correct configuration from etcd.** 66 | 67 | ```bash 68 | docker run -d -e HAPROXY-ID=haproxy-1 -p 80:80 -p 443:443 -e ETCD_NODE= confd-haproxy:latest 69 | ``` 70 | 71 | If you scale your app or the app containers change, built in DNS resolving will automatically update the backend addresses. 72 | 73 | To *remove a service*, and so a directory, you must type 74 | ```bash 75 | etcdctl rmdir "/haproxy-/services/myapp" 76 | ``` 77 | 78 | ## TCP services 79 | 80 | TCP Service proxying is also supported and the overall mechanism is the same as with HTTP services. For TCP services you need to configure both external and internal ports via etcd: 81 | ```bash 82 | etcdctl set "/haproxy-/tcp-services/galera/external_port" "3306" 83 | etcdctl set "/haproxy-/tcp-services/galera/internal_port" "3306" 84 | 85 | ``` 86 | 87 | The above will tell HAProxy to listen to conections in port 3306 and direct traffic to backends found via DNS discovery using name *galera* 88 | 89 | ## Building the image 90 | 91 | The image is based on Alpine Linux image provided by Gliderlabs. Alpine is used since it's really minimal in size yet it provides all necessary building blocks. 92 | 93 | ``` 94 | docker build -t your_repo/haproxy-confd: . 95 | ``` 96 | 97 | ## Etcd for Local testing 98 | 99 | For local testing you need etcd running. Easiest way is to use docker for that: 100 | ``` 101 | docker run -d -p 2379:2379 kontena/etcd:2.1.2 --listen-client-urls http://0.0.0.0:2379 --advertise-client-urls http://$(docker-machine ip dev):2379 102 | ``` 103 | 104 | 105 | 106 | Have fun ! 107 | -------------------------------------------------------------------------------- /LICENSE: -------------------------------------------------------------------------------- 1 | 2 | Apache License 3 | Version 2.0, January 2004 4 | https://www.apache.org/licenses/ 5 | 6 | TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION 7 | 8 | 1. Definitions. 9 | 10 | "License" shall mean the terms and conditions for use, reproduction, 11 | and distribution as defined by Sections 1 through 9 of this document. 12 | 13 | "Licensor" shall mean the copyright owner or entity authorized by 14 | the copyright owner that is granting the License. 15 | 16 | "Legal Entity" shall mean the union of the acting entity and all 17 | other entities that control, are controlled by, or are under common 18 | control with that entity. For the purposes of this definition, 19 | "control" means (i) the power, direct or indirect, to cause the 20 | direction or management of such entity, whether by contract or 21 | otherwise, or (ii) ownership of fifty percent (50%) or more of the 22 | outstanding shares, or (iii) beneficial ownership of such entity. 23 | 24 | "You" (or "Your") shall mean an individual or Legal Entity 25 | exercising permissions granted by this License. 26 | 27 | "Source" form shall mean the preferred form for making modifications, 28 | including but not limited to software source code, documentation 29 | source, and configuration files. 30 | 31 | "Object" form shall mean any form resulting from mechanical 32 | transformation or translation of a Source form, including but 33 | not limited to compiled object code, generated documentation, 34 | and conversions to other media types. 35 | 36 | "Work" shall mean the work of authorship, whether in Source or 37 | Object form, made available under the License, as indicated by a 38 | copyright notice that is included in or attached to the work 39 | (an example is provided in the Appendix below). 40 | 41 | "Derivative Works" shall mean any work, whether in Source or Object 42 | form, that is based on (or derived from) the Work and for which the 43 | editorial revisions, annotations, elaborations, or other modifications 44 | represent, as a whole, an original work of authorship. For the purposes 45 | of this License, Derivative Works shall not include works that remain 46 | separable from, or merely link (or bind by name) to the interfaces of, 47 | the Work and Derivative Works thereof. 48 | 49 | "Contribution" shall mean any work of authorship, including 50 | the original version of the Work and any modifications or additions 51 | to that Work or Derivative Works thereof, that is intentionally 52 | submitted to Licensor for inclusion in the Work by the copyright owner 53 | or by an individual or Legal Entity authorized to submit on behalf of 54 | the copyright owner. For the purposes of this definition, "submitted" 55 | means any form of electronic, verbal, or written communication sent 56 | to the Licensor or its representatives, including but not limited to 57 | communication on electronic mailing lists, source code control systems, 58 | and issue tracking systems that are managed by, or on behalf of, the 59 | Licensor for the purpose of discussing and improving the Work, but 60 | excluding communication that is conspicuously marked or otherwise 61 | designated in writing by the copyright owner as "Not a Contribution." 62 | 63 | "Contributor" shall mean Licensor and any individual or Legal Entity 64 | on behalf of whom a Contribution has been received by Licensor and 65 | subsequently incorporated within the Work. 66 | 67 | 2. Grant of Copyright License. Subject to the terms and conditions of 68 | this License, each Contributor hereby grants to You a perpetual, 69 | worldwide, non-exclusive, no-charge, royalty-free, irrevocable 70 | copyright license to reproduce, prepare Derivative Works of, 71 | publicly display, publicly perform, sublicense, and distribute the 72 | Work and such Derivative Works in Source or Object form. 73 | 74 | 3. Grant of Patent License. Subject to the terms and conditions of 75 | this License, each Contributor hereby grants to You a perpetual, 76 | worldwide, non-exclusive, no-charge, royalty-free, irrevocable 77 | (except as stated in this section) patent license to make, have made, 78 | use, offer to sell, sell, import, and otherwise transfer the Work, 79 | where such license applies only to those patent claims licensable 80 | by such Contributor that are necessarily infringed by their 81 | Contribution(s) alone or by combination of their Contribution(s) 82 | with the Work to which such Contribution(s) was submitted. If You 83 | institute patent litigation against any entity (including a 84 | cross-claim or counterclaim in a lawsuit) alleging that the Work 85 | or a Contribution incorporated within the Work constitutes direct 86 | or contributory patent infringement, then any patent licenses 87 | granted to You under this License for that Work shall terminate 88 | as of the date such litigation is filed. 89 | 90 | 4. Redistribution. You may reproduce and distribute copies of the 91 | Work or Derivative Works thereof in any medium, with or without 92 | modifications, and in Source or Object form, provided that You 93 | meet the following conditions: 94 | 95 | (a) You must give any other recipients of the Work or 96 | Derivative Works a copy of this License; and 97 | 98 | (b) You must cause any modified files to carry prominent notices 99 | stating that You changed the files; and 100 | 101 | (c) You must retain, in the Source form of any Derivative Works 102 | that You distribute, all copyright, patent, trademark, and 103 | attribution notices from the Source form of the Work, 104 | excluding those notices that do not pertain to any part of 105 | the Derivative Works; and 106 | 107 | (d) If the Work includes a "NOTICE" text file as part of its 108 | distribution, then any Derivative Works that You distribute must 109 | include a readable copy of the attribution notices contained 110 | within such NOTICE file, excluding those notices that do not 111 | pertain to any part of the Derivative Works, in at least one 112 | of the following places: within a NOTICE text file distributed 113 | as part of the Derivative Works; within the Source form or 114 | documentation, if provided along with the Derivative Works; or, 115 | within a display generated by the Derivative Works, if and 116 | wherever such third-party notices normally appear. The contents 117 | of the NOTICE file are for informational purposes only and 118 | do not modify the License. You may add Your own attribution 119 | notices within Derivative Works that You distribute, alongside 120 | or as an addendum to the NOTICE text from the Work, provided 121 | that such additional attribution notices cannot be construed 122 | as modifying the License. 123 | 124 | You may add Your own copyright statement to Your modifications and 125 | may provide additional or different license terms and conditions 126 | for use, reproduction, or distribution of Your modifications, or 127 | for any such Derivative Works as a whole, provided Your use, 128 | reproduction, and distribution of the Work otherwise complies with 129 | the conditions stated in this License. 130 | 131 | 5. Submission of Contributions. Unless You explicitly state otherwise, 132 | any Contribution intentionally submitted for inclusion in the Work 133 | by You to the Licensor shall be under the terms and conditions of 134 | this License, without any additional terms or conditions. 135 | Notwithstanding the above, nothing herein shall supersede or modify 136 | the terms of any separate license agreement you may have executed 137 | with Licensor regarding such Contributions. 138 | 139 | 6. Trademarks. This License does not grant permission to use the trade 140 | names, trademarks, service marks, or product names of the Licensor, 141 | except as required for reasonable and customary use in describing the 142 | origin of the Work and reproducing the content of the NOTICE file. 143 | 144 | 7. Disclaimer of Warranty. Unless required by applicable law or 145 | agreed to in writing, Licensor provides the Work (and each 146 | Contributor provides its Contributions) on an "AS IS" BASIS, 147 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or 148 | implied, including, without limitation, any warranties or conditions 149 | of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A 150 | PARTICULAR PURPOSE. You are solely responsible for determining the 151 | appropriateness of using or redistributing the Work and assume any 152 | risks associated with Your exercise of permissions under this License. 153 | 154 | 8. Limitation of Liability. In no event and under no legal theory, 155 | whether in tort (including negligence), contract, or otherwise, 156 | unless required by applicable law (such as deliberate and grossly 157 | negligent acts) or agreed to in writing, shall any Contributor be 158 | liable to You for damages, including any direct, indirect, special, 159 | incidental, or consequential damages of any character arising as a 160 | result of this License or out of the use or inability to use the 161 | Work (including but not limited to damages for loss of goodwill, 162 | work stoppage, computer failure or malfunction, or any and all 163 | other commercial damages or losses), even if such Contributor 164 | has been advised of the possibility of such damages. 165 | 166 | 9. Accepting Warranty or Additional Liability. While redistributing 167 | the Work or Derivative Works thereof, You may choose to offer, 168 | and charge a fee for, acceptance of support, warranty, indemnity, 169 | or other liability obligations and/or rights consistent with this 170 | License. However, in accepting such obligations, You may act only 171 | on Your own behalf and on Your sole responsibility, not on behalf 172 | of any other Contributor, and only if You agree to indemnify, 173 | defend, and hold each Contributor harmless for any liability 174 | incurred by, or claims asserted against, such Contributor by reason 175 | of your accepting any such warranty or additional liability. 176 | 177 | END OF TERMS AND CONDITIONS 178 | 179 | Copyright 2013-2015 Docker, Inc. 180 | 181 | Licensed under the Apache License, Version 2.0 (the "License"); 182 | you may not use this file except in compliance with the License. 183 | You may obtain a copy of the License at 184 | 185 | https://www.apache.org/licenses/LICENSE-2.0 186 | 187 | Unless required by applicable law or agreed to in writing, software 188 | distributed under the License is distributed on an "AS IS" BASIS, 189 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 190 | See the License for the specific language governing permissions and 191 | limitations under the License. 192 | 193 | --------------------------------------------------------------------------------