-
Notifications
You must be signed in to change notification settings - Fork 0
/
Dockerfile
100 lines (85 loc) · 4.22 KB
/
Dockerfile
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
FROM golang:alpine AS dataplaneapi-builder
ENV DATAPLANE_MINOR 3.0.3
ENV DATAPLANE_V2_MINOR 2.9.8
ENV DATAPLANE_URL https://github.com/haproxytech/dataplaneapi.git
RUN apk add --no-cache ca-certificates git make && \
git clone "${DATAPLANE_URL}" "${GOPATH}/src/github.com/haproxytech/dataplaneapi" && \
cd "${GOPATH}/src/github.com/haproxytech/dataplaneapi" && \
git checkout "v${DATAPLANE_MINOR}" && \
make build && cp build/dataplaneapi /dataplaneapi && \
make clean && \
git checkout "v${DATAPLANE_V2_MINOR}" && \
make build && cp build/dataplaneapi /dataplaneapi-v2
FROM alpine:3.20 AS openssl-builder
ENV OPENSSL_URL https://github.com/quictls/openssl/archive/refs/tags/openssl-3.3.0-quic1.tar.gz
RUN apk add --no-cache curl build-base make autoconf automake gcc libc-dev linux-headers && \
curl -sfSL "${OPENSSL_URL}" -o openssl.tar.gz && \
mkdir -p /tmp/openssl && \
tar -xzf openssl.tar.gz -C /tmp/openssl --strip-components=1 && \
rm -f openssl.tar.gz && \
cd /tmp/openssl && \
./config --libdir=lib --prefix=/opt/quictls && \
make -j $(nproc) && \
make install && \
rm -rf /tmp/openssl
FROM alpine:3.20
MAINTAINER Dinko Korunic <[email protected]>
LABEL Name HAProxy
LABEL Release Community Edition
LABEL Vendor HAProxy
LABEL Version 2.6.20
LABEL RUN /usr/bin/docker -d IMAGE
ENV HAPROXY_BRANCH 2.6
ENV HAPROXY_MINOR 2.6.20
ENV HAPROXY_SHA256 ef8c397a37fec4f7df1cfadc2c90f19f4cc2e4163ae7457c7b052da9f5a17a69
ENV HAPROXY_SRC_URL http://www.haproxy.org/download
ENV HAPROXY_UID haproxy
ENV HAPROXY_GID haproxy
COPY --from=dataplaneapi-builder /dataplaneapi /usr/local/bin/dataplaneapi
COPY --from=dataplaneapi-builder /dataplaneapi-v2 /usr/local/bin/dataplaneapi-v2
COPY --from=openssl-builder /opt/quictls /opt/quictls
RUN apk add --no-cache ca-certificates && \
apk add --no-cache --virtual build-deps gcc libc-dev \
linux-headers lua5.4-dev make openssl openssl-dev pcre2-dev tar \
zlib-dev curl shadow && \
curl -sfSL "${HAPROXY_SRC_URL}/${HAPROXY_BRANCH}/src/haproxy-${HAPROXY_MINOR}.tar.gz" -o haproxy.tar.gz && \
echo "$HAPROXY_SHA256 *haproxy.tar.gz" | sha256sum -c - && \
groupadd "$HAPROXY_GID" && \
useradd -g "$HAPROXY_GID" "$HAPROXY_UID" && \
mkdir -p /tmp/haproxy && \
tar -xzf haproxy.tar.gz -C /tmp/haproxy --strip-components=1 && \
rm -f haproxy.tar.gz && \
make -C /tmp/haproxy -j"$(nproc)" TARGET=linux-musl CPU=generic USE_PCRE2=1 USE_PCRE2_JIT=1 \
USE_TFO=1 USE_LINUX_TPROXY=1 USE_GETADDRINFO=1 \
USE_LUA=1 LUA_LIB=/usr/lib/lua5.4 LUA_INC=/usr/include/lua5.4 \
USE_PROMEX=1 USE_SLZ=1 \
USE_OPENSSL=1 USE_PTHREAD_EMULATION=1 \
SSL_INC=/opt/quictls/include SSL_LIB=/opt/quictls/lib USE_QUIC=1 \
LDFLAGS="-L/opt/quictls/lib -Wl,-rpath,/opt/quictls/lib" \
all && \
make -C /tmp/haproxy TARGET=linux2628 install-bin install-man && \
ln -s /usr/local/sbin/haproxy /usr/sbin/haproxy && \
mkdir -p /var/lib/haproxy && \
chown "$HAPROXY_UID:$HAPROXY_GID" /var/lib/haproxy && \
mkdir -p /usr/local/etc/haproxy && \
ln -s /usr/local/etc/haproxy /etc/haproxy && \
cp -R /tmp/haproxy/examples/errorfiles /usr/local/etc/haproxy/errors && \
rm -rf /tmp/haproxy && \
chmod +x /usr/local/bin/dataplaneapi && \
ln -s /usr/local/bin/dataplaneapi /usr/bin/dataplaneapi && \
chmod +x /usr/local/bin/dataplaneapi-v2 && \
ln -s /usr/local/bin/dataplaneapi-v2 /usr/bin/dataplaneapi-v2 && \
touch /usr/local/etc/haproxy/dataplaneapi.yml && \
chown "$HAPROXY_UID:$HAPROXY_GID" /usr/local/etc/haproxy/dataplaneapi.yml && \
apk del build-deps && \
apk add --no-cache openssl zlib lua5.4-libs pcre2 && \
rm -f /var/cache/apk/* && \
echo "/lib:/usr/local/lib:/usr/lib:/opt/quictls/lib" > "/etc/ld-musl-$(uname -m).path" && \
mkdir -p /opt/quictls/ssl && \
rm -rf /opt/quictls/ssl/certs && \
ln -s /etc/ssl/certs /opt/quictls/ssl/certs
COPY haproxy.cfg /usr/local/etc/haproxy
COPY docker-entrypoint.sh /
STOPSIGNAL SIGUSR1
ENTRYPOINT ["/docker-entrypoint.sh"]
CMD ["haproxy", "-f", "/usr/local/etc/haproxy/haproxy.cfg"]