Gitiles
Code Review Sign In
gerrit.avm99963.com / docker / twix / 262c996e97afbdc1009e886b78c13df3267277b8 / . / Dockerfile
blob: a1e122f571c8624413de3cb6861bfbeef01b5300 [file] [log] [blame]
FROM alpine:3.20.1 as openssl-builder
ENV OPENSSL_URL https://www.openssl.org/source/openssl-3.3.1.tar.gz
ENV OPENSSL_SHA256 777cd596284c883375a2a7a11bf5d2786fc5413255efab20c50d6ffe6d020b7e
RUN set -eux; \
\
apk add --no-cache \
build-base \
perl \
wget \
tar \
linux-headers
RUN set -eux; \
\
wget -O openssl.tar.gz "$OPENSSL_URL"; \
echo "$OPENSSL_SHA256 *openssl.tar.gz" | sha256sum -c; \
mkdir -p /usr/src/openssl; \
tar -xzf openssl.tar.gz -C /usr/src/openssl --strip-components=1; \
rm openssl.tar.gz; \
cd /usr/src/openssl; \
./config \
--prefix=/opt/openssl \
--openssldir=/opt/openssl \
enable-ssl3 \
enable-ssl3-method \
no-tests \
no-shared; \
nproc="$(getconf _NPROCESSORS_ONLN)"; \
eval "make -j '$nproc'"; \
eval "make install_sw install_ssldirs"; \
cd /; \
rm -rf /usr/src/openssl
FROM alpine:3.20.1
# runtime dependencies
RUN set -eux; \
apk add --no-cache \
# @system-ca: https://github.com/docker-library/haproxy/pull/216
ca-certificates \
;
# roughly, https://git.alpinelinux.org/aports/tree/main/haproxy/haproxy.pre-install?h=3.12-stable
RUN set -eux; \
addgroup --gid 99 --system haproxy; \
adduser \
--disabled-password \
--home /var/lib/haproxy \
--ingroup haproxy \
--no-create-home \
--system \
--uid 99 \
haproxy \
; \
mkdir /var/lib/haproxy; \
chown haproxy:haproxy /var/lib/haproxy
COPY --from=openssl-builder /opt/openssl /opt/openssl
ENV HAPROXY_VERSION 3.0.2
ENV HAPROXY_URL https://www.haproxy.org/download/3.0/src/haproxy-3.0.2.tar.gz
ENV HAPROXY_SHA256 9672ee43b109f19356c35d72687b222dcf82b879360c6e82677397376cf5dc36
# see https://sources.debian.net/src/haproxy/jessie/debian/rules/ for some helpful navigation of the possible "make" arguments
RUN set -eux; \
\
apk add --no-cache --virtual .build-deps \
gcc \
musl-dev \
linux-headers \
lua5.4-dev \
make \
pcre2-dev \
readline-dev \
tar \
; \
\
wget -O haproxy.tar.gz "$HAPROXY_URL"; \
echo "$HAPROXY_SHA256 *haproxy.tar.gz" | sha256sum -c; \
mkdir -p /usr/src/haproxy; \
tar -xzf haproxy.tar.gz -C /usr/src/haproxy --strip-components=1; \
rm haproxy.tar.gz; \
\
makeOpts=' \
TARGET=linux-musl \
USE_GETADDRINFO=1 \
USE_LUA=1 LUA_INC=/usr/include/lua5.4 LUA_LIB=/usr/lib/lua5.4 \
USE_OPENSSL=1 SSL_INC=/opt/openssl/include SSL_LIB=/opt/openssl/lib64 \
USE_PCRE2=1 USE_PCRE2_JIT=1 \
USE_PROMEX=1 \
\
EXTRA_OBJS=" \
" \
'; \
\
nproc="$(getconf _NPROCESSORS_ONLN)"; \
eval "make -C /usr/src/haproxy -j '$nproc' all $makeOpts"; \
eval "make -C /usr/src/haproxy install-bin $makeOpts"; \
\
mkdir -p /usr/local/etc/haproxy; \
cp -R /usr/src/haproxy/examples/errorfiles /usr/local/etc/haproxy/errors; \
rm -rf /usr/src/haproxy; \
\
runDeps="$( \
scanelf --needed --nobanner --format '%n#p' --recursive /usr/local \
| tr ',' '\n' \
| sort -u \
| awk 'system("[ -e /usr/local/lib/" $1 " ]") == 0 { next } { print "so:" $1 }' \
)"; \
apk add --no-network --virtual .haproxy-rundeps $runDeps; \
apk del --no-network .build-deps; \
\
# smoke test
haproxy -v
# https://www.haproxy.org/download/1.8/doc/management.txt
# "4. Stopping and restarting HAProxy"
# "when the SIGTERM signal is sent to the haproxy process, it immediately quits and all established connections are closed"
# "graceful stop is triggered when the SIGUSR1 signal is sent to the haproxy process"
STOPSIGNAL SIGUSR1
COPY docker-entrypoint.sh /
USER haproxy
# https://github.com/docker-library/haproxy/issues/200
WORKDIR /var/lib/haproxy
ENTRYPOINT ["/docker-entrypoint.sh"]
CMD ["haproxy", "-f", "/usr/local/etc/haproxy/haproxy.cfg"]