feat: first version
Change-Id: I8f1ebf3fa896e66a485e4f2cc9d50c0d5eb46412
diff --git a/Dockerfile b/Dockerfile
new file mode 100644
index 0000000..a1e122f
--- /dev/null
+++ b/Dockerfile
@@ -0,0 +1,133 @@
+FROM alpine:3.20.1 as openssl-builder
+
+ENV OPENSSL_URL https://www.openssl.org/source/openssl-3.3.1.tar.gz
+ENV OPENSSL_SHA256 777cd596284c883375a2a7a11bf5d2786fc5413255efab20c50d6ffe6d020b7e
+
+RUN set -eux; \
+ \
+ apk add --no-cache \
+ build-base \
+ perl \
+ wget \
+ tar \
+ linux-headers
+
+RUN set -eux; \
+ \
+ wget -O openssl.tar.gz "$OPENSSL_URL"; \
+ echo "$OPENSSL_SHA256 *openssl.tar.gz" | sha256sum -c; \
+ mkdir -p /usr/src/openssl; \
+ tar -xzf openssl.tar.gz -C /usr/src/openssl --strip-components=1; \
+ rm openssl.tar.gz; \
+ cd /usr/src/openssl; \
+ ./config \
+ --prefix=/opt/openssl \
+ --openssldir=/opt/openssl \
+ enable-ssl3 \
+ enable-ssl3-method \
+ no-tests \
+ no-shared; \
+ nproc="$(getconf _NPROCESSORS_ONLN)"; \
+ eval "make -j '$nproc'"; \
+ eval "make install_sw install_ssldirs"; \
+ cd /; \
+ rm -rf /usr/src/openssl
+
+
+FROM alpine:3.20.1
+
+# runtime dependencies
+RUN set -eux; \
+ apk add --no-cache \
+# @system-ca: https://github.com/docker-library/haproxy/pull/216
+ ca-certificates \
+ ;
+
+# roughly, https://git.alpinelinux.org/aports/tree/main/haproxy/haproxy.pre-install?h=3.12-stable
+RUN set -eux; \
+ addgroup --gid 99 --system haproxy; \
+ adduser \
+ --disabled-password \
+ --home /var/lib/haproxy \
+ --ingroup haproxy \
+ --no-create-home \
+ --system \
+ --uid 99 \
+ haproxy \
+ ; \
+ mkdir /var/lib/haproxy; \
+ chown haproxy:haproxy /var/lib/haproxy
+
+COPY --from=openssl-builder /opt/openssl /opt/openssl
+
+ENV HAPROXY_VERSION 3.0.2
+ENV HAPROXY_URL https://www.haproxy.org/download/3.0/src/haproxy-3.0.2.tar.gz
+ENV HAPROXY_SHA256 9672ee43b109f19356c35d72687b222dcf82b879360c6e82677397376cf5dc36
+
+# see https://sources.debian.net/src/haproxy/jessie/debian/rules/ for some helpful navigation of the possible "make" arguments
+RUN set -eux; \
+ \
+ apk add --no-cache --virtual .build-deps \
+ gcc \
+ musl-dev \
+ linux-headers \
+ lua5.4-dev \
+ make \
+ pcre2-dev \
+ readline-dev \
+ tar \
+ ; \
+ \
+ wget -O haproxy.tar.gz "$HAPROXY_URL"; \
+ echo "$HAPROXY_SHA256 *haproxy.tar.gz" | sha256sum -c; \
+ mkdir -p /usr/src/haproxy; \
+ tar -xzf haproxy.tar.gz -C /usr/src/haproxy --strip-components=1; \
+ rm haproxy.tar.gz; \
+ \
+ makeOpts=' \
+ TARGET=linux-musl \
+ USE_GETADDRINFO=1 \
+ USE_LUA=1 LUA_INC=/usr/include/lua5.4 LUA_LIB=/usr/lib/lua5.4 \
+ USE_OPENSSL=1 SSL_INC=/opt/openssl/include SSL_LIB=/opt/openssl/lib64 \
+ USE_PCRE2=1 USE_PCRE2_JIT=1 \
+ USE_PROMEX=1 \
+ \
+ EXTRA_OBJS=" \
+ " \
+ '; \
+ \
+ nproc="$(getconf _NPROCESSORS_ONLN)"; \
+ eval "make -C /usr/src/haproxy -j '$nproc' all $makeOpts"; \
+ eval "make -C /usr/src/haproxy install-bin $makeOpts"; \
+ \
+ mkdir -p /usr/local/etc/haproxy; \
+ cp -R /usr/src/haproxy/examples/errorfiles /usr/local/etc/haproxy/errors; \
+ rm -rf /usr/src/haproxy; \
+ \
+ runDeps="$( \
+ scanelf --needed --nobanner --format '%n#p' --recursive /usr/local \
+ | tr ',' '\n' \
+ | sort -u \
+ | awk 'system("[ -e /usr/local/lib/" $1 " ]") == 0 { next } { print "so:" $1 }' \
+ )"; \
+ apk add --no-network --virtual .haproxy-rundeps $runDeps; \
+ apk del --no-network .build-deps; \
+ \
+# smoke test
+ haproxy -v
+
+# https://www.haproxy.org/download/1.8/doc/management.txt
+# "4. Stopping and restarting HAProxy"
+# "when the SIGTERM signal is sent to the haproxy process, it immediately quits and all established connections are closed"
+# "graceful stop is triggered when the SIGUSR1 signal is sent to the haproxy process"
+STOPSIGNAL SIGUSR1
+
+COPY docker-entrypoint.sh /
+
+USER haproxy
+
+# https://github.com/docker-library/haproxy/issues/200
+WORKDIR /var/lib/haproxy
+
+ENTRYPOINT ["/docker-entrypoint.sh"]
+CMD ["haproxy", "-f", "/usr/local/etc/haproxy/haproxy.cfg"]