Blame - Dockerfile - docker/twix

blob: a1e122f571c8624413de3cb6861bfbeef01b5300 [file] [log] [blame]

Adrià Vilanova Martínez	2a08892	2024-07-06 23:34:44 +0200	[diff] [blame^]	1	FROM alpine:3.20.1 as openssl-builder
				2
				3	ENV OPENSSL_URL https://www.openssl.org/source/openssl-3.3.1.tar.gz
				4	ENV OPENSSL_SHA256 777cd596284c883375a2a7a11bf5d2786fc5413255efab20c50d6ffe6d020b7e
				5
				6	RUN set -eux; \
				7	\
				8	apk add --no-cache \
				9	build-base \
				10	perl \
				11	wget \
				12	tar \
				13	linux-headers
				14
				15	RUN set -eux; \
				16	\
				17	wget -O openssl.tar.gz "$OPENSSL_URL"; \
				18	echo "$OPENSSL_SHA256 *openssl.tar.gz" \| sha256sum -c; \
				19	mkdir -p /usr/src/openssl; \
				20	tar -xzf openssl.tar.gz -C /usr/src/openssl --strip-components=1; \
				21	rm openssl.tar.gz; \
				22	cd /usr/src/openssl; \
				23	./config \
				24	--prefix=/opt/openssl \
				25	--openssldir=/opt/openssl \
				26	enable-ssl3 \
				27	enable-ssl3-method \
				28	no-tests \
				29	no-shared; \
				30	nproc="$(getconf _NPROCESSORS_ONLN)"; \
				31	eval "make -j '$nproc'"; \
				32	eval "make install_sw install_ssldirs"; \
				33	cd /; \
				34	rm -rf /usr/src/openssl
				35
				36
				37	FROM alpine:3.20.1
				38
				39	# runtime dependencies
				40	RUN set -eux; \
				41	apk add --no-cache \
				42	# @system-ca: https://github.com/docker-library/haproxy/pull/216
				43	ca-certificates \
				44	;
				45
				46	# roughly, https://git.alpinelinux.org/aports/tree/main/haproxy/haproxy.pre-install?h=3.12-stable
				47	RUN set -eux; \
				48	addgroup --gid 99 --system haproxy; \
				49	adduser \
				50	--disabled-password \
				51	--home /var/lib/haproxy \
				52	--ingroup haproxy \
				53	--no-create-home \
				54	--system \
				55	--uid 99 \
				56	haproxy \
				57	; \
				58	mkdir /var/lib/haproxy; \
				59	chown haproxy:haproxy /var/lib/haproxy
				60
				61	COPY --from=openssl-builder /opt/openssl /opt/openssl
				62
				63	ENV HAPROXY_VERSION 3.0.2
				64	ENV HAPROXY_URL https://www.haproxy.org/download/3.0/src/haproxy-3.0.2.tar.gz
				65	ENV HAPROXY_SHA256 9672ee43b109f19356c35d72687b222dcf82b879360c6e82677397376cf5dc36
				66
				67	# see https://sources.debian.net/src/haproxy/jessie/debian/rules/ for some helpful navigation of the possible "make" arguments
				68	RUN set -eux; \
				69	\
				70	apk add --no-cache --virtual .build-deps \
				71	gcc \
				72	musl-dev \
				73	linux-headers \
				74	lua5.4-dev \
				75	make \
				76	pcre2-dev \
				77	readline-dev \
				78	tar \
				79	; \
				80	\
				81	wget -O haproxy.tar.gz "$HAPROXY_URL"; \
				82	echo "$HAPROXY_SHA256 *haproxy.tar.gz" \| sha256sum -c; \
				83	mkdir -p /usr/src/haproxy; \
				84	tar -xzf haproxy.tar.gz -C /usr/src/haproxy --strip-components=1; \
				85	rm haproxy.tar.gz; \
				86	\
				87	makeOpts=' \
				88	TARGET=linux-musl \
				89	USE_GETADDRINFO=1 \
				90	USE_LUA=1 LUA_INC=/usr/include/lua5.4 LUA_LIB=/usr/lib/lua5.4 \
				91	USE_OPENSSL=1 SSL_INC=/opt/openssl/include SSL_LIB=/opt/openssl/lib64 \
				92	USE_PCRE2=1 USE_PCRE2_JIT=1 \
				93	USE_PROMEX=1 \
				94	\
				95	EXTRA_OBJS=" \
				96	" \
				97	'; \
				98	\
				99	nproc="$(getconf _NPROCESSORS_ONLN)"; \
				100	eval "make -C /usr/src/haproxy -j '$nproc' all $makeOpts"; \
				101	eval "make -C /usr/src/haproxy install-bin $makeOpts"; \
				102	\
				103	mkdir -p /usr/local/etc/haproxy; \
				104	cp -R /usr/src/haproxy/examples/errorfiles /usr/local/etc/haproxy/errors; \
				105	rm -rf /usr/src/haproxy; \
				106	\
				107	runDeps="$( \
				108	scanelf --needed --nobanner --format '%n#p' --recursive /usr/local \
				109	\| tr ',' '\n' \
				110	\| sort -u \
				111	\| awk 'system("[ -e /usr/local/lib/" $1 " ]") == 0 { next } { print "so:" $1 }' \
				112	)"; \
				113	apk add --no-network --virtual .haproxy-rundeps $runDeps; \
				114	apk del --no-network .build-deps; \
				115	\
				116	# smoke test
				117	haproxy -v
				118
				119	# https://www.haproxy.org/download/1.8/doc/management.txt
				120	# "4. Stopping and restarting HAProxy"
				121	# "when the SIGTERM signal is sent to the haproxy process, it immediately quits and all established connections are closed"
				122	# "graceful stop is triggered when the SIGUSR1 signal is sent to the haproxy process"
				123	STOPSIGNAL SIGUSR1
				124
				125	COPY docker-entrypoint.sh /
				126
				127	USER haproxy
				128
				129	# https://github.com/docker-library/haproxy/issues/200
				130	WORKDIR /var/lib/haproxy
				131
				132	ENTRYPOINT ["/docker-entrypoint.sh"]
				133	CMD ["haproxy", "-f", "/usr/local/etc/haproxy/haproxy.cfg"]