Update quictls to 3.1.4. Add 3.0 branch.

2.6/Dockerfile

@@ -11,7 +11,7 @@ RUN cd "${GOPATH}/src/github.com/haproxytech/dataplaneapi" && \
 FROM debian:bookworm-slim AS openssl-builder
 
 ENV OPENSSL_SHA256 1651412ec136a693fcc84c77df664ca0dc0495eab2785afa2c7ba064a00fb1b6
-ENV OPENSSL_URL https://github.com/quictls/openssl/archive/refs/tags/openssl-3.1.2-quic1.tar.gz
+ENV OPENSSL_URL https://github.com/quictls/openssl/archive/refs/tags/openssl-3.1.4-quic1.tar.gz
 
 ENV DEBIAN_FRONTEND noninteractive
 

2.7/Dockerfile

@@ -11,7 +11,7 @@ RUN cd "${GOPATH}/src/github.com/haproxytech/dataplaneapi" && \
 FROM debian:bookworm-slim AS openssl-builder
 
 ENV OPENSSL_SHA256 1651412ec136a693fcc84c77df664ca0dc0495eab2785afa2c7ba064a00fb1b6
-ENV OPENSSL_URL https://github.com/quictls/openssl/archive/refs/tags/openssl-3.1.2-quic1.tar.gz
+ENV OPENSSL_URL https://github.com/quictls/openssl/archive/refs/tags/openssl-3.1.4-quic1.tar.gz
 
 ENV DEBIAN_FRONTEND noninteractive
 

2.8/Dockerfile

@@ -11,7 +11,7 @@ RUN cd "${GOPATH}/src/github.com/haproxytech/dataplaneapi" && \
 FROM debian:bookworm-slim AS openssl-builder
 
 ENV OPENSSL_SHA256 1651412ec136a693fcc84c77df664ca0dc0495eab2785afa2c7ba064a00fb1b6
-ENV OPENSSL_URL https://github.com/quictls/openssl/archive/refs/tags/openssl-3.1.2-quic1.tar.gz
+ENV OPENSSL_URL https://github.com/quictls/openssl/archive/refs/tags/openssl-3.1.4-quic1.tar.gz
 
 ENV DEBIAN_FRONTEND noninteractive
 

2.9/Dockerfile

@@ -11,7 +11,7 @@ RUN cd "${GOPATH}/src/github.com/haproxytech/dataplaneapi" && \
 FROM debian:bookworm-slim AS openssl-builder
 
 ENV OPENSSL_SHA256 1651412ec136a693fcc84c77df664ca0dc0495eab2785afa2c7ba064a00fb1b6
-ENV OPENSSL_URL https://github.com/quictls/openssl/archive/refs/tags/openssl-3.1.2-quic1.tar.gz
+ENV OPENSSL_URL https://github.com/quictls/openssl/archive/refs/tags/openssl-3.1.4-quic1.tar.gz
 
 ENV DEBIAN_FRONTEND noninteractive
 
@@ -53,7 +53,7 @@ COPY --from=openssl-builder /opt/quictls /opt/quictls
 RUN apt-get update && \
     apt-get install -y --no-install-recommends procps zlib1g "libpcre2-*" liblua5.4-0 libatomic1 tar curl socat ca-certificates && \
     apt-get install -y --no-install-recommends gcc make libc6-dev libpcre2-dev zlib1g-dev liblua5.4-dev && \
-    curl -sfSL "${HAPROXY_SRC_URL}/${HAPROXY_BRANCH}/src/devel/haproxy-${HAPROXY_MINOR}.tar.gz" -o haproxy.tar.gz && \
+    curl -sfSL "${HAPROXY_SRC_URL}/${HAPROXY_BRANCH}/src/haproxy-${HAPROXY_MINOR}.tar.gz" -o haproxy.tar.gz && \
     echo "$HAPROXY_SHA256 *haproxy.tar.gz" | sha256sum -c - && \
     groupadd "$HAPROXY_GID" && \
     useradd -g "$HAPROXY_GID" "$HAPROXY_UID" && \

3.0/Dockerfile

@@ -0,0 +1,97 @@
+FROM golang:latest AS dataplaneapi-builder
+
+ENV DATAPLANE_MINOR 2.8.4
+ENV DATAPLANE_URL https://github.com/haproxytech/dataplaneapi.git
+
+RUN git clone "${DATAPLANE_URL}" "${GOPATH}/src/github.com/haproxytech/dataplaneapi"
+RUN cd "${GOPATH}/src/github.com/haproxytech/dataplaneapi" && \
+    git checkout "v${DATAPLANE_MINOR}" && \
+    make build && cp build/dataplaneapi /dataplaneapi
+
+FROM debian:bookworm-slim AS openssl-builder
+
+ENV OPENSSL_SHA256 1651412ec136a693fcc84c77df664ca0dc0495eab2785afa2c7ba064a00fb1b6
+ENV OPENSSL_URL https://github.com/quictls/openssl/archive/refs/tags/openssl-3.1.4-quic1.tar.gz
+
+ENV DEBIAN_FRONTEND noninteractive
+
+RUN apt-get update && \
+    apt-get install -y --no-install-recommends build-essential ca-certificates curl && \
+    curl -sfSL "${OPENSSL_URL}" -o openssl.tar.gz && \
+    mkdir -p /tmp/openssl && \
+    tar -xzf openssl.tar.gz -C /tmp/openssl --strip-components=1 && \
+    rm -f openssl.tar.gz && \
+    cd /tmp/openssl && \
+    ./config --libdir=lib --prefix=/opt/quictls && \
+    make -j $(nproc) && \
+    make install && \
+    rm -rf /tmp/openssl
+
+FROM debian:bookworm-slim
+
+MAINTAINER Dinko Korunic <[email protected]>
+
+LABEL Name HAProxy
+LABEL Release Community Edition
+LABEL Vendor HAProxy
+LABEL Version 3.0.0
+LABEL RUN /usr/bin/docker -d IMAGE
+
+ENV HAPROXY_BRANCH 3.0
+ENV HAPROXY_MINOR 3.0.0
+ENV HAPROXY_SHA256 fba18acd1a46337fe20ae07c816c2496c8602b80a1bc9ff3768d4caa5fb80eab
+ENV HAPROXY_SRC_URL http://www.haproxy.org/download
+
+ENV HAPROXY_UID haproxy
+ENV HAPROXY_GID haproxy
+
+ENV DEBIAN_FRONTEND noninteractive
+
+COPY --from=dataplaneapi-builder /dataplaneapi /usr/local/bin/dataplaneapi
+COPY --from=openssl-builder /opt/quictls /opt/quictls
+
+RUN apt-get update && \
+    apt-get install -y --no-install-recommends procps zlib1g "libpcre2-*" liblua5.4-0 libatomic1 tar curl socat ca-certificates && \
+    apt-get install -y --no-install-recommends gcc make libc6-dev libpcre2-dev zlib1g-dev liblua5.4-dev && \
+    curl -sfSL "${HAPROXY_SRC_URL}/${HAPROXY_BRANCH}/src/devel/haproxy-${HAPROXY_MINOR}.tar.gz" -o haproxy.tar.gz && \
+    echo "$HAPROXY_SHA256 *haproxy.tar.gz" | sha256sum -c - && \
+    groupadd "$HAPROXY_GID" && \
+    useradd -g "$HAPROXY_GID" "$HAPROXY_UID" && \
+    mkdir -p /tmp/haproxy && \
+    tar -xzf haproxy.tar.gz -C /tmp/haproxy --strip-components=1 && \
+    rm -f haproxy.tar.gz && \
+    make -C /tmp/haproxy -j"$(nproc)" TARGET=linux-glibc CPU=generic USE_PCRE2=1 USE_PCRE2_JIT=1 \
+                            USE_TFO=1 USE_LINUX_TPROXY=1 USE_LUA=1 USE_GETADDRINFO=1 \
+                            USE_PROMEX=1 USE_SLZ=1 \
+                            USE_OPENSSL=1 USE_PTHREAD_EMULATION=1 \
+                            SSL_INC=/opt/quictls/include SSL_LIB=/opt/quictls/lib USE_QUIC=1 \
+                            LDFLAGS="-L/opt/quictls/lib -Wl,-rpath,/opt/quictls/lib" \
+                            all && \
+    make -C /tmp/haproxy TARGET=linux-glibc install-bin install-man && \
+    ln -s /usr/local/sbin/haproxy /usr/sbin/haproxy && \
+    mkdir -p /var/lib/haproxy && \
+    chown "$HAPROXY_UID:$HAPROXY_GID" /var/lib/haproxy && \
+    mkdir -p /usr/local/etc/haproxy && \
+    ln -s /usr/local/etc/haproxy /etc/haproxy && \
+    cp -R /tmp/haproxy/examples/errorfiles /usr/local/etc/haproxy/errors && \
+    rm -rf /tmp/haproxy && \
+    apt-get purge -y --auto-remove gcc make libc6-dev libpcre2-dev zlib1g-dev liblua5.4-dev && \
+    apt-get clean && \
+    rm -rf /var/lib/apt/lists/* && \
+    chmod +x /usr/local/bin/dataplaneapi && \
+    ln -s /usr/local/bin/dataplaneapi /usr/bin/dataplaneapi && \
+    touch /usr/local/etc/haproxy/dataplaneapi.yml && \
+    chown "$HAPROXY_UID:$HAPROXY_GID" /usr/local/etc/haproxy/dataplaneapi.yml && \
+    echo "/opt/quictls/lib" > /etc/ld.so.conf.d/quictls.conf && \
+    mkdir -p /opt/quictls/ssl && \
+    rm -rf /opt/quictls/ssl/certs && \
+    ln -s /etc/ssl/certs /opt/quictls/ssl/certs && \
+    ldconfig
+
+COPY haproxy.cfg /usr/local/etc/haproxy
+COPY docker-entrypoint.sh /
+
+STOPSIGNAL SIGUSR1
+
+ENTRYPOINT ["/docker-entrypoint.sh"]
+CMD ["haproxy", "-f", "/usr/local/etc/haproxy/haproxy.cfg"]

3.0/docker-entrypoint.sh

@@ -0,0 +1,17 @@
+#!/bin/sh
+set -e
+
+# first arg is `-f` or `--some-option`
+if [ "${1#-}" != "$1" ]; then
+	set -- haproxy "$@"
+fi
+
+if [ "$1" = 'haproxy' ]; then
+	shift # "haproxy"
+	# if the user wants "haproxy", let's add a couple useful flags
+	#   -W  -- "master-worker mode" (similar to the old "haproxy-systemd-wrapper"; allows for reload via "SIGUSR2")
+	#   -db -- disables background mode
+	set -- haproxy -W -db "$@"
+fi
+
+exec "$@"

3.0/haproxy.cfg

@@ -0,0 +1,102 @@
+#---------------------------------------------------------------------
+# Example configuration for a possible web application.  See the
+# full configuration options online.
+#
+#   https://www.haproxy.org/download/3.0/doc/configuration.txt
+#   https://cbonte.github.io/haproxy-dconv/3.0/configuration.html
+#
+#---------------------------------------------------------------------
+
+#---------------------------------------------------------------------
+# Global settings
+#---------------------------------------------------------------------
+global
+    # to have these messages end up in /var/log/haproxy.log you will
+    # need to:
+    #
+    # 1) configure syslog to accept network log events.  This is done
+    #    by adding the '-r' option to the SYSLOGD_OPTIONS in
+    #    /etc/sysconfig/syslog
+    #
+    # 2) configure local2 events to go to the /var/log/haproxy.log
+    #   file. A line like the following can be added to
+    #   /etc/sysconfig/syslog
+    #
+    #    local2.*                       /var/log/haproxy.log
+    #
+    log         127.0.0.1 local2
+
+    chroot      /var/lib/haproxy
+    pidfile     /var/run/haproxy.pid
+    maxconn     4000
+    user        haproxy
+    group       haproxy
+    # daemon
+
+    # turn on stats unix socket
+    stats socket /var/lib/haproxy/stats
+
+#---------------------------------------------------------------------
+# common defaults that all the 'listen' and 'backend' sections will
+# use if not designated in their block
+#---------------------------------------------------------------------
+defaults
+    mode                    http
+    log                     global
+    option                  httplog
+    option                  dontlognull
+    option http-server-close
+    option forwardfor       except 127.0.0.0/8
+    option                  redispatch
+    retries                 3
+    timeout http-request    10s
+    timeout queue           1m
+    timeout connect         10s
+    timeout client          1m
+    timeout server          1m
+    timeout http-keep-alive 10s
+    timeout check           10s
+    maxconn                 3000
+
+#---------------------------------------------------------------------
+# example how to define user and enable Data Plane API on tcp/5555
+# more information: https://github.com/haproxytech/dataplaneapi and
+#   https://www.haproxy.com/documentation/hapee/2-0r1/configuration/dataplaneapi/
+#---------------------------------------------------------------------
+# userlist haproxy-dataplaneapi
+#     user admin insecure-password mypassword
+#
+# program api
+#    command /usr/bin/dataplaneapi --host 0.0.0.0 --port 5555 --haproxy-bin /usr/sbin/haproxy --config-file /etc/haproxy/haproxy.cfg --reload-cmd "kill -SIGUSR2 1" --restart-cmd "kill -SIGUSR2 1" --reload-delay 5 --userlist hapee-dataplaneapi
+#    no option start-on-reload
+
+#---------------------------------------------------------------------
+# main frontend which proxys to the backends
+#---------------------------------------------------------------------
+frontend  main
+    bind *:80
+    # bind *:443 ssl # To be completed ....
+
+    acl url_static       path_beg       -i /static /images /javascript /stylesheets
+    acl url_static       path_end       -i .jpg .gif .png .css .js
+
+    use_backend static          if url_static
+    default_backend             app
+
+#---------------------------------------------------------------------
+# static backend for serving up images, stylesheets and such
+#---------------------------------------------------------------------
+backend static
+    balance     roundrobin
+    server      static1 127.0.0.1:4331 check
+    server      static2 127.0.0.1:4332 check
+
+#---------------------------------------------------------------------
+# round robin balancing between the various backends
+#---------------------------------------------------------------------
+backend app
+    balance     roundrobin
+    server  app1 127.0.0.1:5001 check
+    server  app2 127.0.0.1:5002 check
+    server  app3 127.0.0.1:5003 check
+    server  app4 127.0.0.1:5004 check

build.sh

@@ -2,8 +2,8 @@
 
 DOCKER_TAG="haproxytech/haproxy-debian-quic"
 HAPROXY_GITHUB_URL="https://github.com/haproxytech/haproxy-docker-debian-quic/blob/main"
-HAPROXY_BRANCHES="2.6 2.7 2.8 2.9"
-HAPROXY_CURRENT_BRANCH="2.8"
+HAPROXY_BRANCHES="2.6 2.7 2.8 2.9 3.0"
+HAPROXY_CURRENT_BRANCH="2.9"
 PUSH="no"
 HAPROXY_UPDATED=""