From 55efb1c8062ef7895a5f380c0215e398b4a6e8cf Mon Sep 17 00:00:00 2001 From: Dinko Korunic Date: Tue, 5 Dec 2023 21:52:01 +0000 Subject: [PATCH] Update quictls to 3.1.4. Add 3.0 branch. --- 2.6/Dockerfile | 2 +- 2.7/Dockerfile | 2 +- 2.8/Dockerfile | 2 +- 2.9/Dockerfile | 4 +- 3.0/Dockerfile | 97 +++++++++++++++++++++++++++++++++++++ 3.0/docker-entrypoint.sh | 17 +++++++ 3.0/haproxy.cfg | 102 +++++++++++++++++++++++++++++++++++++++ build.sh | 4 +- 8 files changed, 223 insertions(+), 7 deletions(-) create mode 100644 3.0/Dockerfile create mode 100755 3.0/docker-entrypoint.sh create mode 100644 3.0/haproxy.cfg diff --git a/2.6/Dockerfile b/2.6/Dockerfile index 56785f2..f5df4f0 100644 --- a/2.6/Dockerfile +++ b/2.6/Dockerfile @@ -11,7 +11,7 @@ RUN cd "${GOPATH}/src/github.com/haproxytech/dataplaneapi" && \ FROM debian:bookworm-slim AS openssl-builder ENV OPENSSL_SHA256 1651412ec136a693fcc84c77df664ca0dc0495eab2785afa2c7ba064a00fb1b6 -ENV OPENSSL_URL https://github.com/quictls/openssl/archive/refs/tags/openssl-3.1.2-quic1.tar.gz +ENV OPENSSL_URL https://github.com/quictls/openssl/archive/refs/tags/openssl-3.1.4-quic1.tar.gz ENV DEBIAN_FRONTEND noninteractive diff --git a/2.7/Dockerfile b/2.7/Dockerfile index de4e6a4..3e6a3a8 100644 --- a/2.7/Dockerfile +++ b/2.7/Dockerfile @@ -11,7 +11,7 @@ RUN cd "${GOPATH}/src/github.com/haproxytech/dataplaneapi" && \ FROM debian:bookworm-slim AS openssl-builder ENV OPENSSL_SHA256 1651412ec136a693fcc84c77df664ca0dc0495eab2785afa2c7ba064a00fb1b6 -ENV OPENSSL_URL https://github.com/quictls/openssl/archive/refs/tags/openssl-3.1.2-quic1.tar.gz +ENV OPENSSL_URL https://github.com/quictls/openssl/archive/refs/tags/openssl-3.1.4-quic1.tar.gz ENV DEBIAN_FRONTEND noninteractive diff --git a/2.8/Dockerfile b/2.8/Dockerfile index ebe759e..7576520 100644 --- a/2.8/Dockerfile +++ b/2.8/Dockerfile @@ -11,7 +11,7 @@ RUN cd "${GOPATH}/src/github.com/haproxytech/dataplaneapi" && \ FROM debian:bookworm-slim AS openssl-builder ENV OPENSSL_SHA256 1651412ec136a693fcc84c77df664ca0dc0495eab2785afa2c7ba064a00fb1b6 -ENV OPENSSL_URL https://github.com/quictls/openssl/archive/refs/tags/openssl-3.1.2-quic1.tar.gz +ENV OPENSSL_URL https://github.com/quictls/openssl/archive/refs/tags/openssl-3.1.4-quic1.tar.gz ENV DEBIAN_FRONTEND noninteractive diff --git a/2.9/Dockerfile b/2.9/Dockerfile index 4b13ea8..a81fe1a 100644 --- a/2.9/Dockerfile +++ b/2.9/Dockerfile @@ -11,7 +11,7 @@ RUN cd "${GOPATH}/src/github.com/haproxytech/dataplaneapi" && \ FROM debian:bookworm-slim AS openssl-builder ENV OPENSSL_SHA256 1651412ec136a693fcc84c77df664ca0dc0495eab2785afa2c7ba064a00fb1b6 -ENV OPENSSL_URL https://github.com/quictls/openssl/archive/refs/tags/openssl-3.1.2-quic1.tar.gz +ENV OPENSSL_URL https://github.com/quictls/openssl/archive/refs/tags/openssl-3.1.4-quic1.tar.gz ENV DEBIAN_FRONTEND noninteractive @@ -53,7 +53,7 @@ COPY --from=openssl-builder /opt/quictls /opt/quictls RUN apt-get update && \ apt-get install -y --no-install-recommends procps zlib1g "libpcre2-*" liblua5.4-0 libatomic1 tar curl socat ca-certificates && \ apt-get install -y --no-install-recommends gcc make libc6-dev libpcre2-dev zlib1g-dev liblua5.4-dev && \ - curl -sfSL "${HAPROXY_SRC_URL}/${HAPROXY_BRANCH}/src/devel/haproxy-${HAPROXY_MINOR}.tar.gz" -o haproxy.tar.gz && \ + curl -sfSL "${HAPROXY_SRC_URL}/${HAPROXY_BRANCH}/src/haproxy-${HAPROXY_MINOR}.tar.gz" -o haproxy.tar.gz && \ echo "$HAPROXY_SHA256 *haproxy.tar.gz" | sha256sum -c - && \ groupadd "$HAPROXY_GID" && \ useradd -g "$HAPROXY_GID" "$HAPROXY_UID" && \ diff --git a/3.0/Dockerfile b/3.0/Dockerfile new file mode 100644 index 0000000..37080b0 --- /dev/null +++ b/3.0/Dockerfile @@ -0,0 +1,97 @@ +FROM golang:latest AS dataplaneapi-builder + +ENV DATAPLANE_MINOR 2.8.4 +ENV DATAPLANE_URL https://github.com/haproxytech/dataplaneapi.git + +RUN git clone "${DATAPLANE_URL}" "${GOPATH}/src/github.com/haproxytech/dataplaneapi" +RUN cd "${GOPATH}/src/github.com/haproxytech/dataplaneapi" && \ + git checkout "v${DATAPLANE_MINOR}" && \ + make build && cp build/dataplaneapi /dataplaneapi + +FROM debian:bookworm-slim AS openssl-builder + +ENV OPENSSL_SHA256 1651412ec136a693fcc84c77df664ca0dc0495eab2785afa2c7ba064a00fb1b6 +ENV OPENSSL_URL https://github.com/quictls/openssl/archive/refs/tags/openssl-3.1.4-quic1.tar.gz + +ENV DEBIAN_FRONTEND noninteractive + +RUN apt-get update && \ + apt-get install -y --no-install-recommends build-essential ca-certificates curl && \ + curl -sfSL "${OPENSSL_URL}" -o openssl.tar.gz && \ + mkdir -p /tmp/openssl && \ + tar -xzf openssl.tar.gz -C /tmp/openssl --strip-components=1 && \ + rm -f openssl.tar.gz && \ + cd /tmp/openssl && \ + ./config --libdir=lib --prefix=/opt/quictls && \ + make -j $(nproc) && \ + make install && \ + rm -rf /tmp/openssl + +FROM debian:bookworm-slim + +MAINTAINER Dinko Korunic + +LABEL Name HAProxy +LABEL Release Community Edition +LABEL Vendor HAProxy +LABEL Version 3.0.0 +LABEL RUN /usr/bin/docker -d IMAGE + +ENV HAPROXY_BRANCH 3.0 +ENV HAPROXY_MINOR 3.0.0 +ENV HAPROXY_SHA256 fba18acd1a46337fe20ae07c816c2496c8602b80a1bc9ff3768d4caa5fb80eab +ENV HAPROXY_SRC_URL http://www.haproxy.org/download + +ENV HAPROXY_UID haproxy +ENV HAPROXY_GID haproxy + +ENV DEBIAN_FRONTEND noninteractive + +COPY --from=dataplaneapi-builder /dataplaneapi /usr/local/bin/dataplaneapi +COPY --from=openssl-builder /opt/quictls /opt/quictls + +RUN apt-get update && \ + apt-get install -y --no-install-recommends procps zlib1g "libpcre2-*" liblua5.4-0 libatomic1 tar curl socat ca-certificates && \ + apt-get install -y --no-install-recommends gcc make libc6-dev libpcre2-dev zlib1g-dev liblua5.4-dev && \ + curl -sfSL "${HAPROXY_SRC_URL}/${HAPROXY_BRANCH}/src/devel/haproxy-${HAPROXY_MINOR}.tar.gz" -o haproxy.tar.gz && \ + echo "$HAPROXY_SHA256 *haproxy.tar.gz" | sha256sum -c - && \ + groupadd "$HAPROXY_GID" && \ + useradd -g "$HAPROXY_GID" "$HAPROXY_UID" && \ + mkdir -p /tmp/haproxy && \ + tar -xzf haproxy.tar.gz -C /tmp/haproxy --strip-components=1 && \ + rm -f haproxy.tar.gz && \ + make -C /tmp/haproxy -j"$(nproc)" TARGET=linux-glibc CPU=generic USE_PCRE2=1 USE_PCRE2_JIT=1 \ + USE_TFO=1 USE_LINUX_TPROXY=1 USE_LUA=1 USE_GETADDRINFO=1 \ + USE_PROMEX=1 USE_SLZ=1 \ + USE_OPENSSL=1 USE_PTHREAD_EMULATION=1 \ + SSL_INC=/opt/quictls/include SSL_LIB=/opt/quictls/lib USE_QUIC=1 \ + LDFLAGS="-L/opt/quictls/lib -Wl,-rpath,/opt/quictls/lib" \ + all && \ + make -C /tmp/haproxy TARGET=linux-glibc install-bin install-man && \ + ln -s /usr/local/sbin/haproxy /usr/sbin/haproxy && \ + mkdir -p /var/lib/haproxy && \ + chown "$HAPROXY_UID:$HAPROXY_GID" /var/lib/haproxy && \ + mkdir -p /usr/local/etc/haproxy && \ + ln -s /usr/local/etc/haproxy /etc/haproxy && \ + cp -R /tmp/haproxy/examples/errorfiles /usr/local/etc/haproxy/errors && \ + rm -rf /tmp/haproxy && \ + apt-get purge -y --auto-remove gcc make libc6-dev libpcre2-dev zlib1g-dev liblua5.4-dev && \ + apt-get clean && \ + rm -rf /var/lib/apt/lists/* && \ + chmod +x /usr/local/bin/dataplaneapi && \ + ln -s /usr/local/bin/dataplaneapi /usr/bin/dataplaneapi && \ + touch /usr/local/etc/haproxy/dataplaneapi.yml && \ + chown "$HAPROXY_UID:$HAPROXY_GID" /usr/local/etc/haproxy/dataplaneapi.yml && \ + echo "/opt/quictls/lib" > /etc/ld.so.conf.d/quictls.conf && \ + mkdir -p /opt/quictls/ssl && \ + rm -rf /opt/quictls/ssl/certs && \ + ln -s /etc/ssl/certs /opt/quictls/ssl/certs && \ + ldconfig + +COPY haproxy.cfg /usr/local/etc/haproxy +COPY docker-entrypoint.sh / + +STOPSIGNAL SIGUSR1 + +ENTRYPOINT ["/docker-entrypoint.sh"] +CMD ["haproxy", "-f", "/usr/local/etc/haproxy/haproxy.cfg"] diff --git a/3.0/docker-entrypoint.sh b/3.0/docker-entrypoint.sh new file mode 100755 index 0000000..8b2093b --- /dev/null +++ b/3.0/docker-entrypoint.sh @@ -0,0 +1,17 @@ +#!/bin/sh +set -e + +# first arg is `-f` or `--some-option` +if [ "${1#-}" != "$1" ]; then + set -- haproxy "$@" +fi + +if [ "$1" = 'haproxy' ]; then + shift # "haproxy" + # if the user wants "haproxy", let's add a couple useful flags + # -W -- "master-worker mode" (similar to the old "haproxy-systemd-wrapper"; allows for reload via "SIGUSR2") + # -db -- disables background mode + set -- haproxy -W -db "$@" +fi + +exec "$@" diff --git a/3.0/haproxy.cfg b/3.0/haproxy.cfg new file mode 100644 index 0000000..8565da3 --- /dev/null +++ b/3.0/haproxy.cfg @@ -0,0 +1,102 @@ +#--------------------------------------------------------------------- +# Example configuration for a possible web application. See the +# full configuration options online. +# +# https://www.haproxy.org/download/3.0/doc/configuration.txt +# https://cbonte.github.io/haproxy-dconv/3.0/configuration.html +# +#--------------------------------------------------------------------- + +#--------------------------------------------------------------------- +# Global settings +#--------------------------------------------------------------------- +global + # to have these messages end up in /var/log/haproxy.log you will + # need to: + # + # 1) configure syslog to accept network log events. This is done + # by adding the '-r' option to the SYSLOGD_OPTIONS in + # /etc/sysconfig/syslog + # + # 2) configure local2 events to go to the /var/log/haproxy.log + # file. A line like the following can be added to + # /etc/sysconfig/syslog + # + # local2.* /var/log/haproxy.log + # + log 127.0.0.1 local2 + + chroot /var/lib/haproxy + pidfile /var/run/haproxy.pid + maxconn 4000 + user haproxy + group haproxy + # daemon + + # turn on stats unix socket + stats socket /var/lib/haproxy/stats + +#--------------------------------------------------------------------- +# common defaults that all the 'listen' and 'backend' sections will +# use if not designated in their block +#--------------------------------------------------------------------- +defaults + mode http + log global + option httplog + option dontlognull + option http-server-close + option forwardfor except 127.0.0.0/8 + option redispatch + retries 3 + timeout http-request 10s + timeout queue 1m + timeout connect 10s + timeout client 1m + timeout server 1m + timeout http-keep-alive 10s + timeout check 10s + maxconn 3000 + +#--------------------------------------------------------------------- +# example how to define user and enable Data Plane API on tcp/5555 +# more information: https://github.com/haproxytech/dataplaneapi and +# https://www.haproxy.com/documentation/hapee/2-0r1/configuration/dataplaneapi/ +#--------------------------------------------------------------------- +# userlist haproxy-dataplaneapi +# user admin insecure-password mypassword +# +# program api +# command /usr/bin/dataplaneapi --host 0.0.0.0 --port 5555 --haproxy-bin /usr/sbin/haproxy --config-file /etc/haproxy/haproxy.cfg --reload-cmd "kill -SIGUSR2 1" --restart-cmd "kill -SIGUSR2 1" --reload-delay 5 --userlist hapee-dataplaneapi +# no option start-on-reload + +#--------------------------------------------------------------------- +# main frontend which proxys to the backends +#--------------------------------------------------------------------- +frontend main + bind *:80 + # bind *:443 ssl # To be completed .... + + acl url_static path_beg -i /static /images /javascript /stylesheets + acl url_static path_end -i .jpg .gif .png .css .js + + use_backend static if url_static + default_backend app + +#--------------------------------------------------------------------- +# static backend for serving up images, stylesheets and such +#--------------------------------------------------------------------- +backend static + balance roundrobin + server static1 127.0.0.1:4331 check + server static2 127.0.0.1:4332 check + +#--------------------------------------------------------------------- +# round robin balancing between the various backends +#--------------------------------------------------------------------- +backend app + balance roundrobin + server app1 127.0.0.1:5001 check + server app2 127.0.0.1:5002 check + server app3 127.0.0.1:5003 check + server app4 127.0.0.1:5004 check diff --git a/build.sh b/build.sh index e6d00ad..56b76cd 100755 --- a/build.sh +++ b/build.sh @@ -2,8 +2,8 @@ DOCKER_TAG="haproxytech/haproxy-debian-quic" HAPROXY_GITHUB_URL="https://github.com/haproxytech/haproxy-docker-debian-quic/blob/main" -HAPROXY_BRANCHES="2.6 2.7 2.8 2.9" -HAPROXY_CURRENT_BRANCH="2.8" +HAPROXY_BRANCHES="2.6 2.7 2.8 2.9 3.0" +HAPROXY_CURRENT_BRANCH="2.9" PUSH="no" HAPROXY_UPDATED=""