├── .github └── workflows │ ├── docker_auto.yml │ ├── docker_description.yml │ ├── docker_manual.yml │ └── update.yml ├── 2.6 ├── Dockerfile ├── docker-entrypoint.sh └── haproxy.cfg ├── 2.8 ├── Dockerfile ├── docker-entrypoint.sh └── haproxy.cfg ├── 2.9 ├── Dockerfile ├── docker-entrypoint.sh └── haproxy.cfg ├── 3.0 ├── Dockerfile ├── docker-entrypoint.sh └── haproxy.cfg ├── 3.1 ├── Dockerfile ├── docker-entrypoint.sh └── haproxy.cfg ├── 3.2 ├── Dockerfile ├── docker-entrypoint.sh └── haproxy.cfg ├── 3.3 ├── Dockerfile ├── docker-entrypoint.sh └── haproxy.cfg ├── README.md ├── README_short.md ├── build.sh └── update.sh /.github/workflows/docker_auto.yml: -------------------------------------------------------------------------------- 1 | name: Automatic build on release and push to Docker Hub 2 | on: 3 | push: 4 | tags: 5 | - "[0-9]+.[0-9]+.[0-9]+" 6 | - "[0-9]+.[0-9]+-dev[0-9]+" 7 | jobs: 8 | main: 9 | runs-on: ubuntu-22.04 10 | permissions: 11 | contents: read 12 | packages: write 13 | env: 14 | DOCKER_PLATFORMS: linux/amd64,linux/arm/v6,linux/arm/v7,linux/arm64 15 | DOCKER_IMAGE: haproxytech/haproxy-alpine-quic 16 | STABLE_BRANCH: "3.2" 17 | steps: 18 | - name: Login to Docker Hub 19 | id: login_docker 20 | uses: docker/login-action@v3 21 | with: 22 | username: ${{ secrets.DOCKER_HUB_USERNAME }} 23 | password: ${{ secrets.DOCKER_HUB_ACCESS_TOKEN }} 24 | 25 | - name: Login to Container Registry 26 | id: login_ghcr 27 | uses: docker/login-action@v3 28 | with: 29 | registry: ghcr.io 30 | username: ${{ github.actor }} 31 | password: ${{ secrets.GITHUB_TOKEN }} 32 | 33 | - name: Set up QEMU 34 | uses: docker/setup-qemu-action@v3 35 | 36 | - name: Set up Docker Buildx 37 | id: buildx 38 | uses: docker/setup-buildx-action@v3 39 | 40 | - name: Cache Docker layers 41 | uses: actions/cache@v4 42 | with: 43 | path: /tmp/.buildx-cache 44 | key: ${{ runner.os }}-buildx-${{ github.sha }} 45 | restore-keys: | 46 | ${{ runner.os }}-buildx- 47 | 48 | - name: Check out repo 49 | id: checkout 50 | uses: actions/checkout@v4 51 | 52 | - name: Prepare env variables 53 | id: env 54 | run: | 55 | echo "BUILD_BRANCH=$(echo $GITHUB_REF | cut -d / -f 3 | cut -d. -f-2 | cut -d- -f1)" >> $GITHUB_ENV 56 | echo "BUILD_VER=$(echo $GITHUB_REF | cut -d / -f 3)" >> $GITHUB_ENV 57 | echo "BUILD_DATE=$(date +'%Y-%m-%d %H:%M:%S')" >> $GITHUB_ENV 58 | echo "GIT_SHA=$(echo ${{ github.sha }} | cut -c1-7)" >> $GITHUB_ENV 59 | echo "GIT_REF=$(git symbolic-ref -q --short HEAD || git describe --tags --exact-match)" >> $GITHUB_ENV 60 | 61 | - name: Build and push latest stable branch 62 | if: ${{ env.BUILD_BRANCH == env.STABLE_BRANCH }} 63 | id: docker_build_latest 64 | uses: docker/build-push-action@v6 65 | with: 66 | context: ${{ env.BUILD_BRANCH }} 67 | file: ${{ env.BUILD_BRANCH }}/Dockerfile 68 | builder: ${{ steps.buildx.outputs.name }} 69 | platforms: ${{ env.DOCKER_PLATFORMS }} 70 | push: true 71 | labels: | 72 | org.opencontainers.image.authors=${{ github.repository_owner }} 73 | org.opencontainers.image.created=${{ env.BUILD_DATE }} 74 | org.opencontainers.image.description=Created from commit ${{ env.GIT_SHA }} and ref ${{ env.GIT_REF }} 75 | org.opencontainers.image.ref.name=${{ env.GIT_REF }} 76 | org.opencontainers.image.revision=${{ github.sha }} 77 | org.opencontainers.image.source=https://github.com/${{ github.repository }} 78 | org.opencontainers.image.version=${{ env.BUILD_VER }} 79 | tags: | 80 | ${{ env.DOCKER_IMAGE }}:latest 81 | ${{ env.DOCKER_IMAGE }}:${{ env.BUILD_BRANCH }} 82 | ${{ env.DOCKER_IMAGE }}:${{ env.BUILD_VER }} 83 | ghcr.io/${{ github.repository }}:latest 84 | ghcr.io/${{ github.repository }}:${{ env.BUILD_BRANCH }} 85 | ghcr.io/${{ github.repository }}:${{ env.BUILD_VER }} 86 | cache-from: type=local,src=/tmp/.buildx-cache 87 | cache-to: type=local,dest=/tmp/.buildx-cache-new 88 | 89 | - name: Build and push everything else 90 | if: ${{ env.BUILD_BRANCH != env.STABLE_BRANCH }} 91 | id: docker_build_regular 92 | uses: docker/build-push-action@v6 93 | with: 94 | context: ${{ env.BUILD_BRANCH }} 95 | file: ${{ env.BUILD_BRANCH }}/Dockerfile 96 | builder: ${{ steps.buildx.outputs.name }} 97 | platforms: ${{ env.DOCKER_PLATFORMS }} 98 | push: true 99 | labels: | 100 | org.opencontainers.image.authors=${{ github.repository_owner }} 101 | org.opencontainers.image.created=${{ env.BUILD_DATE }} 102 | org.opencontainers.image.description=Created from commit ${{ env.GIT_SHA }} and ref ${{ env.GIT_REF }} 103 | org.opencontainers.image.ref.name=${{ env.GIT_REF }} 104 | org.opencontainers.image.revision=${{ github.sha }} 105 | org.opencontainers.image.source=https://github.com/${{ github.repository }} 106 | org.opencontainers.image.version=${{ env.BUILD_VER }} 107 | tags: | 108 | ${{ env.DOCKER_IMAGE }}:${{ env.BUILD_BRANCH }} 109 | ${{ env.DOCKER_IMAGE }}:${{ env.BUILD_VER }} 110 | ghcr.io/${{ github.repository }}:${{ env.BUILD_BRANCH }} 111 | ghcr.io/${{ github.repository }}:${{ env.BUILD_VER }} 112 | cache-from: type=local,src=/tmp/.buildx-cache 113 | cache-to: type=local,dest=/tmp/.buildx-cache-new 114 | 115 | - name: Move cache 116 | run: | 117 | rm -rf /tmp/.buildx-cache 118 | mv /tmp/.buildx-cache-new /tmp/.buildx-cache 119 | -------------------------------------------------------------------------------- /.github/workflows/docker_description.yml: -------------------------------------------------------------------------------- 1 | name: Update Docker Hub description 2 | on: 3 | push: 4 | branches: 5 | - main 6 | paths: 7 | - README.md 8 | workflow_dispatch: 9 | jobs: 10 | main: 11 | runs-on: ubuntu-22.04 12 | env: 13 | DOCKER_IMAGE: haproxytech/haproxy-alpine-quic 14 | steps: 15 | - name: Check out repo 16 | id: checkout 17 | uses: actions/checkout@v4 18 | 19 | - name: Update Docker Hub description 20 | id: description 21 | uses: peter-evans/dockerhub-description@v2 22 | with: 23 | username: ${{ secrets.DOCKER_HUB_USERNAME }} 24 | password: ${{ secrets.DOCKER_HUB_PASSWORD }} 25 | repository: ${{ env.DOCKER_IMAGE }} 26 | short-description: ${{ github.event.repository.description }} 27 | -------------------------------------------------------------------------------- /.github/workflows/docker_manual.yml: -------------------------------------------------------------------------------- 1 | name: Manual build and push to Docker Hub 2 | on: 3 | workflow_dispatch: 4 | jobs: 5 | main: 6 | runs-on: ubuntu-22.04 7 | permissions: 8 | contents: read 9 | packages: write 10 | strategy: 11 | matrix: 12 | branch: ["2.6", "2.8", "2.9", "3.0", "3.1", "3.2", "3.3"] 13 | env: 14 | DOCKER_PLATFORMS: linux/amd64,linux/arm/v6,linux/arm/v7,linux/arm64 15 | DOCKER_IMAGE: haproxytech/haproxy-alpine-quic 16 | STABLE_BRANCH: "3.2" 17 | steps: 18 | - name: Login to Docker Hub 19 | id: login_docker 20 | uses: docker/login-action@v3 21 | with: 22 | username: ${{ secrets.DOCKER_HUB_USERNAME }} 23 | password: ${{ secrets.DOCKER_HUB_ACCESS_TOKEN }} 24 | 25 | - name: Login to Container Registry 26 | id: login_ghcr 27 | uses: docker/login-action@v3 28 | with: 29 | registry: ghcr.io 30 | username: ${{ github.actor }} 31 | password: ${{ secrets.GITHUB_TOKEN }} 32 | 33 | - name: Set up QEMU 34 | uses: docker/setup-qemu-action@v3 35 | 36 | - name: Set up Docker Buildx 37 | id: buildx 38 | uses: docker/setup-buildx-action@v3 39 | 40 | - name: Cache Docker layers 41 | uses: actions/cache@v4 42 | with: 43 | path: /tmp/.buildx-cache 44 | key: ${{ runner.os }}-buildx-${{ github.sha }} 45 | restore-keys: | 46 | ${{ runner.os }}-buildx- 47 | 48 | - name: Check out repo 49 | id: checkout 50 | uses: actions/checkout@v4 51 | 52 | - name: Prepare env variables 53 | id: env 54 | run: | 55 | echo "BUILD_BRANCH=$(echo ${{ matrix.branch }})" >> $GITHUB_ENV 56 | echo "BUILD_VER=$(awk '/^ENV HAPROXY_MINOR/ {print $NF}' ${{ matrix.branch }}/Dockerfile)" >> $GITHUB_ENV 57 | echo "BUILD_DATE=$(date +'%Y-%m-%d %H:%M:%S')" >> $GITHUB_ENV 58 | echo "GIT_SHA=$(echo ${{ github.sha }} | cut -c1-7)" >> $GITHUB_ENV 59 | echo "GIT_REF=$(git symbolic-ref -q --short HEAD || git describe --tags --exact-match)" >> $GITHUB_ENV 60 | 61 | - name: Build and push latest stable branch 62 | if: ${{ env.BUILD_BRANCH == env.STABLE_BRANCH }} 63 | id: docker_build_latest 64 | uses: docker/build-push-action@v6 65 | with: 66 | context: ${{ env.BUILD_BRANCH }} 67 | file: ${{ env.BUILD_BRANCH }}/Dockerfile 68 | builder: ${{ steps.buildx.outputs.name }} 69 | platforms: ${{ env.DOCKER_PLATFORMS }} 70 | push: true 71 | labels: | 72 | org.opencontainers.image.authors=${{ github.repository_owner }} 73 | org.opencontainers.image.created=${{ env.BUILD_DATE }} 74 | org.opencontainers.image.description=Created from commit ${{ env.GIT_SHA }} and ref ${{ env.GIT_REF }} 75 | org.opencontainers.image.ref.name=${{ env.GIT_REF }} 76 | org.opencontainers.image.revision=${{ github.sha }} 77 | org.opencontainers.image.source=https://github.com/${{ github.repository }} 78 | org.opencontainers.image.version=${{ env.BUILD_VER }} 79 | tags: | 80 | ${{ env.DOCKER_IMAGE }}:latest 81 | ${{ env.DOCKER_IMAGE }}:${{ env.BUILD_BRANCH }} 82 | ${{ env.DOCKER_IMAGE }}:${{ env.BUILD_VER }} 83 | ghcr.io/${{ github.repository }}:latest 84 | ghcr.io/${{ github.repository }}:${{ env.BUILD_BRANCH }} 85 | ghcr.io/${{ github.repository }}:${{ env.BUILD_VER }} 86 | cache-from: type=local,src=/tmp/.buildx-cache 87 | cache-to: type=local,dest=/tmp/.buildx-cache-new 88 | 89 | - name: Build and push everything else 90 | if: ${{ env.BUILD_BRANCH != env.STABLE_BRANCH }} 91 | id: docker_build_regular 92 | uses: docker/build-push-action@v6 93 | with: 94 | context: ${{ env.BUILD_BRANCH }} 95 | file: ${{ env.BUILD_BRANCH }}/Dockerfile 96 | builder: ${{ steps.buildx.outputs.name }} 97 | platforms: ${{ env.DOCKER_PLATFORMS }} 98 | push: true 99 | labels: | 100 | org.opencontainers.image.authors=${{ github.repository_owner }} 101 | org.opencontainers.image.created=${{ env.BUILD_DATE }} 102 | org.opencontainers.image.description=Created from commit ${{ env.GIT_SHA }} and ref ${{ env.GIT_REF }} 103 | org.opencontainers.image.ref.name=${{ env.GIT_REF }} 104 | org.opencontainers.image.revision=${{ github.sha }} 105 | org.opencontainers.image.source=https://github.com/${{ github.repository }} 106 | org.opencontainers.image.version=${{ env.BUILD_VER }} 107 | tags: | 108 | ${{ env.DOCKER_IMAGE }}:${{ env.BUILD_BRANCH }} 109 | ${{ env.DOCKER_IMAGE }}:${{ env.BUILD_VER }} 110 | ghcr.io/${{ github.repository }}:${{ env.BUILD_BRANCH }} 111 | ghcr.io/${{ github.repository }}:${{ env.BUILD_VER }} 112 | cache-from: type=local,src=/tmp/.buildx-cache 113 | cache-to: type=local,dest=/tmp/.buildx-cache-new 114 | 115 | - name: Move cache 116 | run: | 117 | rm -rf /tmp/.buildx-cache 118 | mv /tmp/.buildx-cache-new /tmp/.buildx-cache 119 | -------------------------------------------------------------------------------- /.github/workflows/update.yml: -------------------------------------------------------------------------------- 1 | name: Version update check and release 2 | 3 | on: 4 | schedule: 5 | - cron: "0 * * * *" 6 | workflow_dispatch: 7 | 8 | jobs: 9 | main: 10 | runs-on: ubuntu-22.04 11 | steps: 12 | - name: Check out repo 13 | id: checkout 14 | uses: actions/checkout@v4 15 | with: 16 | token: ${{ secrets.ACTION_TOKEN }} 17 | 18 | - name: Run a multi-line script 19 | id: build 20 | run: | 21 | git config --local user.email "github-actions[bot]@haproxy.com" 22 | git config --local user.name "github-actions[bot]" 23 | ./build.sh 24 | -------------------------------------------------------------------------------- /2.6/Dockerfile: -------------------------------------------------------------------------------- 1 | FROM golang:alpine AS dataplaneapi-builder 2 | 3 | ENV DATAPLANE_MINOR 3.2.0 4 | ENV DATAPLANE_V2_MINOR 2.9.13 5 | ENV DATAPLANE_URL https://github.com/haproxytech/dataplaneapi.git 6 | 7 | RUN apk add --no-cache ca-certificates git make && \ 8 | git clone "${DATAPLANE_URL}" "${GOPATH}/src/github.com/haproxytech/dataplaneapi" && \ 9 | cd "${GOPATH}/src/github.com/haproxytech/dataplaneapi" && \ 10 | git checkout "v${DATAPLANE_MINOR}" && \ 11 | make build && cp build/dataplaneapi /dataplaneapi && \ 12 | make clean && \ 13 | git checkout "v${DATAPLANE_V2_MINOR}" && \ 14 | make build && cp build/dataplaneapi /dataplaneapi-v2 15 | 16 | FROM alpine:3.20 AS openssl-builder 17 | 18 | ENV OPENSSL_URL https://github.com/quictls/openssl/archive/refs/tags/openssl-3.3.0-quic1.tar.gz 19 | 20 | RUN apk add --no-cache curl build-base make autoconf automake gcc libc-dev linux-headers && \ 21 | curl -sfSL "${OPENSSL_URL}" -o openssl.tar.gz && \ 22 | mkdir -p /tmp/openssl && \ 23 | tar -xzf openssl.tar.gz -C /tmp/openssl --strip-components=1 && \ 24 | rm -f openssl.tar.gz && \ 25 | cd /tmp/openssl && \ 26 | ./config --libdir=lib --prefix=/opt/quictls && \ 27 | make -j $(nproc) && \ 28 | make install && \ 29 | rm -rf /tmp/openssl 30 | 31 | FROM alpine:3.20 32 | 33 | MAINTAINER Dinko Korunic 34 | 35 | LABEL Name HAProxy 36 | LABEL Release Community Edition 37 | LABEL Vendor HAProxy 38 | LABEL Version 2.6.22 39 | LABEL RUN /usr/bin/docker -d IMAGE 40 | 41 | ENV HAPROXY_BRANCH 2.6 42 | ENV HAPROXY_MINOR 2.6.22 43 | ENV HAPROXY_SHA256 4c0797f450f997dc287d2c7aafa7a0e5b7a2d71593a2cd58e664e8f3aea614fa 44 | ENV HAPROXY_SRC_URL http://www.haproxy.org/download 45 | 46 | ENV HAPROXY_UID haproxy 47 | ENV HAPROXY_GID haproxy 48 | 49 | COPY --from=dataplaneapi-builder /dataplaneapi /usr/local/bin/dataplaneapi 50 | COPY --from=dataplaneapi-builder /dataplaneapi-v2 /usr/local/bin/dataplaneapi-v2 51 | COPY --from=openssl-builder /opt/quictls /opt/quictls 52 | 53 | RUN apk add --no-cache ca-certificates && \ 54 | apk add --no-cache --virtual build-deps gcc libc-dev \ 55 | linux-headers lua5.4-dev make openssl openssl-dev pcre2-dev tar \ 56 | zlib-dev curl shadow && \ 57 | curl -sfSL "${HAPROXY_SRC_URL}/${HAPROXY_BRANCH}/src/haproxy-${HAPROXY_MINOR}.tar.gz" -o haproxy.tar.gz && \ 58 | echo "$HAPROXY_SHA256 *haproxy.tar.gz" | sha256sum -c - && \ 59 | groupadd "$HAPROXY_GID" && \ 60 | useradd -g "$HAPROXY_GID" "$HAPROXY_UID" && \ 61 | mkdir -p /tmp/haproxy && \ 62 | tar -xzf haproxy.tar.gz -C /tmp/haproxy --strip-components=1 && \ 63 | rm -f haproxy.tar.gz && \ 64 | make -C /tmp/haproxy -j"$(nproc)" TARGET=linux-musl CPU=generic USE_PCRE2=1 USE_PCRE2_JIT=1 \ 65 | USE_TFO=1 USE_LINUX_TPROXY=1 USE_GETADDRINFO=1 \ 66 | USE_LUA=1 LUA_LIB=/usr/lib/lua5.4 LUA_INC=/usr/include/lua5.4 \ 67 | USE_PROMEX=1 USE_SLZ=1 \ 68 | USE_OPENSSL=1 USE_PTHREAD_EMULATION=1 \ 69 | SSL_INC=/opt/quictls/include SSL_LIB=/opt/quictls/lib USE_QUIC=1 \ 70 | LDFLAGS="-L/opt/quictls/lib -Wl,-rpath,/opt/quictls/lib" \ 71 | all && \ 72 | make -C /tmp/haproxy TARGET=linux2628 install-bin install-man && \ 73 | ln -s /usr/local/sbin/haproxy /usr/sbin/haproxy && \ 74 | mkdir -p /var/lib/haproxy && \ 75 | chown "$HAPROXY_UID:$HAPROXY_GID" /var/lib/haproxy && \ 76 | mkdir -p /usr/local/etc/haproxy && \ 77 | ln -s /usr/local/etc/haproxy /etc/haproxy && \ 78 | cp -R /tmp/haproxy/examples/errorfiles /usr/local/etc/haproxy/errors && \ 79 | rm -rf /tmp/haproxy && \ 80 | chmod +x /usr/local/bin/dataplaneapi && \ 81 | ln -s /usr/local/bin/dataplaneapi /usr/bin/dataplaneapi && \ 82 | chmod +x /usr/local/bin/dataplaneapi-v2 && \ 83 | ln -s /usr/local/bin/dataplaneapi-v2 /usr/bin/dataplaneapi-v2 && \ 84 | touch /usr/local/etc/haproxy/dataplaneapi.yml && \ 85 | chown "$HAPROXY_UID:$HAPROXY_GID" /usr/local/etc/haproxy/dataplaneapi.yml && \ 86 | apk del build-deps && \ 87 | apk add --no-cache openssl zlib lua5.4-libs pcre2 && \ 88 | rm -f /var/cache/apk/* && \ 89 | echo "/lib:/usr/local/lib:/usr/lib:/opt/quictls/lib" > "/etc/ld-musl-$(uname -m).path" && \ 90 | mkdir -p /opt/quictls/ssl && \ 91 | rm -rf /opt/quictls/ssl/certs && \ 92 | ln -s /etc/ssl/certs /opt/quictls/ssl/certs 93 | 94 | COPY haproxy.cfg /usr/local/etc/haproxy 95 | COPY docker-entrypoint.sh / 96 | 97 | STOPSIGNAL SIGUSR1 98 | 99 | ENTRYPOINT ["/docker-entrypoint.sh"] 100 | CMD ["haproxy", "-f", "/usr/local/etc/haproxy/haproxy.cfg"] 101 | -------------------------------------------------------------------------------- /2.6/docker-entrypoint.sh: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | set -e 3 | 4 | # first arg is `-f` or `--some-option` 5 | if [ "${1#-}" != "$1" ]; then 6 | set -- haproxy "$@" 7 | fi 8 | 9 | if [ "$1" = 'haproxy' ]; then 10 | shift # "haproxy" 11 | # if the user wants "haproxy", let's add a couple useful flags 12 | # -W -- "master-worker mode" (similar to the old "haproxy-systemd-wrapper"; allows for reload via "SIGUSR2") 13 | # -db -- disables background mode 14 | set -- haproxy -W -db "$@" 15 | fi 16 | 17 | exec "$@" 18 | -------------------------------------------------------------------------------- /2.6/haproxy.cfg: -------------------------------------------------------------------------------- 1 | #--------------------------------------------------------------------- 2 | # Example configuration for a possible web application. See the 3 | # full configuration options online. 4 | # 5 | # https://www.haproxy.org/download/2.6/doc/configuration.txt 6 | # https://docs.haproxy.org/2.6/configuration.html 7 | # 8 | #--------------------------------------------------------------------- 9 | 10 | #--------------------------------------------------------------------- 11 | # Global settings 12 | #--------------------------------------------------------------------- 13 | global 14 | # to have these messages end up in /var/log/haproxy.log you will 15 | # need to: 16 | # 17 | # 1) configure syslog to accept network log events. This is done 18 | # by adding the '-r' option to the SYSLOGD_OPTIONS in 19 | # /etc/sysconfig/syslog 20 | # 21 | # 2) configure local2 events to go to the /var/log/haproxy.log 22 | # file. A line like the following can be added to 23 | # /etc/sysconfig/syslog 24 | # 25 | # local2.* /var/log/haproxy.log 26 | # 27 | log 127.0.0.1 local2 28 | 29 | chroot /var/lib/haproxy 30 | pidfile /var/run/haproxy.pid 31 | maxconn 4000 32 | user haproxy 33 | group haproxy 34 | # daemon 35 | 36 | # turn on stats unix socket 37 | stats socket /var/lib/haproxy/stats 38 | 39 | #--------------------------------------------------------------------- 40 | # common defaults that all the 'listen' and 'backend' sections will 41 | # use if not designated in their block 42 | #--------------------------------------------------------------------- 43 | defaults 44 | mode http 45 | log global 46 | option httplog 47 | option dontlognull 48 | option http-server-close 49 | option forwardfor except 127.0.0.0/8 50 | option redispatch 51 | retries 3 52 | timeout http-request 10s 53 | timeout queue 1m 54 | timeout connect 10s 55 | timeout client 1m 56 | timeout server 1m 57 | timeout http-keep-alive 10s 58 | timeout check 10s 59 | maxconn 3000 60 | 61 | #--------------------------------------------------------------------- 62 | # example how to define user and enable Data Plane API on tcp/5555 63 | # more information: https://github.com/haproxytech/dataplaneapi and 64 | # https://www.haproxy.com/documentation/hapee/2-0r1/configuration/dataplaneapi/ 65 | #--------------------------------------------------------------------- 66 | # userlist haproxy-dataplaneapi 67 | # user admin insecure-password mypassword 68 | # 69 | # program api 70 | # command /usr/bin/dataplaneapi --host 0.0.0.0 --port 5555 --haproxy-bin /usr/sbin/haproxy --config-file /usr/local/etc/haproxy/haproxy.cfg --reload-cmd "kill -SIGUSR2 1" --restart-cmd "kill -SIGUSR2 1" --reload-delay 5 --userlist haproxy-dataplaneapi 71 | # no option start-on-reload 72 | 73 | #--------------------------------------------------------------------- 74 | # main frontend which proxys to the backends 75 | #--------------------------------------------------------------------- 76 | frontend main 77 | bind *:80 78 | # bind *:443 ssl # To be completed .... 79 | 80 | acl url_static path_beg -i /static /images /javascript /stylesheets 81 | acl url_static path_end -i .jpg .gif .png .css .js 82 | 83 | use_backend static if url_static 84 | default_backend app 85 | 86 | #--------------------------------------------------------------------- 87 | # static backend for serving up images, stylesheets and such 88 | #--------------------------------------------------------------------- 89 | backend static 90 | balance roundrobin 91 | server static1 127.0.0.1:4331 check 92 | server static2 127.0.0.1:4332 check 93 | 94 | #--------------------------------------------------------------------- 95 | # round robin balancing between the various backends 96 | #--------------------------------------------------------------------- 97 | backend app 98 | balance roundrobin 99 | server app1 127.0.0.1:5001 check 100 | server app2 127.0.0.1:5002 check 101 | server app3 127.0.0.1:5003 check 102 | server app4 127.0.0.1:5004 check 103 | -------------------------------------------------------------------------------- /2.8/Dockerfile: -------------------------------------------------------------------------------- 1 | FROM golang:alpine AS dataplaneapi-builder 2 | 3 | ENV DATAPLANE_MINOR 3.2.0 4 | ENV DATAPLANE_V2_MINOR 2.9.13 5 | ENV DATAPLANE_URL https://github.com/haproxytech/dataplaneapi.git 6 | 7 | RUN apk add --no-cache ca-certificates git make && \ 8 | git clone "${DATAPLANE_URL}" "${GOPATH}/src/github.com/haproxytech/dataplaneapi" && \ 9 | cd "${GOPATH}/src/github.com/haproxytech/dataplaneapi" && \ 10 | git checkout "v${DATAPLANE_MINOR}" && \ 11 | make build && cp build/dataplaneapi /dataplaneapi && \ 12 | make clean && \ 13 | git checkout "v${DATAPLANE_V2_MINOR}" && \ 14 | make build && cp build/dataplaneapi /dataplaneapi-v2 15 | 16 | FROM alpine:3.20 AS openssl-builder 17 | 18 | ENV OPENSSL_URL https://github.com/quictls/openssl/archive/refs/tags/openssl-3.3.0-quic1.tar.gz 19 | 20 | RUN apk add --no-cache curl build-base make autoconf automake gcc libc-dev linux-headers && \ 21 | curl -sfSL "${OPENSSL_URL}" -o openssl.tar.gz && \ 22 | mkdir -p /tmp/openssl && \ 23 | tar -xzf openssl.tar.gz -C /tmp/openssl --strip-components=1 && \ 24 | rm -f openssl.tar.gz && \ 25 | cd /tmp/openssl && \ 26 | ./config --libdir=lib --prefix=/opt/quictls && \ 27 | make -j $(nproc) && \ 28 | make install && \ 29 | rm -rf /tmp/openssl 30 | 31 | FROM alpine:3.20 32 | 33 | MAINTAINER Dinko Korunic 34 | 35 | LABEL Name HAProxy 36 | LABEL Release Community Edition 37 | LABEL Vendor HAProxy 38 | LABEL Version 2.8.15 39 | LABEL RUN /usr/bin/docker -d IMAGE 40 | 41 | ENV HAPROXY_BRANCH 2.8 42 | ENV HAPROXY_MINOR 2.8.15 43 | ENV HAPROXY_SHA256 98f0551b9c3041a87869f4cd4e1465adf6fbef2056e83aabea92106032585242 44 | ENV HAPROXY_SRC_URL http://www.haproxy.org/download 45 | 46 | ENV HAPROXY_UID haproxy 47 | ENV HAPROXY_GID haproxy 48 | 49 | COPY --from=dataplaneapi-builder /dataplaneapi /usr/local/bin/dataplaneapi 50 | COPY --from=dataplaneapi-builder /dataplaneapi-v2 /usr/local/bin/dataplaneapi-v2 51 | COPY --from=openssl-builder /opt/quictls /opt/quictls 52 | 53 | RUN apk add --no-cache ca-certificates && \ 54 | apk add --no-cache --virtual build-deps gcc libc-dev \ 55 | linux-headers lua5.4-dev make openssl openssl-dev pcre2-dev tar \ 56 | zlib-dev curl shadow && \ 57 | curl -sfSL "${HAPROXY_SRC_URL}/${HAPROXY_BRANCH}/src/haproxy-${HAPROXY_MINOR}.tar.gz" -o haproxy.tar.gz && \ 58 | echo "$HAPROXY_SHA256 *haproxy.tar.gz" | sha256sum -c - && \ 59 | groupadd "$HAPROXY_GID" && \ 60 | useradd -g "$HAPROXY_GID" "$HAPROXY_UID" && \ 61 | mkdir -p /tmp/haproxy && \ 62 | tar -xzf haproxy.tar.gz -C /tmp/haproxy --strip-components=1 && \ 63 | rm -f haproxy.tar.gz && \ 64 | make -C /tmp/haproxy -j"$(nproc)" TARGET=linux-musl CPU=generic USE_PCRE2=1 USE_PCRE2_JIT=1 \ 65 | USE_TFO=1 USE_LINUX_TPROXY=1 USE_GETADDRINFO=1 \ 66 | USE_LUA=1 LUA_LIB=/usr/lib/lua5.4 LUA_INC=/usr/include/lua5.4 \ 67 | USE_PROMEX=1 USE_SLZ=1 \ 68 | USE_OPENSSL=1 USE_PTHREAD_EMULATION=1 \ 69 | SSL_INC=/opt/quictls/include SSL_LIB=/opt/quictls/lib USE_QUIC=1 \ 70 | LDFLAGS="-L/opt/quictls/lib -Wl,-rpath,/opt/quictls/lib" \ 71 | all && \ 72 | make -C /tmp/haproxy TARGET=linux2628 install-bin install-man && \ 73 | ln -s /usr/local/sbin/haproxy /usr/sbin/haproxy && \ 74 | mkdir -p /var/lib/haproxy && \ 75 | chown "$HAPROXY_UID:$HAPROXY_GID" /var/lib/haproxy && \ 76 | mkdir -p /usr/local/etc/haproxy && \ 77 | ln -s /usr/local/etc/haproxy /etc/haproxy && \ 78 | cp -R /tmp/haproxy/examples/errorfiles /usr/local/etc/haproxy/errors && \ 79 | rm -rf /tmp/haproxy && \ 80 | chmod +x /usr/local/bin/dataplaneapi && \ 81 | ln -s /usr/local/bin/dataplaneapi /usr/bin/dataplaneapi && \ 82 | chmod +x /usr/local/bin/dataplaneapi-v2 && \ 83 | ln -s /usr/local/bin/dataplaneapi-v2 /usr/bin/dataplaneapi-v2 && \ 84 | touch /usr/local/etc/haproxy/dataplaneapi.yml && \ 85 | chown "$HAPROXY_UID:$HAPROXY_GID" /usr/local/etc/haproxy/dataplaneapi.yml && \ 86 | apk del build-deps && \ 87 | apk add --no-cache openssl zlib lua5.4-libs pcre2 && \ 88 | rm -f /var/cache/apk/* && \ 89 | echo "/lib:/usr/local/lib:/usr/lib:/opt/quictls/lib" > "/etc/ld-musl-$(uname -m).path" && \ 90 | mkdir -p /opt/quictls/ssl && \ 91 | rm -rf /opt/quictls/ssl/certs && \ 92 | ln -s /etc/ssl/certs /opt/quictls/ssl/certs 93 | 94 | COPY haproxy.cfg /usr/local/etc/haproxy 95 | COPY docker-entrypoint.sh / 96 | 97 | STOPSIGNAL SIGUSR1 98 | 99 | ENTRYPOINT ["/docker-entrypoint.sh"] 100 | CMD ["haproxy", "-f", "/usr/local/etc/haproxy/haproxy.cfg"] 101 | -------------------------------------------------------------------------------- /2.8/docker-entrypoint.sh: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | set -e 3 | 4 | # first arg is `-f` or `--some-option` 5 | if [ "${1#-}" != "$1" ]; then 6 | set -- haproxy "$@" 7 | fi 8 | 9 | if [ "$1" = 'haproxy' ]; then 10 | shift # "haproxy" 11 | # if the user wants "haproxy", let's add a couple useful flags 12 | # -W -- "master-worker mode" (similar to the old "haproxy-systemd-wrapper"; allows for reload via "SIGUSR2") 13 | # -db -- disables background mode 14 | set -- haproxy -W -db "$@" 15 | fi 16 | 17 | exec "$@" 18 | -------------------------------------------------------------------------------- /2.8/haproxy.cfg: -------------------------------------------------------------------------------- 1 | #--------------------------------------------------------------------- 2 | # Example configuration for a possible web application. See the 3 | # full configuration options online. 4 | # 5 | # https://www.haproxy.org/download/2.8/doc/configuration.txt 6 | # https://docs.haproxy.org/2.8/configuration.html 7 | # 8 | #--------------------------------------------------------------------- 9 | 10 | #--------------------------------------------------------------------- 11 | # Global settings 12 | #--------------------------------------------------------------------- 13 | global 14 | # to have these messages end up in /var/log/haproxy.log you will 15 | # need to: 16 | # 17 | # 1) configure syslog to accept network log events. This is done 18 | # by adding the '-r' option to the SYSLOGD_OPTIONS in 19 | # /etc/sysconfig/syslog 20 | # 21 | # 2) configure local2 events to go to the /var/log/haproxy.log 22 | # file. A line like the following can be added to 23 | # /etc/sysconfig/syslog 24 | # 25 | # local2.* /var/log/haproxy.log 26 | # 27 | log 127.0.0.1 local2 28 | 29 | chroot /var/lib/haproxy 30 | pidfile /var/run/haproxy.pid 31 | maxconn 4000 32 | user haproxy 33 | group haproxy 34 | # daemon 35 | 36 | # turn on stats unix socket 37 | stats socket /var/lib/haproxy/stats 38 | 39 | #--------------------------------------------------------------------- 40 | # common defaults that all the 'listen' and 'backend' sections will 41 | # use if not designated in their block 42 | #--------------------------------------------------------------------- 43 | defaults 44 | mode http 45 | log global 46 | option httplog 47 | option dontlognull 48 | option http-server-close 49 | option forwardfor except 127.0.0.0/8 50 | option redispatch 51 | retries 3 52 | timeout http-request 10s 53 | timeout queue 1m 54 | timeout connect 10s 55 | timeout client 1m 56 | timeout server 1m 57 | timeout http-keep-alive 10s 58 | timeout check 10s 59 | maxconn 3000 60 | 61 | #--------------------------------------------------------------------- 62 | # example how to define user and enable Data Plane API on tcp/5555 63 | # more information: https://github.com/haproxytech/dataplaneapi and 64 | # https://www.haproxy.com/documentation/hapee/2-0r1/configuration/dataplaneapi/ 65 | #--------------------------------------------------------------------- 66 | # userlist haproxy-dataplaneapi 67 | # user admin insecure-password mypassword 68 | # 69 | # program api 70 | # command /usr/bin/dataplaneapi --host 0.0.0.0 --port 5555 --haproxy-bin /usr/sbin/haproxy --config-file /usr/local/etc/haproxy/haproxy.cfg --reload-cmd "kill -SIGUSR2 1" --restart-cmd "kill -SIGUSR2 1" --reload-delay 5 --userlist haproxy-dataplaneapi 71 | # no option start-on-reload 72 | 73 | #--------------------------------------------------------------------- 74 | # main frontend which proxys to the backends 75 | #--------------------------------------------------------------------- 76 | frontend main 77 | bind *:80 78 | # bind *:443 ssl # To be completed .... 79 | 80 | acl url_static path_beg -i /static /images /javascript /stylesheets 81 | acl url_static path_end -i .jpg .gif .png .css .js 82 | 83 | use_backend static if url_static 84 | default_backend app 85 | 86 | #--------------------------------------------------------------------- 87 | # static backend for serving up images, stylesheets and such 88 | #--------------------------------------------------------------------- 89 | backend static 90 | balance roundrobin 91 | server static1 127.0.0.1:4331 check 92 | server static2 127.0.0.1:4332 check 93 | 94 | #--------------------------------------------------------------------- 95 | # round robin balancing between the various backends 96 | #--------------------------------------------------------------------- 97 | backend app 98 | balance roundrobin 99 | server app1 127.0.0.1:5001 check 100 | server app2 127.0.0.1:5002 check 101 | server app3 127.0.0.1:5003 check 102 | server app4 127.0.0.1:5004 check 103 | -------------------------------------------------------------------------------- /2.9/Dockerfile: -------------------------------------------------------------------------------- 1 | FROM golang:alpine AS dataplaneapi-builder 2 | 3 | ENV DATAPLANE_MINOR 3.2.0 4 | ENV DATAPLANE_V2_MINOR 2.9.13 5 | ENV DATAPLANE_URL https://github.com/haproxytech/dataplaneapi.git 6 | 7 | RUN apk add --no-cache ca-certificates git make && \ 8 | git clone "${DATAPLANE_URL}" "${GOPATH}/src/github.com/haproxytech/dataplaneapi" && \ 9 | cd "${GOPATH}/src/github.com/haproxytech/dataplaneapi" && \ 10 | git checkout "v${DATAPLANE_MINOR}" && \ 11 | make build && cp build/dataplaneapi /dataplaneapi && \ 12 | make clean && \ 13 | git checkout "v${DATAPLANE_V2_MINOR}" && \ 14 | make build && cp build/dataplaneapi /dataplaneapi-v2 15 | 16 | FROM alpine:3.20 AS openssl-builder 17 | 18 | ENV OPENSSL_URL https://github.com/quictls/openssl/archive/refs/tags/openssl-3.3.0-quic1.tar.gz 19 | 20 | RUN apk add --no-cache curl build-base make autoconf automake gcc libc-dev linux-headers && \ 21 | curl -sfSL "${OPENSSL_URL}" -o openssl.tar.gz && \ 22 | mkdir -p /tmp/openssl && \ 23 | tar -xzf openssl.tar.gz -C /tmp/openssl --strip-components=1 && \ 24 | rm -f openssl.tar.gz && \ 25 | cd /tmp/openssl && \ 26 | ./config --libdir=lib --prefix=/opt/quictls && \ 27 | make -j $(nproc) && \ 28 | make install && \ 29 | rm -rf /tmp/openssl 30 | 31 | FROM alpine:3.20 32 | 33 | MAINTAINER Dinko Korunic 34 | 35 | LABEL Name HAProxy 36 | LABEL Release Community Edition 37 | LABEL Vendor HAProxy 38 | LABEL Version 2.9.15 39 | LABEL RUN /usr/bin/docker -d IMAGE 40 | 41 | ENV HAPROXY_BRANCH 2.9 42 | ENV HAPROXY_MINOR 2.9.15 43 | ENV HAPROXY_SHA256 5eec9b048458d0cdc682ec823810f953507c92e4d12673145156c7dbe560bfc5 44 | ENV HAPROXY_SRC_URL http://www.haproxy.org/download 45 | 46 | ENV HAPROXY_UID haproxy 47 | ENV HAPROXY_GID haproxy 48 | 49 | COPY --from=dataplaneapi-builder /dataplaneapi /usr/local/bin/dataplaneapi 50 | COPY --from=dataplaneapi-builder /dataplaneapi-v2 /usr/local/bin/dataplaneapi-v2 51 | COPY --from=openssl-builder /opt/quictls /opt/quictls 52 | 53 | RUN apk add --no-cache ca-certificates && \ 54 | apk add --no-cache --virtual build-deps gcc libc-dev \ 55 | linux-headers lua5.4-dev make openssl openssl-dev pcre2-dev tar \ 56 | zlib-dev curl shadow && \ 57 | curl -sfSL "${HAPROXY_SRC_URL}/${HAPROXY_BRANCH}/src/haproxy-${HAPROXY_MINOR}.tar.gz" -o haproxy.tar.gz && \ 58 | echo "$HAPROXY_SHA256 *haproxy.tar.gz" | sha256sum -c - && \ 59 | groupadd "$HAPROXY_GID" && \ 60 | useradd -g "$HAPROXY_GID" "$HAPROXY_UID" && \ 61 | mkdir -p /tmp/haproxy && \ 62 | tar -xzf haproxy.tar.gz -C /tmp/haproxy --strip-components=1 && \ 63 | rm -f haproxy.tar.gz && \ 64 | make -C /tmp/haproxy -j"$(nproc)" TARGET=linux-musl CPU=generic USE_PCRE2=1 USE_PCRE2_JIT=1 \ 65 | USE_TFO=1 USE_LINUX_TPROXY=1 USE_GETADDRINFO=1 \ 66 | USE_LUA=1 LUA_LIB=/usr/lib/lua5.4 LUA_INC=/usr/include/lua5.4 \ 67 | USE_PROMEX=1 USE_SLZ=1 \ 68 | USE_OPENSSL=1 USE_PTHREAD_EMULATION=1 \ 69 | SSL_INC=/opt/quictls/include SSL_LIB=/opt/quictls/lib USE_QUIC=1 \ 70 | LDFLAGS="-L/opt/quictls/lib -Wl,-rpath,/opt/quictls/lib" \ 71 | all && \ 72 | make -C /tmp/haproxy TARGET=linux2628 install-bin install-man && \ 73 | ln -s /usr/local/sbin/haproxy /usr/sbin/haproxy && \ 74 | mkdir -p /var/lib/haproxy && \ 75 | chown "$HAPROXY_UID:$HAPROXY_GID" /var/lib/haproxy && \ 76 | mkdir -p /usr/local/etc/haproxy && \ 77 | ln -s /usr/local/etc/haproxy /etc/haproxy && \ 78 | cp -R /tmp/haproxy/examples/errorfiles /usr/local/etc/haproxy/errors && \ 79 | rm -rf /tmp/haproxy && \ 80 | chmod +x /usr/local/bin/dataplaneapi && \ 81 | ln -s /usr/local/bin/dataplaneapi /usr/bin/dataplaneapi && \ 82 | chmod +x /usr/local/bin/dataplaneapi-v2 && \ 83 | ln -s /usr/local/bin/dataplaneapi-v2 /usr/bin/dataplaneapi-v2 && \ 84 | touch /usr/local/etc/haproxy/dataplaneapi.yml && \ 85 | chown "$HAPROXY_UID:$HAPROXY_GID" /usr/local/etc/haproxy/dataplaneapi.yml && \ 86 | apk del build-deps && \ 87 | apk add --no-cache openssl zlib lua5.4-libs pcre2 && \ 88 | rm -f /var/cache/apk/* && \ 89 | echo "/lib:/usr/local/lib:/usr/lib:/opt/quictls/lib" > "/etc/ld-musl-$(uname -m).path" && \ 90 | mkdir -p /opt/quictls/ssl && \ 91 | rm -rf /opt/quictls/ssl/certs && \ 92 | ln -s /etc/ssl/certs /opt/quictls/ssl/certs 93 | 94 | COPY haproxy.cfg /usr/local/etc/haproxy 95 | COPY docker-entrypoint.sh / 96 | 97 | STOPSIGNAL SIGUSR1 98 | 99 | ENTRYPOINT ["/docker-entrypoint.sh"] 100 | CMD ["haproxy", "-f", "/usr/local/etc/haproxy/haproxy.cfg"] 101 | -------------------------------------------------------------------------------- /2.9/docker-entrypoint.sh: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | set -e 3 | 4 | # first arg is `-f` or `--some-option` 5 | if [ "${1#-}" != "$1" ]; then 6 | set -- haproxy "$@" 7 | fi 8 | 9 | if [ "$1" = 'haproxy' ]; then 10 | shift # "haproxy" 11 | # if the user wants "haproxy", let's add a couple useful flags 12 | # -W -- "master-worker mode" (similar to the old "haproxy-systemd-wrapper"; allows for reload via "SIGUSR2") 13 | # -db -- disables background mode 14 | set -- haproxy -W -db "$@" 15 | fi 16 | 17 | exec "$@" 18 | -------------------------------------------------------------------------------- /2.9/haproxy.cfg: -------------------------------------------------------------------------------- 1 | #--------------------------------------------------------------------- 2 | # Example configuration for a possible web application. See the 3 | # full configuration options online. 4 | # 5 | # https://www.haproxy.org/download/2.9/doc/configuration.txt 6 | # https://docs.haproxy.org/2.9/configuration.html 7 | # 8 | #--------------------------------------------------------------------- 9 | 10 | #--------------------------------------------------------------------- 11 | # Global settings 12 | #--------------------------------------------------------------------- 13 | global 14 | # to have these messages end up in /var/log/haproxy.log you will 15 | # need to: 16 | # 17 | # 1) configure syslog to accept network log events. This is done 18 | # by adding the '-r' option to the SYSLOGD_OPTIONS in 19 | # /etc/sysconfig/syslog 20 | # 21 | # 2) configure local2 events to go to the /var/log/haproxy.log 22 | # file. A line like the following can be added to 23 | # /etc/sysconfig/syslog 24 | # 25 | # local2.* /var/log/haproxy.log 26 | # 27 | log 127.0.0.1 local2 28 | 29 | chroot /var/lib/haproxy 30 | pidfile /var/run/haproxy.pid 31 | maxconn 4000 32 | user haproxy 33 | group haproxy 34 | # daemon 35 | 36 | # turn on stats unix socket 37 | stats socket /var/lib/haproxy/stats 38 | 39 | #--------------------------------------------------------------------- 40 | # common defaults that all the 'listen' and 'backend' sections will 41 | # use if not designated in their block 42 | #--------------------------------------------------------------------- 43 | defaults 44 | mode http 45 | log global 46 | option httplog 47 | option dontlognull 48 | option http-server-close 49 | option forwardfor except 127.0.0.0/8 50 | option redispatch 51 | retries 3 52 | timeout http-request 10s 53 | timeout queue 1m 54 | timeout connect 10s 55 | timeout client 1m 56 | timeout server 1m 57 | timeout http-keep-alive 10s 58 | timeout check 10s 59 | maxconn 3000 60 | 61 | #--------------------------------------------------------------------- 62 | # example how to define user and enable Data Plane API on tcp/5555 63 | # more information: https://github.com/haproxytech/dataplaneapi and 64 | # https://www.haproxy.com/documentation/hapee/2-0r1/configuration/dataplaneapi/ 65 | #--------------------------------------------------------------------- 66 | # userlist haproxy-dataplaneapi 67 | # user admin insecure-password mypassword 68 | # 69 | # program api 70 | # command /usr/bin/dataplaneapi --host 0.0.0.0 --port 5555 --haproxy-bin /usr/sbin/haproxy --config-file /usr/local/etc/haproxy/haproxy.cfg --reload-cmd "kill -SIGUSR2 1" --restart-cmd "kill -SIGUSR2 1" --reload-delay 5 --userlist haproxy-dataplaneapi 71 | # no option start-on-reload 72 | 73 | #--------------------------------------------------------------------- 74 | # main frontend which proxys to the backends 75 | #--------------------------------------------------------------------- 76 | frontend main 77 | bind *:80 78 | # bind *:443 ssl # To be completed .... 79 | 80 | acl url_static path_beg -i /static /images /javascript /stylesheets 81 | acl url_static path_end -i .jpg .gif .png .css .js 82 | 83 | use_backend static if url_static 84 | default_backend app 85 | 86 | #--------------------------------------------------------------------- 87 | # static backend for serving up images, stylesheets and such 88 | #--------------------------------------------------------------------- 89 | backend static 90 | balance roundrobin 91 | server static1 127.0.0.1:4331 check 92 | server static2 127.0.0.1:4332 check 93 | 94 | #--------------------------------------------------------------------- 95 | # round robin balancing between the various backends 96 | #--------------------------------------------------------------------- 97 | backend app 98 | balance roundrobin 99 | server app1 127.0.0.1:5001 check 100 | server app2 127.0.0.1:5002 check 101 | server app3 127.0.0.1:5003 check 102 | server app4 127.0.0.1:5004 check 103 | -------------------------------------------------------------------------------- /3.0/Dockerfile: -------------------------------------------------------------------------------- 1 | FROM golang:alpine AS dataplaneapi-builder 2 | 3 | ENV DATAPLANE_MINOR 3.2.0 4 | ENV DATAPLANE_V2_MINOR 2.9.13 5 | ENV DATAPLANE_URL https://github.com/haproxytech/dataplaneapi.git 6 | 7 | RUN apk add --no-cache ca-certificates git make && \ 8 | git clone "${DATAPLANE_URL}" "${GOPATH}/src/github.com/haproxytech/dataplaneapi" && \ 9 | cd "${GOPATH}/src/github.com/haproxytech/dataplaneapi" && \ 10 | git checkout "v${DATAPLANE_MINOR}" && \ 11 | make build && cp build/dataplaneapi /dataplaneapi && \ 12 | make clean && \ 13 | git checkout "v${DATAPLANE_V2_MINOR}" && \ 14 | make build && cp build/dataplaneapi /dataplaneapi-v2 15 | 16 | FROM alpine:3.20 AS openssl-builder 17 | 18 | ENV OPENSSL_URL https://github.com/quictls/openssl/archive/refs/tags/openssl-3.3.0-quic1.tar.gz 19 | 20 | RUN apk add --no-cache curl build-base make autoconf automake gcc libc-dev linux-headers && \ 21 | curl -sfSL "${OPENSSL_URL}" -o openssl.tar.gz && \ 22 | mkdir -p /tmp/openssl && \ 23 | tar -xzf openssl.tar.gz -C /tmp/openssl --strip-components=1 && \ 24 | rm -f openssl.tar.gz && \ 25 | cd /tmp/openssl && \ 26 | ./config --libdir=lib --prefix=/opt/quictls && \ 27 | make -j $(nproc) && \ 28 | make install && \ 29 | rm -rf /tmp/openssl 30 | 31 | FROM alpine:3.20 32 | 33 | MAINTAINER Dinko Korunic 34 | 35 | LABEL Name HAProxy 36 | LABEL Release Community Edition 37 | LABEL Vendor HAProxy 38 | LABEL Version 3.0.11 39 | LABEL RUN /usr/bin/docker -d IMAGE 40 | 41 | ENV HAPROXY_BRANCH 3.0 42 | ENV HAPROXY_MINOR 3.0.11 43 | ENV HAPROXY_SHA256 a133e2d550c5fd9a849b5c7ab17bb945bcdad209ca140d41f45ebf31943ae783 44 | ENV HAPROXY_SRC_URL http://www.haproxy.org/download 45 | 46 | ENV HAPROXY_UID haproxy 47 | ENV HAPROXY_GID haproxy 48 | 49 | COPY --from=dataplaneapi-builder /dataplaneapi /usr/local/bin/dataplaneapi 50 | COPY --from=dataplaneapi-builder /dataplaneapi-v2 /usr/local/bin/dataplaneapi-v2 51 | COPY --from=openssl-builder /opt/quictls /opt/quictls 52 | 53 | RUN apk add --no-cache ca-certificates && \ 54 | apk add --no-cache --virtual build-deps gcc libc-dev \ 55 | linux-headers lua5.4-dev make openssl openssl-dev pcre2-dev tar \ 56 | zlib-dev curl shadow && \ 57 | curl -sfSL "${HAPROXY_SRC_URL}/${HAPROXY_BRANCH}/src/haproxy-${HAPROXY_MINOR}.tar.gz" -o haproxy.tar.gz && \ 58 | echo "$HAPROXY_SHA256 *haproxy.tar.gz" | sha256sum -c - && \ 59 | groupadd "$HAPROXY_GID" && \ 60 | useradd -g "$HAPROXY_GID" "$HAPROXY_UID" && \ 61 | mkdir -p /tmp/haproxy && \ 62 | tar -xzf haproxy.tar.gz -C /tmp/haproxy --strip-components=1 && \ 63 | rm -f haproxy.tar.gz && \ 64 | make -C /tmp/haproxy -j"$(nproc)" TARGET=linux-musl CPU=generic USE_PCRE2=1 USE_PCRE2_JIT=1 \ 65 | USE_TFO=1 USE_LINUX_TPROXY=1 USE_GETADDRINFO=1 \ 66 | USE_LUA=1 LUA_LIB=/usr/lib/lua5.4 LUA_INC=/usr/include/lua5.4 \ 67 | USE_PROMEX=1 USE_SLZ=1 \ 68 | USE_OPENSSL=1 USE_PTHREAD_EMULATION=1 \ 69 | SSL_INC=/opt/quictls/include SSL_LIB=/opt/quictls/lib USE_QUIC=1 \ 70 | LDFLAGS="-L/opt/quictls/lib -Wl,-rpath,/opt/quictls/lib" \ 71 | all && \ 72 | make -C /tmp/haproxy TARGET=linux2628 install-bin install-man && \ 73 | ln -s /usr/local/sbin/haproxy /usr/sbin/haproxy && \ 74 | mkdir -p /var/lib/haproxy && \ 75 | chown "$HAPROXY_UID:$HAPROXY_GID" /var/lib/haproxy && \ 76 | mkdir -p /usr/local/etc/haproxy && \ 77 | ln -s /usr/local/etc/haproxy /etc/haproxy && \ 78 | cp -R /tmp/haproxy/examples/errorfiles /usr/local/etc/haproxy/errors && \ 79 | rm -rf /tmp/haproxy && \ 80 | chmod +x /usr/local/bin/dataplaneapi && \ 81 | ln -s /usr/local/bin/dataplaneapi /usr/bin/dataplaneapi && \ 82 | chmod +x /usr/local/bin/dataplaneapi-v2 && \ 83 | ln -s /usr/local/bin/dataplaneapi-v2 /usr/bin/dataplaneapi-v2 && \ 84 | touch /usr/local/etc/haproxy/dataplaneapi.yml && \ 85 | chown "$HAPROXY_UID:$HAPROXY_GID" /usr/local/etc/haproxy/dataplaneapi.yml && \ 86 | apk del build-deps && \ 87 | apk add --no-cache openssl zlib lua5.4-libs pcre2 && \ 88 | rm -f /var/cache/apk/* && \ 89 | echo "/lib:/usr/local/lib:/usr/lib:/opt/quictls/lib" > "/etc/ld-musl-$(uname -m).path" && \ 90 | mkdir -p /opt/quictls/ssl && \ 91 | rm -rf /opt/quictls/ssl/certs && \ 92 | ln -s /etc/ssl/certs /opt/quictls/ssl/certs 93 | 94 | COPY haproxy.cfg /usr/local/etc/haproxy 95 | COPY docker-entrypoint.sh / 96 | 97 | STOPSIGNAL SIGUSR1 98 | 99 | ENTRYPOINT ["/docker-entrypoint.sh"] 100 | CMD ["haproxy", "-f", "/usr/local/etc/haproxy/haproxy.cfg"] 101 | -------------------------------------------------------------------------------- /3.0/docker-entrypoint.sh: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | set -e 3 | 4 | # first arg is `-f` or `--some-option` 5 | if [ "${1#-}" != "$1" ]; then 6 | set -- haproxy "$@" 7 | fi 8 | 9 | if [ "$1" = 'haproxy' ]; then 10 | shift # "haproxy" 11 | # if the user wants "haproxy", let's add a couple useful flags 12 | # -W -- "master-worker mode" (similar to the old "haproxy-systemd-wrapper"; allows for reload via "SIGUSR2") 13 | # -db -- disables background mode 14 | set -- haproxy -W -db "$@" 15 | fi 16 | 17 | exec "$@" 18 | -------------------------------------------------------------------------------- /3.0/haproxy.cfg: -------------------------------------------------------------------------------- 1 | #--------------------------------------------------------------------- 2 | # Example configuration for a possible web application. See the 3 | # full configuration options online. 4 | # 5 | # https://www.haproxy.org/download/3.0/doc/configuration.txt 6 | # https://docs.haproxy.org/3.0/configuration.html 7 | # 8 | #--------------------------------------------------------------------- 9 | 10 | #--------------------------------------------------------------------- 11 | # Global settings 12 | #--------------------------------------------------------------------- 13 | global 14 | # to have these messages end up in /var/log/haproxy.log you will 15 | # need to: 16 | # 17 | # 1) configure syslog to accept network log events. This is done 18 | # by adding the '-r' option to the SYSLOGD_OPTIONS in 19 | # /etc/sysconfig/syslog 20 | # 21 | # 2) configure local2 events to go to the /var/log/haproxy.log 22 | # file. A line like the following can be added to 23 | # /etc/sysconfig/syslog 24 | # 25 | # local2.* /var/log/haproxy.log 26 | # 27 | log 127.0.0.1 local2 28 | 29 | chroot /var/lib/haproxy 30 | pidfile /var/run/haproxy.pid 31 | maxconn 4000 32 | user haproxy 33 | group haproxy 34 | # daemon 35 | 36 | # turn on stats unix socket 37 | stats socket /var/lib/haproxy/stats 38 | 39 | #--------------------------------------------------------------------- 40 | # common defaults that all the 'listen' and 'backend' sections will 41 | # use if not designated in their block 42 | #--------------------------------------------------------------------- 43 | defaults 44 | mode http 45 | log global 46 | option httplog 47 | option dontlognull 48 | option http-server-close 49 | option forwardfor except 127.0.0.0/8 50 | option redispatch 51 | retries 3 52 | timeout http-request 10s 53 | timeout queue 1m 54 | timeout connect 10s 55 | timeout client 1m 56 | timeout server 1m 57 | timeout http-keep-alive 10s 58 | timeout check 10s 59 | maxconn 3000 60 | 61 | #--------------------------------------------------------------------- 62 | # example how to define user and enable Data Plane API on tcp/5555 63 | # more information: https://github.com/haproxytech/dataplaneapi and 64 | # https://www.haproxy.com/documentation/hapee/2-0r1/configuration/dataplaneapi/ 65 | #--------------------------------------------------------------------- 66 | # userlist haproxy-dataplaneapi 67 | # user admin insecure-password mypassword 68 | # 69 | # program api 70 | # command /usr/bin/dataplaneapi --host 0.0.0.0 --port 5555 --haproxy-bin /usr/sbin/haproxy --config-file /usr/local/etc/haproxy/haproxy.cfg --reload-cmd "kill -SIGUSR2 1" --restart-cmd "kill -SIGUSR2 1" --reload-delay 5 --userlist haproxy-dataplaneapi 71 | # no option start-on-reload 72 | 73 | #--------------------------------------------------------------------- 74 | # main frontend which proxys to the backends 75 | #--------------------------------------------------------------------- 76 | frontend main 77 | bind *:80 78 | # bind *:443 ssl # To be completed .... 79 | 80 | acl url_static path_beg -i /static /images /javascript /stylesheets 81 | acl url_static path_end -i .jpg .gif .png .css .js 82 | 83 | use_backend static if url_static 84 | default_backend app 85 | 86 | #--------------------------------------------------------------------- 87 | # static backend for serving up images, stylesheets and such 88 | #--------------------------------------------------------------------- 89 | backend static 90 | balance roundrobin 91 | server static1 127.0.0.1:4331 check 92 | server static2 127.0.0.1:4332 check 93 | 94 | #--------------------------------------------------------------------- 95 | # round robin balancing between the various backends 96 | #--------------------------------------------------------------------- 97 | backend app 98 | balance roundrobin 99 | server app1 127.0.0.1:5001 check 100 | server app2 127.0.0.1:5002 check 101 | server app3 127.0.0.1:5003 check 102 | server app4 127.0.0.1:5004 check 103 | -------------------------------------------------------------------------------- /3.1/Dockerfile: -------------------------------------------------------------------------------- 1 | FROM golang:alpine AS dataplaneapi-builder 2 | 3 | ENV DATAPLANE_MINOR 3.2.0 4 | ENV DATAPLANE_V2_MINOR 2.9.13 5 | ENV DATAPLANE_URL https://github.com/haproxytech/dataplaneapi.git 6 | 7 | RUN apk add --no-cache ca-certificates git make && \ 8 | git clone "${DATAPLANE_URL}" "${GOPATH}/src/github.com/haproxytech/dataplaneapi" && \ 9 | cd "${GOPATH}/src/github.com/haproxytech/dataplaneapi" && \ 10 | git checkout "v${DATAPLANE_MINOR}" && \ 11 | make build && cp build/dataplaneapi /dataplaneapi && \ 12 | make clean && \ 13 | git checkout "v${DATAPLANE_V2_MINOR}" && \ 14 | make build && cp build/dataplaneapi /dataplaneapi-v2 15 | 16 | FROM alpine:3.20 AS openssl-builder 17 | 18 | ENV OPENSSL_URL https://github.com/quictls/openssl/archive/refs/tags/openssl-3.3.0-quic1.tar.gz 19 | 20 | RUN apk add --no-cache curl build-base make autoconf automake gcc libc-dev linux-headers && \ 21 | curl -sfSL "${OPENSSL_URL}" -o openssl.tar.gz && \ 22 | mkdir -p /tmp/openssl && \ 23 | tar -xzf openssl.tar.gz -C /tmp/openssl --strip-components=1 && \ 24 | rm -f openssl.tar.gz && \ 25 | cd /tmp/openssl && \ 26 | ./config --libdir=lib --prefix=/opt/quictls && \ 27 | make -j $(nproc) && \ 28 | make install && \ 29 | rm -rf /tmp/openssl 30 | 31 | FROM alpine:3.20 32 | 33 | MAINTAINER Dinko Korunic 34 | 35 | LABEL Name HAProxy 36 | LABEL Release Community Edition 37 | LABEL Vendor HAProxy 38 | LABEL Version 3.1.8 39 | LABEL RUN /usr/bin/docker -d IMAGE 40 | 41 | ENV HAPROXY_BRANCH 3.1 42 | ENV HAPROXY_MINOR 3.1.8 43 | ENV HAPROXY_SHA256 6f249014b547d34fb41e19867746ec4da4ea7be0c0ce3b56f3cfde57ca3b212d 44 | ENV HAPROXY_SRC_URL http://www.haproxy.org/download 45 | 46 | ENV HAPROXY_UID haproxy 47 | ENV HAPROXY_GID haproxy 48 | 49 | COPY --from=dataplaneapi-builder /dataplaneapi /usr/local/bin/dataplaneapi 50 | COPY --from=dataplaneapi-builder /dataplaneapi-v2 /usr/local/bin/dataplaneapi-v2 51 | COPY --from=openssl-builder /opt/quictls /opt/quictls 52 | 53 | RUN apk add --no-cache ca-certificates && \ 54 | apk add --no-cache --virtual build-deps gcc libc-dev \ 55 | linux-headers lua5.4-dev make openssl openssl-dev pcre2-dev tar \ 56 | zlib-dev curl shadow && \ 57 | curl -sfSL "${HAPROXY_SRC_URL}/${HAPROXY_BRANCH}/src/haproxy-${HAPROXY_MINOR}.tar.gz" -o haproxy.tar.gz && \ 58 | echo "$HAPROXY_SHA256 *haproxy.tar.gz" | sha256sum -c - && \ 59 | groupadd "$HAPROXY_GID" && \ 60 | useradd -g "$HAPROXY_GID" "$HAPROXY_UID" && \ 61 | mkdir -p /tmp/haproxy && \ 62 | tar -xzf haproxy.tar.gz -C /tmp/haproxy --strip-components=1 && \ 63 | rm -f haproxy.tar.gz && \ 64 | make -C /tmp/haproxy -j"$(nproc)" TARGET=linux-musl CPU=generic USE_PCRE2=1 USE_PCRE2_JIT=1 \ 65 | USE_TFO=1 USE_LINUX_TPROXY=1 USE_GETADDRINFO=1 \ 66 | USE_LUA=1 LUA_LIB=/usr/lib/lua5.4 LUA_INC=/usr/include/lua5.4 \ 67 | USE_PROMEX=1 USE_SLZ=1 \ 68 | USE_OPENSSL=1 USE_PTHREAD_EMULATION=1 \ 69 | SSL_INC=/opt/quictls/include SSL_LIB=/opt/quictls/lib USE_QUIC=1 \ 70 | LDFLAGS="-L/opt/quictls/lib -Wl,-rpath,/opt/quictls/lib" \ 71 | all && \ 72 | make -C /tmp/haproxy TARGET=linux2628 install-bin install-man && \ 73 | ln -s /usr/local/sbin/haproxy /usr/sbin/haproxy && \ 74 | mkdir -p /var/lib/haproxy && \ 75 | chown "$HAPROXY_UID:$HAPROXY_GID" /var/lib/haproxy && \ 76 | mkdir -p /usr/local/etc/haproxy && \ 77 | ln -s /usr/local/etc/haproxy /etc/haproxy && \ 78 | cp -R /tmp/haproxy/examples/errorfiles /usr/local/etc/haproxy/errors && \ 79 | rm -rf /tmp/haproxy && \ 80 | chmod +x /usr/local/bin/dataplaneapi && \ 81 | ln -s /usr/local/bin/dataplaneapi /usr/bin/dataplaneapi && \ 82 | chmod +x /usr/local/bin/dataplaneapi-v2 && \ 83 | ln -s /usr/local/bin/dataplaneapi-v2 /usr/bin/dataplaneapi-v2 && \ 84 | touch /usr/local/etc/haproxy/dataplaneapi.yml && \ 85 | chown "$HAPROXY_UID:$HAPROXY_GID" /usr/local/etc/haproxy/dataplaneapi.yml && \ 86 | apk del build-deps && \ 87 | apk add --no-cache openssl zlib lua5.4-libs pcre2 && \ 88 | rm -f /var/cache/apk/* && \ 89 | echo "/lib:/usr/local/lib:/usr/lib:/opt/quictls/lib" > "/etc/ld-musl-$(uname -m).path" && \ 90 | mkdir -p /opt/quictls/ssl && \ 91 | rm -rf /opt/quictls/ssl/certs && \ 92 | ln -s /etc/ssl/certs /opt/quictls/ssl/certs 93 | 94 | COPY haproxy.cfg /usr/local/etc/haproxy 95 | COPY docker-entrypoint.sh / 96 | 97 | STOPSIGNAL SIGUSR1 98 | 99 | ENTRYPOINT ["/docker-entrypoint.sh"] 100 | CMD ["haproxy", "-f", "/usr/local/etc/haproxy/haproxy.cfg"] 101 | -------------------------------------------------------------------------------- /3.1/docker-entrypoint.sh: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | set -e 3 | 4 | # first arg is `-f` or `--some-option` 5 | if [ "${1#-}" != "$1" ]; then 6 | set -- haproxy "$@" 7 | fi 8 | 9 | if [ "$1" = 'haproxy' ]; then 10 | shift # "haproxy" 11 | # if the user wants "haproxy", let's add a couple useful flags 12 | # -W -- "master-worker mode" (similar to the old "haproxy-systemd-wrapper"; allows for reload via "SIGUSR2") 13 | # -db -- disables background mode 14 | set -- haproxy -W -db "$@" 15 | fi 16 | 17 | exec "$@" 18 | -------------------------------------------------------------------------------- /3.1/haproxy.cfg: -------------------------------------------------------------------------------- 1 | #--------------------------------------------------------------------- 2 | # Example configuration for a possible web application. See the 3 | # full configuration options online. 4 | # 5 | # https://www.haproxy.org/download/3.1/doc/configuration.txt 6 | # https://docs.haproxy.org/3.1/configuration.html 7 | # 8 | #--------------------------------------------------------------------- 9 | 10 | #--------------------------------------------------------------------- 11 | # Global settings 12 | #--------------------------------------------------------------------- 13 | global 14 | # to have these messages end up in /var/log/haproxy.log you will 15 | # need to: 16 | # 17 | # 1) configure syslog to accept network log events. This is done 18 | # by adding the '-r' option to the SYSLOGD_OPTIONS in 19 | # /etc/sysconfig/syslog 20 | # 21 | # 2) configure local2 events to go to the /var/log/haproxy.log 22 | # file. A line like the following can be added to 23 | # /etc/sysconfig/syslog 24 | # 25 | # local2.* /var/log/haproxy.log 26 | # 27 | log 127.0.0.1 local2 28 | 29 | chroot /var/lib/haproxy 30 | pidfile /var/run/haproxy.pid 31 | maxconn 4000 32 | user haproxy 33 | group haproxy 34 | # daemon 35 | 36 | # turn on stats unix socket 37 | stats socket /var/lib/haproxy/stats 38 | 39 | #--------------------------------------------------------------------- 40 | # common defaults that all the 'listen' and 'backend' sections will 41 | # use if not designated in their block 42 | #--------------------------------------------------------------------- 43 | defaults 44 | mode http 45 | log global 46 | option httplog 47 | option dontlognull 48 | option http-server-close 49 | option forwardfor except 127.0.0.0/8 50 | option redispatch 51 | retries 3 52 | timeout http-request 10s 53 | timeout queue 1m 54 | timeout connect 10s 55 | timeout client 1m 56 | timeout server 1m 57 | timeout http-keep-alive 10s 58 | timeout check 10s 59 | maxconn 3000 60 | 61 | #--------------------------------------------------------------------- 62 | # example how to define user and enable Data Plane API on tcp/5555 63 | # more information: https://github.com/haproxytech/dataplaneapi and 64 | # https://www.haproxy.com/documentation/hapee/2-0r1/configuration/dataplaneapi/ 65 | #--------------------------------------------------------------------- 66 | # userlist haproxy-dataplaneapi 67 | # user admin insecure-password mypassword 68 | # 69 | # program api 70 | # command /usr/bin/dataplaneapi --host 0.0.0.0 --port 5555 --haproxy-bin /usr/sbin/haproxy --config-file /usr/local/etc/haproxy/haproxy.cfg --reload-cmd "kill -SIGUSR2 1" --restart-cmd "kill -SIGUSR2 1" --reload-delay 5 --userlist haproxy-dataplaneapi 71 | # no option start-on-reload 72 | 73 | #--------------------------------------------------------------------- 74 | # main frontend which proxys to the backends 75 | #--------------------------------------------------------------------- 76 | frontend main 77 | bind *:80 78 | # bind *:443 ssl # To be completed .... 79 | 80 | acl url_static path_beg -i /static /images /javascript /stylesheets 81 | acl url_static path_end -i .jpg .gif .png .css .js 82 | 83 | use_backend static if url_static 84 | default_backend app 85 | 86 | #--------------------------------------------------------------------- 87 | # static backend for serving up images, stylesheets and such 88 | #--------------------------------------------------------------------- 89 | backend static 90 | balance roundrobin 91 | server static1 127.0.0.1:4331 check 92 | server static2 127.0.0.1:4332 check 93 | 94 | #--------------------------------------------------------------------- 95 | # round robin balancing between the various backends 96 | #--------------------------------------------------------------------- 97 | backend app 98 | balance roundrobin 99 | server app1 127.0.0.1:5001 check 100 | server app2 127.0.0.1:5002 check 101 | server app3 127.0.0.1:5003 check 102 | server app4 127.0.0.1:5004 check 103 | -------------------------------------------------------------------------------- /3.2/Dockerfile: -------------------------------------------------------------------------------- 1 | FROM golang:alpine AS dataplaneapi-builder 2 | 3 | ENV DATAPLANE_MINOR 3.2.0 4 | ENV DATAPLANE_V2_MINOR 2.9.13 5 | ENV DATAPLANE_URL https://github.com/haproxytech/dataplaneapi.git 6 | 7 | RUN apk add --no-cache ca-certificates git make && \ 8 | git clone "${DATAPLANE_URL}" "${GOPATH}/src/github.com/haproxytech/dataplaneapi" && \ 9 | cd "${GOPATH}/src/github.com/haproxytech/dataplaneapi" && \ 10 | git checkout "v${DATAPLANE_MINOR}" && \ 11 | make build && cp build/dataplaneapi /dataplaneapi && \ 12 | make clean && \ 13 | git checkout "v${DATAPLANE_V2_MINOR}" && \ 14 | make build && cp build/dataplaneapi /dataplaneapi-v2 15 | 16 | FROM alpine:3.20 AS openssl-builder 17 | 18 | ENV OPENSSL_URL https://github.com/quictls/openssl/archive/refs/tags/openssl-3.3.0-quic1.tar.gz 19 | 20 | RUN apk add --no-cache curl build-base make autoconf automake gcc libc-dev linux-headers && \ 21 | curl -sfSL "${OPENSSL_URL}" -o openssl.tar.gz && \ 22 | mkdir -p /tmp/openssl && \ 23 | tar -xzf openssl.tar.gz -C /tmp/openssl --strip-components=1 && \ 24 | rm -f openssl.tar.gz && \ 25 | cd /tmp/openssl && \ 26 | ./config --libdir=lib --prefix=/opt/quictls && \ 27 | make -j $(nproc) && \ 28 | make install && \ 29 | rm -rf /tmp/openssl 30 | 31 | FROM alpine:3.20 32 | 33 | MAINTAINER Dinko Korunic 34 | 35 | LABEL Name HAProxy 36 | LABEL Release Community Edition 37 | LABEL Vendor HAProxy 38 | LABEL Version 3.2.0 39 | LABEL RUN /usr/bin/docker -d IMAGE 40 | 41 | ENV HAPROXY_BRANCH 3.2 42 | ENV HAPROXY_MINOR 3.2.0 43 | ENV HAPROXY_SHA256 f762ae31bca1b51feb89e4395e36e17f867c25372a10853c70d292c3dd17b7b0 44 | ENV HAPROXY_SRC_URL http://www.haproxy.org/download 45 | 46 | ENV HAPROXY_UID haproxy 47 | ENV HAPROXY_GID haproxy 48 | 49 | COPY --from=dataplaneapi-builder /dataplaneapi /usr/local/bin/dataplaneapi 50 | COPY --from=dataplaneapi-builder /dataplaneapi-v2 /usr/local/bin/dataplaneapi-v2 51 | COPY --from=openssl-builder /opt/quictls /opt/quictls 52 | 53 | RUN apk add --no-cache ca-certificates && \ 54 | apk add --no-cache --virtual build-deps gcc libc-dev \ 55 | linux-headers lua5.4-dev make openssl openssl-dev pcre2-dev tar \ 56 | zlib-dev curl shadow && \ 57 | curl -sfSL "${HAPROXY_SRC_URL}/${HAPROXY_BRANCH}/src/haproxy-${HAPROXY_MINOR}.tar.gz" -o haproxy.tar.gz && \ 58 | echo "$HAPROXY_SHA256 *haproxy.tar.gz" | sha256sum -c - && \ 59 | groupadd "$HAPROXY_GID" && \ 60 | useradd -g "$HAPROXY_GID" "$HAPROXY_UID" && \ 61 | mkdir -p /tmp/haproxy && \ 62 | tar -xzf haproxy.tar.gz -C /tmp/haproxy --strip-components=1 && \ 63 | rm -f haproxy.tar.gz && \ 64 | make -C /tmp/haproxy -j"$(nproc)" TARGET=linux-musl CPU=generic USE_PCRE2=1 USE_PCRE2_JIT=1 \ 65 | USE_TFO=1 USE_LINUX_TPROXY=1 USE_GETADDRINFO=1 \ 66 | USE_LUA=1 LUA_LIB=/usr/lib/lua5.4 LUA_INC=/usr/include/lua5.4 \ 67 | USE_PROMEX=1 USE_SLZ=1 \ 68 | USE_OPENSSL=1 USE_PTHREAD_EMULATION=1 \ 69 | SSL_INC=/opt/quictls/include SSL_LIB=/opt/quictls/lib USE_QUIC=1 \ 70 | LDFLAGS="-L/opt/quictls/lib -Wl,-rpath,/opt/quictls/lib" \ 71 | all && \ 72 | make -C /tmp/haproxy TARGET=linux2628 install-bin install-man && \ 73 | ln -s /usr/local/sbin/haproxy /usr/sbin/haproxy && \ 74 | mkdir -p /var/lib/haproxy && \ 75 | chown "$HAPROXY_UID:$HAPROXY_GID" /var/lib/haproxy && \ 76 | mkdir -p /usr/local/etc/haproxy && \ 77 | ln -s /usr/local/etc/haproxy /etc/haproxy && \ 78 | cp -R /tmp/haproxy/examples/errorfiles /usr/local/etc/haproxy/errors && \ 79 | rm -rf /tmp/haproxy && \ 80 | chmod +x /usr/local/bin/dataplaneapi && \ 81 | ln -s /usr/local/bin/dataplaneapi /usr/bin/dataplaneapi && \ 82 | chmod +x /usr/local/bin/dataplaneapi-v2 && \ 83 | ln -s /usr/local/bin/dataplaneapi-v2 /usr/bin/dataplaneapi-v2 && \ 84 | touch /usr/local/etc/haproxy/dataplaneapi.yml && \ 85 | chown "$HAPROXY_UID:$HAPROXY_GID" /usr/local/etc/haproxy/dataplaneapi.yml && \ 86 | apk del build-deps && \ 87 | apk add --no-cache openssl zlib lua5.4-libs pcre2 && \ 88 | rm -f /var/cache/apk/* && \ 89 | echo "/lib:/usr/local/lib:/usr/lib:/opt/quictls/lib" > "/etc/ld-musl-$(uname -m).path" && \ 90 | mkdir -p /opt/quictls/ssl && \ 91 | rm -rf /opt/quictls/ssl/certs && \ 92 | ln -s /etc/ssl/certs /opt/quictls/ssl/certs 93 | 94 | COPY haproxy.cfg /usr/local/etc/haproxy 95 | COPY docker-entrypoint.sh / 96 | 97 | STOPSIGNAL SIGUSR1 98 | 99 | ENTRYPOINT ["/docker-entrypoint.sh"] 100 | CMD ["haproxy", "-f", "/usr/local/etc/haproxy/haproxy.cfg"] 101 | -------------------------------------------------------------------------------- /3.2/docker-entrypoint.sh: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | set -e 3 | 4 | # first arg is `-f` or `--some-option` 5 | if [ "${1#-}" != "$1" ]; then 6 | set -- haproxy "$@" 7 | fi 8 | 9 | if [ "$1" = 'haproxy' ]; then 10 | shift # "haproxy" 11 | # if the user wants "haproxy", let's add a couple useful flags 12 | # -W -- "master-worker mode" (similar to the old "haproxy-systemd-wrapper"; allows for reload via "SIGUSR2") 13 | # -db -- disables background mode 14 | set -- haproxy -W -db "$@" 15 | fi 16 | 17 | exec "$@" 18 | -------------------------------------------------------------------------------- /3.2/haproxy.cfg: -------------------------------------------------------------------------------- 1 | #--------------------------------------------------------------------- 2 | # Example configuration for a possible web application. See the 3 | # full configuration options online. 4 | # 5 | # https://www.haproxy.org/download/3.2/doc/configuration.txt 6 | # https://docs.haproxy.org/3.2/configuration.html 7 | # 8 | #--------------------------------------------------------------------- 9 | 10 | #--------------------------------------------------------------------- 11 | # Global settings 12 | #--------------------------------------------------------------------- 13 | global 14 | # to have these messages end up in /var/log/haproxy.log you will 15 | # need to: 16 | # 17 | # 1) configure syslog to accept network log events. This is done 18 | # by adding the '-r' option to the SYSLOGD_OPTIONS in 19 | # /etc/sysconfig/syslog 20 | # 21 | # 2) configure local2 events to go to the /var/log/haproxy.log 22 | # file. A line like the following can be added to 23 | # /etc/sysconfig/syslog 24 | # 25 | # local2.* /var/log/haproxy.log 26 | # 27 | log 127.0.0.1 local2 28 | 29 | chroot /var/lib/haproxy 30 | pidfile /var/run/haproxy.pid 31 | maxconn 4000 32 | user haproxy 33 | group haproxy 34 | # daemon 35 | 36 | # turn on stats unix socket 37 | stats socket /var/lib/haproxy/stats 38 | 39 | #--------------------------------------------------------------------- 40 | # common defaults that all the 'listen' and 'backend' sections will 41 | # use if not designated in their block 42 | #--------------------------------------------------------------------- 43 | defaults 44 | mode http 45 | log global 46 | option httplog 47 | option dontlognull 48 | option http-server-close 49 | option forwardfor except 127.0.0.0/8 50 | option redispatch 51 | retries 3 52 | timeout http-request 10s 53 | timeout queue 1m 54 | timeout connect 10s 55 | timeout client 1m 56 | timeout server 1m 57 | timeout http-keep-alive 10s 58 | timeout check 10s 59 | maxconn 3000 60 | 61 | #--------------------------------------------------------------------- 62 | # example how to define user and enable Data Plane API on tcp/5555 63 | # more information: https://github.com/haproxytech/dataplaneapi and 64 | # https://www.haproxy.com/documentation/hapee/2-0r1/configuration/dataplaneapi/ 65 | #--------------------------------------------------------------------- 66 | # userlist haproxy-dataplaneapi 67 | # user admin insecure-password mypassword 68 | # 69 | # program api 70 | # command /usr/bin/dataplaneapi --host 0.0.0.0 --port 5555 --haproxy-bin /usr/sbin/haproxy --config-file /usr/local/etc/haproxy/haproxy.cfg --reload-cmd "kill -SIGUSR2 1" --restart-cmd "kill -SIGUSR2 1" --reload-delay 5 --userlist haproxy-dataplaneapi 71 | # no option start-on-reload 72 | 73 | #--------------------------------------------------------------------- 74 | # main frontend which proxys to the backends 75 | #--------------------------------------------------------------------- 76 | frontend main 77 | bind *:80 78 | # bind *:443 ssl # To be completed .... 79 | 80 | acl url_static path_beg -i /static /images /javascript /stylesheets 81 | acl url_static path_end -i .jpg .gif .png .css .js 82 | 83 | use_backend static if url_static 84 | default_backend app 85 | 86 | #--------------------------------------------------------------------- 87 | # static backend for serving up images, stylesheets and such 88 | #--------------------------------------------------------------------- 89 | backend static 90 | balance roundrobin 91 | server static1 127.0.0.1:4331 check 92 | server static2 127.0.0.1:4332 check 93 | 94 | #--------------------------------------------------------------------- 95 | # round robin balancing between the various backends 96 | #--------------------------------------------------------------------- 97 | backend app 98 | balance roundrobin 99 | server app1 127.0.0.1:5001 check 100 | server app2 127.0.0.1:5002 check 101 | server app3 127.0.0.1:5003 check 102 | server app4 127.0.0.1:5004 check 103 | -------------------------------------------------------------------------------- /3.3/Dockerfile: -------------------------------------------------------------------------------- 1 | FROM golang:alpine AS dataplaneapi-builder 2 | 3 | ENV DATAPLANE_MINOR 3.2.0 4 | ENV DATAPLANE_V2_MINOR 2.9.13 5 | ENV DATAPLANE_URL https://github.com/haproxytech/dataplaneapi.git 6 | 7 | RUN apk add --no-cache ca-certificates git make && \ 8 | git clone "${DATAPLANE_URL}" "${GOPATH}/src/github.com/haproxytech/dataplaneapi" && \ 9 | cd "${GOPATH}/src/github.com/haproxytech/dataplaneapi" && \ 10 | git checkout "v${DATAPLANE_MINOR}" && \ 11 | make build && cp build/dataplaneapi /dataplaneapi && \ 12 | make clean && \ 13 | git checkout "v${DATAPLANE_V2_MINOR}" && \ 14 | make build && cp build/dataplaneapi /dataplaneapi-v2 15 | 16 | FROM alpine:3.20 AS openssl-builder 17 | 18 | ENV OPENSSL_URL https://github.com/quictls/openssl/archive/refs/tags/openssl-3.3.0-quic1.tar.gz 19 | 20 | RUN apk add --no-cache curl build-base make autoconf automake gcc libc-dev linux-headers && \ 21 | curl -sfSL "${OPENSSL_URL}" -o openssl.tar.gz && \ 22 | mkdir -p /tmp/openssl && \ 23 | tar -xzf openssl.tar.gz -C /tmp/openssl --strip-components=1 && \ 24 | rm -f openssl.tar.gz && \ 25 | cd /tmp/openssl && \ 26 | ./config --libdir=lib --prefix=/opt/quictls && \ 27 | make -j $(nproc) && \ 28 | make install && \ 29 | rm -rf /tmp/openssl 30 | 31 | FROM alpine:3.20 32 | 33 | MAINTAINER Dinko Korunic 34 | 35 | LABEL Name HAProxy 36 | LABEL Release Community Edition 37 | LABEL Vendor HAProxy 38 | LABEL Version 3.3-dev0 39 | LABEL RUN /usr/bin/docker -d IMAGE 40 | 41 | ENV HAPROXY_BRANCH 3.3 42 | ENV HAPROXY_MINOR 3.3-dev0 43 | ENV HAPROXY_SHA256 752d564662c2c909f4788f1173c1f7fdf4492ee8da79a5f81e22e0ecbf2b7f02 44 | ENV HAPROXY_SRC_URL http://www.haproxy.org/download 45 | 46 | ENV HAPROXY_UID haproxy 47 | ENV HAPROXY_GID haproxy 48 | 49 | COPY --from=dataplaneapi-builder /dataplaneapi /usr/local/bin/dataplaneapi 50 | COPY --from=dataplaneapi-builder /dataplaneapi-v2 /usr/local/bin/dataplaneapi-v2 51 | COPY --from=openssl-builder /opt/quictls /opt/quictls 52 | 53 | RUN apk add --no-cache ca-certificates && \ 54 | apk add --no-cache --virtual build-deps gcc libc-dev \ 55 | linux-headers lua5.4-dev make openssl openssl-dev pcre2-dev tar \ 56 | zlib-dev curl shadow && \ 57 | curl -sfSL "${HAPROXY_SRC_URL}/${HAPROXY_BRANCH}/src/devel/haproxy-${HAPROXY_MINOR}.tar.gz" -o haproxy.tar.gz && \ 58 | echo "$HAPROXY_SHA256 *haproxy.tar.gz" | sha256sum -c - && \ 59 | groupadd "$HAPROXY_GID" && \ 60 | useradd -g "$HAPROXY_GID" "$HAPROXY_UID" && \ 61 | mkdir -p /tmp/haproxy && \ 62 | tar -xzf haproxy.tar.gz -C /tmp/haproxy --strip-components=1 && \ 63 | rm -f haproxy.tar.gz && \ 64 | make -C /tmp/haproxy -j"$(nproc)" TARGET=linux-musl CPU=generic USE_PCRE2=1 USE_PCRE2_JIT=1 \ 65 | USE_TFO=1 USE_LINUX_TPROXY=1 USE_GETADDRINFO=1 \ 66 | USE_LUA=1 LUA_LIB=/usr/lib/lua5.4 LUA_INC=/usr/include/lua5.4 \ 67 | USE_PROMEX=1 USE_SLZ=1 \ 68 | USE_OPENSSL=1 USE_PTHREAD_EMULATION=1 \ 69 | SSL_INC=/opt/quictls/include SSL_LIB=/opt/quictls/lib USE_QUIC=1 \ 70 | LDFLAGS="-L/opt/quictls/lib -Wl,-rpath,/opt/quictls/lib" \ 71 | all && \ 72 | make -C /tmp/haproxy TARGET=linux2628 install-bin install-man && \ 73 | ln -s /usr/local/sbin/haproxy /usr/sbin/haproxy && \ 74 | mkdir -p /var/lib/haproxy && \ 75 | chown "$HAPROXY_UID:$HAPROXY_GID" /var/lib/haproxy && \ 76 | mkdir -p /usr/local/etc/haproxy && \ 77 | ln -s /usr/local/etc/haproxy /etc/haproxy && \ 78 | cp -R /tmp/haproxy/examples/errorfiles /usr/local/etc/haproxy/errors && \ 79 | rm -rf /tmp/haproxy && \ 80 | chmod +x /usr/local/bin/dataplaneapi && \ 81 | ln -s /usr/local/bin/dataplaneapi /usr/bin/dataplaneapi && \ 82 | chmod +x /usr/local/bin/dataplaneapi-v2 && \ 83 | ln -s /usr/local/bin/dataplaneapi-v2 /usr/bin/dataplaneapi-v2 && \ 84 | touch /usr/local/etc/haproxy/dataplaneapi.yml && \ 85 | chown "$HAPROXY_UID:$HAPROXY_GID" /usr/local/etc/haproxy/dataplaneapi.yml && \ 86 | apk del build-deps && \ 87 | apk add --no-cache openssl zlib lua5.4-libs pcre2 && \ 88 | rm -f /var/cache/apk/* && \ 89 | echo "/lib:/usr/local/lib:/usr/lib:/opt/quictls/lib" > "/etc/ld-musl-$(uname -m).path" && \ 90 | mkdir -p /opt/quictls/ssl && \ 91 | rm -rf /opt/quictls/ssl/certs && \ 92 | ln -s /etc/ssl/certs /opt/quictls/ssl/certs 93 | 94 | COPY haproxy.cfg /usr/local/etc/haproxy 95 | COPY docker-entrypoint.sh / 96 | 97 | STOPSIGNAL SIGUSR1 98 | 99 | ENTRYPOINT ["/docker-entrypoint.sh"] 100 | CMD ["haproxy", "-f", "/usr/local/etc/haproxy/haproxy.cfg"] 101 | -------------------------------------------------------------------------------- /3.3/docker-entrypoint.sh: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | set -e 3 | 4 | # first arg is `-f` or `--some-option` 5 | if [ "${1#-}" != "$1" ]; then 6 | set -- haproxy "$@" 7 | fi 8 | 9 | if [ "$1" = 'haproxy' ]; then 10 | shift # "haproxy" 11 | # if the user wants "haproxy", let's add a couple useful flags 12 | # -W -- "master-worker mode" (similar to the old "haproxy-systemd-wrapper"; allows for reload via "SIGUSR2") 13 | # -db -- disables background mode 14 | set -- haproxy -W -db "$@" 15 | fi 16 | 17 | exec "$@" 18 | -------------------------------------------------------------------------------- /3.3/haproxy.cfg: -------------------------------------------------------------------------------- 1 | #--------------------------------------------------------------------- 2 | # Example configuration for a possible web application. See the 3 | # full configuration options online. 4 | # 5 | # https://www.haproxy.org/download/3.3/doc/configuration.txt 6 | # https://docs.haproxy.org/3.3/configuration.html 7 | # 8 | #--------------------------------------------------------------------- 9 | 10 | #--------------------------------------------------------------------- 11 | # Global settings 12 | #--------------------------------------------------------------------- 13 | global 14 | # to have these messages end up in /var/log/haproxy.log you will 15 | # need to: 16 | # 17 | # 1) configure syslog to accept network log events. This is done 18 | # by adding the '-r' option to the SYSLOGD_OPTIONS in 19 | # /etc/sysconfig/syslog 20 | # 21 | # 2) configure local2 events to go to the /var/log/haproxy.log 22 | # file. A line like the following can be added to 23 | # /etc/sysconfig/syslog 24 | # 25 | # local2.* /var/log/haproxy.log 26 | # 27 | log 127.0.0.1 local2 28 | 29 | chroot /var/lib/haproxy 30 | pidfile /var/run/haproxy.pid 31 | maxconn 4000 32 | user haproxy 33 | group haproxy 34 | # daemon 35 | 36 | # turn on stats unix socket 37 | stats socket /var/lib/haproxy/stats 38 | 39 | #--------------------------------------------------------------------- 40 | # common defaults that all the 'listen' and 'backend' sections will 41 | # use if not designated in their block 42 | #--------------------------------------------------------------------- 43 | defaults 44 | mode http 45 | log global 46 | option httplog 47 | option dontlognull 48 | option http-server-close 49 | option forwardfor except 127.0.0.0/8 50 | option redispatch 51 | retries 3 52 | timeout http-request 10s 53 | timeout queue 1m 54 | timeout connect 10s 55 | timeout client 1m 56 | timeout server 1m 57 | timeout http-keep-alive 10s 58 | timeout check 10s 59 | maxconn 3000 60 | 61 | #--------------------------------------------------------------------- 62 | # example how to define user and enable Data Plane API on tcp/5555 63 | # more information: https://github.com/haproxytech/dataplaneapi and 64 | # https://www.haproxy.com/documentation/hapee/2-0r1/configuration/dataplaneapi/ 65 | #--------------------------------------------------------------------- 66 | # userlist haproxy-dataplaneapi 67 | # user admin insecure-password mypassword 68 | # 69 | # program api 70 | # command /usr/bin/dataplaneapi --host 0.0.0.0 --port 5555 --haproxy-bin /usr/sbin/haproxy --config-file /usr/local/etc/haproxy/haproxy.cfg --reload-cmd "kill -SIGUSR2 1" --restart-cmd "kill -SIGUSR2 1" --reload-delay 5 --userlist haproxy-dataplaneapi 71 | # no option start-on-reload 72 | 73 | #--------------------------------------------------------------------- 74 | # main frontend which proxys to the backends 75 | #--------------------------------------------------------------------- 76 | frontend main 77 | bind *:80 78 | # bind *:443 ssl # To be completed .... 79 | 80 | acl url_static path_beg -i /static /images /javascript /stylesheets 81 | acl url_static path_end -i .jpg .gif .png .css .js 82 | 83 | use_backend static if url_static 84 | default_backend app 85 | 86 | #--------------------------------------------------------------------- 87 | # static backend for serving up images, stylesheets and such 88 | #--------------------------------------------------------------------- 89 | backend static 90 | balance roundrobin 91 | server static1 127.0.0.1:4331 check 92 | server static2 127.0.0.1:4332 check 93 | 94 | #--------------------------------------------------------------------- 95 | # round robin balancing between the various backends 96 | #--------------------------------------------------------------------- 97 | backend app 98 | balance roundrobin 99 | server app1 127.0.0.1:5001 check 100 | server app2 127.0.0.1:5002 check 101 | server app3 127.0.0.1:5003 check 102 | server app4 127.0.0.1:5004 check 103 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # Supported tags and respective `Dockerfile` links 2 | 3 | - [`3.3-dev0`, `3.3`](https://github.com/haproxytech/haproxy-docker-alpine-quic/blob/main/3.3/Dockerfile) 4 | - [`3.2.0`, `3.2`, `latest`](https://github.com/haproxytech/haproxy-docker-alpine-quic/blob/main/3.2/Dockerfile) 5 | - [`3.1.8`, `3.1`](https://github.com/haproxytech/haproxy-docker-alpine-quic/blob/main/3.1/Dockerfile) 6 | - [`3.0.11`, `3.0`](https://github.com/haproxytech/haproxy-docker-alpine-quic/blob/main/3.0/Dockerfile) 7 | - [`2.9.15`, `2.9`](https://github.com/haproxytech/haproxy-docker-alpine-quic/blob/main/2.9/Dockerfile) 8 | - [`2.8.15`, `2.8`](https://github.com/haproxytech/haproxy-docker-alpine-quic/blob/main/2.8/Dockerfile) 9 | - [`2.6.22`, `2.6`](https://github.com/haproxytech/haproxy-docker-alpine-quic/blob/main/2.6/Dockerfile) 10 | 11 | # Quick reference 12 | 13 | - **Where to get help**: 14 | [HAProxy mailing list](mailto:haproxy@formilux.org), [HAProxy Community Slack](https://slack.haproxy.org/) or [#haproxy on Libera.chat](irc://irc.libera.chat/%23haproxy) 15 | 16 | - **Where to file issues**: 17 | [https://github.com/haproxytech/haproxy-docker-alpine-quic/issues](https://github.com/haproxytech/haproxy-docker-alpine-quic/issues) 18 | 19 | - **Maintained by**: 20 | [HAProxy Technologies](https://github.com/haproxytech) 21 | 22 | - **Supported architectures**: ([more info](https://github.com/docker-library/official-images#architectures-other-than-amd64)) 23 | `linux/amd64`, `linux/arm64`, `linux/arm/v6`, `linux/arm/v7` 24 | 25 | - **Image updates**: 26 | [commits to `haproxytech/haproxy-docker-alpine-quic`](https://github.com/haproxytech/haproxy-docker-alpine-quic/commits/main), [top level `haproxytech/haproxy-docker-alpine-quic` image folder](https://github.com/haproxytech/haproxy-docker-alpine-quic) 27 | 28 | - **Source of this description**: 29 | [README.md](https://github.com/haproxytech/haproxy-docker-alpine-quic/blob/main/README.md) 30 | 31 | # What is HAProxy? 32 | 33 | HAProxy is the fastest and most widely used open-source load balancer and application delivery controller. Written in C, it has a reputation for efficient use of both processor and memory. It can proxy at either layer 4 (TCP) or layer 7 (HTTP) and has additional features for inspecting, routing and modifying HTTP messages. 34 | 35 | It comes bundled with a web UI, called the HAProxy Stats page, that you can use to monitor error rates, the volume of traffic and latency. Features can be toggled on by updating a single configuration file, which provides a syntax for defining routing rules, rate limiting, access controls, and more. 36 | 37 | Other features include: 38 | 39 | - SSL/TLS termination 40 | - Gzip compression 41 | - Health checking 42 | - HTTP/2 43 | - gRPC support 44 | - Lua scripting 45 | - DNS service discovery 46 | - Automatic retries of failed conenctions 47 | - Verbose logging 48 | 49 | ![logo](https://www.haproxy.org/img/HAProxyCommunityEdition_60px.png) 50 | 51 | # How to use this image 52 | 53 | This image is being shipped with a trivial sample configuration and for any real life use it should be configured according to the [extensive documentation](https://docs.haproxy.org/) and [examples](https://github.com/haproxy/haproxy/tree/master/examples). We will now show how to override shipped haproxy.cfg with one of your own. 54 | 55 | ## Create a `Dockerfile` 56 | 57 | ```dockerfile 58 | FROM haproxytech/haproxy-alpine-quic:3.0 59 | COPY haproxy.cfg /usr/local/etc/haproxy/haproxy.cfg 60 | ``` 61 | 62 | ## Build the container 63 | 64 | ```console 65 | $ docker build -t my-haproxy . 66 | ``` 67 | 68 | ## Test the configuration file 69 | 70 | ```console 71 | $ docker run -it --rm my-haproxy haproxy -c -f /usr/local/etc/haproxy/haproxy.cfg 72 | ``` 73 | 74 | ## Run the container 75 | 76 | ```console 77 | $ docker run -d --name my-running-haproxy my-haproxy 78 | ``` 79 | 80 | You will also need to publish the ports your HAProxy is listening on to the host by specifying the `-p` option, for example `-p 8080:80` to publish port 8080 from the container host to port 80 in the container. 81 | 82 | ## Use volume for configuration persistency 83 | 84 | ```console 85 | $ docker run -d --name my-running-haproxy -v /path/to/etc/haproxy:/usr/local/etc/haproxy:ro haproxytech/haproxy-alpine-quic:3.0 86 | ``` 87 | 88 | Note that your host's `/path/to/etc/haproxy` folder should be populated with a file named `haproxy.cfg` as well as any other accompanying files local to `/etc/haproxy`. 89 | 90 | ## Reloading config 91 | 92 | To be able to reload HAProxy configuration, you can send `SIGUSR2` to the container: 93 | 94 | ```console 95 | $ docker kill -s USR2 my-running-haproxy 96 | ``` 97 | 98 | ## Enable Data Plane API 99 | 100 | [Data Plane API](https://www.haproxy.com/documentation/hapee/2-7r1/api/data-plane-api/) sidecar is being distributed by default in all 2.0+ images and to enable it there are a few steps required: 101 | 102 | 1. define one or more users through `userlist` 103 | 2. enable dataplane api process through `program api` 104 | 3. enable haproxy.cfg to be read/write mounted in Docker, either by defining volume being r/w or by rebuilding image with your own haproxy.cfg 105 | 4. expose dataplane TCP port in Docker with `--expose` 106 | 107 | Relevant part of haproxy.cfg is below: 108 | 109 | ``` 110 | userlist haproxy-dataplaneapi 111 | user admin insecure-password mypassword 112 | 113 | program api 114 | command /usr/bin/dataplaneapi --host 0.0.0.0 --port 5555 --haproxy-bin /usr/sbin/haproxy --config-file /usr/local/etc/haproxy/haproxy.cfg --reload-cmd "kill -SIGUSR2 1" --restart-cmd "kill -SIGUSR2 1" --reload-delay 5 --userlist haproxy-dataplaneapi 115 | no option start-on-reload 116 | ``` 117 | 118 | To run such image we would use the following command (note that volume containing haproxy.cfg is mounted r/w and port tcp/5555 is being exposed): 119 | 120 | ```console 121 | $ docker run -d --name my-running-haproxy --expose 5555 -v /path/to/etc/haproxy:/usr/local/etc/haproxy:rw haproxytech/haproxy-alpine-quic 122 | ``` 123 | 124 | # License 125 | 126 | View [license information](https://raw.githubusercontent.com/haproxy/haproxy/master/LICENSE) for the software contained in this image. 127 | 128 | As with all Docker images, these likely also contain other software which may be under other licenses (such as Bash, etc from the base distribution, along with any direct or indirect dependencies of the primary software being contained). 129 | -------------------------------------------------------------------------------- /README_short.md: -------------------------------------------------------------------------------- 1 | # Quick reference 2 | 3 | - **Where to get help**: 4 | [HAProxy mailing list](mailto:haproxy@formilux.org), [HAProxy Community Slack](https://slack.haproxy.org/) or [#haproxy on Libera.chat](irc://irc.libera.chat/%23haproxy) 5 | 6 | - **Where to file issues**: 7 | [https://github.com/haproxytech/haproxy-docker-alpine-quic/issues](https://github.com/haproxytech/haproxy-docker-alpine-quic/issues) 8 | 9 | - **Maintained by**: 10 | [HAProxy Technologies](https://github.com/haproxytech) 11 | 12 | - **Supported architectures**: ([more info](https://github.com/docker-library/official-images#architectures-other-than-amd64)) 13 | `linux/amd64`, `linux/arm64`, `linux/arm/v6`, `linux/arm/v7` 14 | 15 | - **Image updates**: 16 | [commits to `haproxytech/haproxy-docker-alpine-quic`](https://github.com/haproxytech/haproxy-docker-alpine-quic/commits/main), [top level `haproxytech/haproxy-docker-alpine-quic` image folder](https://github.com/haproxytech/haproxy-docker-alpine-quic) 17 | 18 | - **Source of this description**: 19 | [README.md](https://github.com/haproxytech/haproxy-docker-alpine-quic/blob/main/README.md) 20 | 21 | # What is HAProxy? 22 | 23 | HAProxy is the fastest and most widely used open-source load balancer and application delivery controller. Written in C, it has a reputation for efficient use of both processor and memory. It can proxy at either layer 4 (TCP) or layer 7 (HTTP) and has additional features for inspecting, routing and modifying HTTP messages. 24 | 25 | It comes bundled with a web UI, called the HAProxy Stats page, that you can use to monitor error rates, the volume of traffic and latency. Features can be toggled on by updating a single configuration file, which provides a syntax for defining routing rules, rate limiting, access controls, and more. 26 | 27 | Other features include: 28 | 29 | - SSL/TLS termination 30 | - Gzip compression 31 | - Health checking 32 | - HTTP/2 33 | - gRPC support 34 | - Lua scripting 35 | - DNS service discovery 36 | - Automatic retries of failed conenctions 37 | - Verbose logging 38 | 39 | ![logo](https://www.haproxy.org/img/HAProxyCommunityEdition_60px.png) 40 | 41 | # How to use this image 42 | 43 | This image is being shipped with a trivial sample configuration and for any real life use it should be configured according to the [extensive documentation](https://docs.haproxy.org/) and [examples](https://github.com/haproxy/haproxy/tree/master/examples). We will now show how to override shipped haproxy.cfg with one of your own. 44 | 45 | ## Create a `Dockerfile` 46 | 47 | ```dockerfile 48 | FROM haproxytech/haproxy-alpine-quic:3.0 49 | COPY haproxy.cfg /usr/local/etc/haproxy/haproxy.cfg 50 | ``` 51 | 52 | ## Build the container 53 | 54 | ```console 55 | $ docker build -t my-haproxy . 56 | ``` 57 | 58 | ## Test the configuration file 59 | 60 | ```console 61 | $ docker run -it --rm my-haproxy haproxy -c -f /usr/local/etc/haproxy/haproxy.cfg 62 | ``` 63 | 64 | ## Run the container 65 | 66 | ```console 67 | $ docker run -d --name my-running-haproxy my-haproxy 68 | ``` 69 | 70 | You will also need to publish the ports your HAProxy is listening on to the host by specifying the `-p` option, for example `-p 8080:80` to publish port 8080 from the container host to port 80 in the container. 71 | 72 | ## Use volume for configuration persistency 73 | 74 | ```console 75 | $ docker run -d --name my-running-haproxy -v /path/to/etc/haproxy:/usr/local/etc/haproxy:ro haproxytech/haproxy-alpine-quic:3.0 76 | ``` 77 | 78 | Note that your host's `/path/to/etc/haproxy` folder should be populated with a file named `haproxy.cfg` as well as any other accompanying files local to `/etc/haproxy`. 79 | 80 | ## Reloading config 81 | 82 | To be able to reload HAProxy configuration, you can send `SIGUSR2` to the container: 83 | 84 | ```console 85 | $ docker kill -s USR2 my-running-haproxy 86 | ``` 87 | 88 | ## Enable Data Plane API 89 | 90 | [Data Plane API](https://www.haproxy.com/documentation/hapee/2-7r1/api/data-plane-api/) sidecar is being distributed by default in all 2.0+ images and to enable it there are a few steps required: 91 | 92 | 1. define one or more users through `userlist` 93 | 2. enable dataplane api process through `program api` 94 | 3. enable haproxy.cfg to be read/write mounted in Docker, either by defining volume being r/w or by rebuilding image with your own haproxy.cfg 95 | 4. expose dataplane TCP port in Docker with `--expose` 96 | 97 | Relevant part of haproxy.cfg is below: 98 | 99 | ``` 100 | userlist haproxy-dataplaneapi 101 | user admin insecure-password mypassword 102 | 103 | program api 104 | command /usr/bin/dataplaneapi --host 0.0.0.0 --port 5555 --haproxy-bin /usr/sbin/haproxy --config-file /usr/local/etc/haproxy/haproxy.cfg --reload-cmd "kill -SIGUSR2 1" --restart-cmd "kill -SIGUSR2 1" --reload-delay 5 --userlist haproxy-dataplaneapi 105 | no option start-on-reload 106 | ``` 107 | 108 | To run such image we would use the following command (note that volume containing haproxy.cfg is mounted r/w and port tcp/5555 is being exposed): 109 | 110 | ```console 111 | $ docker run -d --name my-running-haproxy --expose 5555 -v /path/to/etc/haproxy:/usr/local/etc/haproxy:rw haproxytech/haproxy-alpine-quic 112 | ``` 113 | 114 | # License 115 | 116 | View [license information](https://raw.githubusercontent.com/haproxy/haproxy/master/LICENSE) for the software contained in this image. 117 | 118 | As with all Docker images, these likely also contain other software which may be under other licenses (such as Bash, etc from the base distribution, along with any direct or indirect dependencies of the primary software being contained). 119 | -------------------------------------------------------------------------------- /build.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | DOCKER_TAG="haproxytech/haproxy-alpine-quic" 4 | HAPROXY_GITHUB_URL="https://github.com/haproxytech/haproxy-docker-alpine-quic/blob/main" 5 | HAPROXY_BRANCHES="2.6 2.8 2.9 3.0 3.1 3.2 3.3" 6 | HAPROXY_CURRENT_BRANCH="3.2" 7 | PUSH="no" 8 | HAPROXY_UPDATED="" 9 | 10 | for i in $HAPROXY_BRANCHES; do 11 | echo "Building HAProxy $i" 12 | 13 | DOCKERFILE="$i/Dockerfile" 14 | HAPROXY_MINOR_OLD=$(awk '/^ENV HAPROXY_MINOR/ {print $NF}' "$DOCKERFILE") 15 | DATAPLANE_MINOR_OLD=$(awk '/^ENV DATAPLANE_MINOR/ {print $NF}' "$DOCKERFILE") 16 | 17 | ./update.sh "$i" || continue 18 | 19 | HAPROXY_MINOR=$(awk '/^ENV HAPROXY_MINOR/ {print $NF}' "$DOCKERFILE") 20 | DATAPLANE_MINOR=$(awk '/^ENV DATAPLANE_MINOR/ {print $NF}' "$DOCKERFILE") 21 | 22 | if [ "x$1" != "xforce" ]; then 23 | if [ \( "$HAPROXY_MINOR_OLD" = "$HAPROXY_MINOR" \) -a \( "$DATAPLANE_MINOR_OLD" = "$DATAPLANE_MINOR" \) ]; then 24 | echo "No new releases, not building $i branch" 25 | continue 26 | fi 27 | fi 28 | 29 | PUSH="yes" 30 | HAPROXY_UPDATED="$HAPROXY_UPDATED $HAPROXY_MINOR" 31 | 32 | if [ \( "x$1" = "xtest" \) -o \( "x$2" = "xtest" \) ]; then 33 | docker pull $(awk '/^FROM/ {print $2}' "$DOCKERFILE") 34 | 35 | docker build -t "$DOCKER_TAG:$HAPROXY_MINOR" "$i" || \ 36 | (echo "Failure building $DOCKER_TAG:$HAPROXY_MINOR"; exit 1) 37 | docker tag "$DOCKER_TAG:$HAPROXY_MINOR" "$DOCKER_TAG:$i" 38 | 39 | if [ "$i" = "$HAPROXY_CURRENT_BRANCH" ]; then 40 | docker tag "$DOCKER_TAG:$HAPROXY_MINOR" "$DOCKER_TAG:latest" 41 | fi 42 | 43 | docker run -it --rm "$DOCKER_TAG:$HAPROXY_MINOR" /usr/local/sbin/haproxy -c -f /usr/local/etc/haproxy/haproxy.cfg || \ 44 | (echo "Failure testing $DOCKER_TAG:$HAPROXY_MINOR"; exit 1) 45 | fi 46 | 47 | git tag -d "$HAPROXY_MINOR" || true 48 | git push origin ":$HAPROXY_MINOR" || true 49 | git commit -a -m "Automated commit triggered by $HAPROXY_MINOR release(s)" || true 50 | git tag "$HAPROXY_MINOR" 51 | git push origin "$HAPROXY_MINOR" 52 | done 53 | 54 | if [ "$PUSH" = "no" ]; then 55 | exit 0 56 | fi 57 | 58 | echo -e "# Supported tags and respective \`Dockerfile\` links\n" > README.md 59 | for i in $(awk '/^ENV HAPROXY_MINOR/ {print $NF}' */Dockerfile| sort -n -r); do 60 | short=$(echo $i | cut -d. -f1-2 |cut -d- -f1) 61 | if [ "$short" = "$HAPROXY_CURRENT_BRANCH" ]; then 62 | if [ "$short" = "$i" ]; then 63 | final="-\t[\`$i\`, \`latest\`]($HAPROXY_GITHUB_URL/$short/Dockerfile)" 64 | else 65 | final="-\t[\`$i\`, \`$short\`, \`latest\`]($HAPROXY_GITHUB_URL/$short/Dockerfile)" 66 | fi 67 | else 68 | if [ "$short" = "$i" ]; then 69 | final="-\t[\`$i\`]($HAPROXY_GITHUB_URL/$short/Dockerfile)" 70 | else 71 | final="-\t[\`$i\`, \`$short\`]($HAPROXY_GITHUB_URL/$short/Dockerfile)" 72 | fi 73 | fi 74 | echo -e "$final" >> README.md 75 | done 76 | echo >> README.md 77 | cat README_short.md >> README.md 78 | 79 | git commit -a -m "README regen triggered by $HAPROXY_UPDATED release(s)" || true 80 | git push 81 | -------------------------------------------------------------------------------- /update.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | set -e 3 | 4 | if test -z "$1"; then 5 | echo "Missing branch as first argument" 6 | exit 1 7 | fi 8 | 9 | if ! test -d "$1"; then 10 | echo "Cannot find $1 dedicated directory" 11 | exit 1 12 | fi 13 | 14 | cd "$1" 15 | 16 | HAPROXY_BRANCH="$1" 17 | DOCKERFILE="Dockerfile" 18 | HAPROXY_SRC_URL="http://www.haproxy.org/download" 19 | 20 | if ! test -f "$DOCKERFILE"; then 21 | echo "Cannot find $DOCKERFILE" 22 | exit 1 23 | fi 24 | 25 | HAPROXY_MINOR=$(curl -sfSL "${HAPROXY_SRC_URL}/${HAPROXY_BRANCH}/src/" 2>/dev/null | \ 26 | grep -o "" | \ 27 | sed -r -e 's!.*"haproxy-([^"/]+)\.tar\.gz".*!\1!' | sort -r -V | head -1) 28 | HAPROXY_SHA256=$(curl -sfSL "${HAPROXY_SRC_URL}/${HAPROXY_BRANCH}/src/haproxy-${HAPROXY_MINOR}.tar.gz.sha256" 2>/dev/null | \ 29 | awk '{print $1}') 30 | 31 | if [ -z "${HAPROXY_MINOR}" ]; then 32 | HAPROXY_MINOR=$(curl -sfSL "${HAPROXY_SRC_URL}/${HAPROXY_BRANCH}/src/devel/" 2>/dev/null | \ 33 | grep -o "" | \ 34 | sed -r -e 's!.*"haproxy-([^"/]+)\.tar\.gz".*!\1!' | sort -r -V | head -1) 35 | HAPROXY_SHA256=$(curl -sfSL "${HAPROXY_SRC_URL}/${HAPROXY_BRANCH}/src/devel/haproxy-${HAPROXY_MINOR}.tar.gz.sha256" | \ 36 | awk '{print $1}') 37 | fi 38 | 39 | if [ -z "${HAPROXY_MINOR}" ]; then 40 | echo "Could not identify latest HAProxy release for ${HAPROXY_BRANCH} branch" 41 | exit 1 42 | fi 43 | 44 | if [ -z "${HAPROXY_SHA256}" ]; then 45 | echo "Could not get SHA256 for HAProxy release ${HAPROXY_MINOR}" 46 | exit 1 47 | fi 48 | 49 | DATAPLANE_SRC_URL="https://api.github.com/repos/haproxytech/dataplaneapi/releases/latest" 50 | DATAPLANE_MINOR=$(curl -sfSL "$DATAPLANE_SRC_URL" | \ 51 | grep '"tag_name":' | \ 52 | sed -E 's/.*"v?([^"]+)".*/\1/') 53 | 54 | if [ -z "${DATAPLANE_MINOR}" ]; then 55 | echo "Could not identify latest HAProxy Dataplane release" 56 | exit 1 57 | fi 58 | 59 | DATAPLANE_SRC_URL="https://api.github.com/repos/haproxytech/dataplaneapi/releases" 60 | DATAPLANE_V2_MINOR=$(curl -sfSL "$DATAPLANE_SRC_URL" | \ 61 | grep '"tag_name":.*"v2' | \ 62 | sed -E 's/.*"v?([^"]+)".*/\1/' | \ 63 | sort -V | \ 64 | tail -1 65 | ) 66 | 67 | OPENSSL_SRC_URL="https://api.github.com/repos/quictls/openssl/releases" 68 | OPENSSL_MINOR=$(curl -sfSL "$OPENSSL_SRC_URL" | \ 69 | grep '"tag_name":' | \ 70 | grep '1_1_1' | \ 71 | head -1 | \ 72 | sed -E 's/.*"v?([^"]+)".*/\1/') 73 | 74 | if [ -z "${OPENSSL_MINOR}" ]; then 75 | echo "Could not identify latest QUICTLS release" 76 | exit 1 77 | fi 78 | 79 | sed -r -i -e "s!^(ENV HAPROXY_SRC_URL) .*!\1 ${HAPROXY_SRC_URL}!; 80 | s!^(ENV HAPROXY_BRANCH) .*!\1 ${HAPROXY_BRANCH}!; 81 | s!^(ENV HAPROXY_MINOR) .*!\1 ${HAPROXY_MINOR}!; 82 | s!^(LABEL Version) .*!\1 ${HAPROXY_MINOR}!; 83 | s!^(ENV HAPROXY_SHA256) .*!\1 ${HAPROXY_SHA256}! 84 | s!^(ENV DATAPLANE_MINOR) .*!\1 ${DATAPLANE_MINOR}! 85 | s!^(ENV DATAPLANE_V2_MINOR) .*!\1 ${DATAPLANE_V2_MINOR}! 86 | s!^(ENV OPENSSL_MINOR) .*!\1 ${OPENSSL_MINOR}!" \ 87 | "$DOCKERFILE" 88 | --------------------------------------------------------------------------------