forked from ricardbejarano/haproxy
-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathDockerfile
More file actions
64 lines (59 loc) · 2.58 KB
/
Dockerfile
File metadata and controls
64 lines (59 loc) · 2.58 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
FROM docker.io/alpine:3 AS build-base
RUN apk add \
build-base \
linux-headers \
perl
FROM build-base AS build-openssl
WORKDIR /tmp/openssl
ARG OPENSSL_VERSION="3.6.1"
ADD --checksum=sha256:b1bfedcd5b289ff22aee87c9d600f515767ebf45f77168cb6d64f231f518a82e https://github.com/openssl/openssl/releases/download/openssl-$OPENSSL_VERSION/openssl-$OPENSSL_VERSION.tar.gz /tmp/openssl.tar.gz
RUN tar -xzvf /tmp/openssl.tar.gz --strip-components=1 \
&& ./config --prefix=/opt/openssl --no-shared \
&& make -j"$(nproc)" \
&& make install
FROM build-base AS build-pcre
WORKDIR /tmp/pcre
ARG PCRE_VERSION="10.47"
ADD --checksum=sha256:c08ae2388ef333e8403e670ad70c0a11f1eed021fd88308d7e02f596fcd9dc16 https://github.com/PCRE2Project/pcre2/releases/download/pcre2-$PCRE_VERSION/pcre2-$PCRE_VERSION.tar.gz /tmp/pcre.tar.gz
RUN tar -xzvf /tmp/pcre.tar.gz --strip-components=1 \
&& ./configure --prefix=/opt/pcre --disable-shared --enable-static \
&& make -j"$(nproc)" \
&& make install
FROM build-base AS build-zlib
WORKDIR /tmp/zlib
ARG ZLIB_VERSION="1.3.2"
ADD --checksum=sha256:bb329a0a2cd0274d05519d61c667c062e06990d72e125ee2dfa8de64f0119d16 https://zlib.net/zlib-$ZLIB_VERSION.tar.gz /tmp/zlib.tar.gz
RUN tar -xzvf /tmp/zlib.tar.gz --strip-components=1 \
&& ./configure --prefix=/opt/zlib --static \
&& make -j"$(nproc)" \
&& make install
FROM build-base AS build
RUN apk add \
ca-certificates
WORKDIR /tmp/haproxy
ADD --checksum=sha256:e69cb5dc59e4eb1ff72bcebf30d55f0919803c686e428c0c3a5903f2cf7c1fb6 https://www.haproxy.org/download/3.3/src/haproxy-3.3.6.tar.gz /tmp/haproxy.tar.gz
RUN tar -xzvf /tmp/haproxy.tar.gz --strip-components=1
COPY --from=build-openssl /opt/openssl ./openssl
COPY --from=build-pcre /opt/pcre ./pcre
COPY --from=build-zlib /opt/zlib ./zlib
RUN make \
-j"$(nproc)" \
TARGET='linux-musl' \
LDFLAGS='-static' \
USE_OPENSSL='1' SSL_INC='openssl/include' SSL_LIB='openssl/lib64' \
USE_PCRE2='1' PCRE2_INC='pcre/include' PCRE2_LIB='pcre/lib' \
USE_ZLIB='1' ZLIB_INC='zlib/include' ZLIB_LIB='zlib/lib'
RUN mkdir /rootfs \
&& mkdir /rootfs/bin \
&& cp /tmp/haproxy/haproxy /rootfs/bin/ \
&& mkdir /rootfs/etc \
&& echo 'nogroup:*:10000:nobody' > /rootfs/etc/group \
&& echo 'nobody:*:10000:10000:::' > /rootfs/etc/passwd \
&& mkdir -p /rootfs/etc/ssl/certs \
&& cp /etc/ssl/certs/ca-certificates.crt /rootfs/etc/ssl/certs/
FROM scratch
COPY --from=build --chown=10000:10000 /rootfs /
USER 10000:10000
STOPSIGNAL SIGUSR1
ENTRYPOINT ["/bin/haproxy"]
CMD ["-W", "-f", "/etc/haproxy/haproxy.cfg"]