|
1 | | -FROM rockylinux:latest |
| 1 | +FROM debian:12 |
2 | 2 |
|
3 | | -ENV HAPROXY_MJR_VERSION=2.4 \ |
4 | | - HAPROXY_VERSION=2.4.16 \ |
| 3 | +ENV HAPROXY_MJR_VERSION=2.8 \ |
| 4 | + HAPROXY_VERSION=2.8.1 \ |
5 | 5 | HAPROXY_CONFIG='/etc/haproxy/haproxy.cfg' \ |
6 | 6 | HAPROXY_ADDITIONAL_CONFIG='' \ |
7 | 7 | HAPROXY_PRE_RESTART_CMD='' \ |
8 | 8 | HAPROXY_POST_RESTART_CMD='' \ |
9 | | - OPENSSL_VERSION=3.0.2 |
| 9 | + OPENSSL_VERSION=3.1.1 |
10 | 10 |
|
11 | 11 | RUN \ |
12 | | - yum install -y epel-release && \ |
13 | | - yum update -y && \ |
| 12 | + apt update && \ |
14 | 13 | `# Install build tools. Note: perl needed to compile openssl...` \ |
15 | | - yum install -y \ |
| 14 | + apt install -y \ |
16 | 15 | inotify-tools \ |
17 | 16 | wget \ |
18 | 17 | tar \ |
19 | 18 | gzip \ |
20 | 19 | make \ |
21 | 20 | gcc \ |
22 | 21 | perl \ |
23 | | - pcre-devel \ |
24 | | - zlib-devel \ |
| 22 | + libpcre3-dev \ |
| 23 | + zlib1g-dev \ |
25 | 24 | iptables \ |
26 | 25 | socat \ |
27 | | - nc \ |
| 26 | + netcat-traditional \ |
28 | 27 | telnet \ |
29 | 28 | mtr && \ |
30 | 29 | `# Install newest openssl...` \ |
31 | 30 | wget -O /tmp/openssl.tgz https://www.openssl.org/source/openssl-${OPENSSL_VERSION}.tar.gz && \ |
32 | 31 | tar -zxf /tmp/openssl.tgz -C /tmp && \ |
33 | 32 | cd /tmp/openssl-* && \ |
34 | 33 | ./config \ |
35 | | - --openssldir=/etc/pki/tls \ |
| 34 | + --openssldir=/etc/ssl \ |
36 | 35 | no-shared zlib-dynamic && \ |
37 | 36 | make -j$(getconf _NPROCESSORS_ONLN) V= && make install_sw && \ |
38 | 37 | cd && rm -rf /tmp/openssl* && \ |
39 | 38 | wget -O /tmp/haproxy.tgz http://www.haproxy.org/download/${HAPROXY_MJR_VERSION}/src/haproxy-${HAPROXY_VERSION}.tar.gz && \ |
40 | 39 | tar -zxvf /tmp/haproxy.tgz -C /tmp && \ |
41 | 40 | cd /tmp/haproxy-* && \ |
42 | 41 | make \ |
43 | | - -j$(getconf _NPROCESSORS_ONLN) V= \ |
44 | | - TARGET=linux-glibc \ |
45 | | - USE_LINUX_TPROXY=1 \ |
46 | | - USE_ZLIB=1 \ |
47 | | - USE_REGPARM=1 \ |
48 | | - USE_PCRE=1 \ |
49 | | - USE_PCRE_JIT=1 \ |
50 | | - USE_OPENSSL=1 \ |
51 | | - ADDLIB=-ldl \ |
52 | | - ADDLIB=-lpthread && make install && \ |
| 42 | + -j$(getconf _NPROCESSORS_ONLN) V= \ |
| 43 | + TARGET=linux-glibc \ |
| 44 | + USE_LINUX_TPROXY=1 \ |
| 45 | + USE_ZLIB=1 \ |
| 46 | + USE_REGPARM=1 \ |
| 47 | + USE_PCRE=1 \ |
| 48 | + USE_PCRE_JIT=1 \ |
| 49 | + USE_OPENSSL=1 \ |
| 50 | + ADDLIB=-ldl \ |
| 51 | + ADDLIB=-lpthread && make install && \ |
53 | 52 | rm -rf /tmp/haproxy* && \ |
54 | 53 | mkdir -p /var/lib/haproxy && \ |
55 | | - groupadd haproxy && adduser haproxy -g haproxy && chown -R haproxy:haproxy /var/lib/haproxy && \ |
56 | | - openssl genrsa -out /etc/pki/tls/dummy.key 2048 && \ |
57 | | - openssl req -new -key /etc/pki/tls/dummy.key -out /etc/pki/tls/dummy.csr -subj "/C=GB/L=London/O=Company Ltd/CN=haproxy" && \ |
58 | | - openssl x509 -req -days 3650 -in /etc/pki/tls/dummy.csr -signkey /etc/pki/tls/dummy.key -out /etc/pki/tls/dummy.crt && \ |
59 | | - cat /etc/pki/tls/dummy.crt /etc/pki/tls/dummy.key > /etc/pki/tls/dummy.pem && \ |
60 | | - yum remove -y make gcc pcre-devel && \ |
61 | | - yum clean all && rm -rf /var/cache/yum |
| 54 | + adduser --no-create-home --disabled-password --gecos "" haproxy && adduser haproxy haproxy && chown -R haproxy:haproxy /var/lib/haproxy && \ |
| 55 | + mkdir -p /etc/pki/tls && \ |
| 56 | + openssl genrsa -out /etc/ssl/private/dummy.key 2048 && \ |
| 57 | + openssl req -new -key /etc/ssl/private/dummy.key -out /etc/ssl/private/dummy.csr -subj "/C=GB/L=London/O=Company Ltd/CN=haproxy" && \ |
| 58 | + openssl x509 -req -days 3650 -in /etc/ssl/private/dummy.csr -signkey /etc/ssl/private/dummy.key -out /etc/ssl/private/dummy.crt && \ |
| 59 | + cat /etc/ssl/private/dummy.crt /etc/ssl/private/dummy.key > /etc/ssl/private/dummy.pem && \ |
| 60 | + apt remove -y make gcc libpcre3-dev && \ |
| 61 | + apt clean -y |
62 | 62 |
|
63 | 63 | COPY container-files / |
64 | 64 |
|
|
0 commit comments