haproxy-script/Dockerfile at main · MystixCode/haproxy-script · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
FROM debian:bookworm-slim

# Specify Bash as the default shell
SHELL ["/bin/bash", "-c"]

#Copy everything except things in .dockerignore
COPY --chown=haproxy:haproxy ./ /

RUN set -eux; \
# Create user
groupadd --gid 666 --system haproxy; \
useradd \
--gid haproxy \
--home-dir /var/lib/haproxy \
--no-create-home \
--system \
--uid 666 \
haproxy; \
# Install packages
apt-get -qq update; \
apt-get -yqq dist-upgrade; \
apt-get -yqq install \
apt-utils \
apt-transport-https \
ca-certificates \
curl \
gnupg \
certbot \
wget \
socat \
cron; \
# Add haproxy apt repo
curl https://haproxy.debian.net/bernat.debian.org.gpg | gpg --dearmor \
> /usr/share/keyrings/haproxy.debian.net.gpg; \
echo deb "[signed-by=/usr/share/keyrings/haproxy.debian.net.gpg]" http://haproxy.debian.net bookworm-backports-2.8 main \
> /etc/apt/sources.list.d/haproxy.list; \
# Install haproxy
apt-get -qq update; \
apt-get -yqq dist-upgrade; \
apt-get -yqq install haproxy=2.8.\*; \
# Socket dir
#mkdir -p /usr/local/run/haproxy; \
chown -R haproxy:haproxy /usr/local/run/haproxy; \
# Add cron jobs
chmod 0644 /etc/cron.d/ocsp-cron && crontab /etc/cron.d/ocsp-cron; \
chmod 0644 /etc/cron.d/renew-cron && crontab /etc/cron.d/renew-cron; \
# Generate diffie helmann
if [ ! -f /usr/local/etc/haproxy/dhparams.pem ]; then openssl dhparam -out "/usr/local/etc/haproxy/dhparams.pem" 4096; fi; \
# Permission
chmod a+x /usr/local/bin/docker-entrypoint.sh; \
chown -R haproxy:haproxy /usr/local/etc/certbot; \
chown -R haproxy:haproxy /usr/local/etc/haproxy

USER haproxy
WORKDIR /var/lib/haproxy

ENTRYPOINT ["docker-entrypoint.sh"]
CMD ["haproxy", "-f", "/usr/local/etc/haproxy/haproxy.cfg"]