add haproxy alpine

rwlxxvii · Dec 11, 2023 · 65de82f · 65de82f
1 parent 826ddde
commit 65de82f
Show file tree

Hide file tree

Showing 2 changed files with 103 additions and 0 deletions.
diff --git a/auth/authentik/haproxy/Dockerfile b/auth/authentik/haproxy/Dockerfile
@@ -0,0 +1,86 @@
+# syntax=docker/dockerfile:1
+# haproxy: a free, very fast and reliable reverse-proxy offering high availability, load balancing, and proxying for TCP and HTTP-based applications.
+
+ARG repo="docker.io" \
+ base_image="alpine:3.19" \
+ image_hash="13b7e62e8df80264dbb747995705a986aa530415763a6c58f84a3ca8af9a5bcd"
+
+FROM ${repo}/${base_image}@sha256:${image_hash}
+
+RUN set -eux; \
+ addgroup --gid 99 --system haproxy; \
+ adduser \
+ --disabled-password \
+ --home /var/lib/haproxy \
+ --ingroup haproxy \
+ --no-create-home \
+ --system \
+ --uid 99 \
+ haproxy; \
+ \
+ mkdir /var/lib/haproxy; \
+ chown haproxy:haproxy /var/lib/haproxy
+
+ENV HAPROXY_VERSION 2.9.0
+ENV HAPROXY_URL https://www.haproxy.org/download/2.9/src/haproxy-2.9.0.tar.gz
+ENV HAPROXY_SHA256 fba18acd1a46337fe20ae07c816c2496c8602b80a1bc9ff3768d4caa5fb80eab
+
+RUN set -eux; \
+ apk add --no-cache --virtual .build-deps \
+ gcc \
+ libc-dev \
+ linux-headers \
+ lua5.3-dev \
+ make \
+ openssl \
+ openssl-dev \
+ pcre2-dev \
+ readline-dev \
+ tar; \
+ \
+ wget -O haproxy.tar.gz "$HAPROXY_URL"; \
+ echo "$HAPROXY_SHA256 *haproxy.tar.gz" | sha256sum -c; \
+ mkdir -p /usr/src/haproxy; \
+ tar -xzf haproxy.tar.gz -C /usr/src/haproxy --strip-components=1; \
+ rm haproxy.tar.gz; \
+ \
+ makeOpts=' \
+ TARGET=linux-musl \
+ USE_GETADDRINFO=1 \
+ USE_LUA=1 LUA_INC=/usr/include/lua5.3 LUA_LIB=/usr/lib/lua5.3 \
+ USE_OPENSSL=1 \
+ USE_PCRE2=1 USE_PCRE2_JIT=1 \
+ USE_PROMEX=1 \
+ \
+ EXTRA_OBJS=" \
+ " \
+ '; \
+ \
+ nproc="$(getconf _NPROCESSORS_ONLN)"; \
+ eval "make -C /usr/src/haproxy -j '$nproc' all $makeOpts"; \
+ eval "make -C /usr/src/haproxy install-bin $makeOpts"; \
+ \
+ mkdir -p /usr/local/etc/haproxy; \
+ cp -R /usr/src/haproxy/examples/errorfiles /usr/local/etc/haproxy/errors; \
+ rm -rf /usr/src/haproxy; \
+ \
+ runDeps="$( \
+ scanelf --needed --nobanner --format '%n#p' --recursive /usr/local \
+ | tr ',' '\n' \
+ | sort -u \
+ | awk 'system("[ -e /usr/local/lib/" $1 " ]") == 0 { next } { print "so:" $1 }' \
+ )"; \
+ apk add --no-network --virtual .haproxy-rundeps $runDeps; \
+ apk del --no-network .build-deps; \
+ \
+# smoke test
+ haproxy -v
+
+STOPSIGNAL SIGUSR1
+
+COPY --chmod=755 entrypoint.sh /usr/local/bin/
+
+USER haproxy
+WORKDIR /var/lib/haproxy
+ENTRYPOINT [ "entrypoint.sh" ]
+CMD [ "haproxy", "-f", "/usr/local/etc/haproxy/haproxy.cfg" ]
diff --git a/auth/authentik/haproxy/entrypoint.sh b/auth/authentik/haproxy/entrypoint.sh
@@ -0,0 +1,17 @@
+#!/bin/sh
+set -e
+
+# first arg is `-f` or `--some-option`
+if [ "${1#-}" != "$1" ]; then
+ set -- haproxy "$@"
+fi
+
+if [ "$1" = 'haproxy' ]; then
+ shift # "haproxy"
+ # if the user wants "haproxy", let's add a couple useful flags
+ # -W -- "master-worker mode" (similar to the old "haproxy-systemd-wrapper"; allows for reload via "SIGUSR2")
+ # -db -- disables background mode
+ set -- haproxy -W -db "$@"
+fi
+
+exec "$@"