Public | Automated Build

Last pushed: 4 days ago
Short Description
A fork of the official haproxy image (v1.6.13), but compiled with OpenSSL 1.0.2l for ALPN support.
Full Description


A fork of the official HAProxy Docker image with a newer OpenSSL so we can use ALPN for HTTP/2. Only version HAProxy 1.6 is built.


The usage is identical to the original, see
With the obvious exception that the image name should be arienkock/haproxy-alpn.


As the official image README suggests, using signals you can reload the configuration for near-zero-downtime updates. However, !!!IMPORTANT!!!: if you mount the haproxy .cfg file as a file mount instead of a directory mount in Docker, changes will not be reflected and reloading will simply pick up the old config. That's because the container gets a COPY of the file if you mount a file rather than a directory containing the cfg file. Here is an example Systemd service file you can use (notice the ExecReload line).


ExecStart=/usr/bin/docker run --rm --name %n -t \
  -p 80:80 -p 443:443 \
  -v /etc/haproxy:/usr/local/etc/haproxy \
ExecReload=/usr/bin/docker kill -s HUP %n
ExecStop=/usr/bin/docker stop -t 10 %n
ExecStopPost=/usr/bin/docker rm -f %n


OpenSSL version

Built with OpenSSL 1.0.2h as can be seen by running:

$ docker run --rm arienkock/haproxy-alpn haproxy -vv
HA-Proxy version 1.6.11 2016/12/25
Copyright 2000-2016 Willy Tarreau <>

Build options :
  TARGET  = linux2628
  CPU     = generic
  CC      = gcc
  CFLAGS  = -O2 -g -fno-strict-aliasing -Wdeclaration-after-statement

Default settings :
  maxconn = 2000, bufsize = 16384, maxrewrite = 1024, maxpollevents = 200

Encrypted password support via crypt(3): yes
Built with zlib version : 1.2.8
Running on zlib version : 1.2.8
Compression algorithms supported : identity("identity"), deflate("deflate"), raw-deflate("deflate"), gzip("gzip")
Built with OpenSSL version : OpenSSL 1.0.2k  26 Jan 2017
Running on OpenSSL version : OpenSSL 1.0.2k  26 Jan 2017
OpenSSL library supports TLS extensions : yes
OpenSSL library supports SNI : yes
OpenSSL library supports prefer-server-ciphers : yes
Built with PCRE version : 8.35 2014-04-04
Running on PCRE version : 8.35 2014-04-04
PCRE library supports JIT : yes
Built without Lua support
Built with transparent proxy support using: IP_TRANSPARENT IPV6_TRANSPARENT IP_FREEBIND

Available polling systems :
      epoll : pref=300,  test result OK
       poll : pref=200,  test result OK
     select : pref=150,  test result OK
Total: 3 (3 usable), will use epoll.

<7>haproxy-systemd-wrapper: executing /usr/local/sbin/haproxy -p /run/ -vv -Ds
<5>haproxy-systemd-wrapper: exit, haproxy RC=0
Docker Pull Command
Source Repository