Public Repository

Last pushed: 20 days ago
Short Description
Alpine Linux v3.6 with HAProxy v7.8 installed at /usr/sbin/haproxy. 12MB.
Full Description

A handy basic image comprising of (v6 and v7);

  • Alpine Linux v3.6. A security-oriented, lightweight Linux distribution based on musl libc and BusyBox.
  • HAProxy v1.7.8 listening on port 8080 with a backend of localhost:80. See here for an Apache image that will meet this backend web server role.
  • LibreSSL v2.5.5 should you want to make use of a custom configuration and TLS.
  • Curl v7.56 and tcpdump v4.9.2 for troubleshooting etc.

For previous tag v5:

  • Alpine Linux v3.5
  • HAProxy v1.7.5
  • LibreSSL v2.5.4

Usage

I'd expect you use this image as a simple web server proxy that can be quickly modified, if required, via volume mounts.

To replace the HAProxy configuration file with your own, mount a volume to /etc/haproxy/ which contains your own haproxy.cfg. Alternatively mount just the file.

To place SSL/TLS certificates in the default location, mount a volume to /etc/ssl/private/ which contains the necessary files.

HAProxy Notes

The following headers are added to responses if not already present;

  • X-Frame-Options SAMEORIGIN
  • X-XSS-Protection 1; mode=block
  • X-Content-Type-Options nosniff
  • Strict-Transport-Security max-age=31536000; includeSubDomains
  • Referrer-Policy no-referrer
  • Content-Security-Policy upgrade-insecure-requests (from v7)
  • Expect-CT enforce; max-age=86400 (from v7)

The following are removed;

  • Server
  • X-Powered-By

The Init/Entrypoint Script

HAProxy is started via the /usr/bin/haproxy.sh script, which runs as PID1;

  • By default four haproxy threads are started. These can be displayed using the ps -e command
  • The /etc/haproxy/haproxy.cfg script is displayed by the scipt on start-up via STDOUT, as is the HAProxy version
  • The KILL signal, as sent by the docker stop command by default, is 'trapped' by the script and will stop the container
  • Failure, or a manual KILL of the httpd process(es) will result in the container stopping/failing - which allows for container automation and orchestration systems to re-launch or re-start the container

On the downside, you can't restart the process(es).

Pulling

Use this command to pull the image manually and before runtime:

sudo docker pull itsthenetwork/alpine-haproxy:latest

Runtime

This command will start the container non-interactively, using host networking mode; thus port 8080 will be used on the localhost (note there is no need for privileged mode):

sudo docker run -d --net=host --name haproxy itsthenetwork/alpine-haproxy:latest

If you'd rather use the default bridge mode networking and map a port from your host to the container, use something like this:

sudo docker run -d -p 5010:8080 --name haproxy itsthenetwork/alpine-haproxy:latest

Networking

As long as you are using host mode networking as specified above, you can confirm the container and HAProxy within it is listening on port 8080 using this command:

ss -ltn

Alternatively on old/bare/BusyBox systems use:

netstat -ltn

Inspection

You can 'attach' to your container like so (assuming you used the run command and --name parameter above):

docker exec -it haproxy sh

You can view the container's logs like so (assuming you used the run command and --name parameter above):

sudo docker logs haproxy

Hygiene

Stop and remove the container like so (assuming you used the run command and --name parameter above):

docker stop haproxy; docker rm haproxy

To save performing the remove step add --rm=true to your docker run command and remove the -d parameter. This will result in:

sudo docker run --rm=true --net=host --name haproxy itsthenetwork/alpine-haproxy:latest

Additional Packages

If you wanted to install additional packages and build your own image based upon this one you'd start your Dockerfile like this:

FROM itsthenetwork/alpine-haproxy:latest

RUN apk -add U -v package_name package_name

...

Base Dockerfile

The Dockerfile used to create this image is available at the root of the file system, here it is anyway:

FROM alpine:latest
MAINTAINER Steven Iveson <steve@iveson.eu>
LABEL maintainer "Steven Iveson <steve@iveson.eu>"
COPY Dockerfile /Dockerfile

RUN echo "http://nl.alpinelinux.org/alpine/edge/testing" > /etc/apk/repositories && \
echo "http://nl.alpinelinux.org/alpine/edge/main" >> /etc/apk/repositories && \
apk add -U -v haproxy openssl && \
rm -rf /var/cache/apk/* /tmp/*

COPY haproxy.cfg /etc/haproxy/haproxy.cfg
COPY errorfiles/* /etc/haproxy/
COPY haproxy.sh /usr/bin/haproxy.sh

RUN chmod +x /usr/bin/haproxy.sh

ENTRYPOINT ["/usr/bin/haproxy.sh"]
Docker Pull Command
Owner
itsthenetwork