Public Repository

Last pushed: 9 months ago
Short Description
Alpine Linux v3.6 with HAProxy v7.8 installed at /usr/sbin/haproxy. 12MB.
Full Description

A handy basic image by Steven Iveson, comprising of (v6 and v7);

  • Alpine Linux v3.6. A security-oriented, lightweight Linux distribution based on musl libc and BusyBox.
  • HAProxy v1.7.8 listening on port 8080 with a backend of localhost:80. See here for an Apache image that will meet this backend web server role.
  • LibreSSL v2.5.5 should you want to make use of a custom configuration and TLS.
  • Curl v7.56 and tcpdump v4.9.2 for troubleshooting etc.

For previous tag v5:

  • Alpine Linux v3.5
  • HAProxy v1.7.5
  • LibreSSL v2.5.4


I'd expect you use this image as a simple web server proxy that can be quickly modified, if required, via volume mounts.

To replace the HAProxy configuration file with your own, mount a volume to /etc/haproxy/ which contains your own haproxy.cfg. Alternatively mount just the file.

To place SSL/TLS certificates in the default location, mount a volume to /etc/ssl/private/ which contains the necessary files.

HAProxy Notes

The following headers are added to responses if not already present;

  • X-Frame-Options SAMEORIGIN
  • X-XSS-Protection 1; mode=block
  • X-Content-Type-Options nosniff
  • Strict-Transport-Security max-age=31536000; includeSubDomains
  • Referrer-Policy no-referrer
  • Content-Security-Policy upgrade-insecure-requests (from v7)
  • Expect-CT enforce; max-age=86400 (from v7)

The following are removed;

  • Server
  • X-Powered-By

The Init/Entrypoint Script

HAProxy is started via the /usr/bin/ script, which runs as PID1;

  • By default four haproxy threads are started. These can be displayed using the ps -e command
  • The /etc/haproxy/haproxy.cfg script is displayed by the scipt on start-up via STDOUT, as is the HAProxy version
  • The KILL signal, as sent by the docker stop command by default, is 'trapped' by the script and will stop the container
  • Failure, or a manual KILL of the httpd process(es) will result in the container stopping/failing - which allows for container automation and orchestration systems to re-launch or re-start the container

On the downside, you can't restart the process(es).


Use this command to pull the image manually and before runtime:

sudo docker pull itsthenetwork/alpine-haproxy:latest


This command will start the container non-interactively, using host networking mode; thus port 8080 will be used on the localhost (note there is no need for privileged mode):

sudo docker run -d --net=host --name haproxy itsthenetwork/alpine-haproxy:latest

If you'd rather use the default bridge mode networking and map a port from your host to the container, use something like this:

sudo docker run -d -p 5010:8080 --name haproxy itsthenetwork/alpine-haproxy:latest


As long as you are using host mode networking as specified above, you can confirm the container and HAProxy within it is listening on port 8080 using this command:

ss -ltn

Alternatively on old/bare/BusyBox systems use:

netstat -ltn


You can 'attach' to your container like so (assuming you used the run command and --name parameter above):

docker exec -it haproxy sh

You can view the container's logs like so (assuming you used the run command and --name parameter above):

sudo docker logs haproxy


Stop and remove the container like so (assuming you used the run command and --name parameter above):

docker stop haproxy; docker rm haproxy

To save performing the remove step add --rm=true to your docker run command and remove the -d parameter. This will result in:

sudo docker run --rm=true --net=host --name haproxy itsthenetwork/alpine-haproxy:latest

Additional Packages

If you wanted to install additional packages and build your own image based upon this one you'd start your Dockerfile like this:

FROM itsthenetwork/alpine-haproxy:latest

RUN apk -add U -v package_name package_name


Base Dockerfile

The Dockerfile used to create this image is available at the root of the file system, here it is anyway:

FROM alpine:latest
MAINTAINER Steven Iveson <>
LABEL maintainer "Steven Iveson <>"
COPY Dockerfile /Dockerfile

RUN echo "" > /etc/apk/repositories && \
echo "" >> /etc/apk/repositories && \
apk add -U -v haproxy openssl && \
rm -rf /var/cache/apk/* /tmp/*

COPY haproxy.cfg /etc/haproxy/haproxy.cfg
COPY errorfiles/* /etc/haproxy/
COPY /usr/bin/

RUN chmod +x /usr/bin/

ENTRYPOINT ["/usr/bin/"]
Docker Pull Command