Public Repository

Last pushed: 4 months ago
Short Description
Alpine Linux v3.5 with HAProxy installed at /usr/sbin/haproxy. 12MB.
Full Description

A handy basic image comprising of;

  • Alpine Linux v3.5. A security-oriented, lightweight Linux distribution based on musl libc and BusyBox.
  • HAProxy v1.7.5 listening on port 8080 with a backend of localhost:80. See here for an Apache image that will meet this backend web server role.
  • LibreSSL v2.5.4 should you want to make use of a custom configuration and TLS.
  • Curl and tcpdump for troubleshooting etc.

Usage

I'd expect you use this image as a simple web server proxy that can be quickly modified, if required, via volume mounts.

To replace the HAProxy configuration file with your own, mount a volume to /etc/haproxy/ which contains your own haproxy.cfg. Alternatively mount just the file.

To place SSL/TLS certificates in the default location, mount a volume to /etc/ssl/private/ which contains the necessary files.

HAProxy Notes

The following headers are added to responses if not already present;

  • X-Frame-Options SAMEORIGIN
  • X-XSS-Protection 1; mode=block
  • X-Content-Type-Options nosniff
  • Strict-Transport-Security max-age=31536000; includeSubDomains
  • Referrer-Policy no-referrer

The following are removed;

  • Server
  • X-Powered-By

The Init/Entrypoint Script

HAProxy is started via the /usr/bin/haproxy.sh script, which runs as PID1;

  • By default four haproxy threads are started. These can be displayed using the ps -e command
  • The /etc/haproxy/haproxy.cfg script is displayed by the scipt on start-up via STDOUT, as is the HAProxy version
  • The KILL signal, as sent by the docker stop command by default, is 'trapped' by the script and will stop the container
  • Failure, or a manual KILL of the httpd process(es) will result in the container stopping/failing - which allows for container automation and orchestration systems to re-launch or re-start the container

On the downside, you can't restart the process(es).

Pulling

Use this command to pull the image manually and before runtime:

sudo docker pull itsthenetwork/alpine-haproxy:latest

Runtime

This command will start the container non-interactively, using host networking mode; thus port 8080 will be used on the localhost (note there is no need for privileged mode):

sudo docker run -d --net=host --name haproxy itsthenetwork/alpine-haproxy:latest

If you'd rather use the default bridge mode networking and map a port from your host to the container, use something like this:

sudo docker run -d -p 5010:8080 --name haproxy itsthenetwork/alpine-haproxy:latest

Networking

As long as you are using host mode networking as specified above, you can confirm the container and HAProxy within it is listening on port 8080 using this command:

ss -ltn

Alternatively on old/bare/BusyBox systems use:

netstat -ltn

Inspection

You can 'attach' to your container like so (assuming you used the run command and --name parameter above):

docker exec -it haproxy sh

You can view the container's logs like so (assuming you used the run command and --name parameter above):

sudo docker logs haproxy

Hygiene

Stop and remove the container like so (assuming you used the run command and --name parameter above):

docker stop haproxy; docker rm haproxy

To save performing the remove step add --rm=true to your docker run command and remove the -d parameter. This will result in:

sudo docker run --rm=true --net=host --name haproxy itsthenetwork/alpine-haproxy:latest

Additional Packages

If you wanted to install additional packages and build your own image based upon this one you'd start your Dockerfile like this:

FROM itsthenetwork/alpine-haproxy:latest

RUN apk -add U -v package_name package_name

...

Base Dockerfile

The Dockerfile used to create this image was:

FROM alpine:latest
MAINTAINER Steven Iveson <steve@iveson.eu>

RUN echo "http://nl.alpinelinux.org/alpine/edge/testing" > /etc/apk/repositories && \
echo "http://nl.alpinelinux.org/alpine/edge/main" >> /etc/apk/repositories && \
apk add -U -v haproxy openssl && \
rm -rf /var/cache/apk/* /tmp/*

COPY haproxy.cfg /etc/haproxy/haproxy.cfg
COPY errorfiles/* /etc/haproxy/
COPY haproxy.sh /usr/bin/haproxy.sh

RUN chmod +x /usr/bin/haproxy.sh

ENTRYPOINT ["/usr/bin/haproxy.sh"]
Docker Pull Command
Owner
itsthenetwork

Comments (0)