haproxytech
diff --git a/‎.github/workflows/docker_auto.yml‎
Lines changed: 1 addition & 1 deletion b/‎.github/workflows/docker_auto.yml‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎.github/workflows/docker_manual.yml‎
Lines changed: 2 additions & 2 deletions b/‎.github/workflows/docker_manual.yml‎
Lines changed: 2 additions & 2 deletions
diff --git a/‎3.0/Dockerfile‎
Lines changed: 69 additions & 39 deletions b/‎3.0/Dockerfile‎
Lines changed: 69 additions & 39 deletions
diff --git a/‎3.0/Dockerfile.api‎
Lines changed: 56 additions & 25 deletions b/‎3.0/Dockerfile.api‎
Lines changed: 56 additions & 25 deletions
@@ -13,7 +13,7 @@ jobs:
     env:
       DOCKER_PLATFORMS: linux/amd64,linux/arm/v6,linux/arm/v7,linux/arm64
       DOCKER_IMAGE: haproxytech/haproxy-alpine
-      STABLE_BRANCH: "3.2"
+      STABLE_BRANCH: "3.3"
     steps:
       - name: Login to Docker Hub
         id: login_docker
 
@@ -9,11 +9,11 @@ jobs:
       packages: write
     strategy:
       matrix:
-        branch: ["2.4", "2.6", "2.8", "3.0", "3.1", "3.2", "3.3"]
+        branch: ["2.4", "2.6", "2.8", "3.0", "3.1", "3.2", "3.3", "3.4"]
     env:
       DOCKER_PLATFORMS: linux/amd64,linux/arm/v6,linux/arm/v7,linux/arm64
       DOCKER_IMAGE: haproxytech/haproxy-alpine
-      STABLE_BRANCH: "3.2"
+      STABLE_BRANCH: "3.3"
     steps:
       - name: Login to Docker Hub
         id: login_docker
 
@@ -1,75 +1,105 @@
-FROM golang:alpine AS builder
+FROM alpine:3.20 AS awslc-builder
 
-ENV DATAPLANE_MINOR 3.0.15
-ENV DATAPLANE_V2_MINOR 2.9.19
-ENV DATAPLANE_URL https://github.com/haproxytech/dataplaneapi.git
-
-RUN apk add --no-cache ca-certificates git make && \
-    git clone "${DATAPLANE_URL}" "${GOPATH}/src/github.com/haproxytech/dataplaneapi" && \
-    cd "${GOPATH}/src/github.com/haproxytech/dataplaneapi" && \
-    git checkout "v${DATAPLANE_MINOR}" && \
-    make build && cp build/dataplaneapi /dataplaneapi && \
-    make clean && \
-    git checkout "v${DATAPLANE_V2_MINOR}" && \
-    make build && cp build/dataplaneapi /dataplaneapi-v2
+ENV AWSLC_URL=https://github.com/aws/aws-lc.git
+ENV AWSLC_TAG=v1.65.1
 
-FROM alpine:3.20
+RUN apk add --no-cache curl build-base make autoconf automake gcc libc-dev linux-headers git cmake samurai go && \
+    git clone --depth 1 --branch "${AWSLC_TAG}" "${AWSLC_URL}" /tmp/aws-lc && \
+    mkdir /tmp/aws-lc/build && \
+    cd /tmp/aws-lc/build && \
+    cmake -G Ninja -DCMAKE_INSTALL_PREFIX=/opt/aws-lc -DCMAKE_BUILD_TYPE=Release -DBUILD_SHARED_LIBS=ON .. && \
+    ninja install && \
+    rm -rf /tmp/aws-lc
 
-MAINTAINER Dinko Korunic <dkorunic@haproxy.com>
-
-LABEL Name HAProxy
-LABEL Release Community Edition
-LABEL Vendor HAProxy
-LABEL Version 3.0.12
-LABEL RUN /usr/bin/docker -d IMAGE
+FROM alpine:3.20 AS hapce-builder
 
 ENV HAPROXY_BRANCH 3.0
 ENV HAPROXY_MINOR 3.0.12
 ENV HAPROXY_SHA256 cd2bade59a7e2d61f2d62be7c6c4cfc0e2b3a90431023720cae7c43843b0570b
 ENV HAPROXY_SRC_URL http://www.haproxy.org/download
 
-ENV HAPROXY_UID haproxy
-ENV HAPROXY_GID haproxy
-
-COPY --from=builder /dataplaneapi /usr/local/bin/dataplaneapi
-COPY --from=builder /dataplaneapi-v2 /usr/local/bin/dataplaneapi-v2
+COPY --from=awslc-builder /opt/aws-lc /opt/aws-lc
 
 RUN apk add --no-cache ca-certificates jemalloc && \
     apk add --no-cache --virtual build-deps gcc libc-dev \
     linux-headers lua5.4-dev make openssl openssl-dev pcre2-dev tar \
     zlib-dev curl shadow jemalloc-dev && \
     curl -sfSL "${HAPROXY_SRC_URL}/${HAPROXY_BRANCH}/src/haproxy-${HAPROXY_MINOR}.tar.gz" -o haproxy.tar.gz && \
     echo "$HAPROXY_SHA256 *haproxy.tar.gz" | sha256sum -c - && \
-    groupadd "$HAPROXY_GID" && \
-    useradd -g "$HAPROXY_GID" "$HAPROXY_UID" && \
     mkdir -p /tmp/haproxy && \
     tar -xzf haproxy.tar.gz -C /tmp/haproxy --strip-components=1 && \
     rm -f haproxy.tar.gz && \
     make -C /tmp/haproxy -j"$(nproc)" TARGET=linux-musl CPU=generic USE_PCRE2=1 USE_PCRE2_JIT=1 \
                             USE_TFO=1 USE_LINUX_TPROXY=1 USE_GETADDRINFO=1 \
                             USE_LUA=1 LUA_LIB=/usr/lib/lua5.4 LUA_INC=/usr/include/lua5.4 \
                             USE_PROMEX=1 USE_SLZ=1 \
-                            USE_OPENSSL=1 USE_PTHREAD_EMULATION=1 \
-                            USE_QUIC=1 USE_QUIC_OPENSSL_COMPAT=1 \
+                            USE_OPENSSL_AWSLC=1 USE_PTHREAD_EMULATION=1 \
+                            SSL_INC=/opt/aws-lc/include SSL_LIB=/opt/aws-lc/lib USE_QUIC=1 \
+                            LDFLAGS="-L/opt/aws-lc/lib -Wl,-rpath,/opt/aws-lc/lib" \
                             ADDLIB=-ljemalloc \
                             all && \
-    make -C /tmp/haproxy TARGET=linux2628 install-bin install-man && \
+    make -C /tmp/haproxy TARGET=linux2628 install-bin
+
+FROM alpine:3.20
+
+MAINTAINER Dinko Korunic <dkorunic@haproxy.com>
+
+LABEL Name HAProxy
+LABEL Release Community Edition
+LABEL Vendor HAProxy
+LABEL Version 3.0.12
+LABEL RUN /usr/bin/docker -d IMAGE
+
+ENV HAPROXY_BRANCH 3.0
+ENV HAPROXY_MINOR 3.0.12
+ENV HAPROXY_SHA256 cd2bade59a7e2d61f2d62be7c6c4cfc0e2b3a90431023720cae7c43843b0570b
+ENV HAPROXY_SRC_URL http://www.haproxy.org/download
+
+ENV HAPROXY_UID haproxy
+ENV HAPROXY_GID haproxy
+
+ENV DATAPLANE_MINOR 3.0.15
+ENV DATAPLANE_URL https://github.com/haproxytech/dataplaneapi/releases/download
+
+ARG TARGETPLATFORM
+
+COPY --from=awslc-builder /opt/aws-lc /opt/aws-lc
+COPY --from=hapce-builder /usr/local/sbin/haproxy /usr/local/sbin/haproxy
+COPY --from=hapce-builder /tmp/haproxy/examples/errorfiles/ /usr/local/etc/haproxy/errors
+
+RUN apk add --no-cache ca-certificates jemalloc zlib lua5.4-libs pcre2 shadow curl && \
+    groupadd "$HAPROXY_GID" && \
+    useradd -g "$HAPROXY_GID" "$HAPROXY_UID" && \
+    chmod +x /usr/local/sbin/haproxy && \
     ln -s /usr/local/sbin/haproxy /usr/sbin/haproxy && \
     mkdir -p /var/lib/haproxy && \
     chown "$HAPROXY_UID:$HAPROXY_GID" /var/lib/haproxy && \
     mkdir -p /usr/local/etc/haproxy && \
     ln -s /usr/local/etc/haproxy /etc/haproxy && \
-    cp -R /tmp/haproxy/examples/errorfiles /usr/local/etc/haproxy/errors && \
-    rm -rf /tmp/haproxy && \
+    case "${TARGETPLATFORM}" in \
+        "linux/arm64")      API_ARCH=arm64      ;; \
+        "linux/amd64")      API_ARCH=x86_64     ;; \
+        "linux/arm/v6")     API_ARCH=arm        ;; \
+        "linux/arm/v7")     API_ARCH=arm        ;; \
+        *) echo "ARG TARGETPLATFORM undeclared" >&2 && exit 1 ;; \
+    esac && \
+    curl -sfSL "${DATAPLANE_URL}/v${DATAPLANE_MINOR}/dataplaneapi_${DATAPLANE_MINOR}_linux_${API_ARCH}.tar.gz" -o dataplaneapi.tar.gz && \
+    mkdir -p /tmp/dataplaneapi && \
+    tar -xzf dataplaneapi.tar.gz -C /tmp/dataplaneapi && \
+    rm -f dataplaneapi.tar.gz && \
+    cp /tmp/dataplaneapi/dataplaneapi /usr/local/bin/dataplaneapi && \
     chmod +x /usr/local/bin/dataplaneapi && \
-    ln -s /usr/local/bin/dataplaneapi /usr/bin/dataplaneapi && \
-    chmod +x /usr/local/bin/dataplaneapi-v2 && \
-    ln -s /usr/local/bin/dataplaneapi-v2 /usr/bin/dataplaneapi-v2 && \
     touch /usr/local/etc/haproxy/dataplaneapi.yml && \
     chown "$HAPROXY_UID:$HAPROXY_GID" /usr/local/etc/haproxy/dataplaneapi.yml && \
-    apk del build-deps && \
-    apk add --no-cache openssl zlib lua5.4-libs pcre2 && \
-    rm -f /var/cache/apk/*
+    mkdir -p /usr/local/var/lib/dataplaneapi && \
+    chown "$HAPROXY_UID:$HAPROXY_GID" /usr/local/var/lib/dataplaneapi && \
+    ln -s /usr/local/var/lib/dataplaneapi /var/lib/dataplaneapi && \
+    rm -rf /tmp/dataplaneapi && \
+    rm -f /var/cache/apk/* && \
+    echo "/lib:/usr/local/lib:/usr/lib:/opt/aws-lc/lib" > "/etc/ld-musl-$(uname -m).path" && \
+    mkdir -p /opt/aws-lc/ssl && \
+    rm -rf /opt/aws-lc/ssl/certs && \
+    ln -s /etc/ssl/certs /opt/aws-lc/ssl/certs
 
 COPY haproxy.cfg /usr/local/etc/haproxy
 COPY docker-entrypoint.sh /
 
@@ -1,3 +1,45 @@
+FROM alpine:3.20 AS awslc-builder
+
+ENV AWSLC_URL=https://github.com/aws/aws-lc.git
+ENV AWSLC_TAG=v1.65.1
+
+RUN apk add --no-cache curl build-base make autoconf automake gcc libc-dev linux-headers git cmake samurai go && \
+    git clone --depth 1 --branch "${AWSLC_TAG}" "${AWSLC_URL}" /tmp/aws-lc && \
+    mkdir /tmp/aws-lc/build && \
+    cd /tmp/aws-lc/build && \
+    cmake -G Ninja -DCMAKE_INSTALL_PREFIX=/opt/aws-lc -DCMAKE_BUILD_TYPE=Release -DBUILD_SHARED_LIBS=ON .. && \
+    ninja install && \
+    rm -rf /tmp/aws-lc
+
+FROM alpine:3.20 AS hapce-builder
+
+ENV HAPROXY_BRANCH 3.0
+ENV HAPROXY_MINOR 3.0.12
+ENV HAPROXY_SHA256 cd2bade59a7e2d61f2d62be7c6c4cfc0e2b3a90431023720cae7c43843b0570b
+ENV HAPROXY_SRC_URL http://www.haproxy.org/download
+
+COPY --from=awslc-builder /opt/aws-lc /opt/aws-lc
+
+RUN apk add --no-cache ca-certificates jemalloc && \
+    apk add --no-cache --virtual build-deps gcc libc-dev \
+    linux-headers lua5.4-dev make openssl openssl-dev pcre2-dev tar \
+    zlib-dev curl shadow jemalloc-dev && \
+    curl -sfSL "${HAPROXY_SRC_URL}/${HAPROXY_BRANCH}/src/haproxy-${HAPROXY_MINOR}.tar.gz" -o haproxy.tar.gz && \
+    echo "$HAPROXY_SHA256 *haproxy.tar.gz" | sha256sum -c - && \
+    mkdir -p /tmp/haproxy && \
+    tar -xzf haproxy.tar.gz -C /tmp/haproxy --strip-components=1 && \
+    rm -f haproxy.tar.gz && \
+    make -C /tmp/haproxy -j"$(nproc)" TARGET=linux-musl CPU=generic USE_PCRE2=1 USE_PCRE2_JIT=1 \
+                            USE_TFO=1 USE_LINUX_TPROXY=1 USE_GETADDRINFO=1 \
+                            USE_LUA=1 LUA_LIB=/usr/lib/lua5.4 LUA_INC=/usr/include/lua5.4 \
+                            USE_PROMEX=1 USE_SLZ=1 \
+                            USE_OPENSSL_AWSLC=1 USE_PTHREAD_EMULATION=1 \
+                            SSL_INC=/opt/aws-lc/include SSL_LIB=/opt/aws-lc/lib USE_QUIC=1 \
+                            LDFLAGS="-L/opt/aws-lc/lib -Wl,-rpath,/opt/aws-lc/lib" \
+                            ADDLIB=-ljemalloc \
+                            all && \
+    make -C /tmp/haproxy TARGET=linux2628 install-bin
+
 FROM alpine:3.20
 
 MAINTAINER Dinko Korunic <dkorunic@haproxy.com>
@@ -21,6 +63,10 @@ ENV DATAPLANE_URL https://github.com/haproxytech/dataplaneapi/releases/download
 
 ARG TARGETPLATFORM
 
+COPY --from=awslc-builder /opt/aws-lc /opt/aws-lc
+COPY --from=hapce-builder /usr/local/sbin/haproxy /usr/local/sbin/haproxy
+COPY --from=hapce-builder /tmp/haproxy/examples/errorfiles/ /usr/local/etc/haproxy/errors
+
 ARG S6_OVERLAY_VERSION=3.2.1.0
 ENV S6_OVERLAY_VERSION $S6_OVERLAY_VERSION
 ENV S6_READ_ONLY_ROOT=1
@@ -29,34 +75,15 @@ ENV S6_GROUP=haproxy
 
 COPY /fs /
 
-RUN apk add --no-cache ca-certificates jemalloc && \
-    apk add --no-cache --virtual build-deps gcc libc-dev \
-    linux-headers lua5.4-dev make openssl openssl-dev pcre2-dev tar xz \
-    zlib-dev curl shadow jemalloc-dev && \
-    curl -sfSL "${HAPROXY_SRC_URL}/${HAPROXY_BRANCH}/src/haproxy-${HAPROXY_MINOR}.tar.gz" -o haproxy.tar.gz && \
-    echo "$HAPROXY_SHA256 *haproxy.tar.gz" | sha256sum -c - && \
+RUN apk add --no-cache ca-certificates jemalloc zlib lua5.4-libs pcre2 shadow curl && \
     groupadd "$HAPROXY_GID" && \
     useradd -g "$HAPROXY_GID" "$HAPROXY_UID" && \
-    mkdir -p /tmp/haproxy && \
-    tar -xzf haproxy.tar.gz -C /tmp/haproxy --strip-components=1 && \
-    rm -f haproxy.tar.gz && \
-    make -C /tmp/haproxy -j"$(nproc)" TARGET=linux-musl CPU=generic USE_PCRE2=1 USE_PCRE2_JIT=1 \
-                            USE_TFO=1 USE_LINUX_TPROXY=1 USE_GETADDRINFO=1 \
-                            USE_LUA=1 LUA_LIB=/usr/lib/lua5.4 LUA_INC=/usr/include/lua5.4 \
-                            USE_PROMEX=1 USE_SLZ=1 \
-                            USE_OPENSSL=1 USE_PTHREAD_EMULATION=1 \
-                            USE_QUIC=1 USE_QUIC_OPENSSL_COMPAT=1 \
-                            ADDLIB=-ljemalloc \
-                            all && \
-    make -C /tmp/haproxy TARGET=linux2628 install-bin install-man && \
+    chmod +x /usr/local/sbin/haproxy && \
     ln -s /usr/local/sbin/haproxy /usr/sbin/haproxy && \
     mkdir -p /var/lib/haproxy && \
     chown "$HAPROXY_UID:$HAPROXY_GID" /var/lib/haproxy && \
     mkdir -p /usr/local/etc/haproxy && \
-    chown "$HAPROXY_UID:$HAPROXY_GID" /usr/local/etc/haproxy && \
     ln -s /usr/local/etc/haproxy /etc/haproxy && \
-    cp -R /tmp/haproxy/examples/errorfiles /usr/local/etc/haproxy/errors && \
-    rm -rf /tmp/haproxy && \
     case "${TARGETPLATFORM}" in \
         "linux/arm64")      API_ARCH=arm64      ;; \
         "linux/amd64")      API_ARCH=x86_64     ;; \
@@ -69,11 +96,18 @@ RUN apk add --no-cache ca-certificates jemalloc && \
     tar -xzf dataplaneapi.tar.gz -C /tmp/dataplaneapi && \
     rm -f dataplaneapi.tar.gz && \
     cp /tmp/dataplaneapi/dataplaneapi /usr/local/bin/dataplaneapi && \
+    chmod +x /usr/local/bin/dataplaneapi && \
+    touch /usr/local/etc/haproxy/dataplaneapi.yml && \
     chown "$HAPROXY_UID:$HAPROXY_GID" /usr/local/etc/haproxy/dataplaneapi.yml && \
     mkdir -p /usr/local/var/lib/dataplaneapi && \
     chown "$HAPROXY_UID:$HAPROXY_GID" /usr/local/var/lib/dataplaneapi && \
     ln -s /usr/local/var/lib/dataplaneapi /var/lib/dataplaneapi && \
     rm -rf /tmp/dataplaneapi && \
+    rm -f /var/cache/apk/* && \
+    echo "/lib:/usr/local/lib:/usr/lib:/opt/aws-lc/lib" > "/etc/ld-musl-$(uname -m).path" && \
+    mkdir -p /opt/aws-lc/ssl && \
+    rm -rf /opt/aws-lc/ssl/certs && \
+    ln -s /etc/ssl/certs /opt/aws-lc/ssl/certs && \
     case "${TARGETPLATFORM}" in \
         "linux/arm64")      S6_ARCH=aarch64      ;; \
         "linux/amd64")      S6_ARCH=x86_64       ;; \
@@ -87,10 +121,7 @@ RUN apk add --no-cache ca-certificates jemalloc && \
     tar -C / -Jxpf /tmp/s6-overlay-binaries.tar.xz && \
     rm -f /tmp/s6-overlay-scripts.tar.xz /tmp/s6-overlay-binaries.tar.xz && \
     chown -R "${S6_USER}:${S6_GROUP}" /init /etc/s6-overlay && \
-    chmod u+x /init /etc/s6-overlay/scripts/* && \
-    apk del build-deps && \
-    apk add --no-cache openssl zlib lua5.4-libs pcre2 && \
-    rm -f /var/cache/apk/*
+    chmod u+x /init /etc/s6-overlay/scripts/*
 
 EXPOSE 80
 EXPOSE 443