search

docker-library / haproxy

Docker Official Image packaging for HAProxy
http://www.haproxy.org/
GNU General Public License v2.0
347 stars 158 forks source link

I'm using this: #189

Closed 919927181 closed 2 years ago

919927181 commented 2 years ago

Error when creating container :

docker: Error response from daemon: OCI runtime create failed: container_linux.go:380: starting container process caused: exec: "docker-entrypoint.sh": executable file not found in $PATH: unknown.

I'm using this :

# Original source:
#   https://github.com/docker-library/haproxy/blob/fc61eb99aa22c59229b212d83a3c9096a442df2c/2.6/alpine/Dockerfile
# Modified using:
#   https://git.alpinelinux.org/aports/tree/main/openssl3/APKBUILD
#   https://github.com/haproxytech/haproxy-qns/blob/master/Dockerfile

# First build quictls (OpenSSL fork with QUIC support)
FROM alpine:3.16 AS builder-ssl

RUN apk add gcc make perl linux-headers libc-dev \
  ; \
  wget https://github.com/quictls/openssl/archive/refs/heads/openssl-3.0.5+quic.tar.gz ; \
  tar -xf openssl-3.0.5+quic.tar.gz ; \
  cd openssl-openssl-3.0.5-quic \
  ; \
  perl ./Configure \
    linux-x86_64 \
    --prefix=/usr/local \
    --libdir=lib \
    --openssldir=/etc/ssl3 \
    shared \
    no-zlib \
    no-async \
    no-comp \
    no-idea \
    no-mdc2 \
    no-rc5 \
    no-ec2m \
    no-sm2 \
    no-sm4 \
    no-ssl3 \
    no-seed \
    no-weak-ssl-ciphers \
    enable-ec_nistp_64_gcc_128 \
    -Wa,--noexecstack \
  ; \
  make -j"$(getconf _NPROCESSORS_ONLN)" \
  ; \
  make install_sw

FROM alpine:3.16

# roughly, https://git.alpinelinux.org/aports/tree/main/haproxy/haproxy.pre-install?h=3.12-stable
RUN set -eux; \
    addgroup --gid 99 --system haproxy; \
    adduser \
        --disabled-password \
        --home /var/lib/haproxy \
        --ingroup haproxy \
        --no-create-home \
        --system \
        --uid 99 \
        haproxy \
    ; \
    mkdir /var/lib/haproxy; \
    chown haproxy:haproxy /var/lib/haproxy

ENV HAPROXY_VERSION 2.6.1
ENV HAPROXY_URL https://www.haproxy.org/download/2.6/src/haproxy-2.6.1.tar.gz
ENV HAPROXY_SHA256 915b351e6450d183342c4cdcda7771eac4f0f72bf90582adcd15a01c700d29b1

COPY --from=builder-ssl /usr/local/include/openssl/ /usr/local/include/openssl/
COPY --from=builder-ssl /usr/local/lib/libssl.so* /usr/local/lib/libcrypto.so* /usr/local/lib/

# see https://sources.debian.net/src/haproxy/jessie/debian/rules/ for some helpful navigation of the possible "make" arguments
RUN set -eux; \
    \
    apk add --no-cache --virtual .build-deps \
        gcc \
        libc-dev \
        linux-headers \
        lua5.3-dev \
        make \
        pcre2-dev \
        readline-dev \
        tar \
    ; \
    \
    wget -O haproxy.tar.gz "$HAPROXY_URL"; \
    echo "$HAPROXY_SHA256 *haproxy.tar.gz" | sha256sum -c; \
    mkdir -p /usr/src/haproxy; \
    tar -xzf haproxy.tar.gz -C /usr/src/haproxy --strip-components=1; \
    rm haproxy.tar.gz; \
    \
    makeOpts=' \
        TARGET=linux-musl \
        USE_GETADDRINFO=1 \
        USE_LUA=1 LUA_INC=/usr/include/lua5.3 LUA_LIB=/usr/lib/lua5.3 \
        USE_OPENSSL=1 \
    USE_QUIC=1 \
    SSL_INC=/usr/local/include/ \
    SSL_LIB=/usr/local/lib/ \
        USE_PCRE2=1 USE_PCRE2_JIT=1 \
        USE_PROMEX=1 \
        \
        EXTRA_OBJS=" \
        " \
    '; \
    \
    nproc="$(getconf _NPROCESSORS_ONLN)"; \
    eval "make -C /usr/src/haproxy -j '$nproc' all $makeOpts"; \
    eval "make -C /usr/src/haproxy install-bin $makeOpts"; \
    \
    mkdir -p /usr/local/etc/haproxy; \
    cp -R /usr/src/haproxy/examples/errorfiles /usr/local/etc/haproxy/errors; \
    rm -rf /usr/src/haproxy; \
    \
    runDeps="$( \
        scanelf --needed --nobanner --format '%n#p' --recursive /usr/local \
            | tr ',' '\n' \
            | sort -u \
            | awk 'system("[ -e /usr/local/lib/" $1 " ]") == 0 { next } { print "so:" $1 }' \
    )"; \
    apk add --no-network --virtual .haproxy-rundeps $runDeps; \
    apk del --no-network .build-deps; \
    \
# smoke test
    haproxy -v

# https://www.haproxy.org/download/1.8/doc/management.txt
# "4. Stopping and restarting HAProxy"
# "when the SIGTERM signal is sent to the haproxy process, it immediately quits and all established connections are closed"
# "graceful stop is triggered when the SIGUSR1 signal is sent to the haproxy process"
STOPSIGNAL SIGUSR1

COPY docker-entrypoint.sh /usr/local/bin/
ENTRYPOINT ["docker-entrypoint.sh"]

USER haproxy
CMD ["haproxy", "-f", "/usr/local/etc/haproxy/haproxy.cfg"]

Anyway I ended disabling QUIC as it tends to freeze whole listener when some bigger stream appears.

Originally posted by @JuniorJPDJ in https://github.com/docker-library/haproxy/issues/182#issuecomment-1179624004

919927181 commented 2 years ago

Add file executable permissions,rebuild chmod +x docker-entrypoint.sh

wglambert commented 2 years ago

I'm assuming that fixed it for you then?

If not you could also try asking over at the Docker Community Forums, Docker Community Slack, or Stack Overflow