From e67aced62e7ccd796bb916bd6b4bf7ce81d6b96e Mon Sep 17 00:00:00 2001
From: Eugene Prodan <eugene.prodan@namecheap.com>
Date: Mon, 7 Jun 2021 00:32:47 +0300
Subject: [PATCH] feat: building haproxy from scratch with required lua modules

---
 docker-compose.yml                 |   6 +-
 haproxy/Dockerfile                 | 103 +++++++++++++++++++++++++++++
 haproxy/docker-entrypoint.sh       |  17 +++++
 haproxy.cfg => haproxy/haproxy.cfg |   1 +
 4 files changed, 125 insertions(+), 2 deletions(-)
 create mode 100644 haproxy/Dockerfile
 create mode 100755 haproxy/docker-entrypoint.sh
 rename haproxy.cfg => haproxy/haproxy.cfg (92%)

diff --git a/docker-compose.yml b/docker-compose.yml
index 4f7ebd2..225395d 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -1,11 +1,13 @@
 version: "3.9"
 services:
   haproxy:
-    image: "haproxy:latest"
+    build:
+      context: ./
+      dockerfile: haproxy/Dockerfile
     ports:
       - 80:80
     volumes:
-      - ./haproxy.cfg:/usr/local/etc/haproxy/haproxy.cfg
+      - ./haproxy/haproxy.cfg:/usr/local/etc/haproxy/haproxy.cfg
       - ./scripts/:/usr/local/etc/haproxy/scripts/
 
   nginx:
diff --git a/haproxy/Dockerfile b/haproxy/Dockerfile
new file mode 100644
index 0000000..9c992ea
--- /dev/null
+++ b/haproxy/Dockerfile
@@ -0,0 +1,103 @@
+#
+# NOTE: THIS DOCKERFILE IS GENERATED VIA "apply-templates.sh"
+#
+# PLEASE DO NOT EDIT IT DIRECTLY.
+#
+
+FROM debian:buster-slim
+
+# roughly, https://salsa.debian.org/haproxy-team/haproxy/-/blob/732b97ae286906dea19ab5744cf9cf97c364ac1d/debian/haproxy.postinst#L5-6
+RUN set -eux; \
+	groupadd --gid 99 --system haproxy; \
+	useradd \
+		--gid haproxy \
+		--home-dir /var/lib/haproxy \
+		--no-create-home \
+		--system \
+		--uid 99 \
+		haproxy
+
+ENV HAPROXY_VERSION 2.3.10
+ENV HAPROXY_URL https://www.haproxy.org/download/2.3/src/haproxy-2.3.10.tar.gz
+ENV HAPROXY_SHA256 9946e0cfc83f29072b3431e37246221cf9d4a9d28a158c075714d345266f4f35
+
+# see https://sources.debian.net/src/haproxy/jessie/debian/rules/ for some helpful navigation of the possible "make" arguments
+RUN set -eux; \
+	\
+	savedAptMark="$(apt-mark showmanual)"; \
+	apt-get update && apt-get install -y --no-install-recommends \
+		ca-certificates \
+		gcc \
+		libc6-dev \
+		liblua5.3-dev \
+		libpcre2-dev \
+		libssl-dev \
+		make \
+		wget \
+		zlib1g-dev \
+		luarocks \
+	; \
+	rm -rf /var/lib/apt/lists/*; \
+	\
+	wget -O haproxy.tar.gz "$HAPROXY_URL"; \
+	echo "$HAPROXY_SHA256 *haproxy.tar.gz" | sha256sum -c; \
+	mkdir -p /usr/src/haproxy; \
+	tar -xzf haproxy.tar.gz -C /usr/src/haproxy --strip-components=1; \
+	rm haproxy.tar.gz; \
+	\
+	makeOpts=' \
+		TARGET=linux-glibc \
+		USE_GETADDRINFO=1 \
+		USE_LUA=1 LUA_INC=/usr/include/lua5.3 \
+		USE_OPENSSL=1 \
+		USE_PCRE2=1 USE_PCRE2_JIT=1 \
+		USE_ZLIB=1 \
+		\
+		EXTRA_OBJS=" \
+# see https://github.com/docker-library/haproxy/issues/94#issuecomment-505673353 for more details about prometheus support
+			contrib/prometheus-exporter/service-prometheus.o \
+		" \
+	'; \
+# https://salsa.debian.org/haproxy-team/haproxy/-/commit/53988af3d006ebcbf2c941e34121859fd6379c70
+	dpkgArch="$(dpkg --print-architecture)"; \
+	case "$dpkgArch" in \
+		armel) makeOpts="$makeOpts ADDLIB=-latomic" ;; \
+	esac; \
+	\
+	nproc="$(nproc)"; \
+	eval "make -C /usr/src/haproxy -j '$nproc' all $makeOpts"; \
+	eval "make -C /usr/src/haproxy install-bin $makeOpts"; \
+	\
+	mkdir -p /usr/local/etc/haproxy; \
+	cp -R /usr/src/haproxy/examples/errorfiles /usr/local/etc/haproxy/errors; \
+	rm -rf /usr/src/haproxy; \
+	\
+	apt-mark auto '.*' > /dev/null; \
+	[ -z "$savedAptMark" ] || apt-mark manual $savedAptMark; \
+	find /usr/local -type f -executable -exec ldd '{}' ';' \
+		| awk '/=>/ { print $(NF-1) }' \
+		| sort -u \
+		| xargs -r dpkg-query --search \
+		| cut -d: -f1 \
+		| sort -u \
+		| xargs -r apt-mark manual \
+	; \
+	apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false; \
+	\
+# smoke test
+	haproxy -v
+
+# https://www.haproxy.org/download/1.8/doc/management.txt
+# "4. Stopping and restarting HAProxy"
+# "when the SIGTERM signal is sent to the haproxy process, it immediately quits and all established connections are closed"
+# "graceful stop is triggered when the SIGUSR1 signal is sent to the haproxy process"
+STOPSIGNAL SIGUSR1
+
+ADD haproxy/docker-entrypoint.sh /usr/local/bin/
+RUN ln -s usr/local/bin/docker-entrypoint.sh / # backwards compat
+RUN apt-get update && apt-get install luarocks -y
+RUN luarocks install luasocket
+ENTRYPOINT ["/usr/local/bin/docker-entrypoint.sh"]
+
+# no USER for backwards compatibility (to try to avoid breaking existing users)
+CMD ["haproxy", "-f", "/usr/local/etc/haproxy/haproxy.cfg"]
diff --git a/haproxy/docker-entrypoint.sh b/haproxy/docker-entrypoint.sh
new file mode 100755
index 0000000..15d5f72
--- /dev/null
+++ b/haproxy/docker-entrypoint.sh
@@ -0,0 +1,17 @@
+#!/bin/sh
+set -e
+
+# first arg is `-f` or `--some-option`
+if [ "${1#-}" != "$1" ]; then
+	set -- haproxy "$@"
+fi
+
+if [ "$1" = 'haproxy' ]; then
+	shift # "haproxy"
+	# if the user wants "haproxy", let's add a couple useful flags
+	#   -W  -- "master-worker mode" (similar to the old "haproxy-systemd-wrapper"; allows for reload via "SIGUSR2")
+	#   -db -- disables background mode
+	set -- haproxy -W -db "$@"
+fi
+
+exec "$@"
\ No newline at end of file
diff --git a/haproxy.cfg b/haproxy/haproxy.cfg
similarity index 92%
rename from haproxy.cfg
rename to haproxy/haproxy.cfg
index 186cc38..580e9c9 100644
--- a/haproxy.cfg
+++ b/haproxy/haproxy.cfg
@@ -13,6 +13,7 @@ defaults
 frontend http-in
     bind *:80
     default_backend servers
+    # http-request lua.test-payload
     http-request use-service lua.hello-world   if { path /hello_world }
 
 backend servers