haproxytech
diff --git a/‎.github/workflows/docker_auto.yml‎
Lines changed: 1 addition & 1 deletion b/‎.github/workflows/docker_auto.yml‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎.github/workflows/docker_manual.yml‎
Lines changed: 2 additions & 2 deletions b/‎.github/workflows/docker_manual.yml‎
Lines changed: 2 additions & 2 deletions
diff --git a/‎3.0/Dockerfile‎
Lines changed: 77 additions & 38 deletions b/‎3.0/Dockerfile‎
Lines changed: 77 additions & 38 deletions
diff --git a/‎3.0/Dockerfile.api‎
Lines changed: 67 additions & 28 deletions b/‎3.0/Dockerfile.api‎
Lines changed: 67 additions & 28 deletions
@@ -13,7 +13,7 @@ jobs:
     env:
       DOCKER_PLATFORMS: linux/amd64,linux/arm/v7,linux/arm64
       DOCKER_IMAGE: haproxytech/haproxy-debian
-      STABLE_BRANCH: "3.2"
+      STABLE_BRANCH: "3.3"
     steps:
       - name: Login to Docker Hub
         id: login_docker
 
@@ -9,11 +9,11 @@ jobs:
       packages: write
     strategy:
       matrix:
-        branch: ["2.4", "2.6", "2.8", "3.0", "3.1", "3.2", "3.3"]
+        branch: ["2.4", "2.6", "2.8", "3.0", "3.1", "3.2", "3.3", "3.4"]
     env:
       DOCKER_PLATFORMS: linux/amd64,linux/arm/v7,linux/arm64
       DOCKER_IMAGE: haproxytech/haproxy-debian
-      STABLE_BRANCH: "3.2"
+      STABLE_BRANCH: "3.3"
     steps:
       - name: Login to Docker Hub
         id: login_docker
 
@@ -1,17 +1,48 @@
-FROM golang:alpine AS builder
+FROM debian:trixie-slim AS awslc-builder
 
-ENV DATAPLANE_MINOR 3.0.16
-ENV DATAPLANE_V2_MINOR 2.9.20
-ENV DATAPLANE_URL https://github.com/haproxytech/dataplaneapi.git
-
-RUN apk add --no-cache ca-certificates git make && \
-    git clone "${DATAPLANE_URL}" "${GOPATH}/src/github.com/haproxytech/dataplaneapi" && \
-    cd "${GOPATH}/src/github.com/haproxytech/dataplaneapi" && \
-    git checkout "v${DATAPLANE_MINOR}" && \
-    make build && cp build/dataplaneapi /dataplaneapi && \
-    make clean && \
-    git checkout "v${DATAPLANE_V2_MINOR}" && \
-    make build && cp build/dataplaneapi /dataplaneapi-v2
+ENV AWSLC_URL https://github.com/aws/aws-lc.git
+ENV AWSLC_TAG v1.65.1
+
+ENV DEBIAN_FRONTEND noninteractive
+
+RUN apt-get update && \
+    apt-get install -y --no-install-recommends build-essential ca-certificates git cmake ninja-build golang && \
+    git clone --depth 1 --branch "${AWSLC_TAG}" "${AWSLC_URL}" /tmp/aws-lc && \
+    mkdir /tmp/aws-lc/build && \
+    cd /tmp/aws-lc/build && \
+    cmake -G Ninja -DCMAKE_INSTALL_PREFIX=/opt/aws-lc -DCMAKE_BUILD_TYPE=Release -DBUILD_SHARED_LIBS=ON .. && \
+    ninja install && \
+    rm -rf /tmp/aws-lc
+
+FROM debian:trixie-slim AS hapce-builder
+
+ENV HAPROXY_BRANCH 3.0
+ENV HAPROXY_MINOR 3.0.12
+ENV HAPROXY_SHA256 cd2bade59a7e2d61f2d62be7c6c4cfc0e2b3a90431023720cae7c43843b0570b
+ENV HAPROXY_SRC_URL http://www.haproxy.org/download
+
+COPY --from=awslc-builder /opt/aws-lc /opt/aws-lc
+
+ENV DEBIAN_FRONTEND noninteractive
+
+RUN apt-get update && \
+    apt-get install -y --no-install-recommends procps libssl3t64 zlib1g "libpcre2-*" liblua5.4-0 libatomic1 tar curl socat ca-certificates libjemalloc2 && \
+    apt-get install -y --no-install-recommends gcc make libc6-dev libssl-dev libpcre2-dev zlib1g-dev liblua5.4-dev libjemalloc-dev && \
+    c_rehash && \
+    curl -sfSL "${HAPROXY_SRC_URL}/${HAPROXY_BRANCH}/src/haproxy-${HAPROXY_MINOR}.tar.gz" -o haproxy.tar.gz && \
+    echo "$HAPROXY_SHA256 *haproxy.tar.gz" | sha256sum -c - && \
+    mkdir -p /tmp/haproxy && \
+    tar -xzf haproxy.tar.gz -C /tmp/haproxy --strip-components=1 && \
+    rm -f haproxy.tar.gz && \
+    make -C /tmp/haproxy -j"$(nproc)" TARGET=linux-glibc CPU=generic USE_PCRE2=1 USE_PCRE2_JIT=1 \
+                            USE_TFO=1 USE_LINUX_TPROXY=1 USE_LUA=1 USE_GETADDRINFO=1 \
+                            USE_PROMEX=1 USE_SLZ=1 \
+                            USE_OPENSSL_AWSLC=1 USE_PTHREAD_EMULATION=1 \
+                            SSL_INC=/opt/aws-lc/include SSL_LIB=/opt/aws-lc/lib USE_QUIC=1 \
+                            LDFLAGS="-L/opt/aws-lc/lib -Wl,-rpath,/opt/aws-lc/lib" \
+                            ADDLIB=-ljemalloc \
+                            all && \
+    make -C /tmp/haproxy TARGET=linux-glibc install-bin
 
 FROM debian:trixie-slim
 
@@ -31,46 +62,54 @@ ENV HAPROXY_SRC_URL http://www.haproxy.org/download
 ENV HAPROXY_UID haproxy
 ENV HAPROXY_GID haproxy
 
+ENV DATAPLANE_MINOR 3.0.16
+ENV DATAPLANE_URL https://github.com/haproxytech/dataplaneapi/releases/download
+
 ENV DEBIAN_FRONTEND noninteractive
 
-COPY --from=builder /dataplaneapi /usr/local/bin/dataplaneapi
-COPY --from=builder /dataplaneapi-v2 /usr/local/bin/dataplaneapi-v2
+ARG TARGETPLATFORM
+
+COPY --from=awslc-builder /opt/aws-lc /opt/aws-lc
+COPY --from=hapce-builder /usr/local/sbin/haproxy /usr/local/sbin/haproxy
+COPY --from=hapce-builder /tmp/haproxy/examples/errorfiles/ /usr/local/etc/haproxy/errors
 
 RUN apt-get update && \
     apt-get install -y --no-install-recommends procps libssl3t64 zlib1g "libpcre2-*" liblua5.4-0 libatomic1 tar curl socat ca-certificates libjemalloc2 && \
-    apt-get install -y --no-install-recommends gcc make libc6-dev libssl-dev libpcre2-dev zlib1g-dev liblua5.4-dev libjemalloc-dev && \
     c_rehash && \
-    curl -sfSL "${HAPROXY_SRC_URL}/${HAPROXY_BRANCH}/src/haproxy-${HAPROXY_MINOR}.tar.gz" -o haproxy.tar.gz && \
-    echo "$HAPROXY_SHA256 *haproxy.tar.gz" | sha256sum -c - && \
     groupadd "$HAPROXY_GID" && \
     useradd -g "$HAPROXY_GID" "$HAPROXY_UID" && \
-    mkdir -p /tmp/haproxy && \
-    tar -xzf haproxy.tar.gz -C /tmp/haproxy --strip-components=1 && \
-    rm -f haproxy.tar.gz && \
-    make -C /tmp/haproxy -j"$(nproc)" TARGET=linux-glibc CPU=generic USE_PCRE2=1 USE_PCRE2_JIT=1 \
-                            USE_TFO=1 USE_LINUX_TPROXY=1 USE_LUA=1 USE_GETADDRINFO=1 \
-                            USE_PROMEX=1 USE_SLZ=1 \
-                            USE_OPENSSL=1 USE_PTHREAD_EMULATION=1 \
-                            USE_QUIC=1 USE_QUIC_OPENSSL_COMPAT=1 \
-                            ADDLIB=-ljemalloc \
-                            all && \
-    make -C /tmp/haproxy TARGET=linux-glibc install-bin install-man && \
+    chmod +x /usr/local/sbin/haproxy && \
     ln -s /usr/local/sbin/haproxy /usr/sbin/haproxy && \
     mkdir -p /var/lib/haproxy && \
     chown "$HAPROXY_UID:$HAPROXY_GID" /var/lib/haproxy && \
     mkdir -p /usr/local/etc/haproxy && \
     ln -s /usr/local/etc/haproxy /etc/haproxy && \
-    cp -R /tmp/haproxy/examples/errorfiles /usr/local/etc/haproxy/errors && \
-    rm -rf /tmp/haproxy && \
-    apt-get purge -y --auto-remove gcc make libc6-dev libssl-dev libpcre2-dev zlib1g-dev liblua5.4-dev libjemalloc-dev && \
-    apt-get clean && \
-    rm -rf /var/lib/apt/lists/* && \
+    case "${TARGETPLATFORM}" in \
+        "linux/arm64")      API_ARCH=arm64      ;; \
+        "linux/amd64")      API_ARCH=x86_64     ;; \
+        "linux/arm/v6")     API_ARCH=arm        ;; \
+        "linux/arm/v7")     API_ARCH=arm        ;; \
+        *) echo "ARG TARGETPLATFORM undeclared" >&2 && exit 1 ;; \
+    esac && \
+    curl -sfSL "${DATAPLANE_URL}/v${DATAPLANE_MINOR}/dataplaneapi_${DATAPLANE_MINOR}_linux_${API_ARCH}.tar.gz" -o dataplaneapi.tar.gz && \
+    mkdir -p /tmp/dataplaneapi && \
+    tar -xzf dataplaneapi.tar.gz -C /tmp/dataplaneapi && \
+    rm -f dataplaneapi.tar.gz && \
+    cp /tmp/dataplaneapi/dataplaneapi /usr/local/bin/dataplaneapi && \
     chmod +x /usr/local/bin/dataplaneapi && \
-    ln -s /usr/local/bin/dataplaneapi /usr/bin/dataplaneapi && \
-    chmod +x /usr/local/bin/dataplaneapi-v2 && \
-    ln -s /usr/local/bin/dataplaneapi-v2 /usr/bin/dataplaneapi-v2 && \
     touch /usr/local/etc/haproxy/dataplaneapi.yml && \
-    chown "$HAPROXY_UID:$HAPROXY_GID" /usr/local/etc/haproxy/dataplaneapi.yml
+    chown "$HAPROXY_UID:$HAPROXY_GID" /usr/local/etc/haproxy/dataplaneapi.yml && \
+    mkdir -p /usr/local/var/lib/dataplaneapi && \
+    chown "$HAPROXY_UID:$HAPROXY_GID" /usr/local/var/lib/dataplaneapi && \
+    ln -s /usr/local/var/lib/dataplaneapi /var/lib/dataplaneapi && \
+    rm -rf /tmp/dataplaneapi && \
+    apt-get clean && \
+    rm -rf /var/lib/apt/lists/* && \
+    echo "/opt/aws-lc/lib" > /etc/ld.so.conf.d/awslc.conf && \
+    mkdir -p /opt/aws-lc/ssl && \
+    rm -rf /opt/aws-lc/ssl/certs && \
+    ln -s /etc/ssl/certs /opt/aws-lc/ssl/certs && \
+    ldconfig
 
 COPY haproxy.cfg /usr/local/etc/haproxy
 COPY docker-entrypoint.sh /
 
@@ -1,3 +1,49 @@
+FROM debian:trixie-slim AS awslc-builder
+
+ENV AWSLC_URL https://github.com/aws/aws-lc.git
+ENV AWSLC_TAG v1.65.1
+
+ENV DEBIAN_FRONTEND noninteractive
+
+RUN apt-get update && \
+    apt-get install -y --no-install-recommends build-essential ca-certificates git cmake ninja-build golang && \
+    git clone --depth 1 --branch "${AWSLC_TAG}" "${AWSLC_URL}" /tmp/aws-lc && \
+    mkdir /tmp/aws-lc/build && \
+    cd /tmp/aws-lc/build && \
+    cmake -G Ninja -DCMAKE_INSTALL_PREFIX=/opt/aws-lc -DCMAKE_BUILD_TYPE=Release -DBUILD_SHARED_LIBS=ON .. && \
+    ninja install && \
+    rm -rf /tmp/aws-lc
+
+FROM debian:trixie-slim AS hapce-builder
+
+ENV HAPROXY_BRANCH 3.0
+ENV HAPROXY_MINOR 3.0.12
+ENV HAPROXY_SHA256 cd2bade59a7e2d61f2d62be7c6c4cfc0e2b3a90431023720cae7c43843b0570b
+ENV HAPROXY_SRC_URL http://www.haproxy.org/download
+
+COPY --from=awslc-builder /opt/aws-lc /opt/aws-lc
+
+ENV DEBIAN_FRONTEND noninteractive
+
+RUN apt-get update && \
+    apt-get install -y --no-install-recommends procps libssl3t64 zlib1g "libpcre2-*" liblua5.4-0 libatomic1 tar curl socat ca-certificates libjemalloc2 && \
+    apt-get install -y --no-install-recommends gcc make libc6-dev libssl-dev libpcre2-dev zlib1g-dev liblua5.4-dev libjemalloc-dev && \
+    c_rehash && \
+    curl -sfSL "${HAPROXY_SRC_URL}/${HAPROXY_BRANCH}/src/haproxy-${HAPROXY_MINOR}.tar.gz" -o haproxy.tar.gz && \
+    echo "$HAPROXY_SHA256 *haproxy.tar.gz" | sha256sum -c - && \
+    mkdir -p /tmp/haproxy && \
+    tar -xzf haproxy.tar.gz -C /tmp/haproxy --strip-components=1 && \
+    rm -f haproxy.tar.gz && \
+    make -C /tmp/haproxy -j"$(nproc)" TARGET=linux-glibc CPU=generic USE_PCRE2=1 USE_PCRE2_JIT=1 \
+                            USE_TFO=1 USE_LINUX_TPROXY=1 USE_LUA=1 USE_GETADDRINFO=1 \
+                            USE_PROMEX=1 USE_SLZ=1 \
+                            USE_OPENSSL_AWSLC=1 USE_PTHREAD_EMULATION=1 \
+                            SSL_INC=/opt/aws-lc/include SSL_LIB=/opt/aws-lc/lib USE_QUIC=1 \
+                            LDFLAGS="-L/opt/aws-lc/lib -Wl,-rpath,/opt/aws-lc/lib" \
+                            ADDLIB=-ljemalloc \
+                            all && \
+    make -C /tmp/haproxy TARGET=linux-glibc install-bin
+
 FROM debian:trixie-slim
 
 MAINTAINER Dinko Korunic <dkorunic@haproxy.com>
@@ -16,48 +62,35 @@ ENV HAPROXY_SRC_URL http://www.haproxy.org/download
 ENV HAPROXY_UID haproxy
 ENV HAPROXY_GID haproxy
 
-ENV DEBIAN_FRONTEND noninteractive
-
 ENV DATAPLANE_MINOR 3.0.16
 ENV DATAPLANE_URL https://github.com/haproxytech/dataplaneapi/releases/download
 
+ENV DEBIAN_FRONTEND noninteractive
+
 ARG TARGETPLATFORM
 
-ARG S6_OVERLAY_VERSION=3.2.1.0
-ENV S6_OVERLAY_VERSION $S6_OVERLAY_VERSION
-ENV S6_READ_ONLY_ROOT=1
-ENV S6_USER=haproxy
-ENV S6_GROUP=haproxy
+COPY --from=awslc-builder /opt/aws-lc /opt/aws-lc
+COPY --from=hapce-builder /usr/local/sbin/haproxy /usr/local/sbin/haproxy
+COPY --from=hapce-builder /tmp/haproxy/examples/errorfiles/ /usr/local/etc/haproxy/errors
+
+ENV S6_OVERLAY_VERSION 3.2.1.0
+ENV S6_READ_ONLY_ROOT 1
+ENV S6_USER haproxy
+ENV S6_GROUP haproxy
 
 COPY /fs /
 
 RUN apt-get update && \
     apt-get install -y --no-install-recommends procps libssl3t64 zlib1g "libpcre2-*" liblua5.4-0 libatomic1 tar xz-utils curl socat ca-certificates libjemalloc2 && \
-    apt-get install -y --no-install-recommends gcc make libc6-dev libssl-dev libpcre2-dev zlib1g-dev liblua5.4-dev libjemalloc-dev && \
     c_rehash && \
-    curl -sfSL "${HAPROXY_SRC_URL}/${HAPROXY_BRANCH}/src/haproxy-${HAPROXY_MINOR}.tar.gz" -o haproxy.tar.gz && \
-    echo "$HAPROXY_SHA256 *haproxy.tar.gz" | sha256sum -c - && \
     groupadd "$HAPROXY_GID" && \
     useradd -g "$HAPROXY_GID" "$HAPROXY_UID" && \
-    mkdir -p /tmp/haproxy && \
-    tar -xzf haproxy.tar.gz -C /tmp/haproxy --strip-components=1 && \
-    rm -f haproxy.tar.gz && \
-    make -C /tmp/haproxy -j"$(nproc)" TARGET=linux-glibc CPU=generic USE_PCRE2=1 USE_PCRE2_JIT=1 \
-                            USE_TFO=1 USE_LINUX_TPROXY=1 USE_LUA=1 USE_GETADDRINFO=1 \
-                            USE_PROMEX=1 USE_SLZ=1 \
-                            USE_OPENSSL=1 USE_PTHREAD_EMULATION=1 \
-                            USE_QUIC=1 USE_QUIC_OPENSSL_COMPAT=1 \
-                            ADDLIB=-ljemalloc \
-                            all && \
-    make -C /tmp/haproxy TARGET=linux-glibc install-bin install-man && \
+    chmod +x /usr/local/sbin/haproxy && \
     ln -s /usr/local/sbin/haproxy /usr/sbin/haproxy && \
     mkdir -p /var/lib/haproxy && \
     chown "$HAPROXY_UID:$HAPROXY_GID" /var/lib/haproxy && \
     mkdir -p /usr/local/etc/haproxy && \
-    chown "$HAPROXY_UID:$HAPROXY_GID" /usr/local/etc/haproxy && \
     ln -s /usr/local/etc/haproxy /etc/haproxy && \
-    cp -R /tmp/haproxy/examples/errorfiles /usr/local/etc/haproxy/errors && \
-    rm -rf /tmp/haproxy && \
     case "${TARGETPLATFORM}" in \
         "linux/arm64")      API_ARCH=arm64      ;; \
         "linux/amd64")      API_ARCH=x86_64     ;; \
@@ -70,11 +103,20 @@ RUN apt-get update && \
     tar -xzf dataplaneapi.tar.gz -C /tmp/dataplaneapi && \
     rm -f dataplaneapi.tar.gz && \
     cp /tmp/dataplaneapi/dataplaneapi /usr/local/bin/dataplaneapi && \
+    chmod +x /usr/local/bin/dataplaneapi && \
+    touch /usr/local/etc/haproxy/dataplaneapi.yml && \
     chown "$HAPROXY_UID:$HAPROXY_GID" /usr/local/etc/haproxy/dataplaneapi.yml && \
     mkdir -p /usr/local/var/lib/dataplaneapi && \
     chown "$HAPROXY_UID:$HAPROXY_GID" /usr/local/var/lib/dataplaneapi && \
     ln -s /usr/local/var/lib/dataplaneapi /var/lib/dataplaneapi && \
     rm -rf /tmp/dataplaneapi && \
+    apt-get clean && \
+    rm -rf /var/lib/apt/lists/* && \
+    echo "/opt/aws-lc/lib" > /etc/ld.so.conf.d/awslc.conf && \
+    mkdir -p /opt/aws-lc/ssl && \
+    rm -rf /opt/aws-lc/ssl/certs && \
+    ln -s /etc/ssl/certs /opt/aws-lc/ssl/certs && \
+    ldconfig && \
     case "${TARGETPLATFORM}" in \
         "linux/arm64")      S6_ARCH=aarch64      ;; \
         "linux/amd64")      S6_ARCH=x86_64       ;; \
@@ -88,10 +130,7 @@ RUN apt-get update && \
     tar -C / -Jxpf /tmp/s6-overlay-binaries.tar.xz && \
     rm -f /tmp/s6-overlay-scripts.tar.xz /tmp/s6-overlay-binaries.tar.xz && \
     chown -R "${S6_USER}:${S6_GROUP}" /init /etc/s6-overlay && \
-    chmod u+x /init /etc/s6-overlay/scripts/* && \
-    apt-get purge -y --auto-remove gcc make libc6-dev libssl-dev libpcre2-dev zlib1g-dev liblua5.4-dev libjemalloc-dev && \
-    apt-get clean && \
-    rm -rf /var/lib/apt/lists/*
+    chmod u+x /init /etc/s6-overlay/scripts/*
 
 EXPOSE 80
 EXPOSE 443