aai-common-docker/aai-haproxy-image/src/main/docker/Dockerfile

   1 FROM haproxy:2.4.13-alpine
   2
   3 # For building the image in a proxy environment if necessary
   4 ARG HTTP_PROXY
   5 ARG HTTPS_PROXY
   6
   7 ENV HTTP_PROXY   ${HTTP_PROXY}
   8 ENV HTTPS_PROXY  ${HTTPS_PROXY}
   9 ENV http_proxy   ${HTTP_PROXY}
  10 ENV https_proxy  ${HTTPS_PROXY}
  11
  12 # Added to execute commands which required root permission
  13 USER root
  14
  15 RUN apk add --no-cache \
  16     ca-certificates \
  17     curl \
  18     bash \
  19     socat \
  20     openssl \
  21     shadow \
  22     util-linux && \
  23     chown -R haproxy:haproxy /usr/local/etc/haproxy
  24
  25 RUN mkdir -p /etc/ssl/certs/ && mkdir -p /etc/ssl/private
  26
  27 COPY --chown=haproxy aai.pem /etc/ssl/private/aai.pem
  28 COPY --chown=haproxy docker-entrypoint.sh /docker-entrypoint.sh
  29 COPY --chown=haproxy resolvers.conf /usr/local/etc/haproxy/resolvers.conf
  30 COPY --chown=haproxy haproxy.cfg /usr/local/etc/haproxy/haproxy.cfg
  31
  32 # Changing group and group permission to allow haproxy user to execute sed comamnd ot change files
  33 RUN chgrp haproxy /usr/local/etc/haproxy; \
  34     chgrp haproxy /docker-entrypoint.sh /usr/local/etc/haproxy/haproxy.cfg /usr/local/etc/haproxy/resolvers.conf
  35
  36 RUN chmod +x /docker-entrypoint.sh; \
  37     chmod g+wx /usr/local/etc/haproxy; \
  38     chmod g+w /docker-entrypoint.sh /usr/local/etc/haproxy/haproxy.cfg /usr/local/etc/haproxy/resolvers.conf
  39
  40 # Reverting to haproxy use to not run the pod with root permissions
  41 USER haproxy
  42
  43 ENTRYPOINT [ "/docker-entrypoint.sh" ]
  44 CMD [ "haproxy", "-f", "/usr/local/etc/haproxy/haproxy.cfg", "-f", "/usr/local/etc/haproxy/resolvers.conf" ]
  45 EXPOSE 8443