Add 3.2 branch

Author: dkorunic

.github/workflows/docker_auto.yml

@@ -13,7 +13,7 @@ jobs:
     env:
       DOCKER_PLATFORMS: linux/amd64,linux/arm/v6,linux/arm/v7,linux/arm64
       DOCKER_IMAGE: haproxytech/haproxy-alpine-quic
-      STABLE_BRANCH: "3.0"
+      STABLE_BRANCH: "3.1"
     steps:
       - name: Login to Docker Hub
         id: login_docker

.github/workflows/docker_manual.yml

@@ -9,11 +9,11 @@ jobs:
       packages: write
     strategy:
       matrix:
-        branch: ["2.6", "2.8", "2.9", "3.0", "3.1"]
+        branch: ["2.6", "2.8", "2.9", "3.0", "3.1", "3.2"]
     env:
       DOCKER_PLATFORMS: linux/amd64,linux/arm/v6,linux/arm/v7,linux/arm64
       DOCKER_IMAGE: haproxytech/haproxy-alpine-quic
-      STABLE_BRANCH: "3.0"
+      STABLE_BRANCH: "3.1"
     steps:
       - name: Login to Docker Hub
         id: login_docker

2.6/Dockerfile

@@ -1,4 +1,4 @@
-FROM golang:alpine3.20 AS dataplaneapi-builder
+FROM golang:alpine AS dataplaneapi-builder
 
 ENV DATAPLANE_MINOR 3.0.3
 ENV DATAPLANE_V2_MINOR 2.9.8
@@ -15,7 +15,7 @@ RUN apk add --no-cache ca-certificates git make && \
 
 FROM alpine:3.20 AS openssl-builder
 
-ENV OPENSSL_URL https://github.com/quictls/openssl/archive/refs/tags/openssl-3.1.7-quic1.tar.gz
+ENV OPENSSL_URL https://github.com/quictls/openssl/archive/refs/tags/openssl-3.3.0-quic1.tar.gz
 
 RUN apk add --no-cache curl build-base make autoconf automake gcc libc-dev linux-headers && \
     curl -sfSL "${OPENSSL_URL}" -o openssl.tar.gz && \

2.8/Dockerfile

@@ -1,4 +1,4 @@
-FROM golang:alpine3.20 AS dataplaneapi-builder
+FROM golang:alpine AS dataplaneapi-builder
 
 ENV DATAPLANE_MINOR 3.0.3
 ENV DATAPLANE_V2_MINOR 2.9.8
@@ -15,7 +15,7 @@ RUN apk add --no-cache ca-certificates git make && \
 
 FROM alpine:3.20 AS openssl-builder
 
-ENV OPENSSL_URL https://github.com/quictls/openssl/archive/refs/tags/openssl-3.1.7-quic1.tar.gz
+ENV OPENSSL_URL https://github.com/quictls/openssl/archive/refs/tags/openssl-3.3.0-quic1.tar.gz
 
 RUN apk add --no-cache curl build-base make autoconf automake gcc libc-dev linux-headers && \
     curl -sfSL "${OPENSSL_URL}" -o openssl.tar.gz && \

2.9/Dockerfile

@@ -1,4 +1,4 @@
-FROM golang:alpine3.20 AS dataplaneapi-builder
+FROM golang:alpine AS dataplaneapi-builder
 
 ENV DATAPLANE_MINOR 3.0.3
 ENV DATAPLANE_V2_MINOR 2.9.8
@@ -15,7 +15,7 @@ RUN apk add --no-cache ca-certificates git make && \
 
 FROM alpine:3.20 AS openssl-builder
 
-ENV OPENSSL_URL https://github.com/quictls/openssl/archive/refs/tags/openssl-3.1.7-quic1.tar.gz
+ENV OPENSSL_URL https://github.com/quictls/openssl/archive/refs/tags/openssl-3.3.0-quic1.tar.gz
 
 RUN apk add --no-cache curl build-base make autoconf automake gcc libc-dev linux-headers && \
     curl -sfSL "${OPENSSL_URL}" -o openssl.tar.gz && \

3.0/Dockerfile

@@ -1,4 +1,4 @@
-FROM golang:alpine3.20 AS dataplaneapi-builder
+FROM golang:alpine AS dataplaneapi-builder
 
 ENV DATAPLANE_MINOR 3.0.3
 ENV DATAPLANE_V2_MINOR 2.9.8
@@ -15,7 +15,7 @@ RUN apk add --no-cache ca-certificates git make && \
 
 FROM alpine:3.20 AS openssl-builder
 
-ENV OPENSSL_URL https://github.com/quictls/openssl/archive/refs/tags/openssl-3.1.7-quic1.tar.gz
+ENV OPENSSL_URL https://github.com/quictls/openssl/archive/refs/tags/openssl-3.3.0-quic1.tar.gz
 
 RUN apk add --no-cache curl build-base make autoconf automake gcc libc-dev linux-headers && \
     curl -sfSL "${OPENSSL_URL}" -o openssl.tar.gz && \

3.1/Dockerfile

@@ -1,4 +1,4 @@
-FROM golang:alpine3.20 AS dataplaneapi-builder
+FROM golang:alpine AS dataplaneapi-builder
 
 ENV DATAPLANE_MINOR 3.0.3
 ENV DATAPLANE_V2_MINOR 2.9.8
@@ -15,7 +15,7 @@ RUN apk add --no-cache ca-certificates git make && \
 
 FROM alpine:3.20 AS openssl-builder
 
-ENV OPENSSL_URL https://github.com/quictls/openssl/archive/refs/tags/openssl-3.1.7-quic1.tar.gz
+ENV OPENSSL_URL https://github.com/quictls/openssl/archive/refs/tags/openssl-3.3.0-quic1.tar.gz
 
 RUN apk add --no-cache curl build-base make autoconf automake gcc libc-dev linux-headers && \
     curl -sfSL "${OPENSSL_URL}" -o openssl.tar.gz && \
@@ -35,7 +35,7 @@ MAINTAINER Dinko Korunic <dkorunic@haproxy.com>
 LABEL Name HAProxy
 LABEL Release Community Edition
 LABEL Vendor HAProxy
-LABEL Version 3.1.0
+LABEL Version 3.1.0-old
 LABEL RUN /usr/bin/docker -d IMAGE
 
 ENV HAPROXY_BRANCH 3.1
@@ -54,7 +54,7 @@ RUN apk add --no-cache ca-certificates && \
     apk add --no-cache --virtual build-deps gcc libc-dev \
     linux-headers lua5.4-dev make openssl openssl-dev pcre2-dev tar \
     zlib-dev curl shadow && \
-    curl -sfSL "${HAPROXY_SRC_URL}/${HAPROXY_BRANCH}/src/devel/haproxy-${HAPROXY_MINOR}.tar.gz" -o haproxy.tar.gz && \
+    curl -sfSL "${HAPROXY_SRC_URL}/${HAPROXY_BRANCH}/src/haproxy-${HAPROXY_MINOR}.tar.gz" -o haproxy.tar.gz && \
     echo "$HAPROXY_SHA256 *haproxy.tar.gz" | sha256sum -c - && \
     groupadd "$HAPROXY_GID" && \
     useradd -g "$HAPROXY_GID" "$HAPROXY_UID" && \

3.2/Dockerfile

@@ -0,0 +1,100 @@
+FROM golang:alpine AS dataplaneapi-builder
+
+ENV DATAPLANE_MINOR 3.0.3
+ENV DATAPLANE_V2_MINOR 2.9.8
+ENV DATAPLANE_URL https://github.com/haproxytech/dataplaneapi.git
+
+RUN apk add --no-cache ca-certificates git make && \
+    git clone "${DATAPLANE_URL}" "${GOPATH}/src/github.com/haproxytech/dataplaneapi" && \
+    cd "${GOPATH}/src/github.com/haproxytech/dataplaneapi" && \
+    git checkout "v${DATAPLANE_MINOR}" && \
+    make build && cp build/dataplaneapi /dataplaneapi && \
+    make clean && \
+    git checkout "v${DATAPLANE_V2_MINOR}" && \
+    make build && cp build/dataplaneapi /dataplaneapi-v2
+
+FROM alpine:3.20 AS openssl-builder
+
+ENV OPENSSL_URL https://github.com/quictls/openssl/archive/refs/tags/openssl-3.3.0-quic1.tar.gz
+
+RUN apk add --no-cache curl build-base make autoconf automake gcc libc-dev linux-headers && \
+    curl -sfSL "${OPENSSL_URL}" -o openssl.tar.gz && \
+    mkdir -p /tmp/openssl && \
+    tar -xzf openssl.tar.gz -C /tmp/openssl --strip-components=1 && \
+    rm -f openssl.tar.gz && \
+    cd /tmp/openssl && \
+    ./config --libdir=lib --prefix=/opt/quictls && \
+    make -j $(nproc) && \
+    make install && \
+    rm -rf /tmp/openssl
+
+FROM alpine:3.20
+
+MAINTAINER Dinko Korunic <dkorunic@haproxy.com>
+
+LABEL Name HAProxy
+LABEL Release Community Edition
+LABEL Vendor HAProxy
+LABEL Version 3.2.0
+LABEL RUN /usr/bin/docker -d IMAGE
+
+ENV HAPROXY_BRANCH 3.2
+ENV HAPROXY_MINOR 3.2.0-old
+ENV HAPROXY_SHA256 56a1468574ab411dcabde837f96bea6cf3c2eb90e279469f75ed1dcdc70fce11
+ENV HAPROXY_SRC_URL http://www.haproxy.org/download
+
+ENV HAPROXY_UID haproxy
+ENV HAPROXY_GID haproxy
+
+COPY --from=dataplaneapi-builder /dataplaneapi /usr/local/bin/dataplaneapi
+COPY --from=dataplaneapi-builder /dataplaneapi-v2 /usr/local/bin/dataplaneapi-v2
+COPY --from=openssl-builder /opt/quictls /opt/quictls
+
+RUN apk add --no-cache ca-certificates && \
+    apk add --no-cache --virtual build-deps gcc libc-dev \
+    linux-headers lua5.4-dev make openssl openssl-dev pcre2-dev tar \
+    zlib-dev curl shadow && \
+    curl -sfSL "${HAPROXY_SRC_URL}/${HAPROXY_BRANCH}/src/devel/haproxy-${HAPROXY_MINOR}.tar.gz" -o haproxy.tar.gz && \
+    echo "$HAPROXY_SHA256 *haproxy.tar.gz" | sha256sum -c - && \
+    groupadd "$HAPROXY_GID" && \
+    useradd -g "$HAPROXY_GID" "$HAPROXY_UID" && \
+    mkdir -p /tmp/haproxy && \
+    tar -xzf haproxy.tar.gz -C /tmp/haproxy --strip-components=1 && \
+    rm -f haproxy.tar.gz && \
+    make -C /tmp/haproxy -j"$(nproc)" TARGET=linux-musl CPU=generic USE_PCRE2=1 USE_PCRE2_JIT=1 \
+                            USE_TFO=1 USE_LINUX_TPROXY=1 USE_GETADDRINFO=1 \
+                            USE_LUA=1 LUA_LIB=/usr/lib/lua5.4 LUA_INC=/usr/include/lua5.4 \
+                            USE_PROMEX=1 USE_SLZ=1 \
+                            USE_OPENSSL=1 USE_PTHREAD_EMULATION=1 \
+                            SSL_INC=/opt/quictls/include SSL_LIB=/opt/quictls/lib USE_QUIC=1 \
+                            LDFLAGS="-L/opt/quictls/lib -Wl,-rpath,/opt/quictls/lib" \
+                            all && \
+    make -C /tmp/haproxy TARGET=linux2628 install-bin install-man && \
+    ln -s /usr/local/sbin/haproxy /usr/sbin/haproxy && \
+    mkdir -p /var/lib/haproxy && \
+    chown "$HAPROXY_UID:$HAPROXY_GID" /var/lib/haproxy && \
+    mkdir -p /usr/local/etc/haproxy && \
+    ln -s /usr/local/etc/haproxy /etc/haproxy && \
+    cp -R /tmp/haproxy/examples/errorfiles /usr/local/etc/haproxy/errors && \
+    rm -rf /tmp/haproxy && \
+    chmod +x /usr/local/bin/dataplaneapi && \
+    ln -s /usr/local/bin/dataplaneapi /usr/bin/dataplaneapi && \
+    chmod +x /usr/local/bin/dataplaneapi-v2 && \
+    ln -s /usr/local/bin/dataplaneapi-v2 /usr/bin/dataplaneapi-v2 && \
+    touch /usr/local/etc/haproxy/dataplaneapi.yml && \
+    chown "$HAPROXY_UID:$HAPROXY_GID" /usr/local/etc/haproxy/dataplaneapi.yml && \
+    apk del build-deps && \
+    apk add --no-cache openssl zlib lua5.4-libs pcre2 && \
+    rm -f /var/cache/apk/* && \
+    echo "/lib:/usr/local/lib:/usr/lib:/opt/quictls/lib" > "/etc/ld-musl-$(uname -m).path" && \
+    mkdir -p /opt/quictls/ssl && \
+    rm -rf /opt/quictls/ssl/certs && \
+    ln -s /etc/ssl/certs /opt/quictls/ssl/certs
+
+COPY haproxy.cfg /usr/local/etc/haproxy
+COPY docker-entrypoint.sh /
+
+STOPSIGNAL SIGUSR1
+
+ENTRYPOINT ["/docker-entrypoint.sh"]
+CMD ["haproxy", "-f", "/usr/local/etc/haproxy/haproxy.cfg"]

3.2/docker-entrypoint.sh

@@ -0,0 +1,17 @@
+#!/bin/sh
+set -e
+
+# first arg is `-f` or `--some-option`
+if [ "${1#-}" != "$1" ]; then
+	set -- haproxy "$@"
+fi
+
+if [ "$1" = 'haproxy' ]; then
+	shift # "haproxy"
+	# if the user wants "haproxy", let's add a couple useful flags
+	#   -W  -- "master-worker mode" (similar to the old "haproxy-systemd-wrapper"; allows for reload via "SIGUSR2")
+	#   -db -- disables background mode
+	set -- haproxy -W -db "$@"
+fi
+
+exec "$@"

3.2/haproxy.cfg

@@ -0,0 +1,102 @@
+#---------------------------------------------------------------------
+# Example configuration for a possible web application.  See the
+# full configuration options online.
+#
+#   https://www.haproxy.org/download/3.2/doc/configuration.txt
+#   https://cbonte.github.io/haproxy-dconv/3.2/configuration.html
+#
+#---------------------------------------------------------------------
+
+#---------------------------------------------------------------------
+# Global settings
+#---------------------------------------------------------------------
+global
+    # to have these messages end up in /var/log/haproxy.log you will
+    # need to:
+    #
+    # 1) configure syslog to accept network log events.  This is done
+    #    by adding the '-r' option to the SYSLOGD_OPTIONS in
+    #    /etc/sysconfig/syslog
+    #
+    # 2) configure local2 events to go to the /var/log/haproxy.log
+    #   file. A line like the following can be added to
+    #   /etc/sysconfig/syslog
+    #
+    #    local2.*                       /var/log/haproxy.log
+    #
+    log         127.0.0.1 local2
+
+    chroot      /var/lib/haproxy
+    pidfile     /var/run/haproxy.pid
+    maxconn     4000
+    user        haproxy
+    group       haproxy
+    # daemon
+
+    # turn on stats unix socket
+    stats socket /var/lib/haproxy/stats
+
+#---------------------------------------------------------------------
+# common defaults that all the 'listen' and 'backend' sections will
+# use if not designated in their block
+#---------------------------------------------------------------------
+defaults
+    mode                    http
+    log                     global
+    option                  httplog
+    option                  dontlognull
+    option http-server-close
+    option forwardfor       except 127.0.0.0/8
+    option                  redispatch
+    retries                 3
+    timeout http-request    10s
+    timeout queue           1m
+    timeout connect         10s
+    timeout client          1m
+    timeout server          1m
+    timeout http-keep-alive 10s
+    timeout check           10s
+    maxconn                 3000
+
+#---------------------------------------------------------------------
+# example how to define user and enable Data Plane API on tcp/5555
+# more information: https://github.com/haproxytech/dataplaneapi and
+#   https://www.haproxy.com/documentation/hapee/2-0r1/configuration/dataplaneapi/
+#---------------------------------------------------------------------
+# userlist haproxy-dataplaneapi
+#     user admin insecure-password mypassword
+#
+# program api
+#    command /usr/bin/dataplaneapi --host 0.0.0.0 --port 5555 --haproxy-bin /usr/sbin/haproxy --config-file /usr/local/etc/haproxy/haproxy.cfg --reload-cmd "kill -SIGUSR2 1" --restart-cmd "kill -SIGUSR2 1" --reload-delay 5 --userlist haproxy-dataplaneapi
+#    no option start-on-reload
+
+#---------------------------------------------------------------------
+# main frontend which proxys to the backends
+#---------------------------------------------------------------------
+frontend  main
+    bind *:80
+    # bind *:443 ssl # To be completed ....
+
+    acl url_static       path_beg       -i /static /images /javascript /stylesheets
+    acl url_static       path_end       -i .jpg .gif .png .css .js
+
+    use_backend static          if url_static
+    default_backend             app
+
+#---------------------------------------------------------------------
+# static backend for serving up images, stylesheets and such
+#---------------------------------------------------------------------
+backend static
+    balance     roundrobin
+    server      static1 127.0.0.1:4331 check
+    server      static2 127.0.0.1:4332 check
+
+#---------------------------------------------------------------------
+# round robin balancing between the various backends
+#---------------------------------------------------------------------
+backend app
+    balance     roundrobin
+    server  app1 127.0.0.1:5001 check
+    server  app2 127.0.0.1:5002 check
+    server  app3 127.0.0.1:5003 check
+    server  app4 127.0.0.1:5004 check