update docker; rm haproxy
This commit is contained in:
seiry
parent
d4255a0404
commit
22ac9cd74d
15
Dockerfile
15
Dockerfile
|
|
@ -1,18 +1,19 @@
|
||||||
ARG DEBIAN_RELEASE=buster
|
ARG DEBIAN_RELEASE=bullseye
|
||||||
FROM docker.io/debian:$DEBIAN_RELEASE-slim
|
FROM docker.io/debian:$DEBIAN_RELEASE-slim
|
||||||
ARG DEBIAN_RELEASE
|
ARG DEBIAN_RELEASE
|
||||||
COPY pubkey.gpg entrypoint.sh /
|
COPY entrypoint.sh /
|
||||||
ENV DEBIAN_FRONTEND noninteractive
|
ENV DEBIAN_FRONTEND noninteractive
|
||||||
RUN true && \
|
RUN true && \
|
||||||
apt update && \
|
apt update && \
|
||||||
apt install -y gnupg ca-certificates libcap2-bin haproxy && \
|
apt install -y gnupg ca-certificates curl && \
|
||||||
apt-key add /pubkey.gpg && \
|
curl https://pkg.cloudflareclient.com/pubkey.gpg | gpg --yes --dearmor --output /usr/share/keyrings/cloudflare-warp-archive-keyring.gpg && \
|
||||||
echo "deb http://pkg.cloudflareclient.com/ $DEBIAN_RELEASE main" > /etc/apt/sources.list.d/cloudflare-client.list && \
|
echo "deb [arch=amd64 signed-by=/usr/share/keyrings/cloudflare-warp-archive-keyring.gpg] https://pkg.cloudflareclient.com/ $DEBIAN_RELEASE main" | tee /etc/apt/sources.list.d/cloudflare-client.list && \
|
||||||
apt update && \
|
apt update && \
|
||||||
apt install cloudflare-warp -y && \
|
apt install cloudflare-warp -y --no-install-recommends && \
|
||||||
|
apt remove -y curl ca-certificates && \
|
||||||
apt clean -y && \
|
apt clean -y && \
|
||||||
|
rm -rf /var/lib/apt/lists/* && \
|
||||||
chmod +x /entrypoint.sh
|
chmod +x /entrypoint.sh
|
||||||
COPY haproxy.cfg /etc/haproxy/haproxy.cfg
|
|
||||||
|
|
||||||
EXPOSE 40000/tcp
|
EXPOSE 40000/tcp
|
||||||
ENTRYPOINT [ "/entrypoint.sh" ]
|
ENTRYPOINT [ "/entrypoint.sh" ]
|
||||||
|
|
|
||||||
|
|
@ -6,9 +6,8 @@ while ! warp-cli --accept-tos register; do
|
||||||
>&2 echo "Awaiting warp-svc become online..."
|
>&2 echo "Awaiting warp-svc become online..."
|
||||||
done
|
done
|
||||||
warp-cli --accept-tos set-mode proxy
|
warp-cli --accept-tos set-mode proxy
|
||||||
warp-cli --accept-tos set-proxy-port 40001
|
warp-cli --accept-tos set-proxy-port 40000
|
||||||
warp-cli --accept-tos connect
|
warp-cli --accept-tos connect
|
||||||
warp-cli enable
|
|
||||||
haproxy -f /etc/haproxy/haproxy.cfg
|
haproxy -f /etc/haproxy/haproxy.cfg
|
||||||
) &
|
) &
|
||||||
|
|
||||||
|
|
|
||||||
40
haproxy.cfg
40
haproxy.cfg
|
|
@ -1,40 +0,0 @@
|
||||||
global
|
|
||||||
stats timeout 30s
|
|
||||||
daemon
|
|
||||||
|
|
||||||
# Default SSL material locations
|
|
||||||
ca-base /etc/ssl/certs
|
|
||||||
crt-base /etc/ssl/private
|
|
||||||
|
|
||||||
# Default ciphers to use on SSL-enabled listening sockets.
|
|
||||||
# For more information, see ciphers(1SSL). This list is from:
|
|
||||||
# https://hynek.me/articles/hardening-your-web-servers-ssl-ciphers/
|
|
||||||
# An alternative list with additional directives can be obtained from
|
|
||||||
# https://mozilla.github.io/server-side-tls/ssl-config-generator/?server=haproxy
|
|
||||||
ssl-default-bind-ciphers ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:RSA+AESGCM:RSA+AES:!aNULL:!MD5:!DSS
|
|
||||||
ssl-default-bind-options no-sslv3
|
|
||||||
|
|
||||||
defaults
|
|
||||||
log global
|
|
||||||
#option httplog
|
|
||||||
option dontlognull
|
|
||||||
timeout connect 5000
|
|
||||||
timeout client 0
|
|
||||||
timeout server 0
|
|
||||||
timeout tunnel 0
|
|
||||||
errorfile 400 /etc/haproxy/errors/400.http
|
|
||||||
errorfile 403 /etc/haproxy/errors/403.http
|
|
||||||
errorfile 408 /etc/haproxy/errors/408.http
|
|
||||||
errorfile 500 /etc/haproxy/errors/500.http
|
|
||||||
errorfile 502 /etc/haproxy/errors/502.http
|
|
||||||
errorfile 503 /etc/haproxy/errors/503.http
|
|
||||||
errorfile 504 /etc/haproxy/errors/504.http
|
|
||||||
|
|
||||||
frontend warp
|
|
||||||
mode tcp
|
|
||||||
bind :40000
|
|
||||||
use_backend warp
|
|
||||||
|
|
||||||
backend warp
|
|
||||||
server warp 127.0.0.1:40001
|
|
||||||
|
|
||||||
29
pubkey.gpg
29
pubkey.gpg
|
|
@ -1,29 +0,0 @@
|
||||||
-----BEGIN PGP PUBLIC KEY BLOCK-----
|
|
||||||
|
|
||||||
mQINBGC6fSgBEADcsLdt3UbcPFzge7+ukvBtvHpgMZ8y36LxNCfjClbZjioRGwg2
|
|
||||||
78mQdDSj1YBoQNVUtKV/6A1aFe9XJp5Hn40TM/CbI8RneKH9kUUyMqHWwjClAV8S
|
|
||||||
dVa7FxgTTapN23bYAnxb0Z0yGfZTdDhTBjLG5OcH/59SNhzY9r2ToR5VjHhMGPV0
|
|
||||||
qsQMfuknhSwbNCJLyQSEgh0vZKy4qdQOLCWEhZ0wccNQONXPcgIKw4nPCZubMI5P
|
|
||||||
SJEaEL4RPJiacOFdkkWq7NOeU81L5YdwTKghIiC0LAw37/5PTkbu8tCAt3gnkbag
|
|
||||||
UZQZW9FrKDuRQEJuBduFuMZBEtWTGqsAcOfrOT2pRahu953frHHhnv2/HohTGfM4
|
|
||||||
PA9agFZlFXYMyxZvZr5VVQF8DSiq8h9iVJsrpdDaXeFniR6S8UkDFEVMEIzu5Zbu
|
|
||||||
gTCe9ByZMnCz6L/KQrBf+v+FtEGxm82EBfxP1MWmh6hfRBhG4MsideUFfdxoazcl
|
|
||||||
erItXSsufMuzetItT+AL4KQKpo1wygOk2cqBeqk16imUp8LFH27NiYDi80AvmGw+
|
|
||||||
08k/UWAGuuZE+MqZhRGP4Xhc+IDJjiUj1qzj05Zg5kmbCZHwNujHMgTDIc41BkFU
|
|
||||||
vcPDtadMEVNtU+O5WSoulJhVa+lcxiwqYBf4gbefUXyWRaEpY41aFQ2ITQARAQAB
|
|
||||||
tDZDbG91ZGZsYXJlIFBhY2thZ2UgUmVwb3NpdG9yeSA8c3VwcG9ydEBjbG91ZGZs
|
|
||||||
YXJlLmNvbT6JAlgEEwEIAEIWIQRnWaAqqcyol4MXMWBECPYng1uKywUCYLp9KAIb
|
|
||||||
AwUJA8JnAAULCQgHAgMiAgEGFQoJCAsCBBYCAwECHgcCF4AACgkQRAj2J4NbissH
|
|
||||||
YRAAy50sq5fFhyzregc+FPz9NPbagr/IlKheaJqninrDORHMgm+4zKtZaKegjpJR
|
|
||||||
qh+jpvh2Lcfkgb/oXeg9SASvopt0jUfs+y6kfnYviFSySZrJGPFGCi5qliZOrFGm
|
|
||||||
0B4dP4hiYa1cdt3pyscTu9O+yZIMxpIgx06L9SGrn3sg6uEuCjoQHFYjPFSSdomm
|
|
||||||
iYGzPQQoI75gnkorctWy0E49DqipzAtpk7S9kS+pS/O9C+/YBcxs3iMVCbuB9mId
|
|
||||||
xB24LAvcBF1lZUWrtd6Y3xxNdgLx1JqSRREyqh0safgtko736HUBTjCjve3cJryO
|
|
||||||
3WGNmT+9+2YS3MbZMJw/HLaUaadByfZbe8ERRWGZBK85Iu4SDEJXtqyoAIgbaIrS
|
|
||||||
QiWKggmQvJ/JkO3gZbpJV7zG4wYYVZ+qDPV8N+PXsDbNQAXsQ2FLMKCJcDSHVWdV
|
|
||||||
xYc9aatqrei2kB+3u/1N4vzX02wL20yg5OQ2oPdceXOYqVG6BQlb/u6ivunhbxM+
|
|
||||||
Y5bRWb2aT/2Ry52djxqsj+08KaL/ybjshjWITyLCVJA19Cg2JtSqOpZ8z1ED5h8A
|
|
||||||
BS7vkeayWQ8osLCrVJaveAOvm94xf+ZptRCDrYbmzeyXWGS8qB33DRHEPGNzoGMJ
|
|
||||||
wtEpBPfxh46uL2knvuFefJtxdoTttBko+S1wYQ5LHdaFFmI=
|
|
||||||
=OiPd
|
|
||||||
-----END PGP PUBLIC KEY BLOCK-----
|
|
||||||
Loading…
Reference in New Issue