|
|
@@ -12,12 +12,12 @@ Since no two users of HAProxy are likely to configure it exactly alike, this ima
|
|
|
|
|
|
Please refer to [upstream's excellent (and comprehensive) documentation](https://cbonte.github.io/haproxy-dconv/) on the subject of configuring HAProxy for your needs.
|
|
|
|
|
|
-It is also worth checking out the [`examples/` directory from upstream](http://git.haproxy.org/?p=haproxy-1.8.git;a=tree;f=examples).
|
|
|
+It is also worth checking out the [`examples/` directory from upstream](http://git.haproxy.org/?p=haproxy-2.3.git;a=tree;f=examples).
|
|
|
|
|
|
## Create a `Dockerfile`
|
|
|
|
|
|
```dockerfile
|
|
|
-FROM %%IMAGE%%:1.7
|
|
|
+FROM %%IMAGE%%:2.3
|
|
|
COPY haproxy.cfg /usr/local/etc/haproxy/haproxy.cfg
|
|
|
```
|
|
|
|
|
|
@@ -36,15 +36,17 @@ $ docker run -it --rm --name haproxy-syntax-check my-haproxy haproxy -c -f /usr/
|
|
|
## Run the container
|
|
|
|
|
|
```console
|
|
|
-$ docker run -d --name my-running-haproxy my-haproxy
|
|
|
+$ docker run -d --name my-running-haproxy --sysctl net.ipv4.ip_unprivileged_port_start=0 my-haproxy
|
|
|
```
|
|
|
|
|
|
You may need to publish the ports your HAProxy is listening on to the host by specifying the -p option, for example -p 8080:80 to publish port 8080 from the container host to port 80 in the container. Make sure the port you're using is free.
|
|
|
|
|
|
+**Note:** the 2.4+ versions of the container will run as `USER haproxy` by default (hence the `--sysctl net.ipv4.ip_unprivileged_port_start=0` above), but older versions still default to `root` for compatibility reasons; use `--user haproxy` (or any other UID) if you want to run as non-root in older versions.
|
|
|
+
|
|
|
## Directly via bind mount
|
|
|
|
|
|
```console
|
|
|
-$ docker run -d --name my-running-haproxy -v /path/to/etc/haproxy:/usr/local/etc/haproxy:ro %%IMAGE%%:1.7
|
|
|
+$ docker run -d --name my-running-haproxy -v /path/to/etc/haproxy:/usr/local/etc/haproxy:ro --sysctl net.ipv4.ip_unprivileged_port_start=0 %%IMAGE%%:2.3
|
|
|
```
|
|
|
|
|
|
Note that your host's `/path/to/etc/haproxy` folder should be populated with a file named `haproxy.cfg`. If this configuration file refers to any other files within that folder then you should ensure that they also exist (e.g. template files such as `400.http`, `404.http`, and so forth). However, many minimal configurations do not require any supporting files.
|
|
|
@@ -57,4 +59,4 @@ If you used a bind mount for the config and have edited your `haproxy.cfg` file,
|
|
|
$ docker kill -s HUP my-running-haproxy
|
|
|
```
|
|
|
|
|
|
-The entrypoint script in the image checks for running the command `haproxy` and replaces it with `haproxy-systemd-wrapper` from HAProxy upstream which takes care of signal handling to do the graceful reload. Under the hood this uses the `-sf` option of `haproxy` so "there are two small windows of a few milliseconds each where it is possible that a few connection failures will be noticed during high loads" (see [Stopping and restarting HAProxy](http://www.haproxy.org/download/1.7/doc/management.txt)).
|
|
|
+The entrypoint script in the image checks for running the command `haproxy` and replaces it with `haproxy-systemd-wrapper` from HAProxy upstream which takes care of signal handling to do the graceful reload. Under the hood this uses the `-sf` option of `haproxy` so "there are two small windows of a few milliseconds each where it is possible that a few connection failures will be noticed during high loads" (see [Stopping and restarting HAProxy](http://www.haproxy.org/download/2.3/doc/management.txt)).
|
Tianon Gravi