diff options
Diffstat (limited to 'aai-common-docker')
3 files changed, 12 insertions, 8 deletions
diff --git a/aai-common-docker/aai-haproxy-image/src/main/docker/Dockerfile b/aai-common-docker/aai-haproxy-image/src/main/docker/Dockerfile index 7bf9b20a..9e9d80c7 100644 --- a/aai-common-docker/aai-haproxy-image/src/main/docker/Dockerfile +++ b/aai-common-docker/aai-haproxy-image/src/main/docker/Dockerfile @@ -9,16 +9,22 @@ ENV https_proxy "" RUN apk add --no-cache \ ca-certificates \ curl \ - openssl + openssl \ + shadow \ + util-linux && \ + groupadd haproxy -g 1000 && \ + adduser -u 1000 -S -D -G haproxy -s /bin/bash haproxy && \ + chown -R haproxy:haproxy /usr/local/etc/haproxy RUN mkdir -p /etc/ssl/certs/ && mkdir -p /etc/ssl/private -COPY aai.pem /etc/ssl/private/aai.pem -COPY docker-entrypoint.sh /docker-entrypoint.sh -COPY resolvers.conf /usr/local/etc/haproxy/resolvers.conf -COPY haproxy.cfg /usr/local/etc/haproxy/haproxy.cfg +COPY --chown=haproxy aai.pem /etc/ssl/private/aai.pem +COPY --chown=haproxy docker-entrypoint.sh /docker-entrypoint.sh +COPY --chown=haproxy resolvers.conf /usr/local/etc/haproxy/resolvers.conf +COPY --chown=haproxy haproxy.cfg /usr/local/etc/haproxy/haproxy.cfg RUN chmod +x /docker-entrypoint.sh +USER haproxy ENTRYPOINT [ "/docker-entrypoint.sh" ] CMD [ "haproxy", "-f", "/usr/local/etc/haproxy/haproxy.cfg", "-f", "/usr/local/etc/haproxy/resolvers.conf" ] diff --git a/aai-common-docker/aai-haproxy-image/src/main/docker/docker-entrypoint.sh b/aai-common-docker/aai-haproxy-image/src/main/docker/docker-entrypoint.sh index 9095b3d1..a56eea95 100644 --- a/aai-common-docker/aai-haproxy-image/src/main/docker/docker-entrypoint.sh +++ b/aai-common-docker/aai-haproxy-image/src/main/docker/docker-entrypoint.sh @@ -16,7 +16,7 @@ sed -i 's/${ONAP_NAMESERVER_CLUSTER_IP}/'${NAMESERVER_IP}'/g' /usr/local/etc/hap if [ "$1" = 'haproxy' ]; then # if the user wants "haproxy", let's use "haproxy-systemd-wrapper" instead so we can have proper reloadability implemented by upstream shift # "haproxy" - set -- "$(which haproxy-systemd-wrapper)" -p /run/haproxy.pid "$@" + set -- "$(which haproxy-systemd-wrapper)" -p /usr/local/etc/haproxy/haproxy.pid "$@" fi exec "$@" diff --git a/aai-common-docker/aai-haproxy-image/src/main/docker/haproxy.cfg b/aai-common-docker/aai-haproxy-image/src/main/docker/haproxy.cfg index 8a4001e9..9f53e717 100644 --- a/aai-common-docker/aai-haproxy-image/src/main/docker/haproxy.cfg +++ b/aai-common-docker/aai-haproxy-image/src/main/docker/haproxy.cfg @@ -2,8 +2,6 @@ global log /dev/log local0 stats socket /usr/local/etc/haproxy/haproxy.socket mode 660 level admin stats timeout 30s - user root - group root daemon ################################# # Default SSL material locations# |