summaryrefslogtreecommitdiffstats
path: root/aai-common-docker
diff options
context:
space:
mode:
Diffstat (limited to 'aai-common-docker')
-rw-r--r--aai-common-docker/aai-haproxy-image/src/main/docker/Dockerfile16
-rw-r--r--aai-common-docker/aai-haproxy-image/src/main/docker/docker-entrypoint.sh2
-rw-r--r--aai-common-docker/aai-haproxy-image/src/main/docker/haproxy.cfg2
3 files changed, 12 insertions, 8 deletions
diff --git a/aai-common-docker/aai-haproxy-image/src/main/docker/Dockerfile b/aai-common-docker/aai-haproxy-image/src/main/docker/Dockerfile
index 7bf9b20a..9e9d80c7 100644
--- a/aai-common-docker/aai-haproxy-image/src/main/docker/Dockerfile
+++ b/aai-common-docker/aai-haproxy-image/src/main/docker/Dockerfile
@@ -9,16 +9,22 @@ ENV https_proxy ""
RUN apk add --no-cache \
ca-certificates \
curl \
- openssl
+ openssl \
+ shadow \
+ util-linux && \
+ groupadd haproxy -g 1000 && \
+ adduser -u 1000 -S -D -G haproxy -s /bin/bash haproxy && \
+ chown -R haproxy:haproxy /usr/local/etc/haproxy
RUN mkdir -p /etc/ssl/certs/ && mkdir -p /etc/ssl/private
-COPY aai.pem /etc/ssl/private/aai.pem
-COPY docker-entrypoint.sh /docker-entrypoint.sh
-COPY resolvers.conf /usr/local/etc/haproxy/resolvers.conf
-COPY haproxy.cfg /usr/local/etc/haproxy/haproxy.cfg
+COPY --chown=haproxy aai.pem /etc/ssl/private/aai.pem
+COPY --chown=haproxy docker-entrypoint.sh /docker-entrypoint.sh
+COPY --chown=haproxy resolvers.conf /usr/local/etc/haproxy/resolvers.conf
+COPY --chown=haproxy haproxy.cfg /usr/local/etc/haproxy/haproxy.cfg
RUN chmod +x /docker-entrypoint.sh
+USER haproxy
ENTRYPOINT [ "/docker-entrypoint.sh" ]
CMD [ "haproxy", "-f", "/usr/local/etc/haproxy/haproxy.cfg", "-f", "/usr/local/etc/haproxy/resolvers.conf" ]
diff --git a/aai-common-docker/aai-haproxy-image/src/main/docker/docker-entrypoint.sh b/aai-common-docker/aai-haproxy-image/src/main/docker/docker-entrypoint.sh
index 9095b3d1..a56eea95 100644
--- a/aai-common-docker/aai-haproxy-image/src/main/docker/docker-entrypoint.sh
+++ b/aai-common-docker/aai-haproxy-image/src/main/docker/docker-entrypoint.sh
@@ -16,7 +16,7 @@ sed -i 's/${ONAP_NAMESERVER_CLUSTER_IP}/'${NAMESERVER_IP}'/g' /usr/local/etc/hap
if [ "$1" = 'haproxy' ]; then
# if the user wants "haproxy", let's use "haproxy-systemd-wrapper" instead so we can have proper reloadability implemented by upstream
shift # "haproxy"
- set -- "$(which haproxy-systemd-wrapper)" -p /run/haproxy.pid "$@"
+ set -- "$(which haproxy-systemd-wrapper)" -p /usr/local/etc/haproxy/haproxy.pid "$@"
fi
exec "$@"
diff --git a/aai-common-docker/aai-haproxy-image/src/main/docker/haproxy.cfg b/aai-common-docker/aai-haproxy-image/src/main/docker/haproxy.cfg
index 8a4001e9..9f53e717 100644
--- a/aai-common-docker/aai-haproxy-image/src/main/docker/haproxy.cfg
+++ b/aai-common-docker/aai-haproxy-image/src/main/docker/haproxy.cfg
@@ -2,8 +2,6 @@ global
log /dev/log local0
stats socket /usr/local/etc/haproxy/haproxy.socket mode 660 level admin
stats timeout 30s
- user root
- group root
daemon
#################################
# Default SSL material locations#