subject:"\"Docker Image update to OpenSSL 1.1.1d\""

Re: Docker Image update to OpenSSL 1.1.1d

2019-09-11 Thread Илья Шипицин

чт, 12 сент. 2019 г. в 01:01, Aleksandar Lazic :

> Hi.
>
> Am 11.09.2019 um 20:48 schrieb Илья Шипицин:
> > Hello,
> >
> > it was a surprize for me that official images are also available (I used
> to
> > think your images are only available)
> >
> > https://hub.docker.com/_/haproxy
> >
> > is there some documentation when your images should be used (instead of
> official) ?
>
> Well in the past there was no images with TLS 1.3 and LUA enabled and
> therefore
> I build my own, looks like this is nowadays not more the case so I think
> the
> official images are quite good.
>
> Thanks for the hint.
>
> The biggest difference between the official Images and my is that you can
> run my
> images also on OpenShift without adaption as I don't use any user or group
> change to a specific user which makes a a lot of troubles on OpenShift and
> the
> default binds are not on privileged ports.
>

it's interesting. it might worth to be ported to official images.


>
> The source for my image is on gitlab, that's also one reason why there is
> not a
> automatic build on docker hub as docker hub does not support gitlab for
> automatic builds.
>
> https://gitlab.com/aleks001/haproxy20-centos/blob/master/Dockerfile
>
> Best regards
> Aleks
>
> > ср, 11 сент. 2019 г. в 22:58, Aleksandar Lazic  > >:
> >
> > Hi.
> >
> > I have updated the image to the latest OpenSSL version 1.1.1d
> >
> > https://hub.docker.com/r/me2digital/haproxy20-centos
> >
> > ```
> > $ docker run --rm --entrypoint /usr/local/sbin/haproxy
> > [MASKED]/haproxy20-centos -vv
> > HA-Proxy version 2.0.5 2019/08/16 - https://haproxy.org/
> > Build options :
> >   TARGET  = linux-glibc
> >   CPU = generic
> >   CC  = gcc
> >   CFLAGS  = -O2 -g -fno-strict-aliasing
> -Wdeclaration-after-statement -fwrapv
> > -Wno-unused-label -Wno-sign-compare -Wno-unused-parameter
> > -Wno-old-style-declaration -Wno-ignored-qualifiers -Wno-clobbered
> > -Wno-missing-field-initializers -Wtype-limits
> >   OPTIONS = USE_PCRE=1 USE_PCRE_JIT=1 USE_PTHREAD_PSHARED=1
> USE_REGPARM=1
> > USE_OPENSSL=1 USE_LUA=1 USE_SLZ=1
> >
> > Feature list : +EPOLL -KQUEUE -MY_EPOLL -MY_SPLICE +NETFILTER +PCRE
> +PCRE_JIT
> > -PCRE2 -PCRE2_JIT +POLL -PRIVATE_CACHE +THREAD +PTHREAD_PSHARED
> +REGPARM
> > -STATIC_PCRE -STATIC_PCRE2 +TPROXY +LINUX_TPROXY +LINUX_SPLICE
> +LIBCRYPT
> > +CRYPT_H -VSYSCALL +GETADDRINFO +OPENSSL +LUA +FUTEX +ACCEPT4
> -MY_ACCEPT4 -ZLIB
> > +SLZ +CPU_AFFINITY +TFO +NS +DL +RT -DEVICEATLAS -51DEGREES -WURFL
> -SYSTEMD
> > -OBSOLETE_LINKER +PRCTL +THREAD_DUMP -EVPORTS
> >
> > Default settings :
> >   bufsize = 16384, maxrewrite = 1024, maxpollevents = 200
> >
> > Built with multi-threading support (MAX_THREADS=64, default=1).
> > Built with OpenSSL version : OpenSSL 1.1.1d  10 Sep 2019
> > Running on OpenSSL version : OpenSSL 1.1.1d  10 Sep 2019
> > OpenSSL library supports TLS extensions : yes
> > OpenSSL library supports SNI : yes
> > OpenSSL library supports : TLSv1.0 TLSv1.1 TLSv1.2 TLSv1.3
> > Built with Lua version : Lua 5.3.5
> > Built with network namespace support.
> > Built with transparent proxy support using: IP_TRANSPARENT
> IPV6_TRANSPARENT
> > IP_FREEBIND
> > Built with libslz for stateless compression.
> > Compression algorithms supported : identity("identity"),
> deflate("deflate"),
> > raw-deflate("deflate"), gzip("gzip")
> > Built with PCRE version : 8.32 2012-11-30
> > Running on PCRE version : 8.32 2012-11-30
> > PCRE library supports JIT : yes
> > Encrypted password support via crypt(3): yes
> > Built with the Prometheus exporter as a service
> >
> > Available polling systems :
> >   epoll : pref=300,  test result OK
> >poll : pref=200,  test result OK
> >  select : pref=150,  test result OK
> > Total: 3 (3 usable), will use epoll.
> >
> > Available multiplexer protocols :
> > (protocols marked as  cannot be specified using 'proto'
> keyword)
> >   h2 : mode=HTXside=FE|BE mux=H2
> >   h2 : mode=HTTP   side=FEmux=H2
> > : mode=HTXside=FE|BE mux=H1
> > : mode=TCP|HTTP   side=FE|BE mux=PASS
> >
> > Available services :
> > prometheus-exporter
> >
> > Available filters :
> > [SPOE] spoe
> > [COMP] compression
> > [CACHE] cache
> > [TRACE] trace
> > ```
> >
> > Regards
> > Aleks
> >
>
>

Re: Docker Image update to OpenSSL 1.1.1d

2019-09-11 Thread Aleksandar Lazic

Hi.

Am 11.09.2019 um 20:48 schrieb Илья Шипицин:
> Hello,
> 
> it was a surprize for me that official images are also available (I used to
> think your images are only available)
> 
> https://hub.docker.com/_/haproxy
> 
> is there some documentation when your images should be used (instead of 
> official) ?

Well in the past there was no images with TLS 1.3 and LUA enabled and therefore
I build my own, looks like this is nowadays not more the case so I think the
official images are quite good.

Thanks for the hint.

The biggest difference between the official Images and my is that you can run my
images also on OpenShift without adaption as I don't use any user or group
change to a specific user which makes a a lot of troubles on OpenShift and the
default binds are not on privileged ports.

The source for my image is on gitlab, that's also one reason why there is not a
automatic build on docker hub as docker hub does not support gitlab for
automatic builds.

https://gitlab.com/aleks001/haproxy20-centos/blob/master/Dockerfile

Best regards
Aleks

> ср, 11 сент. 2019 г. в 22:58, Aleksandar Lazic  >:
> 
> Hi.
> 
> I have updated the image to the latest OpenSSL version 1.1.1d
> 
> https://hub.docker.com/r/me2digital/haproxy20-centos
> 
> ```
> $ docker run --rm --entrypoint /usr/local/sbin/haproxy
> [MASKED]/haproxy20-centos -vv
> HA-Proxy version 2.0.5 2019/08/16 - https://haproxy.org/
> Build options :
>   TARGET  = linux-glibc
>   CPU     = generic
>   CC      = gcc
>   CFLAGS  = -O2 -g -fno-strict-aliasing -Wdeclaration-after-statement 
> -fwrapv
> -Wno-unused-label -Wno-sign-compare -Wno-unused-parameter
> -Wno-old-style-declaration -Wno-ignored-qualifiers -Wno-clobbered
> -Wno-missing-field-initializers -Wtype-limits
>   OPTIONS = USE_PCRE=1 USE_PCRE_JIT=1 USE_PTHREAD_PSHARED=1 USE_REGPARM=1
> USE_OPENSSL=1 USE_LUA=1 USE_SLZ=1
> 
> Feature list : +EPOLL -KQUEUE -MY_EPOLL -MY_SPLICE +NETFILTER +PCRE 
> +PCRE_JIT
> -PCRE2 -PCRE2_JIT +POLL -PRIVATE_CACHE +THREAD +PTHREAD_PSHARED +REGPARM
> -STATIC_PCRE -STATIC_PCRE2 +TPROXY +LINUX_TPROXY +LINUX_SPLICE +LIBCRYPT
> +CRYPT_H -VSYSCALL +GETADDRINFO +OPENSSL +LUA +FUTEX +ACCEPT4 -MY_ACCEPT4 
> -ZLIB
> +SLZ +CPU_AFFINITY +TFO +NS +DL +RT -DEVICEATLAS -51DEGREES -WURFL 
> -SYSTEMD
> -OBSOLETE_LINKER +PRCTL +THREAD_DUMP -EVPORTS
> 
> Default settings :
>   bufsize = 16384, maxrewrite = 1024, maxpollevents = 200
> 
> Built with multi-threading support (MAX_THREADS=64, default=1).
> Built with OpenSSL version : OpenSSL 1.1.1d  10 Sep 2019
> Running on OpenSSL version : OpenSSL 1.1.1d  10 Sep 2019
> OpenSSL library supports TLS extensions : yes
> OpenSSL library supports SNI : yes
> OpenSSL library supports : TLSv1.0 TLSv1.1 TLSv1.2 TLSv1.3
> Built with Lua version : Lua 5.3.5
> Built with network namespace support.
> Built with transparent proxy support using: IP_TRANSPARENT 
> IPV6_TRANSPARENT
> IP_FREEBIND
> Built with libslz for stateless compression.
> Compression algorithms supported : identity("identity"), 
> deflate("deflate"),
> raw-deflate("deflate"), gzip("gzip")
> Built with PCRE version : 8.32 2012-11-30
> Running on PCRE version : 8.32 2012-11-30
> PCRE library supports JIT : yes
> Encrypted password support via crypt(3): yes
> Built with the Prometheus exporter as a service
> 
> Available polling systems :
>       epoll : pref=300,  test result OK
>        poll : pref=200,  test result OK
>      select : pref=150,  test result OK
> Total: 3 (3 usable), will use epoll.
> 
> Available multiplexer protocols :
> (protocols marked as  cannot be specified using 'proto' keyword)
>               h2 : mode=HTX        side=FE|BE     mux=H2
>               h2 : mode=HTTP       side=FE        mux=H2
>         : mode=HTX        side=FE|BE     mux=H1
>         : mode=TCP|HTTP   side=FE|BE     mux=PASS
> 
> Available services :
>         prometheus-exporter
> 
> Available filters :
>         [SPOE] spoe
>         [COMP] compression
>         [CACHE] cache
>         [TRACE] trace
> ```
> 
> Regards
> Aleks
>

Re: Docker Image update to OpenSSL 1.1.1d

2019-09-11 Thread Илья Шипицин

oops.


I did have a look at https://hub.docker.com/search?q=haproxytech&type=image
(built from https://github.com/haproxytech )


so... there are many many many docker images.
when should I use either of these images?

ср, 11 сент. 2019 г. в 23:48, Илья Шипицин :

> Hello,
>
> it was a surprize for me that official images are also available (I used
> to think your images are only available)
>
> https://hub.docker.com/_/haproxy
>
> is there some documentation when your images should be used (instead of
> official) ?
>
> ср, 11 сент. 2019 г. в 22:58, Aleksandar Lazic :
>
>> Hi.
>>
>> I have updated the image to the latest OpenSSL version 1.1.1d
>>
>> https://hub.docker.com/r/me2digital/haproxy20-centos
>>
>> ```
>> $ docker run --rm --entrypoint /usr/local/sbin/haproxy
>> [MASKED]/haproxy20-centos -vv
>> HA-Proxy version 2.0.5 2019/08/16 - https://haproxy.org/
>> Build options :
>>   TARGET  = linux-glibc
>>   CPU = generic
>>   CC  = gcc
>>   CFLAGS  = -O2 -g -fno-strict-aliasing -Wdeclaration-after-statement
>> -fwrapv
>> -Wno-unused-label -Wno-sign-compare -Wno-unused-parameter
>> -Wno-old-style-declaration -Wno-ignored-qualifiers -Wno-clobbered
>> -Wno-missing-field-initializers -Wtype-limits
>>   OPTIONS = USE_PCRE=1 USE_PCRE_JIT=1 USE_PTHREAD_PSHARED=1 USE_REGPARM=1
>> USE_OPENSSL=1 USE_LUA=1 USE_SLZ=1
>>
>> Feature list : +EPOLL -KQUEUE -MY_EPOLL -MY_SPLICE +NETFILTER +PCRE
>> +PCRE_JIT
>> -PCRE2 -PCRE2_JIT +POLL -PRIVATE_CACHE +THREAD +PTHREAD_PSHARED +REGPARM
>> -STATIC_PCRE -STATIC_PCRE2 +TPROXY +LINUX_TPROXY +LINUX_SPLICE +LIBCRYPT
>> +CRYPT_H -VSYSCALL +GETADDRINFO +OPENSSL +LUA +FUTEX +ACCEPT4 -MY_ACCEPT4
>> -ZLIB
>> +SLZ +CPU_AFFINITY +TFO +NS +DL +RT -DEVICEATLAS -51DEGREES -WURFL
>> -SYSTEMD
>> -OBSOLETE_LINKER +PRCTL +THREAD_DUMP -EVPORTS
>>
>> Default settings :
>>   bufsize = 16384, maxrewrite = 1024, maxpollevents = 200
>>
>> Built with multi-threading support (MAX_THREADS=64, default=1).
>> Built with OpenSSL version : OpenSSL 1.1.1d  10 Sep 2019
>> Running on OpenSSL version : OpenSSL 1.1.1d  10 Sep 2019
>> OpenSSL library supports TLS extensions : yes
>> OpenSSL library supports SNI : yes
>> OpenSSL library supports : TLSv1.0 TLSv1.1 TLSv1.2 TLSv1.3
>> Built with Lua version : Lua 5.3.5
>> Built with network namespace support.
>> Built with transparent proxy support using: IP_TRANSPARENT
>> IPV6_TRANSPARENT
>> IP_FREEBIND
>> Built with libslz for stateless compression.
>> Compression algorithms supported : identity("identity"),
>> deflate("deflate"),
>> raw-deflate("deflate"), gzip("gzip")
>> Built with PCRE version : 8.32 2012-11-30
>> Running on PCRE version : 8.32 2012-11-30
>> PCRE library supports JIT : yes
>> Encrypted password support via crypt(3): yes
>> Built with the Prometheus exporter as a service
>>
>> Available polling systems :
>>   epoll : pref=300,  test result OK
>>poll : pref=200,  test result OK
>>  select : pref=150,  test result OK
>> Total: 3 (3 usable), will use epoll.
>>
>> Available multiplexer protocols :
>> (protocols marked as  cannot be specified using 'proto' keyword)
>>   h2 : mode=HTXside=FE|BE mux=H2
>>   h2 : mode=HTTP   side=FEmux=H2
>> : mode=HTXside=FE|BE mux=H1
>> : mode=TCP|HTTP   side=FE|BE mux=PASS
>>
>> Available services :
>> prometheus-exporter
>>
>> Available filters :
>> [SPOE] spoe
>> [COMP] compression
>> [CACHE] cache
>> [TRACE] trace
>> ```
>>
>> Regards
>> Aleks
>>
>>

Re: Docker Image update to OpenSSL 1.1.1d

2019-09-11 Thread Илья Шипицин

Hello,

it was a surprize for me that official images are also available (I used to
think your images are only available)

https://hub.docker.com/_/haproxy

is there some documentation when your images should be used (instead of
official) ?

ср, 11 сент. 2019 г. в 22:58, Aleksandar Lazic :

> Hi.
>
> I have updated the image to the latest OpenSSL version 1.1.1d
>
> https://hub.docker.com/r/me2digital/haproxy20-centos
>
> ```
> $ docker run --rm --entrypoint /usr/local/sbin/haproxy
> [MASKED]/haproxy20-centos -vv
> HA-Proxy version 2.0.5 2019/08/16 - https://haproxy.org/
> Build options :
>   TARGET  = linux-glibc
>   CPU = generic
>   CC  = gcc
>   CFLAGS  = -O2 -g -fno-strict-aliasing -Wdeclaration-after-statement
> -fwrapv
> -Wno-unused-label -Wno-sign-compare -Wno-unused-parameter
> -Wno-old-style-declaration -Wno-ignored-qualifiers -Wno-clobbered
> -Wno-missing-field-initializers -Wtype-limits
>   OPTIONS = USE_PCRE=1 USE_PCRE_JIT=1 USE_PTHREAD_PSHARED=1 USE_REGPARM=1
> USE_OPENSSL=1 USE_LUA=1 USE_SLZ=1
>
> Feature list : +EPOLL -KQUEUE -MY_EPOLL -MY_SPLICE +NETFILTER +PCRE
> +PCRE_JIT
> -PCRE2 -PCRE2_JIT +POLL -PRIVATE_CACHE +THREAD +PTHREAD_PSHARED +REGPARM
> -STATIC_PCRE -STATIC_PCRE2 +TPROXY +LINUX_TPROXY +LINUX_SPLICE +LIBCRYPT
> +CRYPT_H -VSYSCALL +GETADDRINFO +OPENSSL +LUA +FUTEX +ACCEPT4 -MY_ACCEPT4
> -ZLIB
> +SLZ +CPU_AFFINITY +TFO +NS +DL +RT -DEVICEATLAS -51DEGREES -WURFL -SYSTEMD
> -OBSOLETE_LINKER +PRCTL +THREAD_DUMP -EVPORTS
>
> Default settings :
>   bufsize = 16384, maxrewrite = 1024, maxpollevents = 200
>
> Built with multi-threading support (MAX_THREADS=64, default=1).
> Built with OpenSSL version : OpenSSL 1.1.1d  10 Sep 2019
> Running on OpenSSL version : OpenSSL 1.1.1d  10 Sep 2019
> OpenSSL library supports TLS extensions : yes
> OpenSSL library supports SNI : yes
> OpenSSL library supports : TLSv1.0 TLSv1.1 TLSv1.2 TLSv1.3
> Built with Lua version : Lua 5.3.5
> Built with network namespace support.
> Built with transparent proxy support using: IP_TRANSPARENT IPV6_TRANSPARENT
> IP_FREEBIND
> Built with libslz for stateless compression.
> Compression algorithms supported : identity("identity"),
> deflate("deflate"),
> raw-deflate("deflate"), gzip("gzip")
> Built with PCRE version : 8.32 2012-11-30
> Running on PCRE version : 8.32 2012-11-30
> PCRE library supports JIT : yes
> Encrypted password support via crypt(3): yes
> Built with the Prometheus exporter as a service
>
> Available polling systems :
>   epoll : pref=300,  test result OK
>poll : pref=200,  test result OK
>  select : pref=150,  test result OK
> Total: 3 (3 usable), will use epoll.
>
> Available multiplexer protocols :
> (protocols marked as  cannot be specified using 'proto' keyword)
>   h2 : mode=HTXside=FE|BE mux=H2
>   h2 : mode=HTTP   side=FEmux=H2
> : mode=HTXside=FE|BE mux=H1
> : mode=TCP|HTTP   side=FE|BE mux=PASS
>
> Available services :
> prometheus-exporter
>
> Available filters :
> [SPOE] spoe
> [COMP] compression
> [CACHE] cache
> [TRACE] trace
> ```
>
> Regards
> Aleks
>
>

Docker Image update to OpenSSL 1.1.1d

2019-09-11 Thread Aleksandar Lazic

Hi.

I have updated the image to the latest OpenSSL version 1.1.1d

https://hub.docker.com/r/me2digital/haproxy20-centos

```
$ docker run --rm --entrypoint /usr/local/sbin/haproxy 
[MASKED]/haproxy20-centos -vv
HA-Proxy version 2.0.5 2019/08/16 - https://haproxy.org/
Build options :
  TARGET  = linux-glibc
  CPU = generic
  CC  = gcc
  CFLAGS  = -O2 -g -fno-strict-aliasing -Wdeclaration-after-statement -fwrapv
-Wno-unused-label -Wno-sign-compare -Wno-unused-parameter
-Wno-old-style-declaration -Wno-ignored-qualifiers -Wno-clobbered
-Wno-missing-field-initializers -Wtype-limits
  OPTIONS = USE_PCRE=1 USE_PCRE_JIT=1 USE_PTHREAD_PSHARED=1 USE_REGPARM=1
USE_OPENSSL=1 USE_LUA=1 USE_SLZ=1

Feature list : +EPOLL -KQUEUE -MY_EPOLL -MY_SPLICE +NETFILTER +PCRE +PCRE_JIT
-PCRE2 -PCRE2_JIT +POLL -PRIVATE_CACHE +THREAD +PTHREAD_PSHARED +REGPARM
-STATIC_PCRE -STATIC_PCRE2 +TPROXY +LINUX_TPROXY +LINUX_SPLICE +LIBCRYPT
+CRYPT_H -VSYSCALL +GETADDRINFO +OPENSSL +LUA +FUTEX +ACCEPT4 -MY_ACCEPT4 -ZLIB
+SLZ +CPU_AFFINITY +TFO +NS +DL +RT -DEVICEATLAS -51DEGREES -WURFL -SYSTEMD
-OBSOLETE_LINKER +PRCTL +THREAD_DUMP -EVPORTS

Default settings :
  bufsize = 16384, maxrewrite = 1024, maxpollevents = 200

Built with multi-threading support (MAX_THREADS=64, default=1).
Built with OpenSSL version : OpenSSL 1.1.1d  10 Sep 2019
Running on OpenSSL version : OpenSSL 1.1.1d  10 Sep 2019
OpenSSL library supports TLS extensions : yes
OpenSSL library supports SNI : yes
OpenSSL library supports : TLSv1.0 TLSv1.1 TLSv1.2 TLSv1.3
Built with Lua version : Lua 5.3.5
Built with network namespace support.
Built with transparent proxy support using: IP_TRANSPARENT IPV6_TRANSPARENT
IP_FREEBIND
Built with libslz for stateless compression.
Compression algorithms supported : identity("identity"), deflate("deflate"),
raw-deflate("deflate"), gzip("gzip")
Built with PCRE version : 8.32 2012-11-30
Running on PCRE version : 8.32 2012-11-30
PCRE library supports JIT : yes
Encrypted password support via crypt(3): yes
Built with the Prometheus exporter as a service

Available polling systems :
  epoll : pref=300,  test result OK
   poll : pref=200,  test result OK
 select : pref=150,  test result OK
Total: 3 (3 usable), will use epoll.

Available multiplexer protocols :
(protocols marked as  cannot be specified using 'proto' keyword)
  h2 : mode=HTXside=FE|BE mux=H2
  h2 : mode=HTTP   side=FEmux=H2
: mode=HTXside=FE|BE mux=H1
: mode=TCP|HTTP   side=FE|BE mux=PASS

Available services :
prometheus-exporter

Available filters :
[SPOE] spoe
[COMP] compression
[CACHE] cache
[TRACE] trace
```

Regards
Aleks

Re: Docker Image update to OpenSSL 1.1.1d

Re: Docker Image update to OpenSSL 1.1.1d

Re: Docker Image update to OpenSSL 1.1.1d

Re: Docker Image update to OpenSSL 1.1.1d

Docker Image update to OpenSSL 1.1.1d

5 matches

Site Navigation

Mail list logo

Footer information