Comments (4)
The haproxy image does support the "graceful restarts" (since #17), which is now documented in docker-library/docs#534. But as far as the transparent proxying, it seems that requires --net=host
and additional security privileges so I think we would be unlikely to add it to this image. @tombull's image seems like a great place to start though (:+1: that it is FROM haproxy
).
from haproxy.
Transparent proxying is possible in a docker container, but there are various security implications. I've built a docker container for HAProxy that supports transparent proxying that you might want to check out: docker hub and github
Note: it also does zero-downtime reloads... π
from haproxy.
Yeah, forgot to mention that it's based on this wonderful haproxy
container π
The 'graceful' reloads thing that haproxy does can drop a few packets in the time between when one process drops the socket and the next takes it up. It's probably not worth worrying about unless the service you're proxying has no error-recovery mechanisms or it's a mega-busy service. Because my container that does transparent proxying requires access to iptables (NET_ADMIN
capability) it can do a slightly more advanced reload based on the technique described here that guarantees not to drop any packets. Probably.
from haproxy.
Closing since this appears to be resolved. π
from haproxy.
Related Issues (20)
- The password of USER haproxy by defaultοΌ HOT 1
- I'm using this: HOT 2
- Release haproxy image with lua version >= 5.4.2 HOT 2
- High CPU usage with 2.6.3 (latest) docker image HOT 4
- Cannot open configuration file /usr/local/etc/haproxy/haproxy.cfg: No such file or directory HOT 6
- Memory exhaustion using haproxy image HOT 3
- OOM killed using haproxy image HOT 5
- core dumps not being stored HOT 7
- Use /var/run/docker.sock as backend server HOT 2
- Why build from source code? HOT 2
- [ALERT] (1) : [haproxy.main()] Cannot create pidfile /var/run/haproxy.pid HOT 2
- If you have a new enough kernel (`4.11`), then adding `--sysctl net.ipv4.ip_unprivileged_port_start=0` to the `docker run` should allow it to use "privileged" ports (https://github.com/moby/moby/issues/8460). HOT 1
- CVE-2023-25725 HOT 6
- How to deal with "Failed to drop supplementary groups"? HOT 2
- Vulnerable component detection issue HOT 3
- "ltime" converter does not reflect container timezone HOT 4
- Haproxy not reloading config in docker HOT 1
- Crtitical/high vulnerabilities in all haproxy:bullseye images HOT 3
- HAProxy crashing on start, thread 2 is about to kill the process. HOT 11
- Images contain `*-dev` packages that are used to build HAProxy but which are useless at runtime
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
π Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. πππ
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google β€οΈ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from haproxy.