Change build image to Debian Buster as reasonable glibc base (2.28)
Update README with note on that matter
This commit is contained in:
parent
4ba5d1ac21
commit
cfa0866972
16
.editorconfig
Normal file
16
.editorconfig
Normal file
@ -0,0 +1,16 @@
|
|||||||
|
[*]
|
||||||
|
charset = utf-8
|
||||||
|
end_of_line = lf
|
||||||
|
indent_size = 4
|
||||||
|
indent_style = space
|
||||||
|
insert_final_newline = true
|
||||||
|
max_line_length = 120
|
||||||
|
tab_width = 4
|
||||||
|
trim_trailing_whitespace = true
|
||||||
|
|
||||||
|
[*.{md, yaml, yml}]
|
||||||
|
indent_size = 2
|
||||||
|
tab_width = 2
|
||||||
|
|
||||||
|
[*.md]
|
||||||
|
max_line_length = 80
|
@ -8,7 +8,7 @@ variables:
|
|||||||
GIT_DEPTH: "1"
|
GIT_DEPTH: "1"
|
||||||
|
|
||||||
.build-job: &build-job
|
.build-job: &build-job
|
||||||
image: docker.io/library/debian:bullseye
|
image: docker.io/library/debian:buster
|
||||||
needs: [ ]
|
needs: [ ]
|
||||||
before_script:
|
before_script:
|
||||||
- apt -qq update
|
- apt -qq update
|
||||||
|
63
README.md
63
README.md
@ -6,7 +6,8 @@ Build scripts for HAProxy with QUIC
|
|||||||
|
|
||||||
## Quickstart
|
## Quickstart
|
||||||
|
|
||||||
**NOTE FOR QUIC:** docker and docker-compose require explicit UDP protocol port mapping, otherwise they assume only-TCP. See below.
|
**NOTE FOR QUIC:** docker and docker-compose require explicit UDP protocol port
|
||||||
|
mapping, otherwise they assume only-TCP. See below.
|
||||||
|
|
||||||
```shell
|
```shell
|
||||||
docker run -it \
|
docker run -it \
|
||||||
@ -17,24 +18,28 @@ docker run -it \
|
|||||||
registry.gitlab.com/mangadex-pub/haproxy:2.6-bullseye
|
registry.gitlab.com/mangadex-pub/haproxy:2.6-bullseye
|
||||||
```
|
```
|
||||||
|
|
||||||
Here's a sample configuration (requires you to figure out the certificate) to test HTTP/3.0 support. The first connection should be over HTTP/1.1 or HTTP/2, and
|
Here's a sample configuration (requires you to figure out the certificate) to
|
||||||
|
test HTTP/3.0 support. The first connection should be over HTTP/1.1 or HTTP/2,
|
||||||
|
and
|
||||||
after a few refreshes it should be over HTTP/3.
|
after a few refreshes it should be over HTTP/3.
|
||||||
|
|
||||||
See [Announcing HAProxy 2.6](https://www.haproxy.com/blog/announcing-haproxy-2-6/) for more info.
|
See [Announcing HAProxy 2.6](https://www.haproxy.com/blog/announcing-haproxy-2-6/)
|
||||||
|
for more info.
|
||||||
|
|
||||||
```haproxy
|
```haproxy
|
||||||
...
|
...
|
||||||
frontend https
|
frontend https
|
||||||
bind :443 ssl crt /usr/local/etc/haproxy/cert.pem alpn h2,http/1.1
|
bind :443 ssl crt /usr/local/etc/haproxy/cert.pem alpn h2,http/1.1
|
||||||
bind quic4@:443 ssl crt /usr/local/etc/haproxy/cert.pem alpn h3
|
bind quic4@:443 ssl crt /usr/local/etc/haproxy/cert.pem alpn h3
|
||||||
|
|
||||||
http-after-response set-header alt-svc 'h3=":443"; ma=86400'
|
http-after-response set-header alt-svc 'h3=":443"; ma=86400'
|
||||||
http-request return status 200 content-type text/plain lf-string "Connected via %HV"
|
http-request return status 200 content-type text/plain lf-string "Connected via %HV"
|
||||||
```
|
```
|
||||||
|
|
||||||
## Build it
|
## Build it
|
||||||
|
|
||||||
You will need the following dependencies (Debian/Ubuntu packages given as example):
|
You will need the following dependencies (Debian/Ubuntu packages given as
|
||||||
|
example):
|
||||||
|
|
||||||
- Development tools (`build-essential`)
|
- Development tools (`build-essential`)
|
||||||
- curl and ssl support for it (`curl` and `ca-certificates`)
|
- curl and ssl support for it (`curl` and `ca-certificates`)
|
||||||
@ -45,14 +50,44 @@ You will need the following dependencies (Debian/Ubuntu packages given as exampl
|
|||||||
|
|
||||||
Then just run `make` and the build should pass.
|
Then just run `make` and the build should pass.
|
||||||
|
|
||||||
First, `deps/quictls/quictls-dist.tar.gz` should be expanded so it matches the host's
|
First, `deps/quictls/quictls-dist.tar.gz` should be expanded so it matches the
|
||||||
|
host's
|
||||||
`/opt/quictls` when expanding, as it is where HAProxy will look for OpenSSL.
|
`/opt/quictls` when expanding, as it is where HAProxy will look for OpenSSL.
|
||||||
|
|
||||||
And finally `haproxy/haproxy-dist.tar.gz` can be expanded anywhere.
|
And finally `haproxy/haproxy-dist.tar.gz` can be expanded anywhere.
|
||||||
|
|
||||||
|
## Compatibility of binaries
|
||||||
|
|
||||||
|
You may acquire binaries for non-docker usage in 2 ways:
|
||||||
|
|
||||||
|
- We distribute binary tarballs for this repo in
|
||||||
|
the [project's packages](https://gitlab.com/mangadex-pub/haproxy/-/packages)
|
||||||
|
- You can build it locally, which results in `deps/quictls/quictls-dist.tar.gz`
|
||||||
|
and `haproxy/haproxy-dist.tar.gz`
|
||||||
|
|
||||||
|
Please note that neither QuicTLS/OpenSSL nor HAProxy are fully statically
|
||||||
|
compiled. They are still linking to glibc. You see that
|
||||||
|
with `readelf -d /path/to/binary`.
|
||||||
|
|
||||||
|
As a result, you may be unable to run a binary linked using a more recent glibc.
|
||||||
|
|
||||||
|
Our CI uses the most recent Debian Buster image for compilation. You can find
|
||||||
|
out the exact libc version this links against with `ldd --version` like so:
|
||||||
|
|
||||||
|
```shell
|
||||||
|
$ docker run -it debian:buster ldd --version | head -n1
|
||||||
|
ldd (Debian GLIBC 2.28-10+deb10u1) 2.28
|
||||||
|
```
|
||||||
|
|
||||||
|
Particular care should thus be put in what host you use for compilation.
|
||||||
|
|
||||||
|
Similarly, if you generally enjoy running abandonware you will not be able to
|
||||||
|
use any of our non-docker artifacts.
|
||||||
|
|
||||||
## Should I use this repo?
|
## Should I use this repo?
|
||||||
|
|
||||||
This is an:
|
This is an:
|
||||||
|
|
||||||
- unofficial build of HAProxy
|
- unofficial build of HAProxy
|
||||||
- which enables an experimental feature of HAProxy
|
- which enables an experimental feature of HAProxy
|
||||||
- which relies on an unofficial build of OpenSSL
|
- which relies on an unofficial build of OpenSSL
|
||||||
@ -60,14 +95,24 @@ This is an:
|
|||||||
|
|
||||||
Generally speaking, you shouldn't.
|
Generally speaking, you shouldn't.
|
||||||
|
|
||||||
That said, please PR improvements back if you do. We'll be using it ourselves too.
|
That said, please PR improvements back if you do. We'll be using it ourselves
|
||||||
|
too.
|
||||||
|
|
||||||
## What's in there
|
## What's in there
|
||||||
|
|
||||||
First, we want to statically build things where possible, which is done for:
|
First, we want to statically build things where possible, which is done for:
|
||||||
|
|
||||||
- LUA
|
- LUA
|
||||||
- PCRE2
|
- PCRE2
|
||||||
- QuicTLS
|
- QuicTLS (*partially*, still links to host glibc)
|
||||||
|
|
||||||
Then we want HAProxy to not use the system's OpenSSL but rather our QuicTLS build, which
|
Then we want HAProxy to not use the system's OpenSSL but rather our QuicTLS
|
||||||
|
build, which
|
||||||
it will look for at the `/opt/quictls` prefix.
|
it will look for at the `/opt/quictls` prefix.
|
||||||
|
|
||||||
|
## Notes
|
||||||
|
|
||||||
|
Since we're building our own binaries, we also increase MAX_SESS_STKCTR to 5
|
||||||
|
instead of the default of 3. If you don't know what that is, it's irrelevant to
|
||||||
|
you. You can read some
|
||||||
|
more [here](https://github.com/haproxy/haproxy/issues/1565).
|
||||||
|
@ -10,10 +10,13 @@ DEP_ROOT_LUA = ../deps/lua
|
|||||||
DEP_ROOT_PCRE2 = ../deps/pcre2
|
DEP_ROOT_PCRE2 = ../deps/pcre2
|
||||||
DEP_ROOT_QUICTLS = ../deps/quictls
|
DEP_ROOT_QUICTLS = ../deps/quictls
|
||||||
|
|
||||||
|
BUILD_VERSION_REPOSHA = $(shell git rev-parse --short HEAD)
|
||||||
|
|
||||||
HAPROXY_MAKE_ARGS := DEBUG="-DDEBUG_STRICT -DDEBUG_MEMORY_POOLS" \
|
HAPROXY_MAKE_ARGS := DEBUG="-DDEBUG_STRICT -DDEBUG_MEMORY_POOLS" \
|
||||||
|
DEFINE="-DMAX_SESS_STKCTR=5" \
|
||||||
LDFLAGS="-Wl,-rpath,/opt/quictls/lib" \
|
LDFLAGS="-Wl,-rpath,/opt/quictls/lib" \
|
||||||
TARGET="linux-glibc" \
|
TARGET="linux-glibc" \
|
||||||
EXTRAVERSION="+mangadex" \
|
EXTRAVERSION="+mangadex/$(BUILD_VERSION_REPOSHA)" \
|
||||||
VERDATE="$$(date -u -I'minutes')" \
|
VERDATE="$$(date -u -I'minutes')" \
|
||||||
USE_DL=1 \
|
USE_DL=1 \
|
||||||
USE_GETADDRINFO=1 \
|
USE_GETADDRINFO=1 \
|
||||||
@ -45,6 +48,7 @@ $(HAPROXY_BUILDIR):
|
|||||||
git -C "$(HAPROXY_BUILDIR)" checkout "master"
|
git -C "$(HAPROXY_BUILDIR)" checkout "master"
|
||||||
|
|
||||||
build: $(HAPROXY_BUILDIR)
|
build: $(HAPROXY_BUILDIR)
|
||||||
|
make -C "$(HAPROXY_BUILDIR)" -j "$(shell nproc)" clean
|
||||||
make -C "$(HAPROXY_BUILDIR)" -j "$(shell nproc)" $(HAPROXY_MAKE_ARGS) opts
|
make -C "$(HAPROXY_BUILDIR)" -j "$(shell nproc)" $(HAPROXY_MAKE_ARGS) opts
|
||||||
make -C "$(HAPROXY_BUILDIR)" -j "$(shell nproc)" $(HAPROXY_MAKE_ARGS)
|
make -C "$(HAPROXY_BUILDIR)" -j "$(shell nproc)" $(HAPROXY_MAKE_ARGS)
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user