From 53f058f96dab59cd456b7d2814d6e1cd3d813498 Mon Sep 17 00:00:00 2001 From: Jun Kurihara Date: Mon, 31 Jul 2023 23:03:11 +0900 Subject: [PATCH] feat: update dockerfiles --- README.md | 4 ++-- docker/Dockerfile | 9 +++++---- docker/docker-compose.slim.yml | 34 ++++++++++++++++++++++++++++++++++ docker/docker-compose.yml | 17 +++++++++-------- quinn | 2 +- 5 files changed, 51 insertions(+), 15 deletions(-) create mode 100644 docker/docker-compose.slim.yml diff --git a/README.md b/README.md index eadc42c..074f91e 100644 --- a/README.md +++ b/README.md @@ -14,7 +14,7 @@ As default, `rpxy` provides the *TLS connection sanitization* by correctly binding a certificate used to establish a secure channel with the backend application. Specifically, it always keeps the consistency between the given SNI (server name indication) in `ClientHello` of the underlying TLS and the domain name given by the overlaid HTTP HOST header (or URL in Request line) [^1]. Additionally, as a somewhat unstable feature, our `rpxy` can handle the brand-new HTTP/3 connection thanks to [`quinn`](https://github.com/quinn-rs/quinn), [`s2n-quic`](https://github.com/aws/s2n-quic) and [`hyperium/h3`](https://github.com/hyperium/h3).[^h3lib] - [^h3lib]: HTTP/3 libraries are mutually exclusive. You need to explicitly specify `s2n-quic` with `--no-default-features` flag. + [^h3lib]: HTTP/3 libraries are mutually exclusive. You need to explicitly specify `s2n-quic` with `--no-default-features` flag. Also note that if you build `rpxy` with `s2n-quic`, then it requires `openssl` just for building the package. This project is still *work-in-progress*. But it is already working in some production environments and serves a number of domain names. Furthermore it *significantly outperforms* NGINX and Caddy, e.g., *1.5x faster than NGINX*, in the setting of a very simple HTTP reverse-proxy scenario (See [`bench`](./bench/) directory). @@ -35,7 +35,7 @@ You can build an executable binary yourself by checking out this Git repository. # Build (default: QUIC and HTTP/3 is enabled using `quinn`) % cargo build --release -# If you want to use `s2n-quic`, build as follows. +# If you want to use `s2n-quic`, build as follows. You may need several additional dependencies. % cargo build --no-default-features --features http3-s2n --release ``` diff --git a/docker/Dockerfile b/docker/Dockerfile index 82f6605..8888814 100644 --- a/docker/Dockerfile +++ b/docker/Dockerfile @@ -9,6 +9,7 @@ FROM --platform=$BUILDPLATFORM base AS builder ENV CFLAGS=-Ofast ENV BUILD_DEPS curl make ca-certificates build-essential +ENV TARGET_SUFFIX=unknown-linux-gnu WORKDIR /tmp @@ -37,11 +38,11 @@ RUN apt-get update && apt-get install -qy --no-install-recommends $BUILD_DEPS ${ curl -sSf https://sh.rustup.rs | bash -s -- -y --default-toolchain stable && \ export PATH="$HOME/.cargo/bin:$PATH" && \ echo "Install toolchain" && \ - rustup target add $(cat /arch)-unknown-linux-gnu &&\ + rustup target add $(cat /arch)-${TARGET_SUFFIX} && \ echo "Building rpxy from source" && \ - cargo build --release --target=$(cat /arch)-unknown-linux-gnu ${CARGO_FEATURES} && \ - strip --strip-all /tmp/target/$(cat /arch)-unknown-linux-gnu/release/rpxy &&\ - cp /tmp/target/$(cat /arch)-unknown-linux-gnu/release/rpxy /tmp/target/release/rpxy + cargo build --release --target=$(cat /arch)-${TARGET_SUFFIX} ${CARGO_FEATURES} && \ + strip --strip-all /tmp/target/$(cat /arch)-${TARGET_SUFFIX}/release/rpxy &&\ + cp /tmp/target/$(cat /arch)-${TARGET_SUFFIX}/release/rpxy /tmp/target/release/rpxy ######################################## FROM --platform=$TARGETPLATFORM base AS runner diff --git a/docker/docker-compose.slim.yml b/docker/docker-compose.slim.yml new file mode 100644 index 0000000..b147562 --- /dev/null +++ b/docker/docker-compose.slim.yml @@ -0,0 +1,34 @@ +version: "3" +services: + rpxy-rp: + image: jqtype/rpxy + container_name: rpxy + init: true + restart: unless-stopped + ports: + - 127.0.0.1:8080:8080/tcp + - 127.0.0.1:8443:8443/udp + - 127.0.0.1:8443:8443/tcp + build: + context: ../ + additional_contexts: # Uncomment when you build with musl + - messense/rust-musl-cross:amd64-musl=docker-image://messense/rust-musl-cross:x86_64-musl + - messense/rust-musl-cross:arm64-musl=docker-image://messense/rust-musl-cross:aarch64-musl + dockerfile: ./docker/Dockerfile.slim # based on alpine and build x86_64-unknown-linux-musl + platforms: # Choose your platforms + - "linux/amd64" + # - "linux/arm64" + environment: + - LOG_LEVEL=debug + - LOG_TO_FILE=true + - HOST_USER=jun + - HOST_UID=501 + - HOST_GID=501 + # - WATCH=true + tty: false + privileged: true + volumes: + - ./log:/rpxy/log + - ../example-certs/server.crt:/certs/server.crt:ro + - ../example-certs/server.key:/certs/server.key:ro + - ../config-example.toml:/etc/rpxy.toml:ro diff --git a/docker/docker-compose.yml b/docker/docker-compose.yml index 83ae91c..6d74959 100644 --- a/docker/docker-compose.yml +++ b/docker/docker-compose.yml @@ -6,17 +6,18 @@ services: init: true restart: unless-stopped ports: - - 127.0.0.1:8080:8080 - - 127.0.0.1:8443:8443 + - 127.0.0.1:8080:8080/tcp + - 127.0.0.1:8443:8443/udp + - 127.0.0.1:8443:8443/tcp build: context: ../ - # args: # Specify when build quic-s2n version - # - "CARGO_FEATURES=--no-default-features --features http3-s2n" - # - "ADDITIONAL_DEPS=pkg-config libssl-dev cmake libclang1 gcc g++" - dockerfile: ./docker/Dockerfile + args: # Uncomment when build quic-s2n version + - "CARGO_FEATURES=--no-default-features --features http3-s2n" + - "ADDITIONAL_DEPS=pkg-config libssl-dev cmake libclang1 gcc g++" + dockerfile: ./docker/Dockerfile # based on ubuntu 22.04 and build x86_64-unknown-linux-gnu platforms: # Choose your platforms - # - "linux/amd64" - - "linux/arm64" + - "linux/amd64" + # - "linux/arm64" environment: - LOG_LEVEL=debug - LOG_TO_FILE=true diff --git a/quinn b/quinn index 532ba7d..70e14b5 160000 --- a/quinn +++ b/quinn @@ -1 +1 @@ -Subproject commit 532ba7d80405ad083fd05546fa71becbe5eff1a4 +Subproject commit 70e14b5c26b45ee1e3d5dd64b2a184e2d6376880