tuxmain/rust-rpxy
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
rust-rpxy/docker
History
Aleksandar N. Kostadinov 546e4dd232
 easy support for custom CAs 
fixes #183
2024-09-17 20:55:47 +03:00
..
docker-compose-slim.yml update docker-compose 2024-07-17 21:07:19 +09:00
docker-compose.yml update docker-compose 2024-07-17 21:07:19 +09:00
Dockerfile chore(deps): bump ubuntu from 22.04 to 24.04 in /docker 2024-04-25 22:37:09 +00:00
Dockerfile-slim feat: add docker build options for forwarder with native root store 2023-10-11 15:28:14 +09:00
entrypoint.sh easy support for custom CAs 2024-09-17 20:55:47 +03:00
README.md easy support for custom CAs 2024-09-17 20:55:47 +03:00
run.sh feat: add a docker environment var for continuous watching 2023-07-25 17:03:08 +09:00

README.md

Docker Images of rpxy

The rpxy docker images are hosted both on Docker Hub and GitHub Container Registry.

Usage

There are several docker-specific environment variables.

  • HOST_USER (default: user): User name executing rpxy inside the container.
  • HOST_UID (default: 900): UID of HOST_USER.
  • HOST_GID (default: 900): GID of HOST_USER
  • LOG_LEVEL=debug|info|warn|error: Log level
  • LOG_TO_FILE=true|false: Enable logging to the log file /rpxy/log/rpxy.log using logrotate. You should mount /rpxy/log via docker volume option if enabled. The log dir and file will be owned by the HOST_USER with HOST_UID:HOST_GID on the host machine. Hence, HOST_USER, HOST_UID and HOST_GID should be the same as ones of the user who executes the rpxy docker container on the host.
  • WATCH=true|false (default: false): Activate continuous watching of the config file if true.

Then, all you need is to mount your config.toml as /etc/rpxy.toml and certificates/private keys as you like through the docker volume option. If WATCH=true, You need to mount a directory, e.g., ./rpxy-config/, including rpxy.toml on /rpxy/config instead of a file to correctly track file changes. This is a docker limitation. Even if WATCH=false, you can mount the dir onto /rpxy/config rather than /etc/rpxy.toml. A file mounted on /etc/rpxy is prioritized over a dir mounted on /rpxy/config.

See docker-compose.yml for the detailed configuration. Note that the file path of keys and certificates must be ones in your docker container.

Custom CAs for upstream TLS connections

To add a custom certificate, you must use a non-slim non-webpki image. Then mount /usr/local/share/ca-certificates in the container with your desired CAs each in a file like myca.crt. The certificates are accepted in PEM format but file extension must be crt.

e.g. -v rpxy/ca-certificates:/usr/local/share/ca-certificates

Differences among image tags of Docker Hub and GitHub Container Registry

Differences among tags are summarized as follows.

Latest Builds

  • latest: Built from the main branch with default features, running on Ubuntu.
  • latest-slim, slim: Built by musl from the main branch with default features, running on Alpine.
  • latest-s2n, s2n: Built from the main branch with the http3-s2n feature, running on Ubuntu.

Nightly Builds

  • nightly: Built from the develop branch with default features, running on Ubuntu.
  • nightly-slim: Built by musl from the develop branch with default features, running on Alpine.
  • nightly-s2n: Built from the develop branch with the http3-s2n feature, running on Ubuntu.

Caveats

Due to some compile errors of s2n-quic subpackages with musl, nightly-s2n-slim or latest-s2n-slim are not yet provided.

See ./docker/README.md for the differences on image tags.