init

Dockerfile

@@ -63,16 +63,16 @@ FROM alpine:3
 ENV UID=1000
 ENV GID=1000
 
+RUN \
+    apk update --no-cache && \
+    apk add --no-cache --virtual \
+        openssl \
+        zlib \
+        lua5.3-libs \
+        pcre2
+
 COPY --from=builder /haproxy/haproxy /haproxy
+COPY docker-entrypoint.sh /docker-entrypoint.sh
 
-ENTRYPOINT \
-    (\
-        grep -qE '^haproxy:x:'"${UID}"':haproxy$' /etc/group || addgroup -g "${GID}" haproxy\
-    ) && \
-    (\
-        grep -qE '^haproxy:x:'"${UID}"':'"${GID}"':.*$' /etc/passwd || adduser -D -u "${UID}" -G haproxy haproxy \
-    ) && \
-    chmod 700 /etc/haproxy && chown haproxy:haproxy /etc/haproxy
-
-CMD su haproxy -c "/haproxy -f /haproxy"
+ENTRYPOINT /docker-entrypoint.sh
 

docker-compose.yaml

@@ -13,6 +13,10 @@ services:
         tag: haproxy 
     restart: unless-stopped
     ports:
-      - 8443:8443
+      - ${EXTERNAL_IP}:${PORT_PLAIN}:80
+      - ${EXTERNAL_IP}:${PORT_TLS}:443
+      - ${STATS_IP}:${PORT_STATS}:8404
     volumes:
       - ${HAPROXY_CONFIG_FILE_PATH}:/etc/haproxy/haproxy.cfg:ro
+      - ${HAPROXY_CERTS_PATH}:/etc/ssl/certs:ro
+

docker-entrypoint.sh

@@ -0,0 +1,22 @@
+#!/bin/ash
+set -e
+
+if ! grep -qE '^haproxy:x:'"${UID}"':haproxy$' /etc/group ; then
+    addgroup -g "${GID}" haproxy
+fi
+
+if ! grep -qE '^haproxy:x:'"${UID}"':'"${GID}"':.*$' /etc/passwd ; then
+    adduser -D -u "${UID}" -G haproxy haproxy
+fi
+
+mkdir -vp \
+    /etc/haproxy \
+    /var/run/haproxy
+
+chmod 700 /etc/haproxy
+
+chown haproxy:haproxy \
+        /etc/haproxy \
+        /var/run/haproxy
+
+su haproxy -c '/haproxy -f /etc/haproxy/haproxy.cfg'

env.dist

@@ -1,3 +1,9 @@
+EXTERNAL_IP=127.0.0.1
 HAPROXY_REPO='https://scm.f1x.online/mirrors/haproxy.git'
 HAPROXY_VERSION=
 HAPROXY_CONFIG_FILE_PATH=/path/to/haproxy.conf
+HAPROXY_CERTS_PATH=/path/to/certs
+PORT_STATS=8404
+PORT_PLAIN=80
+PORT_TLS=443
+STATS_IP=127.0.0.1