Dockerfile for https://github.com/chrislusf/teeproxy

docker-entrypoint.sh

#!/bin/sh

set -e
if [ "x$DEBUG" = 'xtrue' ]; then
    set -x
fi

export PATH='/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin'

DIRECTORY='/docker-entrypoint.d'

if [ -d $DIRECTORY ] && [ -n "$(ls -A $DIRECTORY)" ]; then
  for file in ${DIRECTORY}/*; do
      case "$file" in
          *.sh)
              if [ -x "$file" ]; then
                  echo "$0: RUNNING: $file"
                  "$file"
              else
                  echo "$0: SOURCING: $file"
                  . "$file"
              fi
              ;;
          *) echo "$0: IGNORING: $file" ;;
      esac
      echo
  done
fi

if [ "${1#-}" != "$1" ]; then
    set -- teeproxy "$@"
else
    set -- teeproxy-supervisor.sh
fi

exec "$@"

Dockerfile

ARG go_version=1.11.3
ARG alpine_version=latest

FROM golang:${go_version}-alpine AS builder

ENV GOPATH /build
ENV GOOS linux
ENV GOARCH amd64

ENV CGO_ENABLED 0
ENV GOGC off

RUN set -eux && \
  mkdir -p /build

WORKDIR /build

COPY . ./

RUN set -eux && \
  cd /build && \
  go build -ldflags '-extldflags "-static"' \
  -installsuffix 'static' -a -o teeproxy .

COPY ./build/package/ ./

FROM alpine:${alpine_version}

ARG version=development

LABEL \
  org.label-schema.schema-version="1.0" \
  org.label-schema.name="teeproxy" \
  org.label-schema.version="${version}" \
  org.label-schema.description="A reverse HTTP proxy that duplicates requests" \
  org.label-schema.license="Apache-2.0" \
  org.label-schema.url="https://github.com/chrislusf/teeproxy" \
  org.label-schema.vcs-url="https://github.com/chrislusf/teeproxy.git" \
  org.label-schema.vcs-type="Git" \
  org.label-schema.vendor="Chris Lu" \
  version="${version}" \
  maintainer="Krzysztof Wilczynski <[email protected]>" \
  license="Apache-2.0" \
  vendor="Open Source Software"

ENV LISTEN_ADDRESS 0.0.0.0
ENV LISTEN_PORT 8888

ENV PRODUCTION_TARGET ""
ENV PRODUCTION_TIMEOUT 5000
ENV PRODUCTION_REWRITE false

ENV ALTERNATE_TARGET ""
ENV ALTERNATE_TIMEOUT 5000
ENV ALTERNATE_REWRITE false

ENV PERCENT 100.0

ENV FORWARD_CLIENT_IP false
ENV CLOSE_CONNECTIONS false

ENV TLS_CERTIFICATE ""
ENV TLS_PRIVATE_KEY ""

ENV DEBUG false

WORKDIR /teeproxy

COPY --from=builder \
  /build/teeproxy /usr/local/bin/teeproxy

RUN set -eux && \
  apk --no-cache --update add libcap && \
  apk --no-cache --update add ca-certificates && \
  apk --no-cache --update add supervisor && \
  mkdir -p /etc/supervisor/conf.d && \
  rm -f /etc/supervisord.conf && \
  rm -Rf /var/lib/apt/lists/* && \
  rm -Rf /var/cache/apk/* && \
  rm -Rf /tmp/* && \
  rm -Rf /var/tmp/*

RUN set -eux && \
  mkdir -p /teeproxy && \
  chmod 755 /usr/local/bin/teeproxy && \
  setcap 'cap_net_bind_service=+ep' /usr/local/bin/teeproxy

COPY --from=builder \
  /build/supervisord.conf /etc/supervisor

COPY --from=builder \
  /build/teeproxy.conf /etc/supervisor/conf.d

COPY --from=builder \
  /build/teeproxy-supervisor.sh \
  /build/teeproxy-wrapper.sh \
  /usr/local/bin/

COPY --from=builder \
  /build/docker-entrypoint.sh /docker-entrypoint.sh

RUN set -eux && \
  mkdir -p /docker-entrypoint.d && \
  chmod 755 /usr/local/bin/teeproxy-supervisor.sh && \
  chmod 755 /usr/local/bin/teeproxy-wrapper.sh && \
  chmod 755 /docker-entrypoint.sh

EXPOSE 8888

STOPSIGNAL SIGTERM

ENTRYPOINT [ "/docker-entrypoint.sh" ]

supervisord.conf

[supervisord]
user = root
nodaemon = true
pidfile = /dev/null
logfile = /dev/null
logfile_maxbytes = 0
logfile_backups = 0
loglevel = info
directory = /tmp
childlogdir = /tmp
nocleanup = true
strip_ansi = false

[include]
files = /etc/supervisor/conf.d/*.conf

teeproxy-supervisor.sh

#!/bin/sh

set -e
if [ "x$DEBUG" = 'xtrue' ]; then
    set -x
fi

export PATH='/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin'

exec /usr/bin/supervisord -n -c /etc/supervisor/supervisord.conf

teeproxy-wrapper.sh

#!/bin/sh

set -e
if [ "x$DEBUG" = 'xtrue' ]; then
    set -x
fi

export PATH='/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin'

TEEPROXY="teeproxy -l ${LISTEN_ADDRESS}:${LISTEN_PORT}"

if [ "x$DEBUG" = 'xtrue' ]; then
    TEEPROXY="$TEEPROXY -debug"
fi

if [ "x$PRODUCTION_TARGET" != 'x' ]; then
    TEEPROXY="$TEEPROXY -a $PRODUCTION_TARGET"
fi

if [ "x$PRODUCTION_TIMEOUT" != 'x' ]; then
    TEEPROXY="$TEEPROXY -a.timeout $PRODUCTION_TIMEOUT"
fi

if [ "x$PRODUCTION_REWRITE" = 'xtrue' ]; then
    TEEPROXY="$TEEPROXY -a.rewrite"
fi

if [ "x$ALTERNATE_TARGET" != 'x' ]; then
    TEEPROXY="$TEEPROXY -b $ALTERNATE_TARGET"
fi

if [ "x$ALTERNATE_TIMEOUT" != 'x' ]; then
    TEEPROXY="$TEEPROXY -b.timeout $ALTERNATE_TIMEOUT"
fi

if [ "x$ALTERNATE_REWRITE" = 'xtrue' ]; then
    TEEPROXY="$TEEPROXY -b.rewrite"
fi

if [ "x$ALTERNATE_FILTERS" != 'x' ]; then
    TEEPROXY="$TEEPROXY -b.filters $ALTERNATE_FILTERS"
fi

if [ "x$PERCENT" != 'x' ]; then
    TEEPROXY="$TEEPROXY -p $PERCENT"
fi

if [ "x$FORWARD_CLIENT_IP" = 'xtrue' ]; then
    TEEPROXY="$TEEPROXY -forward-client-ip"
fi

if [ "x$CLOSE_CONNECTIONS" = 'xtrue' ]; then
    TEEPROXY="$TEEPROXY -close-connections"
fi

if [ "x$TLS_PRIVATE_KEY" != 'x' ]; then
    TEEPROXY="$TEEPROXY -key.file $TLS_PRIVATE_KEY"
fi

if [ "x$TLS_CERTIFICATE" != 'x' ]; then
    TEEPROXY="$TEEPROXY -cert.file $TLS_CERTIFICATE"
fi

set -- $TEEPROXY

exec "$@"

teeproxy.conf

[program:teeproxy]
user = nobody
command = /usr/local/bin/teeproxy-wrapper.sh
autostart = true
startsecs = 2
autorestart = unexpected
startretries = 3
stopasgroup = true
killasgroup = true
stdout_logfile = /dev/stdout
stdout_logfile_maxbytes = 0
stdout_logfile_backups = 0
redirect_stderr = true