summaryrefslogtreecommitdiffstats
path: root/docker
diff options
context:
space:
mode:
Diffstat (limited to '')
-rw-r--r--docker/Dockerfile78
-rw-r--r--docker/README.rst25
2 files changed, 103 insertions, 0 deletions
diff --git a/docker/Dockerfile b/docker/Dockerfile
new file mode 100644
index 0000000..25a7261
--- /dev/null
+++ b/docker/Dockerfile
@@ -0,0 +1,78 @@
+FROM debian:12 as build
+
+RUN apt-get update && \
+ DEBIAN_FRONTEND=noninteractive apt-get install -y --no-install-recommends \
+ git clang make binutils autoconf automake autotools-dev libtool \
+ pkg-config \
+ zlib1g-dev libev-dev libjemalloc-dev ruby-dev libc-ares-dev bison \
+ libelf-dev
+
+RUN git clone --depth 1 -b OpenSSL_1_1_1w+quic https://github.com/quictls/openssl && \
+ cd openssl && \
+ ./config --openssldir=/etc/ssl && \
+ make -j$(nproc) && \
+ make install_sw && \
+ cd .. && \
+ rm -rf openssl
+
+RUN git clone --depth 1 -b v1.1.0 https://github.com/ngtcp2/nghttp3 && \
+ cd nghttp3 && \
+ autoreconf -i && \
+ ./configure --enable-lib-only && \
+ make -j$(nproc) && \
+ make install-strip && \
+ cd .. && \
+ rm -rf nghttp3
+
+RUN git clone --depth 1 -b v1.2.0 https://github.com/ngtcp2/ngtcp2 && \
+ cd ngtcp2 && \
+ autoreconf -i && \
+ ./configure --enable-lib-only \
+ LIBTOOL_LDFLAGS="-static-libtool-libs" \
+ OPENSSL_LIBS="-l:libssl.a -l:libcrypto.a -ldl -lpthread" \
+ PKG_CONFIG_PATH="/usr/local/lib64/pkgconfig" && \
+ make -j$(nproc) && \
+ make install-strip && \
+ cd .. && \
+ rm -rf ngtcp2
+
+RUN git clone --depth 1 -b v1.3.0 https://github.com/libbpf/libbpf && \
+ cd libbpf && \
+ PREFIX=/usr/local make -C src install && \
+ cd .. && \
+ rm -rf libbpf
+
+RUN git clone --depth 1 https://github.com/nghttp2/nghttp2.git && \
+ cd nghttp2 && \
+ git submodule update --init && \
+ autoreconf -i && \
+ ./configure --disable-examples --disable-hpack-tools \
+ --with-mruby --with-neverbleed \
+ --enable-http3 --with-libbpf \
+ CC=clang CXX=clang++ \
+ LIBTOOL_LDFLAGS="-static-libtool-libs" \
+ OPENSSL_LIBS="-l:libssl.a -l:libcrypto.a -ldl -pthread" \
+ LIBEV_LIBS="-l:libev.a" \
+ JEMALLOC_LIBS="-l:libjemalloc.a" \
+ LIBCARES_LIBS="-l:libcares.a" \
+ ZLIB_LIBS="-l:libz.a" \
+ LIBBPF_LIBS="-L/usr/local/lib64 -l:libbpf.a -l:libelf.a" \
+ LDFLAGS="-static-libgcc -static-libstdc++" \
+ PKG_CONFIG_PATH="/usr/local/lib64/pkgconfig" && \
+ make -j$(nproc) install-strip && \
+ cd .. && \
+ rm -rf nghttp2
+
+FROM gcr.io/distroless/base-debian12
+
+COPY --from=build \
+ /usr/local/share/nghttp2/ \
+ /usr/local/share/nghttp2/
+COPY --from=build \
+ /usr/local/bin/h2load \
+ /usr/local/bin/nghttpx \
+ /usr/local/bin/nghttp \
+ /usr/local/bin/nghttpd \
+ /usr/local/bin/
+COPY --from=build /usr/local/lib/nghttp2/reuseport_kern.o \
+ /usr/local/lib/nghttp2/
diff --git a/docker/README.rst b/docker/README.rst
new file mode 100644
index 0000000..e08af23
--- /dev/null
+++ b/docker/README.rst
@@ -0,0 +1,25 @@
+Dockerfile
+==========
+
+Dockerfile creates the applications bundled with nghttp2.
+These applications are:
+
+- nghttp
+- nghttpd
+- nghttpx
+- h2load
+
+HTTP/3 and eBPF features are enabled.
+
+In order to run nghttpx with HTTP/3 endpoint, you need to run the
+image with the escalated privilege. Here is the example command-line
+to run nghttpx to listen to HTTP/3 on port 443, assuming that the
+current directory contains a private key and a certificate in
+server.key and server.crt respectively:
+
+.. code-block:: text
+
+ $ docker run --rm -it -v /path/to/certs:/shared --net=host --privileged \
+ nghttp2 nghttpx \
+ /shared/server.key /shared/server.crt \
+ -f'*,443;quic'