From 5ada8f8d8a682dd8693c7f9c28434425206a0c80 Mon Sep 17 00:00:00 2001
From: Ava Hahn <a.hahn@f5.com>
Date: Tue, 26 Aug 2025 23:25:38 +0000
Subject: [PATCH] more arduous config and more debug symbols

Signed-off-by: Ava Hahn <a.hahn@f5.com>
---
 kaclient/run.sh     |  17 +++----
 kaproxy/Dockerfile  | 107 ++++++++------------------------------------
 kaproxy/gencerts.sh |  25 +++++++++++
 kaproxy/nginx.conf  |  60 -------------------------
 4 files changed, 49 insertions(+), 160 deletions(-)
 create mode 100755 kaproxy/gencerts.sh

diff --git a/kaclient/run.sh b/kaclient/run.sh
index f4d5942..6fa2756 100755
--- a/kaclient/run.sh
+++ b/kaclient/run.sh
@@ -24,19 +24,12 @@ function sigint_handler() {
 
 trap 'sigint_handler' INT
 
-// TODO: make this a more elegant item
-// maybe a while loop with curl
+# TODO: make this a more elegant item
+# maybe a while loop with curl
 sleep 0.5
 
-do_wrk_on "https://kaproxy:8080/0"
-do_wrk_on "https://kaproxy:8080/1"
-do_wrk_on "https://kaproxy:8080/2"
-do_wrk_on "https://kaproxy:8080/3"
-do_wrk_on "https://kaproxy:8080/4"
-do_wrk_on "https://kaproxy:8080/5"
-do_wrk_on "https://kaproxy:8080/6"
-do_wrk_on "https://kaproxy:8080/7"
-do_wrk_on "https://kaproxy:8080/8"
-do_wrk_on "https://kaproxy:8080/9"
+for iter in {0.999}; do
+	do_wrk_on "https://kaproxy:8080/$iter"
+done
 
 wait $(jobs -p)
diff --git a/kaproxy/Dockerfile b/kaproxy/Dockerfile
index 2af70c2..23fdc4e 100644
--- a/kaproxy/Dockerfile
+++ b/kaproxy/Dockerfile
@@ -1,8 +1,24 @@
-FROM archlinux:latest
+FROM debian:bookworm-slim
 EXPOSE 8080
 
-RUN pacman -Syyu --noconfirm
-RUN pacman -S base-devel glibc gcc-libs valgrind --noconfirm
+RUN echo "deb http://deb.debian.org/debian-debug/ bookworm-debug main" >> /etc/apt/sources.list.d/debug.list
+RUN echo "deb http://deb.debian.org/debian-debug/ bookworm-proposed-updates-debug main" >> /etc/apt/sources.list.d/debug.list
+
+RUN apt update -y
+RUN apt install libssl3 libssl3-dbgsym openssl openssl-dbgsym libssl-dev zlib1g-dev \
+	libc6-dbg gcc make mk-configure valgrind libpcre2-dev libgcrypt20-dbgsym \
+	--allow-downgrades -y
+
+COPY nginx.conf /
+WORKDIR /
+
+COPY gencerts.sh /
+RUN ./gencerts.sh
+
+COPY dhparam.pem /
+COPY www.example.com.crt /
+COPY www.example.com.key /
+
 COPY nginx /nginx
 WORKDIR /nginx
 RUN auto/configure \
@@ -11,92 +27,7 @@ RUN auto/configure \
 	--with-cc-opt="-gdwarf-4 -fno-omit-frame-pointer"
 RUN make
 RUN make install
-COPY nginx.conf /
-WORKDIR /
 
-RUN openssl req -x509 \
-	-newkey rsa:4096  \
-	-keyout key0.pem  \
-	-out cert0.pem    \
-	-sha256 -nodes    \
-	-days 3650        \
-	-subj "/C=XX/ST=StateName/L=CityName/O=CompanyName/OU=CompanySectionName/CN=www.example.com"
-
-RUN openssl req -x509 \
-	-newkey rsa:4096  \
-	-keyout key1.pem  \
-	-out cert1.pem    \
-	-sha256 -nodes    \
-	-days 3650        \
-	-subj "/C=XX/ST=StateName/L=CityName/O=CompanyName/OU=CompanySectionName/CN=www.example.com"
-
-RUN openssl req -x509 \
-	-newkey rsa:4096  \
-	-keyout key2.pem  \
-	-out cert2.pem    \
-	-sha256 -nodes    \
-	-days 3650        \
-	-subj "/C=XX/ST=StateName/L=CityName/O=CompanyName/OU=CompanySectionName/CN=www.example.com"
-
-RUN openssl req -x509 \
-	-newkey rsa:4096  \
-	-keyout key3.pem  \
-	-out cert3.pem    \
-	-sha256 -nodes    \
-	-days 3650        \
-	-subj "/C=XX/ST=StateName/L=CityName/O=CompanyName/OU=CompanySectionName/CN=www.example.com"
-
-RUN openssl req -x509 \
-	-newkey rsa:4096  \
-	-keyout key4.pem  \
-	-out cert4.pem    \
-	-sha256 -nodes    \
-	-days 3650        \
-	-subj "/C=XX/ST=StateName/L=CityName/O=CompanyName/OU=CompanySectionName/CN=www.example.com"
-
-RUN openssl req -x509 \
-	-newkey rsa:4096  \
-	-keyout key5.pem  \
-	-out cert5.pem    \
-	-sha256 -nodes    \
-	-days 3650        \
-	-subj "/C=XX/ST=StateName/L=CityName/O=CompanyName/OU=CompanySectionName/CN=www.example.com"
-
-RUN openssl req -x509 \
-	-newkey rsa:4096  \
-	-keyout key6.pem  \
-	-out cert6.pem    \
-	-sha256 -nodes    \
-	-days 3650        \
-	-subj "/C=XX/ST=StateName/L=CityName/O=CompanyName/OU=CompanySectionName/CN=www.example.com"
-
-RUN openssl req -x509 \
-	-newkey rsa:4096  \
-	-keyout key7.pem  \
-	-out cert7.pem    \
-	-sha256 -nodes    \
-	-days 3650        \
-	-subj "/C=XX/ST=StateName/L=CityName/O=CompanyName/OU=CompanySectionName/CN=www.example.com"
-
-RUN openssl req -x509 \
-	-newkey rsa:4096  \
-	-keyout key8.pem  \
-	-out cert8.pem    \
-	-sha256 -nodes    \
-	-days 3650        \
-	-subj "/C=XX/ST=StateName/L=CityName/O=CompanyName/OU=CompanySectionName/CN=www.example.com"
-
-RUN openssl req -x509 \
-	-newkey rsa:4096  \
-	-keyout key9.pem  \
-	-out cert9.pem    \
-	-sha256 -nodes    \
-	-days 3650        \
-	-subj "/C=XX/ST=StateName/L=CityName/O=CompanyName/OU=CompanySectionName/CN=www.example.com"
-
-COPY dhparam.pem /
-COPY www.example.com.crt /
-COPY www.example.com.key /
 COPY run.sh /
 
 CMD ["/run.sh"]
diff --git a/kaproxy/gencerts.sh b/kaproxy/gencerts.sh
new file mode 100755
index 0000000..d133a8e
--- /dev/null
+++ b/kaproxy/gencerts.sh
@@ -0,0 +1,25 @@
+#!/bin/bash
+
+for iter in {0..999}; do
+	echo "minting cert $iter"
+	openssl req -x509         \
+		-newkey rsa:4096      \
+		-keyout key$iter.pem  \
+		-out cert$iter.pem    \
+		-sha256 -nodes        \
+		-days 3650            \
+		-quiet                \
+		-subj "/C=XX/ST=StateName/L=CityName/O=CompanyName/OU=CompanySectionName/CN=kaproxy-$iter"
+
+	upstr=$(($iter%10))
+	echo '
+		location /$iter {
+			proxy_ssl_certificate /cert$iter.pem;
+			proxy_ssl_certificate_key /key$iter.pem;
+			proxy_pass http://kasvc-$upstr:8080;
+		}' >> /nginx.conf
+done
+echo '
+	}
+}
+' >> /nginx.conf
diff --git a/kaproxy/nginx.conf b/kaproxy/nginx.conf
index 75ae67d..5f3adf7 100644
--- a/kaproxy/nginx.conf
+++ b/kaproxy/nginx.conf
@@ -17,64 +17,4 @@ http {
 		access_log /tmp/access.log;
 		proxy_socket_keepalive on;
 
-		location /0 {
-			proxy_ssl_certificate /cert0.pem;
-			proxy_ssl_certificate_key /key0.pem;
-			proxy_pass http://kasvc-0:8080;
-		}
 
-		location /1 {
-			proxy_ssl_certificate /cert1.pem;
-			proxy_ssl_certificate_key /key1.pem;
-			proxy_pass http://kasvc-1:8080;
-		}
-
-		location /2 {
-			proxy_ssl_certificate /cert2.pem;
-			proxy_ssl_certificate_key /key2.pem;
-			proxy_pass http://kasvc-2:8080;
-		}
-
-		location /3 {
-			proxy_ssl_certificate /cert3.pem;
-			proxy_ssl_certificate_key /key3.pem;
-			proxy_pass http://kasvc-3:8080;
-		}
-
-		location /4 {
-			proxy_ssl_certificate /cert4.pem;
-			proxy_ssl_certificate_key /key4.pem;
-			proxy_pass http://kasvc-4:8080;
-		}
-
-		location /5 {
-			proxy_ssl_certificate /cert5.pem;
-			proxy_ssl_certificate_key /key5.pem;
-			proxy_pass http://kasvc-5:8080;
-		}
-
-		location /6 {
-			proxy_ssl_certificate /cert6.pem;
-			proxy_ssl_certificate_key /key6.pem;
-			proxy_pass http://kasvc-6:8080;
-		}
-
-		location /7 {
-			proxy_ssl_certificate /cert7.pem;
-			proxy_ssl_certificate_key /key7.pem;
-			proxy_pass http://kasvc-7:8080;
-		}
-
-		location /8 {
-			proxy_ssl_certificate /cert8.pem;
-			proxy_ssl_certificate_key /key8.pem;
-			proxy_pass http://kasvc-8:8080;
-		}
-
-		location /9 {
-			proxy_ssl_certificate /cert9.pem;
-			proxy_ssl_certificate_key /key9.pem;
-			proxy_pass http://kasvc-9:8080;
-		}
-	}
-}