more arduous config and more debug symbols

Signed-off-by: Ava Hahn <a.hahn@f5.com>

kaproxy/Dockerfile

@@ -1,8 +1,24 @@
-FROM archlinux:latest
+FROM debian:bookworm-slim
 EXPOSE 8080
 
-RUN pacman -Syyu --noconfirm
-RUN pacman -S base-devel glibc gcc-libs valgrind --noconfirm
+RUN echo "deb http://deb.debian.org/debian-debug/ bookworm-debug main" >> /etc/apt/sources.list.d/debug.list
+RUN echo "deb http://deb.debian.org/debian-debug/ bookworm-proposed-updates-debug main" >> /etc/apt/sources.list.d/debug.list
+
+RUN apt update -y
+RUN apt install libssl3 libssl3-dbgsym openssl openssl-dbgsym libssl-dev zlib1g-dev \
+	libc6-dbg gcc make mk-configure valgrind libpcre2-dev libgcrypt20-dbgsym \
+	--allow-downgrades -y
+
+COPY nginx.conf /
+WORKDIR /
+
+COPY gencerts.sh /
+RUN ./gencerts.sh
+
+COPY dhparam.pem /
+COPY www.example.com.crt /
+COPY www.example.com.key /
+
 COPY nginx /nginx
 WORKDIR /nginx
 RUN auto/configure \
@@ -11,92 +27,7 @@ RUN auto/configure \
 	--with-cc-opt="-gdwarf-4 -fno-omit-frame-pointer"
 RUN make
 RUN make install
-COPY nginx.conf /
-WORKDIR /
 
-RUN openssl req -x509 \
-	-newkey rsa:4096  \
-	-keyout key0.pem  \
-	-out cert0.pem    \
-	-sha256 -nodes    \
-	-days 3650        \
-	-subj "/C=XX/ST=StateName/L=CityName/O=CompanyName/OU=CompanySectionName/CN=www.example.com"
-
-RUN openssl req -x509 \
-	-newkey rsa:4096  \
-	-keyout key1.pem  \
-	-out cert1.pem    \
-	-sha256 -nodes    \
-	-days 3650        \
-	-subj "/C=XX/ST=StateName/L=CityName/O=CompanyName/OU=CompanySectionName/CN=www.example.com"
-
-RUN openssl req -x509 \
-	-newkey rsa:4096  \
-	-keyout key2.pem  \
-	-out cert2.pem    \
-	-sha256 -nodes    \
-	-days 3650        \
-	-subj "/C=XX/ST=StateName/L=CityName/O=CompanyName/OU=CompanySectionName/CN=www.example.com"
-
-RUN openssl req -x509 \
-	-newkey rsa:4096  \
-	-keyout key3.pem  \
-	-out cert3.pem    \
-	-sha256 -nodes    \
-	-days 3650        \
-	-subj "/C=XX/ST=StateName/L=CityName/O=CompanyName/OU=CompanySectionName/CN=www.example.com"
-
-RUN openssl req -x509 \
-	-newkey rsa:4096  \
-	-keyout key4.pem  \
-	-out cert4.pem    \
-	-sha256 -nodes    \
-	-days 3650        \
-	-subj "/C=XX/ST=StateName/L=CityName/O=CompanyName/OU=CompanySectionName/CN=www.example.com"
-
-RUN openssl req -x509 \
-	-newkey rsa:4096  \
-	-keyout key5.pem  \
-	-out cert5.pem    \
-	-sha256 -nodes    \
-	-days 3650        \
-	-subj "/C=XX/ST=StateName/L=CityName/O=CompanyName/OU=CompanySectionName/CN=www.example.com"
-
-RUN openssl req -x509 \
-	-newkey rsa:4096  \
-	-keyout key6.pem  \
-	-out cert6.pem    \
-	-sha256 -nodes    \
-	-days 3650        \
-	-subj "/C=XX/ST=StateName/L=CityName/O=CompanyName/OU=CompanySectionName/CN=www.example.com"
-
-RUN openssl req -x509 \
-	-newkey rsa:4096  \
-	-keyout key7.pem  \
-	-out cert7.pem    \
-	-sha256 -nodes    \
-	-days 3650        \
-	-subj "/C=XX/ST=StateName/L=CityName/O=CompanyName/OU=CompanySectionName/CN=www.example.com"
-
-RUN openssl req -x509 \
-	-newkey rsa:4096  \
-	-keyout key8.pem  \
-	-out cert8.pem    \
-	-sha256 -nodes    \
-	-days 3650        \
-	-subj "/C=XX/ST=StateName/L=CityName/O=CompanyName/OU=CompanySectionName/CN=www.example.com"
-
-RUN openssl req -x509 \
-	-newkey rsa:4096  \
-	-keyout key9.pem  \
-	-out cert9.pem    \
-	-sha256 -nodes    \
-	-days 3650        \
-	-subj "/C=XX/ST=StateName/L=CityName/O=CompanyName/OU=CompanySectionName/CN=www.example.com"
-
-COPY dhparam.pem /
-COPY www.example.com.crt /
-COPY www.example.com.key /
 COPY run.sh /
 
 CMD ["/run.sh"]

kaproxy/gencerts.sh

@@ -0,0 +1,25 @@
+#!/bin/bash
+
+for iter in {0..999}; do
+	echo "minting cert $iter"
+	openssl req -x509         \
+		-newkey rsa:4096      \
+		-keyout key$iter.pem  \
+		-out cert$iter.pem    \
+		-sha256 -nodes        \
+		-days 3650            \
+		-quiet                \
+		-subj "/C=XX/ST=StateName/L=CityName/O=CompanyName/OU=CompanySectionName/CN=kaproxy-$iter"
+
+	upstr=$(($iter%10))
+	echo '
+		location /$iter {
+			proxy_ssl_certificate /cert$iter.pem;
+			proxy_ssl_certificate_key /key$iter.pem;
+			proxy_pass http://kasvc-$upstr:8080;
+		}' >> /nginx.conf
+done
+echo '
+	}
+}
+' >> /nginx.conf

kaproxy/nginx.conf

@@ -17,64 +17,4 @@ http {
 		access_log /tmp/access.log;
 		proxy_socket_keepalive on;
 
-		location /0 {
-			proxy_ssl_certificate /cert0.pem;
-			proxy_ssl_certificate_key /key0.pem;
-			proxy_pass http://kasvc-0:8080;
-		}
 
-		location /1 {
-			proxy_ssl_certificate /cert1.pem;
-			proxy_ssl_certificate_key /key1.pem;
-			proxy_pass http://kasvc-1:8080;
-		}
-
-		location /2 {
-			proxy_ssl_certificate /cert2.pem;
-			proxy_ssl_certificate_key /key2.pem;
-			proxy_pass http://kasvc-2:8080;
-		}
-
-		location /3 {
-			proxy_ssl_certificate /cert3.pem;
-			proxy_ssl_certificate_key /key3.pem;
-			proxy_pass http://kasvc-3:8080;
-		}
-
-		location /4 {
-			proxy_ssl_certificate /cert4.pem;
-			proxy_ssl_certificate_key /key4.pem;
-			proxy_pass http://kasvc-4:8080;
-		}
-
-		location /5 {
-			proxy_ssl_certificate /cert5.pem;
-			proxy_ssl_certificate_key /key5.pem;
-			proxy_pass http://kasvc-5:8080;
-		}
-
-		location /6 {
-			proxy_ssl_certificate /cert6.pem;
-			proxy_ssl_certificate_key /key6.pem;
-			proxy_pass http://kasvc-6:8080;
-		}
-
-		location /7 {
-			proxy_ssl_certificate /cert7.pem;
-			proxy_ssl_certificate_key /key7.pem;
-			proxy_pass http://kasvc-7:8080;
-		}
-
-		location /8 {
-			proxy_ssl_certificate /cert8.pem;
-			proxy_ssl_certificate_key /key8.pem;
-			proxy_pass http://kasvc-8:8080;
-		}
-
-		location /9 {
-			proxy_ssl_certificate /cert9.pem;
-			proxy_ssl_certificate_key /key9.pem;
-			proxy_pass http://kasvc-9:8080;
-		}
-	}
-}