diff --git a/compose.yaml b/compose.yaml index 514cc26..3d5b71c 100644 --- a/compose.yaml +++ b/compose.yaml @@ -2,6 +2,7 @@ services: kasvc-0: &kasvc build: context: kasvc + network: host platforms: - linux/x86_64 platform: linux/x86_64 @@ -53,9 +54,11 @@ services: kaproxy: build: context: kaproxy + network: host platforms: - linux/x86_64 platform: linux/x86_64 + privileged: true ports: - 8079:8080 networks: @@ -68,6 +71,7 @@ services: kaclient: build: context: kaclient + network: host platforms: - linux/x86_64 platform: linux/x86_64 diff --git a/kaclient/Dockerfile b/kaclient/Dockerfile index 0308a1f..386b1a7 100644 --- a/kaclient/Dockerfile +++ b/kaclient/Dockerfile @@ -1,6 +1,6 @@ FROM archlinux:latest -RUN pacman -Syyu --noconfirm -RUN pacman -S curl --noconfirm + +RUN pacman -Sy curl --noconfirm COPY run.sh / CMD ["/run.sh"] diff --git a/kaproxy/Dockerfile b/kaproxy/Dockerfile index a62541f..7ba2843 100644 --- a/kaproxy/Dockerfile +++ b/kaproxy/Dockerfile @@ -2,16 +2,97 @@ FROM archlinux:latest EXPOSE 8080 RUN pacman -Syyu --noconfirm -RUN pacman -S base-devel glibc gcc-libs --noconfirm +RUN pacman -S base-devel glibc gcc-libs perf --noconfirm COPY nginx /nginx WORKDIR /nginx RUN auto/configure \ --with-debug \ --with-http_ssl_module \ - --with-cc-opt=-pg + --with-cc-opt="-ggdb -fno-omit-frame-pointer" RUN make RUN make install COPY nginx.conf / +WORKDIR / + +RUN openssl req -x509 \ + -newkey rsa:4096 \ + -keyout key0.pem \ + -out cert0.pem \ + -sha256 -nodes \ + -days 3650 \ + -subj "/C=XX/ST=StateName/L=CityName/O=CompanyName/OU=CompanySectionName/CN=www.example.com" + +RUN openssl req -x509 \ + -newkey rsa:4096 \ + -keyout key1.pem \ + -out cert1.pem \ + -sha256 -nodes \ + -days 3650 \ + -subj "/C=XX/ST=StateName/L=CityName/O=CompanyName/OU=CompanySectionName/CN=www.example.com" + +RUN openssl req -x509 \ + -newkey rsa:4096 \ + -keyout key2.pem \ + -out cert2.pem \ + -sha256 -nodes \ + -days 3650 \ + -subj "/C=XX/ST=StateName/L=CityName/O=CompanyName/OU=CompanySectionName/CN=www.example.com" + +RUN openssl req -x509 \ + -newkey rsa:4096 \ + -keyout key3.pem \ + -out cert3.pem \ + -sha256 -nodes \ + -days 3650 \ + -subj "/C=XX/ST=StateName/L=CityName/O=CompanyName/OU=CompanySectionName/CN=www.example.com" + +RUN openssl req -x509 \ + -newkey rsa:4096 \ + -keyout key4.pem \ + -out cert4.pem \ + -sha256 -nodes \ + -days 3650 \ + -subj "/C=XX/ST=StateName/L=CityName/O=CompanyName/OU=CompanySectionName/CN=www.example.com" + +RUN openssl req -x509 \ + -newkey rsa:4096 \ + -keyout key5.pem \ + -out cert5.pem \ + -sha256 -nodes \ + -days 3650 \ + -subj "/C=XX/ST=StateName/L=CityName/O=CompanyName/OU=CompanySectionName/CN=www.example.com" + +RUN openssl req -x509 \ + -newkey rsa:4096 \ + -keyout key6.pem \ + -out cert6.pem \ + -sha256 -nodes \ + -days 3650 \ + -subj "/C=XX/ST=StateName/L=CityName/O=CompanyName/OU=CompanySectionName/CN=www.example.com" + +RUN openssl req -x509 \ + -newkey rsa:4096 \ + -keyout key7.pem \ + -out cert7.pem \ + -sha256 -nodes \ + -days 3650 \ + -subj "/C=XX/ST=StateName/L=CityName/O=CompanyName/OU=CompanySectionName/CN=www.example.com" + +RUN openssl req -x509 \ + -newkey rsa:4096 \ + -keyout key8.pem \ + -out cert8.pem \ + -sha256 -nodes \ + -days 3650 \ + -subj "/C=XX/ST=StateName/L=CityName/O=CompanyName/OU=CompanySectionName/CN=www.example.com" + +RUN openssl req -x509 \ + -newkey rsa:4096 \ + -keyout key9.pem \ + -out cert9.pem \ + -sha256 -nodes \ + -days 3650 \ + -subj "/C=XX/ST=StateName/L=CityName/O=CompanyName/OU=CompanySectionName/CN=www.example.com" COPY dhparam.pem / COPY www.example.com.crt / diff --git a/kaproxy/nginx.conf b/kaproxy/nginx.conf index a8f9734..d86499c 100644 --- a/kaproxy/nginx.conf +++ b/kaproxy/nginx.conf @@ -15,44 +15,65 @@ http { ssl_certificate /www.example.com.crt; ssl_certificate_key /www.example.com.key; access_log /tmp/access.log; + proxy_socket_keepalive on; location /0 { + proxy_ssl_certificate /cert0.pem; + proxy_ssl_certificate_key /key0.pem; proxy_pass http://kasvc-0:8080; } location /1 { + proxy_ssl_certificate /cert1.pem; + proxy_ssl_certificate_key /key1.pem; proxy_pass http://kasvc-1:8080; } location /2 { + proxy_ssl_certificate /cert2.pem; + proxy_ssl_certificate_key /key2.pem; proxy_pass http://kasvc-2:8080; } location /3 { + proxy_ssl_certificate /cert3.pem; + proxy_ssl_certificate_key /key3.pem; proxy_pass http://kasvc-3:8080; } location /4 { + proxy_ssl_certificate /cert4.pem; + proxy_ssl_certificate_key /key4.pem; proxy_pass http://kasvc-4:8080; } location /5 { + proxy_ssl_certificate /cert5.pem; + proxy_ssl_certificate_key /key5.pem; proxy_pass http://kasvc-5:8080; } location /6 { + proxy_ssl_certificate /cert6.pem; + proxy_ssl_certificate_key /key6.pem; proxy_pass http://kasvc-6:8080; } location /7 { + proxy_ssl_certificate /cert7.pem; + proxy_ssl_certificate_key /key7.pem; proxy_pass http://kasvc-7:8080; } location /8 { + proxy_ssl_certificate /cert8.pem; + proxy_ssl_certificate_key /key8.pem; proxy_pass http://kasvc-8:8080; } location /9 { + proxy_ssl_certificate /cert9.pem; + proxy_ssl_certificate_key /key9.pem; proxy_pass http://kasvc-9:8080; } } diff --git a/kaproxy/run.sh b/kaproxy/run.sh index 7e68009..89f8203 100755 --- a/kaproxy/run.sh +++ b/kaproxy/run.sh @@ -1,5 +1,14 @@ #!/bin/bash +function p_invoke() { + perf record -F1000 --call-graph dwarf -o /perf.data \ + -- /nginx/objs/nginx \ + -p /tmp \ + -e /tmp/error.log \ + -c /nginx.conf \ + -g "daemon off;" +} + function invoke() { /nginx/objs/nginx \ -p /tmp \ @@ -23,7 +32,7 @@ function sigcont_handler() { trap 'sigint_handler' INT trap 'sigcont_handler' CONT -invoke & +p_invoke & wait echo "NGINX down. waiting until signalled..." sleep infinity diff --git a/kasvc/Dockerfile b/kasvc/Dockerfile index 8573f13..117be5c 100644 --- a/kasvc/Dockerfile +++ b/kasvc/Dockerfile @@ -1,6 +1,5 @@ FROM archlinux:latest -RUN pacman -Syyu --noconfirm -RUN pacman -S glibc gcc-libs --noconfirm +RUN pacman -Sy glibc gcc-libs --noconfirm EXPOSE 8080 COPY keepalive-svc / CMD ["/keepalive-svc"]