From cdaa212c9d3ffe879f6bf62608767e9bf1a79771 Mon Sep 17 00:00:00 2001
From: Jake Howard <RealOrangeOne@users.noreply.github.com>
Date: Sat, 4 Jun 2022 23:15:25 +0100
Subject: [PATCH 1/3] Update HAProxy

2.2 is very old. Pin to a newer version, and keep it up-to-date during rebuilds.
---
 Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Dockerfile b/Dockerfile
index 1a13d20..98cf3e5 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -1,4 +1,4 @@
-FROM haproxy:2.2-alpine
+FROM haproxy:lts-alpine
 
 EXPOSE 2375
 ENV ALLOW_RESTARTS=0 \

From 104914f212a4437d156a6c223d9d002bf3f09209 Mon Sep 17 00:00:00 2001
From: Jake Howard <git@theorangeone.net>
Date: Sun, 6 Nov 2022 14:34:54 +0000
Subject: [PATCH 2/3] Run as root

---
 Dockerfile | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/Dockerfile b/Dockerfile
index 98cf3e5..24d522b 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -1,5 +1,7 @@
 FROM haproxy:lts-alpine
 
+USER root
+
 EXPOSE 2375
 ENV ALLOW_RESTARTS=0 \
     AUTH=0 \

From c73447028fae7f12512be5844cac43cde2b0ca29 Mon Sep 17 00:00:00 2001
From: Jake Howard <git@theorangeone.net>
Date: Tue, 29 Nov 2022 09:15:34 +0000
Subject: [PATCH 3/3] Create a docker group on startup with the correct GID

This allows haproxy to read the socket, whilst running as a non-privileged user.

The container itself needs to run as root to create the group, but haproxy itself changes its own group after startup.
---
 Dockerfile           |  6 ++++++
 docker-entrypoint.sh | 10 ++++++++++
 haproxy.cfg          |  3 +++
 3 files changed, 19 insertions(+)
 create mode 100755 docker-entrypoint.sh

diff --git a/Dockerfile b/Dockerfile
index 24d522b..a484328 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -30,4 +30,10 @@ ENV ALLOW_RESTARTS=0 \
     TASKS=0 \
     VERSION=1 \
     VOLUMES=0
+
+COPY docker-entrypoint.sh /docker-entrypoint.sh
+ENTRYPOINT [ "/docker-entrypoint.sh" ]
+
 COPY haproxy.cfg /usr/local/etc/haproxy/haproxy.cfg
+
+CMD ["haproxy", "-f", "/usr/local/etc/haproxy/haproxy.cfg"]
diff --git a/docker-entrypoint.sh b/docker-entrypoint.sh
new file mode 100755
index 0000000..11d6c35
--- /dev/null
+++ b/docker-entrypoint.sh
@@ -0,0 +1,10 @@
+#!/bin/sh
+
+set -e
+
+# Create a group with the same gid as the docker socket
+export DOCKER_GID=$(stat -c "%g" $SOCKET_PATH)
+addgroup -g $DOCKER_GID docker
+
+# Run the original entrypoint - Our work here is done.
+exec /usr/local/bin/docker-entrypoint.sh $@
diff --git a/haproxy.cfg b/haproxy.cfg
index 011137e..fd37c73 100644
--- a/haproxy.cfg
+++ b/haproxy.cfg
@@ -4,6 +4,9 @@ global
     pidfile /run/haproxy.pid
     maxconn 4000
 
+    user haproxy
+    group docker
+
     # Turn on stats unix socket
     server-state-file /var/lib/haproxy/server-state