-
Notifications
You must be signed in to change notification settings - Fork 69
Expand file tree
/
Copy pathDockerfile.stunnel
More file actions
66 lines (54 loc) · 2.25 KB
/
Dockerfile.stunnel
File metadata and controls
66 lines (54 loc) · 2.25 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
###############################################################################
# Build stage – compile OpenSSL 1.0.2u and stunnel 5.75
###############################################################################
FROM debian:12.11-slim AS build
ARG OPENSSL_VERSION=1.0.2u
ARG OPENSSL_TAG=OpenSSL_1_0_2u
ARG STUNNEL_VERSION=5.76
ARG OPENSSL_URL=https://github.com/openssl/openssl/releases/download/${OPENSSL_TAG}/openssl-${OPENSSL_VERSION}.tar.gz
ARG STUNNEL_URL=https://www.stunnel.org/archive/5.x/stunnel-${STUNNEL_VERSION}.tar.gz
# Build prerequisites
RUN apt-get update && \
apt-get install -y --no-install-recommends \
build-essential \
ca-certificates \
wget \
perl \
zlib1g-dev \
pkg-config && \
rm -rf /var/lib/apt/lists/*
WORKDIR /usr/src
# ---------- OpenSSL ----------------------------------------------------------
RUN wget -qO openssl.tar.gz "${OPENSSL_URL}" && \
tar xzf openssl.tar.gz && \
cd openssl-${OPENSSL_VERSION} && \
./config --prefix=/usr/local/openssl --openssldir=/usr/local/openssl shared zlib && \
make -j"$(nproc)" && \
make install_sw
# ---------- stunnel ----------------------------------------------------------
RUN wget -qO stunnel.tar.gz "${STUNNEL_URL}" && \
tar xzf stunnel.tar.gz && \
cd stunnel-${STUNNEL_VERSION} && \
./configure \
--with-ssl=/usr/local/openssl \
--prefix=/usr/local \
--sysconfdir=/etc \
--disable-libwrap && \
make -j"$(nproc)" && \
make install
###############################################################################
# Runtime stage – only what we need to run stunnel
###############################################################################
FROM debian:bookworm-slim AS runtime
COPY --from=build /usr/local/openssl /usr/local/openssl
COPY --from=build /usr/local/bin/stunnel /usr/local/bin/
COPY --from=build /usr/local/lib /usr/local/lib
# Make sure the custom OpenSSL is preferred at runtime
ENV LD_LIBRARY_PATH="/usr/local/openssl/lib"
# Directory to hold the user‑supplied stunnel.conf
RUN mkdir -p /etc/stunnel
WORKDIR /etc/stunnel
EXPOSE 443 1088
ENTRYPOINT ["stunnel"]
# You can pass the config file name as CMD or at `docker run` time, e.g.:
# CMD ["stunnel.conf"]