diff --git a/Dockerfile b/Dockerfile index 78f327d..0d93340 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,12 +1,25 @@ FROM ubuntu:20.04 AS builder-ssl +ARG SSLLIB=QuicTLS +# combined list of dependencies for QuicTLS, AWS-LC ENV DEBIAN_FRONTEND noninteractive -RUN apt-get -y update && apt-get -y install git make gcc +RUN apt-get -y update && apt-get -y install git g++ make gcc wget autoconf libtool cmake curl -RUN git clone --depth 1 -b OpenSSL_1_1_1s+quic https://github.com/quictls/openssl.git -RUN cd /openssl && ./config && make -j$(nproc) && make install_sw +# AWS-LC requirement +COPY --from=golang:latest /usr/local/go/ /usr/local/go/ +ENV PATH="/usr/local/go/bin:${PATH}" + +RUN if [ "$SSLLIB" = "QuicTLS" ]; \ + then git clone --depth 1 -b OpenSSL_1_1_1s+quic https://github.com/quictls/openssl.git && cd /openssl && ./config && make -j$(nproc) && make install_sw; \ + elif [ "$SSLLIB" = "AWS-LC" ]; \ + then git clone https://github.com/aws/aws-lc && cd aws-lc && cmake -DBUILD_SHARED_LIBS=1 -B build && make -C build && make -C build install; \ + elif [ "$SSLLIB" = "LibreSSL" ]; \ + then git clone https://github.com/libressl/portable.git libressl && cd /libressl && ./autogen.sh && autoreconf -fvi && ./configure && make && make install; \ + else echo "not supported SSLLIB"; exit 1; \ + fi FROM ubuntu:20.04 AS builder +ARG SSLLIB=QuicTLS COPY --from=builder-ssl /usr/local/include/openssl/ /usr/local/include/openssl/ COPY --from=builder-ssl \ @@ -23,13 +36,13 @@ RUN apt-get -y update && apt-get -y install git make gcc liblua5.3-0 liblua5.3-d CC=gcc \ TARGET=linux-glibc \ CPU=generic \ - USE_OPENSSL=1 \ + $(if [ "$SSLLIB" = "QuicTLS" ]; then echo USE_OPENSSL=1; elif [ "$SSLLIB" = "LibreSSL" ]; then echo USE_OPENSSL=1; elif [ "$SSLLIB" = "AWS-LC" ]; then echo USE_OPENSSL_AWSLC=1; else echo "not supported SSLLIB"; exit 1; fi) \ USE_QUIC=1 \ SSL_INC=/usr/local/include/ \ SSL_LIB=/usr/local/lib/ \ SMALL_OPTS="" \ CPU_CFLAGS.generic="-O0" \ - DEBUG_CFLAGS="-g -Wno-deprecated-declarations" \ + ARCH_FLAGS="-g -Wno-deprecated-declarations" \ ERR=1 \ DEBUG="-DDEBUG_DONT_SHARE_POOLS -DDEBUG_MEMORY_POOLS -DDEBUG_STRICT=2 -DDEBUG_TASK -DDEBUG_FAIL_ALLOC" \ LDFLAGS="-fuse-ld=gold" \ @@ -39,6 +52,7 @@ RUN apt-get -y update && apt-get -y install git make gcc liblua5.3-0 liblua5.3-d && make install FROM martenseemann/quic-network-simulator-endpoint:latest +ARG SSLLIB=QuicTLS # Required for lighttpd ENV TZ=Europe/Paris @@ -48,9 +62,13 @@ RUN apt-get -y update && apt-get -y install lighttpd liblua5.3-0 && rm -rf /var/ COPY --from=builder-ssl \ /usr/local/lib/libssl.so* /usr/local/lib/libcrypto.so* /usr/local/lib/ COPY --from=builder /usr/local/sbin/haproxy /usr/local/sbin/ -COPY quic.cfg lighttpd.cfg / +COPY quic.cfg quic-libressl.cfg lighttpd.cfg / COPY sslkeylogger.lua / +RUN if [ "$SSLLIB" = "LibreSSL" ]; \ + then mv /quic-libressl.cfg /quic.cfg; \ + fi + COPY run_endpoint.sh . RUN chmod +x run_endpoint.sh diff --git a/quic-libressl.cfg b/quic-libressl.cfg new file mode 100644 index 0000000..4b027f0 --- /dev/null +++ b/quic-libressl.cfg @@ -0,0 +1,39 @@ +global + cluster-secret what-a-secret! + + #tune.ssl.keylog on + lua-load sslkeylogger.lua + +defaults + mode http + timeout connect 5s + timeout client 60s + timeout server 5s + timeout tunnel 1h + +frontend fe + bind quic4@:443 proto quic ssl allow-0rtt crt /tmp/cert.pem alpn hq-interop,h3 "${HAP_EXTRA_ARGS}" + bind quic6@:443 proto quic ssl allow-0rtt crt /tmp/cert.pem alpn hq-interop,h3 "${HAP_EXTRA_ARGS}" + + http-request lua.sslkeylog /logs/keys.log + + use_backend be + +backend be + server lighttpd 127.0.0.1:10080 + +traces + trace quic sink stderr + trace quic level developer + trace quic verbosity clean + trace quic start now + + trace qmux sink stderr + trace qmux level developer + trace qmux verbosity minimal + trace qmux start now + + trace h3 sink stderr + trace h3 level developer + trace h3 verbosity minimal + trace h3 start now