From 62eb67cc943e380a76dd9bf0a0fe844e385d5a37 Mon Sep 17 00:00:00 2001 From: openeuler_bot Date: Thu, 20 Nov 2025 00:13:53 +0000 Subject: [PATCH] 24.03-lts-sp2 update traffic-server to 10.1.0 --- .../10.1.0/24.03-lts-sp2/Dockerfile | 37 +++ .../10.1.0/24.03-lts-sp2/records.yaml | 219 ++++++++++++++++++ .../10.1.0/24.03-lts-sp2/remap.config | 207 +++++++++++++++++ Others/traffic-server/README.md | 1 + Others/traffic-server/doc/image-info.yml | 1 + Others/traffic-server/meta.yml | 4 +- 6 files changed, 468 insertions(+), 1 deletion(-) create mode 100644 Others/traffic-server/10.1.0/24.03-lts-sp2/Dockerfile create mode 100644 Others/traffic-server/10.1.0/24.03-lts-sp2/records.yaml create mode 100644 Others/traffic-server/10.1.0/24.03-lts-sp2/remap.config diff --git a/Others/traffic-server/10.1.0/24.03-lts-sp2/Dockerfile b/Others/traffic-server/10.1.0/24.03-lts-sp2/Dockerfile new file mode 100644 index 00000000..1a9c2c12 --- /dev/null +++ b/Others/traffic-server/10.1.0/24.03-lts-sp2/Dockerfile @@ -0,0 +1,37 @@ +ARG BASE=openeuler/openeuler:24.03-lts-sp2 +FROM ${BASE} +ARG VERSION=10.1.0 + +RUN dnf update -y \ + && dnf install -y wget gcc-c++ cmake shadow-utils brotli-devel xz-devel pcre-devel pcre2-devel zlib-devel openssl-devel \ + && dnf clean all \ + && rm -rf /var/cache/dnf + +WORKDIR /opt + +RUN wget https://github.com/apache/trafficserver/archive/refs/tags/10.1.0.tar.gz \ + && tar -zxvf 10.1.0.tar.gz \ + && rm -f 10.1.0.tar.gz + +WORKDIR /opt/trafficserver-${VERSION} + +RUN cmake -B build -DCMAKE_INSTALL_PREFIX=/usr/local/trafficserver \ + && cmake --build build -- -j$(nproc) \ + && cmake --install build + +COPY remap.config /usr/local/trafficserver/etc/trafficserver/remap.config +COPY records.yaml /usr/local/trafficserver/etc/trafficserver/records.yaml + +WORKDIR /usr/local/trafficserver + +RUN useradd -r -s /sbin/nologin trafficserver + +RUN mkdir -p /usr/local/trafficserver/var/trafficserver && \ + chown -R trafficserver:trafficserver /usr/local/trafficserver/var && \ + chmod 750 /usr/local/trafficserver/var + +USER trafficserver + +EXPOSE 8080 + +CMD ["bin/traffic_server", "-T", "misc"] \ No newline at end of file diff --git a/Others/traffic-server/10.1.0/24.03-lts-sp2/records.yaml b/Others/traffic-server/10.1.0/24.03-lts-sp2/records.yaml new file mode 100644 index 00000000..64254072 --- /dev/null +++ b/Others/traffic-server/10.1.0/24.03-lts-sp2/records.yaml @@ -0,0 +1,219 @@ +############################################################################## +# *NOTE*: All options covered in this file should be documented in the docs: +# +# https://docs.trafficserver.apache.org/en/latest/admin-guide/files/records.yaml.en.html +############################################################################## + +records: + accept_threads: 1 + cache: + limits: + http: + +# https://docs.trafficserver.apache.org/en/latest/admin-guide/files/records.yaml.en.html#proxy-config-cache-limits-http-max-alts + max_alts: 5 + log: + alternate: + +# https://docs.trafficserver.apache.org/en/latest/admin-guide/files/records.yaml.en.html#proxy-config-cache-log-alternate-eviction + eviction: 0 + +# https://docs.trafficserver.apache.org/en/latest/admin-guide/files/records.yaml.en.html#proxy-config-cache-max-doc-size + max_doc_size: 0 + min_average_object_size: 8000 + +############################################################################## +# RAM and disk cache configurations. Docs: +# https://docs.trafficserver.apache.org/en/latest/admin-guide/files/records.yaml.en.html#ram-cache +# https://docs.trafficserver.apache.org/en/latest/admin-guide/files/storage.config.en.html +############################################################################## + ram_cache: + size: -1 + ram_cache_cutoff: 4194304 + threads_per_disk: 8 +############################################################################## +# Debugging. Docs: +# https://docs.trafficserver.apache.org/en/latest/admin-guide/files/records.yaml.en.html#diagnostic-logging-configuration +############################################################################## + diags: + debug: + enabled: 0 + tags: http|dns + +# https://docs.trafficserver.apache.org/en/latest/admin-guide/files/records.yaml.en.html#proxy-config-dump-mem-info-frequency + dump_mem_info_frequency: 0 + +############################################################################## +# Thread configurations. Docs: +# https://docs.trafficserver.apache.org/en/latest/admin-guide/files/records.yaml.en.html#thread-variables +############################################################################## + exec_thread: + affinity: 1 + autoconfig: + enabled: 1 + scale: 1.0 + limit: 2 + http: + accept_no_activity_timeout: 120 + cache: + cache_responses_to_cookies: 1 + cache_urls_that_look_dynamic: 1 + +############################################################################## +# Heuristic cache expiration. Docs: +# https://docs.trafficserver.apache.org/en/latest/admin-guide/files/records.yaml.en.html#heuristic-expiration +############################################################################## + heuristic_lm_factor: 0.1 + heuristic_max_lifetime: 86400 + heuristic_min_lifetime: 3600 + +############################################################################## +# Enable / disable HTTP caching. Useful for testing, but also as an +# overridable (per remap) config +############################################################################## + http: 1 + +############################################################################## +# Cache control. Docs: +# https://docs.trafficserver.apache.org/en/latest/admin-guide/files/records.yaml.en.html#cache-control +# https://docs.trafficserver.apache.org/en/latest/admin-guide/files/cache.config.en.html +############################################################################## + ignore_client_cc_max_age: 1 + +# https://docs.trafficserver.apache.org/en/latest/admin-guide/files/records.yaml.en.html#proxy-config-http-cache-required-headers + required_headers: 2 + +# https://docs.trafficserver.apache.org/en/latest/admin-guide/files/records.yaml.en.html#proxy-config-http-cache-when-to-revalidate + when_to_revalidate: 0 + +############################################################################## +# Origin server connect attempts. Docs: +# https://docs.trafficserver.apache.org/en/latest/admin-guide/files/records.yaml.en.html#origin-server-connect-attempts +############################################################################## + connect_attempts_max_retries: 3 + connect_attempts_max_retries_down_server: 1 + connect_attempts_rr_retries: 3 + connect_attempts_timeout: 30 + down_server: + cache_time: 60 + forward: + proxy_auth_to_parent: 0 + +############################################################################## +# Proxy users variables. Docs: +# https://docs.trafficserver.apache.org/en/latest/admin-guide/files/records.yaml.en.html#proxy-user-variables +############################################################################## + insert_client_ip: 1 + +############################################################################## +# Via: headers. Docs: +# https://docs.trafficserver.apache.org/en/latest/admin-guide/files/records.yaml.en.html#proxy-config-http-insert-response-via-str +############################################################################## + insert_request_via_str: 1 + insert_response_via_str: 0 + insert_squid_x_forwarded_for: 1 + keep_alive_no_activity_timeout_in: 120 + keep_alive_no_activity_timeout_out: 120 + +############################################################################## +# Negative response caching, for redirects and errors. Docs: +# https://docs.trafficserver.apache.org/en/latest/admin-guide/files/records.yaml.en.html#negative-response-caching +############################################################################## + negative_caching_enabled: 0 + negative_caching_lifetime: 1800 + normalize_ae: 1 + +############################################################################## +# Parent proxy configuration, in addition to these settings also see parent.config. Docs: +# https://docs.trafficserver.apache.org/en/latest/admin-guide/files/records.yaml.en.html#parent-proxy-configuration +# https://docs.trafficserver.apache.org/en/latest/admin-guide/files/parent.config.en.html +############################################################################## + parent_proxy: + retry_time: 300 + +############################################################################## +# Security. Docs: +# https://docs.trafficserver.apache.org/en/latest/admin-guide/files/records.yaml.en.html#security +############################################################################## + push_method_enabled: 0 + +############################################################################## +# Specify server addresses and ports to bind for HTTP and HTTPS. Docs: +# https://docs.trafficserver.apache.org/en/latest/admin-guide/files/records.yaml.en.html#proxy.config.http.server_ports +############################################################################## + server_ports: 8080 8080:ipv6 + +# https://docs.trafficserver.apache.org/en/latest/admin-guide/files/records.yaml.en.html#proxy-config-http-slow-log-threshold + slow: + log: + threshold: 0 + +############################################################################## +# HTTP connection timeouts (secs). Docs: +# https://docs.trafficserver.apache.org/en/latest/admin-guide/files/records.yaml.en.html#http-connection-timeouts +############################################################################## + transaction_active_timeout_in: 900 + transaction_active_timeout_out: 0 + transaction_no_activity_timeout_in: 30 + transaction_no_activity_timeout_out: 30 + uncacheable_requests_bypass_parent: 1 + +############################################################################## +# Logging Config. Docs: +# https://docs.trafficserver.apache.org/en/latest/admin-guide/files/records.yaml.en.html#logging-configuration +# https://docs.trafficserver.apache.org/en/latest/admin-guide/files/logging.yaml.en.html +############################################################################## + log: + auto_delete_rolled_files: 1 + logging_enabled: 3 + max_space_mb_for_logs: 25000 + max_space_mb_headroom: 1000 + periodic_tasks_interval: 5 + rolling_enabled: 1 + rolling_interval_sec: 86400 + rolling_size_mb: 10 + +############################################################################## +# Network. Docs: +# https://docs.trafficserver.apache.org/en/latest/admin-guide/files/records.yaml.en.html#network +############################################################################## + net: + connections_throttle: 30000 + default_inactivity_timeout: 86400 + max_connections_in: 30000 + max_requests_in: 0 + +# https://docs.trafficserver.apache.org/en/latest/admin-guide/files/records.yaml.en.html#proxy-config-res-track-memory + res_track_memory: 0 + +# https://docs.trafficserver.apache.org/en/latest/admin-guide/files/records.yaml.en.html#reverse-proxy + reverse_proxy: + enabled: 1 + ssl: + client: + CA: + cert: + filename: null + +############################################################################## +# SSL Termination. Docs: +# https://docs.trafficserver.apache.org/en/latest/admin-guide/files/records.yaml.en.html#client-related-configuration +# https://docs.trafficserver.apache.org/en/latest/admin-guide/files/ssl_multicert.config.en.html +############################################################################## + verify: + server: + policy: PERMISSIVE + properties: ALL + task_threads: 2 + +############################################################################## +# These settings control remapping, and if the proxy allows (open) forward proxy or not. Docs: +# https://docs.trafficserver.apache.org/en/latest/admin-guide/files/records.yaml.en.html#url-remap-rules +# https://docs.trafficserver.apache.org/en/latest/admin-guide/files/remap.config.en.html +############################################################################## + url_remap: + +# https://docs.trafficserver.apache.org/en/latest/admin-guide/files/records.yaml.en.html#proxy-config-url-remap-pristine-host-hdr + pristine_host_hdr: 0 + remap_required: 1 + acl_behavior_policy: 0 \ No newline at end of file diff --git a/Others/traffic-server/10.1.0/24.03-lts-sp2/remap.config b/Others/traffic-server/10.1.0/24.03-lts-sp2/remap.config new file mode 100644 index 00000000..38280899 --- /dev/null +++ b/Others/traffic-server/10.1.0/24.03-lts-sp2/remap.config @@ -0,0 +1,207 @@ +# +# remap.config - URL Remapping Config File +# +# Documentation: +# https://docs.trafficserver.apache.org/en/latest/admin-guide/files/remap.config.en.html +# +# Using remap.config allows you to accomplish two things: +# +# 1) Rewrite a URL (from the client) before sending it to the Origin Server. +# 2) Protect the proxy server, to only allow certain requests. +# +# With the default configurations, at least one remap rule is required. This +# can be relaxed with the following configuration in records.yaml: +# +# records: +# url_remap: +# remap_required: 0 +# +# +# Be aware, doing so makes the proxy a generic, open-relay! +# +# The format is: +# client-URL origin-server-URL +# +# Where client-URL and origin-server-URL are both of the format +# ://:/ +# +# The directive is optional and can be different for different +# types of . The are optional ACL-like +# arguments unique for each remap rule +# +# Six different types of mappings are possible: +# map +# map_with_referer +# map_with_recv_port +# reverse_map +# redirect +# redirect_temporary +# +# Each of these map types can be prefixed with the string 'regex_' to indicate +# that the rule will have regular expression strings. See the last part of +# this description for more information on regex support. +# +# The 'map' mapping is the most straightforward. Requests that match the +# client-URL are rewritten into the origin-server-URL. The user agent will see +# the page on the remapped URL, but will not be notified of the address +# change. +# +# The 'map_with_referer' is an extended version of 'map', which can be used to +# activate the so-called "deep linking protection" feature available in +# Apache Traffic Server. +# +# The 'map_with_recv_port' is exactly like 'map' except that it uses the port +# at which the request was received to perform the mapping instead of the port +# present in the request. When present, 'map_with_recv_port' mappings are +# checked first. If there is a match, then it is chosen without evaluating the +# "regular" forward mapping rules. +# +# The 'reverse_map' mapping is used to rewrite location headers sent by the +# origin server. The 'redirect' mapping creates a permanent redirect message +# and informs the browser of the URL change. +# +# The 'redirect_temporary' mapping acts in the same way but tells the browser +# that this redirect is only temporary. We need to map the URL in reverse +# proxy mode so that user agents know to contact Traffic Server and not +# attempt to contact the Origin Server directly. +# +# For example, you can set up a reverse proxy for www.example.com with the +# real content situated at server1.example.com with the rules: +# +# map http://www.example.com/ http://server1.example.com/ +# reverse_map http://server1.example.com/ http://www.example.com/ +# +# Or you could permanently redirect users trying to access www.oldserver.com +# to www.newserver.com with the following rule: +# +# redirect http://www.oldserver.com/ http://www.newserver.com +# +# If the redirect is only temporary, you want to only temporarily remap the +# URL. You could use the following rule to divert users away from a failed +# server: +# +# redirect_temporary http://broken.firm.com http://working.firm.com +# +# In order to use "deep linking protection" Traffic Server's feature, the +# 'map_with_referer' mapping scheme must be used. In general, the format of is +# the following: +# +# map_with_referer client-URL origin-server-URL redirect-URL regex1 [regex2 ...] +# +# 'redirect-URL' is a redirection URL specified according to RFC 2616 and can +# contain special formatting instructions for run-time modifications of the +# resulting redirection URL. All regexes Perl compatible regular expressions, +# which describes the content of the "Referer" header which must be +# verified. In case an actual request does not have "Referer" header or it +# does not match with referer regular expression, the HTTP request will be +# redirected to 'redirect-URL'. +# +# At least one regular expressions must be specified in order to activate +# 'deep linking protection'. There are limitations for the number of referer +# regular expression strings - 2048. In order to enable the 'deep linking +# protection' feature in Traffic Server, configure records.yaml with: +# +# records: +# http: +# referer_filter: 1 +# +# +# In order to enable run-time formatting for redirect0URL, configure +# +# records: +# http: +# referer_format_redirect: 1 +# +# +# When run-time formatting for redirect-URL was enabled the following format +# symbols can be used: +# +# %r - to substitute original "Referer" header string +# %f - to substitute client-URL from 'map_with_referer' record +# %t - to substitute origin-server-URL from 'map_with_referer' record +# %o - to substitute request URL to origin server, which was created a +# the result of a mapping operation +# +# Note: There is a special referer type "~*" that can be used in order to +# specify that the Referer header is optional in the request. If "~*" referer +# was used in map_with_referer mapping, only requests with Referer header will +# be verified for validity. If the "~" symbol was specified before referer +# regular expression, it means that the request with a matching referer header +# will be redirected to redirectURL. It can be used to create a so-called +# negative referer list. If "*" was used as a referer regular expression - +# all referers are allowed. Various combinations of "*" and "~" in a referer +# list can be used to create different filtering rules. +# +# Examples: +# map_with_referer http://y.foo.bar.com/x/yy/ http://foo.bar.com/x/yy/ http://games.bar.com/new_games .*\.bar\.com www.bar-friends.com +# +# Explanation: Referer header must be in the request, only ".*\.bar\.com" +# and "www.bar-friends.com" are allowed. +# +# map_with_referer http://y.foo.bar.com/x/yy/ http://foo.bar.com/x/yy/ http://games.bar.com/new_games * ~.*\.evil\.com +# +# Explanation: Referer header must be in the request but all referers are +# allowed except ".*\.evil\.com". +# +# map_with_referer http://y.foo.bar.com/x/yy/ http://foo.bar.com/x/yy/ http://games.bar.com/error ~* * ~.*\.evil\.com +# +# Explanation: Referer header is optional. However, if Referer header exists, +# only request from ".*\.evil\.com" will be redirected to redirect-URL. +# +# There are optional filtering arguments that can be specified at the end of the mapping definition line: +# +# @action=allow|deny +# @src_ip=IP-address +# @method=HTTP method string (CONNECT|DELETE|GET|HEAD|OPTIONS|POST|PURGE|PUT|TRACE|PUSH) +# @plugin= +# @pparam= +# +# There is no limitation for the number of filtering arguments. +# +# Example: +# map http://foo.cow.com/ http://bar.cow.com @src_ip=10.72.118.51-10.72.118.62 @method=GET @method=DELETE @src_ip=192.168.0.1-192.168.0.254 @action=allow @method=PUT +# +# Traffic Server supports WebSockets but it must be enabled via remap. WebSocket upgrades are automatically +# detected when there exists a remap rule containing a ws:// scheme. +# +# Example: +# map ws://bar.com/ ws://foo.com/ +# +# Explanation: When a request comes in with the appropriate upgrade headers, Traffic Server will use this +# remap rule in an attempt to establish and maintain a websocket connection. +# +# Named filters can be created and applied to blocks of mappings +# using the .definefilter, .activatefilter, and .deactivatefilter +# directives. Named filters must be defined using .definefilter +# before being used. Once defined, .activatefilter can used to +# activate a filter for all mappings that follow until deactivated +# with .deactivatefilter. +# +# Example: +# .definefilter disable_delete_purge @action=deny @method=delete @method=purge +# .definefilter internal_only @action=allow @src_ip=192.168.0.1-192.168.0.254 @src_ip=10.0.0.1-10.0.0.254 +# +# .activatefilter disable_delete_purge +# +# map http://foo.example.com/ http://bar.example.com/ +# +# .activatefilter internal_only +# map http://www.example.com/admin http://internal.example.com/admin +# .deactivatefilter internal_only +# +# map http://www.example.com/ http://internal.example.com/ +# +# +# Regex support: Regular expressions can be specified in the rules with the +# following limitations: +# +# 1) Only the host field can have regexes - the scheme, port and other +# fields cannot. +# 2) The number of capturing sub-patterns is limited to 9; +# this means $0 through $9 can be used as substitution place holders ($0 +# will be the entire input string) +# 3) The number of substitutions in the expansion string is limited to 10. +# + +# This is a simple-standalone deployment example the can be replaced with actual forwarding configurations. +map http://localhost/ http://127.0.0.1:8080/ \ No newline at end of file diff --git a/Others/traffic-server/README.md b/Others/traffic-server/README.md index 95367183..b3ac8d32 100644 --- a/Others/traffic-server/README.md +++ b/Others/traffic-server/README.md @@ -18,6 +18,7 @@ The tag of each `traffic-server` docker image is consist of the version of `traf | Tag | Currently | Architectures | |----------|-------------|------------------| +|[10.1.0-oe2403sp2](https://gitee.com/openeuler/openeuler-docker-images/blob/master/Others/traffic-server/10.1.0/24.03-lts-sp2/Dockerfile) | traffic 10.1.0 on openEuler 24.03-LTS-SP2 | amd64, arm64 | |[10.0.5-oe2403sp1](https://gitee.com/openeuler/openeuler-docker-images/blob/master/Others/traffic-server/10.0.5/24.03-lts-sp1/Dockerfile)| Apache Traffic Server 10.0.5 on openEuler 24.03-LTS-SP1 | amd64, arm64 | # Usage diff --git a/Others/traffic-server/doc/image-info.yml b/Others/traffic-server/doc/image-info.yml index 38dc8b46..80696bc4 100644 --- a/Others/traffic-server/doc/image-info.yml +++ b/Others/traffic-server/doc/image-info.yml @@ -11,6 +11,7 @@ tags: | | Tag | Currently | Architectures | |----------|-------------|------------------| + |[10.1.0-oe2403sp2](https://gitee.com/openeuler/openeuler-docker-images/blob/master/Others/traffic-server/10.1.0/24.03-lts-sp2/Dockerfile) | traffic 10.1.0 on openEuler 24.03-LTS-SP2 | amd64, arm64 | |[10.0.5-oe2403sp1](https://gitee.com/openeuler/openeuler-docker-images/blob/master/Others/traffic-server/10.0.5/24.03-lts-sp1/Dockerfile)| Apache Traffic Server 10.0.5 on openEuler 24.03-LTS-SP1 | amd64, arm64 | download: | diff --git a/Others/traffic-server/meta.yml b/Others/traffic-server/meta.yml index aa0bee53..c3c5132b 100644 --- a/Others/traffic-server/meta.yml +++ b/Others/traffic-server/meta.yml @@ -2,4 +2,6 @@ path: 10.0.5/24.03-lts-sp1/Dockerfile 10.1.0-oe2403sp1: - path: 10.1.0/24.03-lts-sp1/Dockerfile \ No newline at end of file + path: 10.1.0/24.03-lts-sp1/Dockerfile +10.1.0-oe2403sp2: + path: 10.1.0/24.03-lts-sp2/Dockerfile \ No newline at end of file -- Gitee