Build our own HAproxy docker image

The HAproxy docker image we were using is no longer maintained (hasn't been
for years), but is built upon Alpine Linux which has a big security leak:
https://talosintelligence.com/vulnerability_reports/TALOS-2019-0782

The security leak is fixed in this build of the docker image, but we should
move to something else (lke Træfik).

docker/docker-compose.yml

@@ -32,6 +32,7 @@ services:
         max-file:            "20"
 
   elastic:
+    # This image is defined in blender-cloud/docker/elastic
     image:                   armadillica/elasticsearch:6.1.1
     container_name:          elastic
     restart:                 always
@@ -62,6 +63,7 @@ services:
         max-file:            "20"
 
   kibana:
+    # This image is defined in blender-cloud/docker/elastic
     image:                   armadillica/kibana:6.1.1
     container_name:          kibana
     restart:                 always
@@ -158,7 +160,8 @@ services:
       - /data/letsencrypt:/data/letsencrypt
 
   haproxy:
-    image:                   dockercloud/haproxy:1.5.3
+    # This image is defined in blender-cloud/docker/haproxy
+    image:                   armadillica/haproxy:1.6.7
     container_name:          haproxy
     restart:                 always
     ports:

docker/haproxy/Dockerfile

@@ -0,0 +1,5 @@
+FROM dockercloud/haproxy:1.6.7
+LABEL maintainer="Sybren A. Stüvel <sybren@blender.studio>"
+
+# Fix https://talosintelligence.com/vulnerability_reports/TALOS-2019-0782
+RUN sed 's/root::/root:!:/' -i /etc/shadow

docker/haproxy/build.sh

@@ -0,0 +1,10 @@
+#!/bin/bash -e
+
+# When updating this, also update the version in Dockerfile
+VERSION=1.6.7
+
+docker build -t armadillica/haproxy:${VERSION} .
+docker tag armadillica/haproxy:${VERSION} armadillica/haproxy:latest
+
+echo "Done, built armadillica/haproxy:${VERSION}"
+echo "Also tagged as armadillica/haproxy:latest"