diff --git a/group_vars/all/main.yml b/group_vars/all/main.yml
index 14a5b81c36b8f9824f403ab23142be647c7c48eb..f73b42ca0ad3f84dc38b2f04c65a503c42fa2f70 100644
--- a/group_vars/all/main.yml
+++ b/group_vars/all/main.yml
@@ -1,6 +1,6 @@
---
-dslproxy: "<CHANGE_ME:hostname>"
+dslproxy: "arne-centos2.cert-labs.uninett.no"
# TheHive Button plugin
THEHIVE_URL: "https://hive.gn4-3-wp8-soc.sunet.se/"
diff --git a/roles/build/templates/haproxy/Dockerfile.j2 b/roles/build/templates/haproxy/Dockerfile.j2
index f917f31919e708595795017a58c3f14df7424030..602eb656dc22273d39b950bd561b41532d26f4ae 100644
--- a/roles/build/templates/haproxy/Dockerfile.j2
+++ b/roles/build/templates/haproxy/Dockerfile.j2
@@ -1,6 +1,76 @@
-FROM haproxy:{{haproxy_version}}
+FROM gn43-dsl/centos:7a20200612
-RUN apt-get update && apt-get install -y python
-COPY haproxy.cfg /usr/local/etc/haproxy/haproxy.cfg
+ENV HAPROXY_VERSION 2.2.3
+ENV HAPROXY_URL https://www.haproxy.org/download/2.2/src/haproxy-2.2.3.tar.gz
+ENV HAPROXY_SHA256 7209db363d4dbecb21133f37b01048df666aebc14ff543525dbea79be202064e
+ENV OPENSSL_VERSION=1.0.2u
+
+
+# see https://sources.debian.net/src/haproxy/jessie/debian/rules/ for some helpful navigation of the possible "make" arguments
+RUN \
+ yum install -y epel-release && \
+ yum update -y && \
+ `# Install build tools. Note: perl needed to compile openssl...` \
+ yum install -y \
+ inotify-tools \
+ wget \
+ tar \
+ gzip \
+ make \
+ gcc \
+ perl \
+ pcre-devel \
+ zlib-devel \
+ iptables \
+ pcre2-devel \
+ pth-devel && \
+ `# Install newest openssl...` \
+ wget -O /tmp/openssl.tgz https://www.openssl.org/source/openssl-${OPENSSL_VERSION}.tar.gz && \
+ tar -zxf /tmp/openssl.tgz -C /tmp && \
+ cd /tmp/openssl-* && \
+ ./config --prefix=/usr \
+ --openssldir=/etc/ssl \
+ --libdir=lib \
+ no-shared zlib-dynamic && \
+ make -j$(getconf _NPROCESSORS_ONLN) V= && make install_sw && \
+ cd && rm -rf /tmp/openssl* && \
+ `# Install HAProxy...` \
+ && wget -O haproxy.tar.gz "$HAPROXY_URL" \
+ && echo "$HAPROXY_SHA256 *haproxy.tar.gz" | sha256sum -c \
+ && mkdir -p /usr/src/haproxy \
+ && tar -xzf haproxy.tar.gz -C /usr/src/haproxy --strip-components=1 \
+ && rm haproxy.tar.gz \
+ \
+ && makeOpts=' \
+ TARGET=linux-glibc \
+ USE_GETADDRINFO=1 \
+ USE_OPENSSL=1 \
+ USE_PCRE2=1 USE_PCRE2_JIT=1 \
+ USE_ZLIB=1 \
+ \
+ EXTRA_OBJS=" \
+# see https://github.com/docker-library/haproxy/issues/94#issuecomment-505673353 for more details about prometheus support
+ contrib/prometheus-exporter/service-prometheus.o \
+ " \
+ ' \
+ && nproc="$(nproc)" \
+ && eval "make -C /usr/src/haproxy -j '$nproc' all $makeOpts" \
+ && eval "make -C /usr/src/haproxy install-bin $makeOpts" \
+ \
+ && mkdir -p /usr/local/etc/haproxy \
+ && cp -R /usr/src/haproxy/examples/errorfiles /usr/local/etc/haproxy/errors \
+ && rm -rf /usr/src/haproxy
+
+ENTRYPOINT ["/bin/bash"]
+# https://www.haproxy.org/download/1.8/doc/management.txt
+# "4. Stopping and restarting HAProxy"
+# "when the SIGTERM signal is sent to the haproxy process, it immediately quits and all established connections are closed"
+# "graceful stop is triggered when the SIGUSR1 signal is sent to the haproxy process"
+STOPSIGNAL SIGUSR1
+
+COPY haproxy-entrypoint.sh /
+ENTRYPOINT ["/haproxy-entrypoint.sh"]
+
+COPY haproxy.cfg /usr/local/etc/haproxy/haproxy.cfg
CMD ["haproxy", "-f", "/usr/local/etc/haproxy/haproxy.cfg"]
diff --git a/roles/haproxy/tasks/main.yml b/roles/haproxy/tasks/main.yml
index 32eb6e35fcd84787130ef470cac03a9d4a90b383..b8f8f884110b5a6eb4a5845c782a323ab721138a 100644
--- a/roles/haproxy/tasks/main.yml
+++ b/roles/haproxy/tasks/main.yml
@@ -9,8 +9,9 @@
- start
- reconf
-- name: Reload haproxy service
+- name: Restart haproxy
shell: kill -USR2 1
tags:
- start
- reconf
+