readme update

Author: RogerZhongAWS

.github/docker-images/Dockerfile

@@ -13,7 +13,7 @@ RUN mkdir -p /root/aws-iot-securetunneling-localproxy/build \
 
 FROM ${OS} AS minimum_size
 
-COPY --from=deploy /root/aws-iot-securetunneling-localproxy/build/bin/localproxy ./localproxy
+COPY --from=deploy /root/aws-iot-securetunneling-localproxy/build/bin/localproxy /root/bin/localproxy
 
 COPY ./.github/docker-images/oss-compliance /root/oss-compliance
 RUN HOME_DIR=/root \
@@ -23,4 +23,4 @@ RUN HOME_DIR=/root \
     && bash ${HOME_DIR}/oss-compliance/generate-oss-compliance.sh ${HOME_DIR} \
     && rm -rf ${HOME_DIR}/oss-compliance*
 
-ENTRYPOINT ["/localproxy"]
+ENTRYPOINT ["/root/bin"]

CMakeLists.txt

@@ -30,7 +30,7 @@ set(CMAKE_RUNTIME_OUTPUT_DIRECTORY ${CMAKE_BINARY_DIR}/bin)
 
 # Configure Compiler flags
 if (UNIX OR APPLE)
-    set(CUSTOM_COMPILER_FLAGS "-O2 -D_FORTIFY_SOURCE=2 -fPIE -Wall -Werror")
+    set(CUSTOM_COMPILER_FLAGS "-O2 -D_FORTIFY_SOURCE=2 -fPIE -fstack-protector-strong -Wall -Werror")
     set(TEST_COMPILER_FLAGS "${CUSTOM_COMPILER_FLAGS} -D_AWSIOT_TUNNELING_NO_SSL")
 elseif (WIN32 OR MSVC)
     set(CUSTOM_COMPILER_FLAGS "/W4 /DYNAMICBASE /NXCOMPAT /analyze")

README.md

@@ -18,12 +18,37 @@ This code enables tunneling of a single threaded TCP client / server socket inte
 
 * Docker 18+
 
-### Running the Docker Build
+### Using Pre-built Docker Images
 
-`./docker-build.sh`
+We provide several docker images on various platforms.
+There are two types of images: base images and release images.
+The base images come with all dependencies pre-installed. You will still need to download and build the source.
+These are useful if you want to modify and [compile](https://github.com/aws-samples/aws-iot-securetunneling-localproxy#download-and-build-the-local-proxy) the local proxy on your own, but are large (~1 GB each).
+You can find them at:
+#### https://gallery.ecr.aws/aws-iot-securetunneling-localproxy/base-images
+The release images are minimum size images that include a pre-built binary. No dependencies are installed, so recompilation will not work.
+The format of every tag is `[arch]-[os]-[git commit sha]` for example: amd64-ubuntu-33879dd7f1500f7b3e56e48ce8b002cd9b0f9e4e.
+You can cross-check the git commit sha with the commits in the local proxy repo to see if the binary contains changes added in a specific commit.
+You can find them at:
+#### https://gallery.ecr.aws/aws-iot-securetunneling-localproxy/release-images
+
+### Building a Docker Image
+
+If you do not want to use the prebuilt images, you can build them yourself:
+
+`cd .github/docker-images/base-images/<os of choice>`
+
+`docker build -t <your tag> .`
 
-After the Docker build completes, run `./docker-run.sh` to open a shell inside the container created in the
-previous step, or you can run `./docker-run.sh -p <port_number>` to expose a port from the docker container. Here you can find both the `localproxy` and `localproxytest` binaries. Note that when the localproxy runs in source mode, it binds by default to `localhost`, If you want to access the localproxy from outside the container, make sure to use the option `-b 0.0.0.0` when you run the localproxy from the container so that it binds to `0.0.0.0` since `localhost` can not be access from outside the container.
+To build cross-platform images for ARM:
+
+`docker buildx --platform linux/arm64 -t <your tag> .`
+
+After the Docker build completes, run `docker run --rm -it <tag>` to open a shell inside the container created in the
+previous step, or you can add ` -p <port_number>` to expose a port from the docker container. Note that when the localproxy runs in source mode, it binds by default to `localhost`, If you want to access the localproxy from outside the container, make sure to use the option `-b 0.0.0.0` when you run the localproxy from the container so that it binds to `0.0.0.0` since `localhost` can not be access from outside the container.
+
+#### Deprecated Method
+`./docker-build.sh`
 
 ---