Merge pull request #4 from 11notes/nginx_1.15.7

Nginx 1.15.7

Dockerfile

@@ -2,7 +2,7 @@
 FROM alpine:3.8
 
 # ------ original nginx docker alpine source compile! ------ #
-ENV NGINX_VERSION 1.15.5
+ENV NGINX_VERSION 1.14.2
 
 #	additional nginx modules
 ENV ADD_MODULE_HEADERS_MORE_NGINX_VERSION 0.33
@@ -28,6 +28,8 @@ RUN GPG_KEYS=B0F4253373F8F6F510D42178520A9993A1C052F8 \
 		--http-fastcgi-temp-path=/var/cache/nginx/fastcgi_temp \
 		--http-uwsgi-temp-path=/var/cache/nginx/uwsgi_temp \
 		--http-scgi-temp-path=/var/cache/nginx/scgi_temp \
+		--user=nginx \
+		--group=nginx \
 		--with-http_ssl_module \
 		--with-http_realip_module \
 		--with-http_addition_module \
@@ -58,6 +60,8 @@ RUN GPG_KEYS=B0F4253373F8F6F510D42178520A9993A1C052F8 \
 		--with-http_v2_module \
 		--add-module=/usr/lib/nginx/modules/headers-more-nginx-module-$ADD_MODULE_HEADERS_MORE_NGINX_VERSION \
 	" \
+	&& addgroup --gid 1000 -S nginx \
+	&& adduser --uid 1000 -D -S -h /var/cache/nginx -s /sbin/nologin -G nginx nginx \
 	&& apk add --no-cache --virtual .build-deps \
 		gcc \
 		libc-dev \
@@ -67,7 +71,7 @@ RUN GPG_KEYS=B0F4253373F8F6F510D42178520A9993A1C052F8 \
 		zlib-dev \
 		linux-headers \
 		curl \
-		gnupg \
+		gnupg1 \
 		libxslt-dev \
 		gd-dev \
 		geoip-dev \
@@ -116,6 +120,10 @@ RUN GPG_KEYS=B0F4253373F8F6F510D42178520A9993A1C052F8 \
 	&& strip /usr/lib/nginx/modules/*.so \
 	&& rm -rf /usr/src/nginx-$NGINX_VERSION \
 	\
+	# Bring in gettext so we can get `envsubst`, then throw
+	# the rest away. To do this, we need to install `gettext`
+	# then move `envsubst` out of the way so `gettext` can
+	# be deleted completely, then move `envsubst` back.
 	&& apk add --no-cache --virtual .gettext gettext \
 	&& mv /usr/bin/envsubst /tmp/ \
 	\
@@ -130,26 +138,42 @@ RUN GPG_KEYS=B0F4253373F8F6F510D42178520A9993A1C052F8 \
 	&& apk del .gettext \
 	&& mv /tmp/envsubst /usr/local/bin/ \
 	\
+	# Bring in tzdata so users could set the timezones through the environment
+	# variables
 	&& apk add --no-cache tzdata \
 	\
+	# forward request and error logs to docker log collector
 	&& ln -sf /dev/stdout /var/log/nginx/access.log \
 	&& ln -sf /dev/stderr /var/log/nginx/error.log
 
-RUN rm /etc/nginx/nginx.conf \
-	&& mkdir -p /var/cache/nginx \
-	&& mkdir -p /var/nginx \
-	&& mkdir -p /var/nginx/conf.d \
-	&& mkdir -p /var/ssl \
-	&& mkdir -p /var/www
 
-COPY ./nginx.conf /var/nginx/nginx.conf
+#custom
+RUN mkdir -p /nginx \
+	&& mkdir -p /nginx/etc \
+	&& mkdir -p /nginx/www \
+	&& mkdir -p /nginx/www/default \
+	&& mkdir -p /nginx/ssl \
+	&& rm /etc/nginx/nginx.conf \
+	&& touch /var/run/nginx.pid
 
-RUN ln -s /var/nginx/nginx.conf /etc/nginx/nginx.conf
+COPY ./source/nginx.conf /etc/nginx/nginx.conf
+COPY ./source/default.conf /nginx/etc/default.conf
+COPY ./source/index.html /nginx/www/default/index.html
+
+RUN chown nginx:nginx -R /nginx /var/run/nginx.pid
 
 STOPSIGNAL SIGTERM
 
+#debug
+RUN ls -lah /nginx/* \
+	&& ls -lah /etc/nginx/* \
+	&& id -u nginx \
+	&& id -g nginx \
+	&& cat /etc/nginx/nginx.conf
+
 # ------ define volumes ------ #
-VOLUME ["/var/nginx", "/var/ssl", "/var/www"]
+VOLUME ["/nginx/etc", "/nginx/www", "/nginx/ssl"]
 
 # ------ entrypoint for container ------ #
+USER nginx:nginx
 CMD ["nginx", "-g", "daemon off;"]

README.md

@@ -1 +1,55 @@
 # docker-nginx
+
+Dockerfile to create and run your own nginx process inside an alpine docker container.
+
+## docker volumes
+
+/nginx/etc
+
+Contains: vhost for nginx. Must end in *.conf (set in /etc/nginx/nginx.conf)
+
+/nginx/www
+
+Contains: webroot for vhost etc
+
+/nginx/ssl
+
+Contains: SSL certificates, ment as read only for web workes from a central ssl store
+
+## docker build
+```shell
+docker build -t YOURNAME/YOURCONTAINER:YOURTAG .
+```
+## docker run
+```shell
+docker run --name nginx \
+    -v volume-etc:/nginx/etc \
+    -v volume-www:/nginx/www \
+    -v volume-ssl:/nginx/ssl:ro \
+    -d 11notes/nginx:stable 
+```
+
+## difference between nginx:1.14.2-alpine
+
+Additional plugins:
+
+```shell
+    module_headers_more
+```
+
+Nginx configuration and uid/gid:
+
+```shell
+    uid:gid both set to static 1000:1000
+    all data moved to /nginx
+```
+
+## build with
+
+* [alpine:3.8](https://github.com/gliderlabs/docker-alpine/blob/c14b86580b9f86f42296050ec7564faf6b6db9be/versions/library-3.8/x86_64/Dockerfile) - alpine linux
+* [nginx/alpine:stable](https://github.com/nginxinc/docker-nginx/blob/b71469ab815f580ba0ad658a32e91c86f8565ed4/stable/alpine/Dockerfile) - official nginx container
+
+## tips
+
+* Don't bind to ports < 1024 (requires root)
+* [alpine-docker-netshare](https://github.com/11notes/alpine-docker-netshare) - Examples to store persistent storage on NFS/CIFS/etc

source/default.conf

@@ -0,0 +1,9 @@
+server {
+        listen 8080 default_server;
+        server_name _;
+        root /nginx/www/default;
+
+        location / {
+                try_files $uri index.html;
+        }
+}

source/index.html

@@ -0,0 +1,62 @@
+<!DOCTYPE html>
+<html>
+    <head>
+        <title>11notes/nginx:stable</title>
+        <link rel="stylesheet" href="https://fonts.googleapis.com/css?family=Inconsolata" />
+    <style>
+        html,
+        body {
+            height: 100%;
+        }
+
+        body {
+            margin: 0;
+        }
+
+
+        .container {
+            height: 100%;
+            padding: 0;
+            margin: 0;
+            display: -webkit-box;
+            display: -moz-box;
+            display: -ms-flexbox;
+            display: -webkit-flex;
+            display: flex;
+            align-items: center;
+            justify-content: center;
+            flex-direction: column;
+        }
+
+        .content {
+            align-self: center;
+        }
+
+        .text {
+            font-size:1em; cursor:default;
+            font-family:'Inconsolata';
+        }
+
+        .comment {
+            font-size:1em; cursor:default;
+            font-family:'Inconsolata';
+            color:darkgreen;
+            font-style:italic;
+        }
+
+    </style>
+    </head>
+    <body>
+            <div class="container">
+                <div class="content">
+                    <div class="text">
+                            docker run --name nginx \<br />
+                            &emsp;-v volume-etc:/nginx/etc \<br />
+                            &emsp;-v volume-www:/nginx/www \<br />
+                            &emsp;-v volume-ssl:/nginx/ssl:ro \<br />
+                            &emsp;-d 11notes/nginx:stable
+                    </div>
+                </div>
+            </div>
+    </body>
+</html>

source/nginx.conf

@@ -44,5 +44,5 @@
 			open_file_cache_min_uses 2;
 			open_file_cache_errors on;
 
-			include /var/nginx/conf.d/*.conf;
+			include /nginx/etc/*.conf;
 		}