switch build strategy

.gitignore

@@ -1,3 +1 @@
 maintain/
-multi-arch-manifest.yaml
-post_push

amd64.dockerfile

@@ -1,16 +1,10 @@
-# :: Header
-	FROM alpine:3.16
+# :: Build
+	FROM alpine:latest as nginx
 	ENV NGINX_VERSION 1.22.1
 	ENV ADD_MODULE_HEADERS_MORE_NGINX_VERSION 0.33
 
-# :: Run
-	RUN apk add --no-cache --virtual .module curl tar \
-		&& mkdir -p /usr/lib/nginx/modules \
-		&& curl -SL https://github.com/openresty/headers-more-nginx-module/archive/v$ADD_MODULE_HEADERS_MORE_NGINX_VERSION.tar.gz | tar -zxC /usr/lib/nginx/modules \
-		&& apk del .module
-
-	RUN GPG_KEYS=B0F4253373F8F6F510D42178520A9993A1C052F8 \
-		&& CONFIG="\
+    RUN set -ex; \
+		CONFIG="\
 			--prefix=/etc/nginx \
 			--sbin-path=/usr/sbin/nginx \
 			--modules-path=/usr/lib/nginx/modules \
@@ -55,114 +49,96 @@
 			--with-file-aio \
 			--with-http_v2_module \
 			--add-module=/usr/lib/nginx/modules/headers-more-nginx-module-$ADD_MODULE_HEADERS_MORE_NGINX_VERSION \
-		" \
-		&& addgroup --gid 1000 -S nginx \
-		&& adduser --uid 1000 -D -S -h /nginx -s /sbin/nologin -G nginx nginx \
-		&& apk add --no-cache --virtual .tools \
+		"; \
+        apk add --no-cache --update \
+			curl \
+			tar \
 			gcc \
 			libc-dev \
 			make \
 			openssl-dev \
-			pcre-dev \
+			pcre2-dev \
 			zlib-dev \
 			linux-headers \
-			curl \
-			gnupg1 \
 			libxslt-dev \
 			gd-dev \
 			geoip-dev \
-		&& curl -fSL https://nginx.org/download/nginx-$NGINX_VERSION.tar.gz -o nginx.tar.gz \
-		&& curl -fSL https://nginx.org/download/nginx-$NGINX_VERSION.tar.gz.asc  -o nginx.tar.gz.asc \
-		&& export GNUPGHOME="$(mktemp -d)" \
-		&& found=''; \
-		for server in \
-			ha.pool.sks-keyservers.net \
-			hkp://keyserver.ubuntu.com:80 \
-			hkp://p80.pool.sks-keyservers.net:80 \
-			pgp.mit.edu \
-		; do \
-			echo "Fetching GPG key $GPG_KEYS from $server"; \
-			gpg --keyserver "$server" --keyserver-options timeout=10 --recv-keys "$GPG_KEYS" && found=yes && break; \
-		done; \
-		test -z "$found" && echo >&2 "error: failed to fetch GPG key $GPG_KEYS" && exit 1; \
-		gpg --batch --verify nginx.tar.gz.asc nginx.tar.gz \
-		&& rm -rf "$GNUPGHOME" nginx.tar.gz.asc \
-		&& mkdir -p /usr/src \
-		&& tar -zxC /usr/src -f nginx.tar.gz \
-		&& rm nginx.tar.gz \
-		&& cd /usr/src/nginx-$NGINX_VERSION \
-		&& ./configure $CONFIG --with-debug \
-		&& make -j$(getconf _NPROCESSORS_ONLN) \
-		&& mv objs/nginx objs/nginx-debug \
-		&& mv objs/ngx_http_xslt_filter_module.so objs/ngx_http_xslt_filter_module-debug.so \
-		&& mv objs/ngx_http_image_filter_module.so objs/ngx_http_image_filter_module-debug.so \
-		&& mv objs/ngx_http_geoip_module.so objs/ngx_http_geoip_module-debug.so \
-		&& mv objs/ngx_stream_geoip_module.so objs/ngx_stream_geoip_module-debug.so \
-		&& ./configure $CONFIG \
-		&& make -j$(getconf _NPROCESSORS_ONLN) \
-		&& make install \
-		&& rm -rf /etc/nginx/html/ \
-		&& mkdir /etc/nginx/conf.d/ \
-		&& mkdir -p /usr/share/nginx/html/ \
-		&& install -m644 html/index.html /usr/share/nginx/html/ \
-		&& install -m644 html/50x.html /usr/share/nginx/html/ \
-		&& install -m755 objs/nginx-debug /usr/sbin/nginx-debug \
-		&& install -m755 objs/ngx_http_xslt_filter_module-debug.so /usr/lib/nginx/modules/ngx_http_xslt_filter_module-debug.so \
-		&& install -m755 objs/ngx_http_image_filter_module-debug.so /usr/lib/nginx/modules/ngx_http_image_filter_module-debug.so \
-		&& install -m755 objs/ngx_http_geoip_module-debug.so /usr/lib/nginx/modules/ngx_http_geoip_module-debug.so \
-		&& install -m755 objs/ngx_stream_geoip_module-debug.so /usr/lib/nginx/modules/ngx_stream_geoip_module-debug.so \
-		&& ln -s ../../usr/lib/nginx/modules /etc/nginx/modules \
-		&& strip /usr/sbin/nginx* \
-		&& strip /usr/lib/nginx/modules/*.so \
-		&& rm -rf /usr/src/nginx-$NGINX_VERSION \
-		\
-		# Bring in gettext so we can get `envsubst`, then throw
-		# the rest away. To do this, we need to install `gettext`
-		# then move `envsubst` out of the way so `gettext` can
-		# be deleted completely, then move `envsubst` back.
-		&& apk add --no-cache --virtual .gettext gettext \
-		&& mv /usr/bin/envsubst /tmp/ \
-		\
-		&& runDeps="$( \
-			scanelf --needed --nobanner --format '%n#p' /usr/sbin/nginx /usr/lib/nginx/modules/*.so /tmp/envsubst \
-				| tr ',' '\n' \
-				| sort -u \
-				| awk 'system("[ -e /usr/local/lib/" $1 " ]") == 0 { next } { print "so:" $1 }' \
-		)" \
-		&& apk add --no-cache --virtual .nginx-rundeps $runDeps \
-		&& apk del .tools \
-		&& apk del .gettext \
-		&& mv /tmp/envsubst /usr/local/bin/ \
-		\
-		# Bring in tzdata so users could set the timezones through the environment
-		# variables
-		&& apk add --no-cache tzdata \
-		\
-		# forward request and error logs to docker log collector
-		&& ln -sf /dev/stdout /var/log/nginx/access.log \
-		&& ln -sf /dev/stderr /var/log/nginx/error.log
+			perl-dev \
+			libedit-dev \
+			bash \
+			alpine-sdk \
+			findutils; \
+		mkdir -p /usr/lib/nginx/modules; \
+		mkdir -p /usr/src; \
+		curl -SL https://github.com/openresty/headers-more-nginx-module/archive/v$ADD_MODULE_HEADERS_MORE_NGINX_VERSION.tar.gz | tar -zxC /usr/lib/nginx/modules; \
+		curl -SL https://nginx.org/download/nginx-$NGINX_VERSION.tar.gz | tar -zxC /usr/src; \
+		cd /usr/src/nginx-$NGINX_VERSION; \
+		./configure $CONFIG --with-debug; \
+		make -j $(nproc); \
+		mv objs/nginx objs/nginx-debug; \
+		mv objs/ngx_http_xslt_filter_module.so objs/ngx_http_xslt_filter_module-debug.so; \
+		mv objs/ngx_http_image_filter_module.so objs/ngx_http_image_filter_module-debug.so; \
+		mv objs/ngx_http_geoip_module.so objs/ngx_http_geoip_module-debug.so; \
+		mv objs/ngx_stream_geoip_module.so objs/ngx_stream_geoip_module-debug.so; \
+		./configure $CONFIG; \
+		make -j $(nproc); \
+		make install; \
+		install -m755 objs/ngx_http_xslt_filter_module-debug.so /usr/lib/nginx/modules/ngx_http_xslt_filter_module-debug.so; \
+		install -m755 objs/ngx_http_image_filter_module-debug.so /usr/lib/nginx/modules/ngx_http_image_filter_module-debug.so; \
+		install -m755 objs/ngx_http_geoip_module-debug.so /usr/lib/nginx/modules/ngx_http_geoip_module-debug.so; \
+		install -m755 objs/ngx_stream_geoip_module-debug.so /usr/lib/nginx/modules/ngx_stream_geoip_module-debug.so; \
+		strip /usr/sbin/nginx*; \
+		strip /usr/lib/nginx/modules/*.so;
 
+# :: Header
+	FROM alpine:latest
+	COPY --from=nginx /usr/sbin/nginx /usr/sbin
+	COPY --from=nginx /etc/nginx/ /etc/nginx
+	COPY --from=nginx /usr/lib/nginx/modules/ /etc/nginx/modules
 
-	RUN mkdir -p /nginx \
-		&& mkdir -p /nginx/run \
-		&& mkdir -p /nginx/cache \
-		&& mkdir -p /nginx/etc \
-		&& mkdir -p /nginx/www \
-		&& mkdir -p /nginx/www/default \
-		&& mkdir -p /nginx/ssl \
-		&& rm /etc/nginx/nginx.conf
+# :: Run
+	USER root
+
+	# :: prepare
+        RUN set -ex; \
+            mkdir -p /nginx; \
+            mkdir -p /nginx/etc; \
+            mkdir -p /nginx/www; \
+			mkdir -p /nginx/ssl; \
+			mkdir -p /nginx/cache; \
+			mkdir -p /nginx/run;
+
+		RUN set -ex; \
+			apk add --update --no-cache \
+				curl \
+				shadow \
+				pcre2-dev; \
+			mkdir -p /var/log/nginx; \
+			touch /var/log/nginx/access.log; \
+			touch /var/log/nginx/error.log; \
+			ln -sf /dev/stdout /var/log/nginx/access.log; \
+			ln -sf /dev/stderr /var/log/nginx/error.log;
+
+		RUN set -ex; \
+			addgroup --gid 1000 -S nginx; \
+			adduser --uid 1000 -D -S -h /nginx -s /sbin/nologin -G nginx nginx;
 
 	# :: copy root filesystem changes
         COPY ./rootfs /
 
 	# :: docker -u 1000:1000 (no root initiative)
-		RUN chown nginx:nginx -R /nginx
-
-STOPSIGNAL SIGTERM
+		RUN set -ex; \
+			chown nginx:nginx -R \
+				/nginx \
+				/var/log/nginx;
 
 # :: Volumes
 	VOLUME ["/nginx/etc", "/nginx/www", "/nginx/ssl"]
 
+# :: Monitor
+    RUN set -ex; chmod +x /usr/local/bin/healthcheck.sh
+    HEALTHCHECK CMD /usr/local/bin/healthcheck.sh || exit 1
+
 # :: Start
 	RUN set -ex; chmod +x /usr/local/bin/entrypoint.sh
 	USER nginx

arm32v7.dockerfile

@@ -1,22 +1,16 @@
-# :: Builder
+# :: Arch
     FROM alpine AS builder
     ENV QEMU_URL https://github.com/balena-io/qemu/releases/download/v3.0.0%2Bresin/qemu-3.0.0+resin-arm.tar.gz
     RUN apk add curl && curl -L ${QEMU_URL} | tar zxvf - -C . && mv qemu-3.0.0+resin-arm/qemu-arm-static .
 
-# :: Header
-	FROM arm32v7/alpine:3.16
+# :: Builder
+	FROM arm32v7/alpine:latest as nginx
     COPY --from=builder qemu-arm-static /usr/bin
 	ENV NGINX_VERSION 1.22.1
 	ENV ADD_MODULE_HEADERS_MORE_NGINX_VERSION 0.33
 
-# :: Run
-	RUN apk add --no-cache --virtual .module curl tar \
-		&& mkdir -p /usr/lib/nginx/modules \
-		&& curl -SL https://github.com/openresty/headers-more-nginx-module/archive/v$ADD_MODULE_HEADERS_MORE_NGINX_VERSION.tar.gz | tar -zxC /usr/lib/nginx/modules \
-		&& apk del .module
-
-	RUN GPG_KEYS=B0F4253373F8F6F510D42178520A9993A1C052F8 \
-		&& CONFIG="\
+    RUN set -ex; \
+		CONFIG="\
 			--prefix=/etc/nginx \
 			--sbin-path=/usr/sbin/nginx \
 			--modules-path=/usr/lib/nginx/modules \
@@ -61,114 +55,97 @@
 			--with-file-aio \
 			--with-http_v2_module \
 			--add-module=/usr/lib/nginx/modules/headers-more-nginx-module-$ADD_MODULE_HEADERS_MORE_NGINX_VERSION \
-		" \
-		&& addgroup --gid 1000 -S nginx \
-		&& adduser --uid 1000 -D -S -h /nginx -s /sbin/nologin -G nginx nginx \
-		&& apk add --no-cache --virtual .tools \
+		"; \
+        apk add --no-cache --update \
+			curl \
+			tar \
 			gcc \
 			libc-dev \
 			make \
 			openssl-dev \
-			pcre-dev \
+			pcre2-dev \
 			zlib-dev \
 			linux-headers \
-			curl \
-			gnupg1 \
 			libxslt-dev \
 			gd-dev \
 			geoip-dev \
-		&& curl -fSL https://nginx.org/download/nginx-$NGINX_VERSION.tar.gz -o nginx.tar.gz \
-		&& curl -fSL https://nginx.org/download/nginx-$NGINX_VERSION.tar.gz.asc  -o nginx.tar.gz.asc \
-		&& export GNUPGHOME="$(mktemp -d)" \
-		&& found=''; \
-		for server in \
-			ha.pool.sks-keyservers.net \
-			hkp://keyserver.ubuntu.com:80 \
-			hkp://p80.pool.sks-keyservers.net:80 \
-			pgp.mit.edu \
-		; do \
-			echo "Fetching GPG key $GPG_KEYS from $server"; \
-			gpg --keyserver "$server" --keyserver-options timeout=10 --recv-keys "$GPG_KEYS" && found=yes && break; \
-		done; \
-		test -z "$found" && echo >&2 "error: failed to fetch GPG key $GPG_KEYS" && exit 1; \
-		gpg --batch --verify nginx.tar.gz.asc nginx.tar.gz \
-		&& rm -rf "$GNUPGHOME" nginx.tar.gz.asc \
-		&& mkdir -p /usr/src \
-		&& tar -zxC /usr/src -f nginx.tar.gz \
-		&& rm nginx.tar.gz \
-		&& cd /usr/src/nginx-$NGINX_VERSION \
-		&& ./configure $CONFIG --with-debug \
-		&& make -j$(getconf _NPROCESSORS_ONLN) \
-		&& mv objs/nginx objs/nginx-debug \
-		&& mv objs/ngx_http_xslt_filter_module.so objs/ngx_http_xslt_filter_module-debug.so \
-		&& mv objs/ngx_http_image_filter_module.so objs/ngx_http_image_filter_module-debug.so \
-		&& mv objs/ngx_http_geoip_module.so objs/ngx_http_geoip_module-debug.so \
-		&& mv objs/ngx_stream_geoip_module.so objs/ngx_stream_geoip_module-debug.so \
-		&& ./configure $CONFIG \
-		&& make -j$(getconf _NPROCESSORS_ONLN) \
-		&& make install \
-		&& rm -rf /etc/nginx/html/ \
-		&& mkdir /etc/nginx/conf.d/ \
-		&& mkdir -p /usr/share/nginx/html/ \
-		&& install -m644 html/index.html /usr/share/nginx/html/ \
-		&& install -m644 html/50x.html /usr/share/nginx/html/ \
-		&& install -m755 objs/nginx-debug /usr/sbin/nginx-debug \
-		&& install -m755 objs/ngx_http_xslt_filter_module-debug.so /usr/lib/nginx/modules/ngx_http_xslt_filter_module-debug.so \
-		&& install -m755 objs/ngx_http_image_filter_module-debug.so /usr/lib/nginx/modules/ngx_http_image_filter_module-debug.so \
-		&& install -m755 objs/ngx_http_geoip_module-debug.so /usr/lib/nginx/modules/ngx_http_geoip_module-debug.so \
-		&& install -m755 objs/ngx_stream_geoip_module-debug.so /usr/lib/nginx/modules/ngx_stream_geoip_module-debug.so \
-		&& ln -s ../../usr/lib/nginx/modules /etc/nginx/modules \
-		&& strip /usr/sbin/nginx* \
-		&& strip /usr/lib/nginx/modules/*.so \
-		&& rm -rf /usr/src/nginx-$NGINX_VERSION \
-		\
-		# Bring in gettext so we can get `envsubst`, then throw
-		# the rest away. To do this, we need to install `gettext`
-		# then move `envsubst` out of the way so `gettext` can
-		# be deleted completely, then move `envsubst` back.
-		&& apk add --no-cache --virtual .gettext gettext \
-		&& mv /usr/bin/envsubst /tmp/ \
-		\
-		&& runDeps="$( \
-			scanelf --needed --nobanner --format '%n#p' /usr/sbin/nginx /usr/lib/nginx/modules/*.so /tmp/envsubst \
-				| tr ',' '\n' \
-				| sort -u \
-				| awk 'system("[ -e /usr/local/lib/" $1 " ]") == 0 { next } { print "so:" $1 }' \
-		)" \
-		&& apk add --no-cache --virtual .nginx-rundeps $runDeps \
-		&& apk del .tools \
-		&& apk del .gettext \
-		&& mv /tmp/envsubst /usr/local/bin/ \
-		\
-		# Bring in tzdata so users could set the timezones through the environment
-		# variables
-		&& apk add --no-cache tzdata \
-		\
-		# forward request and error logs to docker log collector
-		&& ln -sf /dev/stdout /var/log/nginx/access.log \
-		&& ln -sf /dev/stderr /var/log/nginx/error.log
+			perl-dev \
+			libedit-dev \
+			bash \
+			alpine-sdk \
+			findutils; \
+		mkdir -p /usr/lib/nginx/modules; \
+		mkdir -p /usr/src; \
+		curl -SL https://github.com/openresty/headers-more-nginx-module/archive/v$ADD_MODULE_HEADERS_MORE_NGINX_VERSION.tar.gz | tar -zxC /usr/lib/nginx/modules; \
+		curl -SL https://nginx.org/download/nginx-$NGINX_VERSION.tar.gz | tar -zxC /usr/src; \
+		cd /usr/src/nginx-$NGINX_VERSION; \
+		./configure $CONFIG --with-debug; \
+		make -j $(nproc); \
+		mv objs/nginx objs/nginx-debug; \
+		mv objs/ngx_http_xslt_filter_module.so objs/ngx_http_xslt_filter_module-debug.so; \
+		mv objs/ngx_http_image_filter_module.so objs/ngx_http_image_filter_module-debug.so; \
+		mv objs/ngx_http_geoip_module.so objs/ngx_http_geoip_module-debug.so; \
+		mv objs/ngx_stream_geoip_module.so objs/ngx_stream_geoip_module-debug.so; \
+		./configure $CONFIG; \
+		make -j $(nproc); \
+		make install; \
+		install -m755 objs/ngx_http_xslt_filter_module-debug.so /usr/lib/nginx/modules/ngx_http_xslt_filter_module-debug.so; \
+		install -m755 objs/ngx_http_image_filter_module-debug.so /usr/lib/nginx/modules/ngx_http_image_filter_module-debug.so; \
+		install -m755 objs/ngx_http_geoip_module-debug.so /usr/lib/nginx/modules/ngx_http_geoip_module-debug.so; \
+		install -m755 objs/ngx_stream_geoip_module-debug.so /usr/lib/nginx/modules/ngx_stream_geoip_module-debug.so; \
+		strip /usr/sbin/nginx*; \
+		strip /usr/lib/nginx/modules/*.so;
 
+# :: Header
+	FROM arm32v7/alpine:latest
+	COPY --from=builder qemu-arm-static /usr/bin
+	COPY --from=nginx /usr/sbin/nginx /usr/sbin
+	COPY --from=nginx /etc/nginx/ /etc/nginx
+	COPY --from=nginx /usr/lib/nginx/modules/ /etc/nginx/modules
 
-	RUN mkdir -p /nginx \
-		&& mkdir -p /nginx/run \
-		&& mkdir -p /nginx/cache \
-		&& mkdir -p /nginx/etc \
-		&& mkdir -p /nginx/www \
-		&& mkdir -p /nginx/www/default \
-		&& mkdir -p /nginx/ssl \
-		&& rm /etc/nginx/nginx.conf
+# :: Run
+	USER root
+
+	# :: prepare
+        RUN set -ex; \
+            mkdir -p /nginx; \
+            mkdir -p /nginx/etc; \
+            mkdir -p /nginx/www; \
+			mkdir -p /nginx/ssl; \
+			mkdir -p /nginx/cache; \
+			mkdir -p /nginx/run;
+
+		RUN set -ex; \
+			apk add --update --no-cache \
+				curl \
+				shadow \
+				pcre2-dev; \
+			mkdir -p /var/log/nginx; \
+			touch /var/log/nginx/access.log; \
+			touch /var/log/nginx/error.log; \
+			ln -sf /dev/stdout /var/log/nginx/access.log; \
+			ln -sf /dev/stderr /var/log/nginx/error.log;
+
+		RUN set -ex; \
+			addgroup --gid 1000 -S nginx; \
+			adduser --uid 1000 -D -S -h /nginx -s /sbin/nologin -G nginx nginx;
 
 	# :: copy root filesystem changes
         COPY ./rootfs /
 
 	# :: docker -u 1000:1000 (no root initiative)
-		RUN chown nginx:nginx -R /nginx
-
-STOPSIGNAL SIGTERM
+		RUN set -ex; \
+			chown nginx:nginx -R \
+				/nginx \
+				/var/log/nginx;
 
 # :: Volumes
 	VOLUME ["/nginx/etc", "/nginx/www", "/nginx/ssl"]
 
+# :: Monitor
+    RUN set -ex; chmod +x /usr/local/bin/healthcheck.sh
+    HEALTHCHECK CMD /usr/local/bin/healthcheck.sh || exit 1
+
 # :: Start
 	RUN set -ex; chmod +x /usr/local/bin/entrypoint.sh
 	USER nginx

arm64v8.dockerfile

@@ -1,22 +1,16 @@
-# :: Builder
+# :: Arch
     FROM alpine AS builder
     ENV QEMU_URL https://github.com/balena-io/qemu/releases/download/v3.0.0%2Bresin/qemu-3.0.0+resin-aarch64.tar.gz
     RUN apk add curl && curl -L ${QEMU_URL} | tar zxvf - -C . && mv qemu-3.0.0+resin-aarch64/qemu-aarch64-static .
 
-# :: Header
-	FROM arm64v8/alpine:3.16
-    COPY --from=builder qemu-aarch64-static /usr/bin
+# :: Builder
+	FROM arm64v8/alpine:latest as nginx
+    COPY --from=builder qemu-arm-static /usr/bin
 	ENV NGINX_VERSION 1.22.1
 	ENV ADD_MODULE_HEADERS_MORE_NGINX_VERSION 0.33
 
-# :: Run
-	RUN apk add --no-cache --virtual .module curl tar \
-		&& mkdir -p /usr/lib/nginx/modules \
-		&& curl -SL https://github.com/openresty/headers-more-nginx-module/archive/v$ADD_MODULE_HEADERS_MORE_NGINX_VERSION.tar.gz | tar -zxC /usr/lib/nginx/modules \
-		&& apk del .module
-
-	RUN GPG_KEYS=B0F4253373F8F6F510D42178520A9993A1C052F8 \
-		&& CONFIG="\
+    RUN set -ex; \
+		CONFIG="\
 			--prefix=/etc/nginx \
 			--sbin-path=/usr/sbin/nginx \
 			--modules-path=/usr/lib/nginx/modules \
@@ -61,114 +55,97 @@
 			--with-file-aio \
 			--with-http_v2_module \
 			--add-module=/usr/lib/nginx/modules/headers-more-nginx-module-$ADD_MODULE_HEADERS_MORE_NGINX_VERSION \
-		" \
-		&& addgroup --gid 1000 -S nginx \
-		&& adduser --uid 1000 -D -S -h /nginx -s /sbin/nologin -G nginx nginx \
-		&& apk add --no-cache --virtual .tools \
+		"; \
+        apk add --no-cache --update \
+			curl \
+			tar \
 			gcc \
 			libc-dev \
 			make \
 			openssl-dev \
-			pcre-dev \
+			pcre2-dev \
 			zlib-dev \
 			linux-headers \
-			curl \
-			gnupg1 \
 			libxslt-dev \
 			gd-dev \
 			geoip-dev \
-		&& curl -fSL https://nginx.org/download/nginx-$NGINX_VERSION.tar.gz -o nginx.tar.gz \
-		&& curl -fSL https://nginx.org/download/nginx-$NGINX_VERSION.tar.gz.asc  -o nginx.tar.gz.asc \
-		&& export GNUPGHOME="$(mktemp -d)" \
-		&& found=''; \
-		for server in \
-			ha.pool.sks-keyservers.net \
-			hkp://keyserver.ubuntu.com:80 \
-			hkp://p80.pool.sks-keyservers.net:80 \
-			pgp.mit.edu \
-		; do \
-			echo "Fetching GPG key $GPG_KEYS from $server"; \
-			gpg --keyserver "$server" --keyserver-options timeout=10 --recv-keys "$GPG_KEYS" && found=yes && break; \
-		done; \
-		test -z "$found" && echo >&2 "error: failed to fetch GPG key $GPG_KEYS" && exit 1; \
-		gpg --batch --verify nginx.tar.gz.asc nginx.tar.gz \
-		&& rm -rf "$GNUPGHOME" nginx.tar.gz.asc \
-		&& mkdir -p /usr/src \
-		&& tar -zxC /usr/src -f nginx.tar.gz \
-		&& rm nginx.tar.gz \
-		&& cd /usr/src/nginx-$NGINX_VERSION \
-		&& ./configure $CONFIG --with-debug \
-		&& make -j$(getconf _NPROCESSORS_ONLN) \
-		&& mv objs/nginx objs/nginx-debug \
-		&& mv objs/ngx_http_xslt_filter_module.so objs/ngx_http_xslt_filter_module-debug.so \
-		&& mv objs/ngx_http_image_filter_module.so objs/ngx_http_image_filter_module-debug.so \
-		&& mv objs/ngx_http_geoip_module.so objs/ngx_http_geoip_module-debug.so \
-		&& mv objs/ngx_stream_geoip_module.so objs/ngx_stream_geoip_module-debug.so \
-		&& ./configure $CONFIG \
-		&& make -j$(getconf _NPROCESSORS_ONLN) \
-		&& make install \
-		&& rm -rf /etc/nginx/html/ \
-		&& mkdir /etc/nginx/conf.d/ \
-		&& mkdir -p /usr/share/nginx/html/ \
-		&& install -m644 html/index.html /usr/share/nginx/html/ \
-		&& install -m644 html/50x.html /usr/share/nginx/html/ \
-		&& install -m755 objs/nginx-debug /usr/sbin/nginx-debug \
-		&& install -m755 objs/ngx_http_xslt_filter_module-debug.so /usr/lib/nginx/modules/ngx_http_xslt_filter_module-debug.so \
-		&& install -m755 objs/ngx_http_image_filter_module-debug.so /usr/lib/nginx/modules/ngx_http_image_filter_module-debug.so \
-		&& install -m755 objs/ngx_http_geoip_module-debug.so /usr/lib/nginx/modules/ngx_http_geoip_module-debug.so \
-		&& install -m755 objs/ngx_stream_geoip_module-debug.so /usr/lib/nginx/modules/ngx_stream_geoip_module-debug.so \
-		&& ln -s ../../usr/lib/nginx/modules /etc/nginx/modules \
-		&& strip /usr/sbin/nginx* \
-		&& strip /usr/lib/nginx/modules/*.so \
-		&& rm -rf /usr/src/nginx-$NGINX_VERSION \
-		\
-		# Bring in gettext so we can get `envsubst`, then throw
-		# the rest away. To do this, we need to install `gettext`
-		# then move `envsubst` out of the way so `gettext` can
-		# be deleted completely, then move `envsubst` back.
-		&& apk add --no-cache --virtual .gettext gettext \
-		&& mv /usr/bin/envsubst /tmp/ \
-		\
-		&& runDeps="$( \
-			scanelf --needed --nobanner --format '%n#p' /usr/sbin/nginx /usr/lib/nginx/modules/*.so /tmp/envsubst \
-				| tr ',' '\n' \
-				| sort -u \
-				| awk 'system("[ -e /usr/local/lib/" $1 " ]") == 0 { next } { print "so:" $1 }' \
-		)" \
-		&& apk add --no-cache --virtual .nginx-rundeps $runDeps \
-		&& apk del .tools \
-		&& apk del .gettext \
-		&& mv /tmp/envsubst /usr/local/bin/ \
-		\
-		# Bring in tzdata so users could set the timezones through the environment
-		# variables
-		&& apk add --no-cache tzdata \
-		\
-		# forward request and error logs to docker log collector
-		&& ln -sf /dev/stdout /var/log/nginx/access.log \
-		&& ln -sf /dev/stderr /var/log/nginx/error.log
+			perl-dev \
+			libedit-dev \
+			bash \
+			alpine-sdk \
+			findutils; \
+		mkdir -p /usr/lib/nginx/modules; \
+		mkdir -p /usr/src; \
+		curl -SL https://github.com/openresty/headers-more-nginx-module/archive/v$ADD_MODULE_HEADERS_MORE_NGINX_VERSION.tar.gz | tar -zxC /usr/lib/nginx/modules; \
+		curl -SL https://nginx.org/download/nginx-$NGINX_VERSION.tar.gz | tar -zxC /usr/src; \
+		cd /usr/src/nginx-$NGINX_VERSION; \
+		./configure $CONFIG --with-debug; \
+		make -j $(nproc); \
+		mv objs/nginx objs/nginx-debug; \
+		mv objs/ngx_http_xslt_filter_module.so objs/ngx_http_xslt_filter_module-debug.so; \
+		mv objs/ngx_http_image_filter_module.so objs/ngx_http_image_filter_module-debug.so; \
+		mv objs/ngx_http_geoip_module.so objs/ngx_http_geoip_module-debug.so; \
+		mv objs/ngx_stream_geoip_module.so objs/ngx_stream_geoip_module-debug.so; \
+		./configure $CONFIG; \
+		make -j $(nproc); \
+		make install; \
+		install -m755 objs/ngx_http_xslt_filter_module-debug.so /usr/lib/nginx/modules/ngx_http_xslt_filter_module-debug.so; \
+		install -m755 objs/ngx_http_image_filter_module-debug.so /usr/lib/nginx/modules/ngx_http_image_filter_module-debug.so; \
+		install -m755 objs/ngx_http_geoip_module-debug.so /usr/lib/nginx/modules/ngx_http_geoip_module-debug.so; \
+		install -m755 objs/ngx_stream_geoip_module-debug.so /usr/lib/nginx/modules/ngx_stream_geoip_module-debug.so; \
+		strip /usr/sbin/nginx*; \
+		strip /usr/lib/nginx/modules/*.so;
 
+# :: Header
+	FROM arm64v8/alpine:latest
+	COPY --from=builder qemu-arm-static /usr/bin
+	COPY --from=nginx /usr/sbin/nginx /usr/sbin
+	COPY --from=nginx /etc/nginx/ /etc/nginx
+	COPY --from=nginx /usr/lib/nginx/modules/ /etc/nginx/modules
 
-	RUN mkdir -p /nginx \
-		&& mkdir -p /nginx/run \
-		&& mkdir -p /nginx/cache \
-		&& mkdir -p /nginx/etc \
-		&& mkdir -p /nginx/www \
-		&& mkdir -p /nginx/www/default \
-		&& mkdir -p /nginx/ssl \
-		&& rm /etc/nginx/nginx.conf
+# :: Run
+	USER root
+
+	# :: prepare
+        RUN set -ex; \
+            mkdir -p /nginx; \
+            mkdir -p /nginx/etc; \
+            mkdir -p /nginx/www; \
+			mkdir -p /nginx/ssl; \
+			mkdir -p /nginx/cache; \
+			mkdir -p /nginx/run;
+
+		RUN set -ex; \
+			apk add --update --no-cache \
+				curl \
+				shadow \
+				pcre2-dev; \
+			mkdir -p /var/log/nginx; \
+			touch /var/log/nginx/access.log; \
+			touch /var/log/nginx/error.log; \
+			ln -sf /dev/stdout /var/log/nginx/access.log; \
+			ln -sf /dev/stderr /var/log/nginx/error.log;
+
+		RUN set -ex; \
+			addgroup --gid 1000 -S nginx; \
+			adduser --uid 1000 -D -S -h /nginx -s /sbin/nologin -G nginx nginx;
 
 	# :: copy root filesystem changes
         COPY ./rootfs /
 
 	# :: docker -u 1000:1000 (no root initiative)
-		RUN chown nginx:nginx -R /nginx
-
-STOPSIGNAL SIGTERM
+		RUN set -ex; \
+			chown nginx:nginx -R \
+				/nginx \
+				/var/log/nginx;
 
 # :: Volumes
 	VOLUME ["/nginx/etc", "/nginx/www", "/nginx/ssl"]
 
+# :: Monitor
+    RUN set -ex; chmod +x /usr/local/bin/healthcheck.sh
+    HEALTHCHECK CMD /usr/local/bin/healthcheck.sh || exit 1
+
 # :: Start
 	RUN set -ex; chmod +x /usr/local/bin/entrypoint.sh
 	USER nginx

rootfs/usr/local/bin/healthcheck.sh

@@ -0,0 +1,2 @@
+#!/bin/sh
+curl --max-time 5 -kILs --fail http://localhost:8080