paulmataruso/11note-docker-nginx
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

multi

Browse Source
This commit is contained in:
ElevenNotes
2024-02-20 13:16:14 +01:00
parent 5a62459a83
commit 5f0f61be5d
5 changed files with 186 additions and 28 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
.gitignore vendored
View File

@@ -1,2 +1,2 @@
maintain/
/build
project*

49
README.md
View File

@@ -1,23 +1,28 @@
# Alpine :: Nginx
![size](https://img.shields.io/docker/image-size/11notes/nginx/1.24.0?color=0eb305) ![version](https://img.shields.io/docker/v/11notes/nginx?color=eb7a09) ![pulls](https://img.shields.io/docker/pulls/11notes/nginx?color=2b75d6) ![activity](https://img.shields.io/github/commit-activity/m/11notes/docker-nginx?color=c91cb8) ![commit-last](https://img.shields.io/github/last-commit/11notes/docker-nginx?color=c91cb8)
![Banner](https://github.com/11notes/defaults/blob/main/static/img/banner.png?raw=true)
Run Nginx based on Alpine Linux. Small, lightweight, secure and fast 🏔️
# 🏔️ Alpine - Nginx
![size](https://img.shields.io/docker/image-size/11notes/nginx/1.24.0?color=0eb305) ![version](https://img.shields.io/docker/v/11notes/nginx/1.24.0?color=eb7a09) ![pulls](https://img.shields.io/docker/pulls/11notes/nginx?color=2b75d6) ![activity](https://img.shields.io/github/commit-activity/m/11notes/docker-nginx?color=c91cb8) ![commit-last](https://img.shields.io/github/last-commit/11notes/docker-nginx?color=c91cb8) ![stars](https://img.shields.io/docker/stars/11notes/nginx?color=e6a50e)
## Volumes
**Nginx base image with additional plugins and custom compiled**
# SYNOPSIS
What can I do with this? This image will serve as a base for nginx related images that need a high-performance webserver. It can also be used stand alone as a webserver or reverse proxy.
# VOLUMES
* **/nginx/etc** - Directory of vHost config, must end in *.conf (set in /etc/nginx/nginx.conf)
* **/nginx/www** - Directory of webroot for vHost
* **/nginx/ssl** - Directory of SSL certificates
## Run
# RUN
```shell
docker run --name nginx \
-v .../etc:/nginx/etc \
-v .../www:/nginx/www \
-v .../ssl:/nginx/ssl:ro \
-v .../ssl:/nginx/ssl \
-d 11notes/nginx:[tag]
```
## Defaults
# DEFAULT SETTINGS
| Parameter | Value | Description |
| --- | --- | --- |
| `user` | docker | user docker |
@@ -25,25 +30,25 @@ docker run --name nginx \
| `gid` | 1000 | group id 1000 |
| `home` | /nginx | home directory of user docker |
## Environment
# ENVIRONMENT
| Parameter | Value | Default |
| --- | --- | --- |
| `HEALTHCHECK_URL` | URL to check for health of container | https://localhost:8443/ping |
| `TZ` | [Time Zone](https://en.wikipedia.org/wiki/List_of_tz_database_time_zones) | |
| `DEBUG` | Show debug information | |
## Delta
Additional plugins:
# PARENT IMAGE
* [11notes/alpine:stable](https://hub.docker.com/r/11notes/alpine)
```shell
module_headers_more
```
## Parent image
* [11notes/alpine:stable](https://github.com/11notes/docker-alpine)
## Built with and thanks to
# BUILT WITH
* [nginx](https://nginx.org)
* [Alpine Linux](https://alpinelinux.org)
* [alpine](https://alpinelinux.org)
## Tips
# TIPS
* Only use rootless container runtime (podman, rootless docker)
* Don't bind to ports < 1024 (requires root), use NAT/reverse proxy (haproxy, traefik, nginx)
* Allow non-root ports < 1024 via `echo "net.ipv4.ip_unprivileged_port_start=53" > /etc/sysctl.d/ports.conf`
* Use a reverse proxy like Traefik, Nginx to terminate TLS with a valid certificate
* Use Lets Encrypt certificates to protect your SSL endpoints
# ElevenNotes<sup>™️</sup>
This image is provided to you at your own risk. Always make backups before updating an image to a new version. Check the changelog for breaking changes.

10
amd64.dockerfile
View File

@@ -1,6 +1,6 @@
# :: Build
FROM alpine:latest as build
ENV APP_VERSION=1.24.0
ENV BUILD_VERSION=1.24.0
ENV MODULE_HEADERS_MORE_NGINX_VERSION=0.34
RUN set -ex; \
@@ -72,8 +72,8 @@
mkdir -p /usr/lib/nginx/modules; \
mkdir -p /usr/src; \
curl -SL https://github.com/openresty/headers-more-nginx-module/archive/v${MODULE_HEADERS_MORE_NGINX_VERSION}.tar.gz | tar -zxC /usr/lib/nginx/modules; \
curl -SL https://nginx.org/download/nginx-${APP_VERSION}.tar.gz | tar -zxC /usr/src; \
cd /usr/src/nginx-${APP_VERSION}; \
curl -SL https://nginx.org/download/nginx-${BUILD_VERSION}.tar.gz | tar -zxC /usr/src; \
cd /usr/src/nginx-${BUILD_VERSION}; \
./configure $CONFIG --with-debug; \
make -j $(nproc); \
mv objs/nginx objs/nginx-debug; \
@@ -93,11 +93,11 @@
# :: Header
FROM 11notes/alpine:stable
ENV APP_NAME=nginx
ENV APP_ROOT=/nginx
COPY --from=build /usr/sbin/nginx /usr/sbin
COPY --from=build /etc/nginx/ /etc/nginx
COPY --from=build /usr/lib/nginx/modules/ /etc/nginx/modules
ENV APP_NAME="nginx"
ENV APP_ROOT=/nginx
# :: Run
USER root

151
arm64v8.dockerfile Normal file
View File

@@ -0,0 +1,151 @@
# :: QEMU
FROM multiarch/qemu-user-static:x86_64-aarch64 as qemu
# :: Build
FROM alpine:arm64v8-stable as build
COPY --from=qemu /usr/bin/qemu-aarch64-static /usr/bin
ENV BUILD_VERSION=1.24.0
ENV MODULE_HEADERS_MORE_NGINX_VERSION=0.34
RUN set -ex; \
CONFIG="\
--prefix=/etc/nginx \
--sbin-path=/usr/sbin/nginx \
--modules-path=/usr/lib/nginx/modules \
--conf-path=/etc/nginx/nginx.conf \
--error-log-path=/var/log/nginx/error.log \
--http-log-path=/var/log/nginx/access.log \
--pid-path=/nginx/run/nginx.pid \
--lock-path=/nginx/run/nginx.lock \
--http-client-body-temp-path=/nginx/cache/client_temp \
--http-proxy-temp-path=/nginx/cache/proxy_temp \
--http-fastcgi-temp-path=/nginx/cache/fastcgi_temp \
--http-uwsgi-temp-path=/nginx/cache/uwsgi_temp \
--http-scgi-temp-path=/nginx/cache/scgi_temp \
--user=docker \
--group=docker \
--with-http_ssl_module \
--with-http_realip_module \
--with-http_addition_module \
--with-http_sub_module \
--with-http_dav_module \
--with-http_flv_module \
--with-http_mp4_module \
--with-http_gunzip_module \
--with-http_gzip_static_module \
--with-http_random_index_module \
--with-http_secure_link_module \
--with-http_stub_status_module \
--with-http_auth_request_module \
--with-http_xslt_module=dynamic \
--with-http_image_filter_module=dynamic \
--with-http_geoip_module=dynamic \
--with-threads \
--with-stream \
--with-stream_ssl_module \
--with-stream_ssl_preread_module \
--with-stream_realip_module \
--with-stream_geoip_module=dynamic \
--with-http_slice_module \
--with-mail \
--with-mail_ssl_module \
--with-compat \
--with-file-aio \
--with-http_v2_module \
--add-module=/usr/lib/nginx/modules/headers-more-nginx-module-${MODULE_HEADERS_MORE_NGINX_VERSION} \
"; \
apk add --no-cache --update \
curl \
tar \
gcc \
libc-dev \
make \
openssl-dev \
pcre2-dev \
zlib-dev \
linux-headers \
libxslt-dev \
gd-dev \
geoip-dev \
perl-dev \
libedit-dev \
bash \
alpine-sdk \
findutils; \
apk upgrade; \
mkdir -p /usr/lib/nginx/modules; \
mkdir -p /usr/src; \
curl -SL https://github.com/openresty/headers-more-nginx-module/archive/v${MODULE_HEADERS_MORE_NGINX_VERSION}.tar.gz | tar -zxC /usr/lib/nginx/modules; \
curl -SL https://nginx.org/download/nginx-${BUILD_VERSION}.tar.gz | tar -zxC /usr/src; \
cd /usr/src/nginx-${BUILD_VERSION}; \
./configure $CONFIG --with-debug; \
make -j $(nproc); \
mv objs/nginx objs/nginx-debug; \
mv objs/ngx_http_xslt_filter_module.so objs/ngx_http_xslt_filter_module-debug.so; \
mv objs/ngx_http_image_filter_module.so objs/ngx_http_image_filter_module-debug.so; \
mv objs/ngx_http_geoip_module.so objs/ngx_http_geoip_module-debug.so; \
mv objs/ngx_stream_geoip_module.so objs/ngx_stream_geoip_module-debug.so; \
./configure $CONFIG; \
make -j $(nproc); \
make install; \
install -m755 objs/ngx_http_xslt_filter_module-debug.so /usr/lib/nginx/modules/ngx_http_xslt_filter_module-debug.so; \
install -m755 objs/ngx_http_image_filter_module-debug.so /usr/lib/nginx/modules/ngx_http_image_filter_module-debug.so; \
install -m755 objs/ngx_http_geoip_module-debug.so /usr/lib/nginx/modules/ngx_http_geoip_module-debug.so; \
install -m755 objs/ngx_stream_geoip_module-debug.so /usr/lib/nginx/modules/ngx_stream_geoip_module-debug.so; \
strip /usr/sbin/nginx*; \
strip /usr/lib/nginx/modules/*.so;
# :: Header
FROM 11notes/alpine:arm64v8-stable
COPY --from=qemu /usr/bin/qemu-aarch64-static /usr/bin
COPY --from=build /usr/sbin/nginx /usr/sbin
COPY --from=build /etc/nginx/ /etc/nginx
COPY --from=build /usr/lib/nginx/modules/ /etc/nginx/modules
ENV APP_NAME="nginx"
ENV APP_ROOT=/nginx
# :: Run
USER root
# :: update image
RUN set -ex; \
apk add --no-cache \
openssl \
pcre2-dev; \
apk --no-cache upgrade;
# :: prepare image
RUN set -ex; \
mkdir -p ${APP_ROOT}; \
mkdir -p ${APP_ROOT}/etc; \
mkdir -p ${APP_ROOT}/www; \
mkdir -p ${APP_ROOT}/ssl; \
mkdir -p ${APP_ROOT}/cache; \
mkdir -p ${APP_ROOT}/run; \
mkdir -p /var/log/nginx; \
touch /var/log/nginx/access.log; \
touch /var/log/nginx/error.log; \
ln -sf /dev/stdout /var/log/nginx/access.log; \
ln -sf /dev/stderr /var/log/nginx/error.log;
# :: copy root filesystem changes and add execution rights to init scripts
COPY ./rootfs /
RUN set -ex; \
chmod +x -R /usr/local/bin
# :: change home path for existing user and set correct permission
RUN set -ex; \
usermod -d ${APP_ROOT} docker; \
chown -R 1000:1000 \
${APP_ROOT} \
/var/log/nginx;
# :: Volumes
VOLUME ["${APP_ROOT}/etc", "${APP_ROOT}/www", "${APP_ROOT}/ssl"]
# :: Monitor
HEALTHCHECK CMD /usr/local/bin/healthcheck.sh || exit 1
# :: Start
USER docker
ENTRYPOINT ["/usr/local/bin/entrypoint.sh"]

2
hooks/pre_build Normal file
View File

@@ -0,0 +1,2 @@
#!/bin/bash
docker run --rm --privileged multiarch/qemu-user-static:register --reset