multi

.gitignore

@@ -1,2 +1,2 @@
 maintain/
-/build
+project*

README.md

@@ -1,23 +1,28 @@
-# Alpine :: Nginx
+![Banner](https://github.com/11notes/defaults/blob/main/static/img/banner.png?raw=true)
-![size](https://img.shields.io/docker/image-size/11notes/nginx/1.24.0?color=0eb305) ![version](https://img.shields.io/docker/v/11notes/nginx?color=eb7a09) ![pulls](https://img.shields.io/docker/pulls/11notes/nginx?color=2b75d6) ![activity](https://img.shields.io/github/commit-activity/m/11notes/docker-nginx?color=c91cb8) ![commit-last](https://img.shields.io/github/last-commit/11notes/docker-nginx?color=c91cb8)
 
-Run Nginx based on Alpine Linux. Small, lightweight, secure and fast 🏔️
+# 🏔️ Alpine - Nginx
+![size](https://img.shields.io/docker/image-size/11notes/nginx/1.24.0?color=0eb305) ![version](https://img.shields.io/docker/v/11notes/nginx/1.24.0?color=eb7a09) ![pulls](https://img.shields.io/docker/pulls/11notes/nginx?color=2b75d6) ![activity](https://img.shields.io/github/commit-activity/m/11notes/docker-nginx?color=c91cb8) ![commit-last](https://img.shields.io/github/last-commit/11notes/docker-nginx?color=c91cb8) ![stars](https://img.shields.io/docker/stars/11notes/nginx?color=e6a50e)
 
-## Volumes
+**Nginx base image with additional plugins and custom compiled**
+
+# SYNOPSIS
+What can I do with this? This image will serve as a base for nginx related images that need a high-performance webserver. It can also be used stand alone as a webserver or reverse proxy.
+
+# VOLUMES
 * **/nginx/etc** - Directory of vHost config, must end in *.conf (set in /etc/nginx/nginx.conf)
 * **/nginx/www** - Directory of webroot for vHost
 * **/nginx/ssl** - Directory of SSL certificates
 
-## Run
+# RUN
 ```shell
 docker run --name nginx \
   -v .../etc:/nginx/etc \
   -v .../www:/nginx/www \
-  -v .../ssl:/nginx/ssl:ro \
+  -v .../ssl:/nginx/ssl \
   -d 11notes/nginx:[tag]
 ```
 
-## Defaults
+# DEFAULT SETTINGS
 | Parameter | Value | Description |
 | --- | --- | --- |
 | `user` | docker | user docker |
@@ -25,25 +30,25 @@ docker run --name nginx \
 | `gid` | 1000 | group id 1000 |
 | `home` | /nginx | home directory of user docker |
 
-## Environment
+# ENVIRONMENT
 | Parameter | Value | Default |
 | --- | --- | --- |
-| `HEALTHCHECK_URL` | URL to check for health of container | https://localhost:8443/ping |
+| `TZ` | [Time Zone](https://en.wikipedia.org/wiki/List_of_tz_database_time_zones) | |
+| `DEBUG` | Show debug information | |
 
-## Delta
+# PARENT IMAGE
-Additional plugins:
+* [11notes/alpine:stable](https://hub.docker.com/r/11notes/alpine)
 
-```shell
+# BUILT WITH
-  module_headers_more
-```
-
-## Parent image
-* [11notes/alpine:stable](https://github.com/11notes/docker-alpine)
-
-## Built with and thanks to
 * [nginx](https://nginx.org)
-* [Alpine Linux](https://alpinelinux.org)
+* [alpine](https://alpinelinux.org)
 
-## Tips
+# TIPS
 * Only use rootless container runtime (podman, rootless docker)
-* Don't bind to ports < 1024 (requires root), use NAT/reverse proxy (haproxy, traefik, nginx)
+* Allow non-root ports < 1024 via `echo "net.ipv4.ip_unprivileged_port_start=53" > /etc/sysctl.d/ports.conf`
+* Use a reverse proxy like Traefik, Nginx to terminate TLS with a valid certificate
+* Use Let’s Encrypt certificates to protect your SSL endpoints
+
+# ElevenNotes<sup>™️</sup>
+This image is provided to you at your own risk. Always make backups before updating an image to a new version. Check the changelog for breaking changes.
+    

amd64.dockerfile

@@ -1,6 +1,6 @@
 # :: Build
   FROM alpine:latest as build
-  ENV APP_VERSION=1.24.0
+  ENV BUILD_VERSION=1.24.0
   ENV MODULE_HEADERS_MORE_NGINX_VERSION=0.34
 
   RUN set -ex; \
@@ -72,8 +72,8 @@
     mkdir -p /usr/lib/nginx/modules; \
     mkdir -p /usr/src; \
     curl -SL https://github.com/openresty/headers-more-nginx-module/archive/v${MODULE_HEADERS_MORE_NGINX_VERSION}.tar.gz | tar -zxC /usr/lib/nginx/modules; \
-    curl -SL https://nginx.org/download/nginx-${APP_VERSION}.tar.gz | tar -zxC /usr/src; \
+    curl -SL https://nginx.org/download/nginx-${BUILD_VERSION}.tar.gz | tar -zxC /usr/src; \
-    cd /usr/src/nginx-${APP_VERSION}; \
+    cd /usr/src/nginx-${BUILD_VERSION}; \
     ./configure $CONFIG --with-debug; \
     make -j $(nproc); \
     mv objs/nginx objs/nginx-debug; \
@@ -93,11 +93,11 @@
 
 # :: Header
   FROM 11notes/alpine:stable
-  ENV APP_NAME=nginx
-  ENV APP_ROOT=/nginx
   COPY --from=build /usr/sbin/nginx /usr/sbin
   COPY --from=build /etc/nginx/ /etc/nginx
   COPY --from=build /usr/lib/nginx/modules/ /etc/nginx/modules
+  ENV APP_NAME="nginx"
+  ENV APP_ROOT=/nginx
 
 # :: Run
   USER root

arm64v8.dockerfile

@@ -0,0 +1,151 @@
+# :: QEMU
+  FROM multiarch/qemu-user-static:x86_64-aarch64 as qemu
+
+# :: Build
+  FROM alpine:arm64v8-stable as build
+  COPY --from=qemu /usr/bin/qemu-aarch64-static /usr/bin
+  ENV BUILD_VERSION=1.24.0
+  ENV MODULE_HEADERS_MORE_NGINX_VERSION=0.34
+
+  RUN set -ex; \
+    CONFIG="\
+      --prefix=/etc/nginx \
+      --sbin-path=/usr/sbin/nginx \
+      --modules-path=/usr/lib/nginx/modules \
+      --conf-path=/etc/nginx/nginx.conf \
+      --error-log-path=/var/log/nginx/error.log \
+      --http-log-path=/var/log/nginx/access.log \
+      --pid-path=/nginx/run/nginx.pid \
+      --lock-path=/nginx/run/nginx.lock \
+      --http-client-body-temp-path=/nginx/cache/client_temp \
+      --http-proxy-temp-path=/nginx/cache/proxy_temp \
+      --http-fastcgi-temp-path=/nginx/cache/fastcgi_temp \
+      --http-uwsgi-temp-path=/nginx/cache/uwsgi_temp \
+      --http-scgi-temp-path=/nginx/cache/scgi_temp \
+      --user=docker \
+      --group=docker \
+      --with-http_ssl_module \
+      --with-http_realip_module \
+      --with-http_addition_module \
+      --with-http_sub_module \
+      --with-http_dav_module \
+      --with-http_flv_module \
+      --with-http_mp4_module \
+      --with-http_gunzip_module \
+      --with-http_gzip_static_module \
+      --with-http_random_index_module \
+      --with-http_secure_link_module \
+      --with-http_stub_status_module \
+      --with-http_auth_request_module \
+      --with-http_xslt_module=dynamic \
+      --with-http_image_filter_module=dynamic \
+      --with-http_geoip_module=dynamic \
+      --with-threads \
+      --with-stream \
+      --with-stream_ssl_module \
+      --with-stream_ssl_preread_module \
+      --with-stream_realip_module \
+      --with-stream_geoip_module=dynamic \
+      --with-http_slice_module \
+      --with-mail \
+      --with-mail_ssl_module \
+      --with-compat \
+      --with-file-aio \
+      --with-http_v2_module \
+      --add-module=/usr/lib/nginx/modules/headers-more-nginx-module-${MODULE_HEADERS_MORE_NGINX_VERSION} \
+    "; \
+    apk add --no-cache --update \
+      curl \
+      tar \
+      gcc \
+      libc-dev \
+      make \
+      openssl-dev \
+      pcre2-dev \
+      zlib-dev \
+      linux-headers \
+      libxslt-dev \
+      gd-dev \
+      geoip-dev \
+      perl-dev \
+      libedit-dev \
+      bash \
+      alpine-sdk \
+      findutils; \
+    apk upgrade; \
+    mkdir -p /usr/lib/nginx/modules; \
+    mkdir -p /usr/src; \
+    curl -SL https://github.com/openresty/headers-more-nginx-module/archive/v${MODULE_HEADERS_MORE_NGINX_VERSION}.tar.gz | tar -zxC /usr/lib/nginx/modules; \
+    curl -SL https://nginx.org/download/nginx-${BUILD_VERSION}.tar.gz | tar -zxC /usr/src; \
+    cd /usr/src/nginx-${BUILD_VERSION}; \
+    ./configure $CONFIG --with-debug; \
+    make -j $(nproc); \
+    mv objs/nginx objs/nginx-debug; \
+    mv objs/ngx_http_xslt_filter_module.so objs/ngx_http_xslt_filter_module-debug.so; \
+    mv objs/ngx_http_image_filter_module.so objs/ngx_http_image_filter_module-debug.so; \
+    mv objs/ngx_http_geoip_module.so objs/ngx_http_geoip_module-debug.so; \
+    mv objs/ngx_stream_geoip_module.so objs/ngx_stream_geoip_module-debug.so; \
+    ./configure $CONFIG; \
+    make -j $(nproc); \
+    make install; \
+    install -m755 objs/ngx_http_xslt_filter_module-debug.so /usr/lib/nginx/modules/ngx_http_xslt_filter_module-debug.so; \
+    install -m755 objs/ngx_http_image_filter_module-debug.so /usr/lib/nginx/modules/ngx_http_image_filter_module-debug.so; \
+    install -m755 objs/ngx_http_geoip_module-debug.so /usr/lib/nginx/modules/ngx_http_geoip_module-debug.so; \
+    install -m755 objs/ngx_stream_geoip_module-debug.so /usr/lib/nginx/modules/ngx_stream_geoip_module-debug.so; \
+    strip /usr/sbin/nginx*; \
+    strip /usr/lib/nginx/modules/*.so;
+
+# :: Header
+  FROM 11notes/alpine:arm64v8-stable
+  COPY --from=qemu /usr/bin/qemu-aarch64-static /usr/bin
+  COPY --from=build /usr/sbin/nginx /usr/sbin
+  COPY --from=build /etc/nginx/ /etc/nginx
+  COPY --from=build /usr/lib/nginx/modules/ /etc/nginx/modules
+  ENV APP_NAME="nginx"
+  ENV APP_ROOT=/nginx
+
+# :: Run
+  USER root
+
+  # :: update image
+    RUN set -ex; \
+      apk add --no-cache \
+        openssl \
+        pcre2-dev; \
+      apk --no-cache upgrade;
+
+  # :: prepare image
+    RUN set -ex; \
+      mkdir -p ${APP_ROOT}; \
+      mkdir -p ${APP_ROOT}/etc; \
+      mkdir -p ${APP_ROOT}/www; \
+      mkdir -p ${APP_ROOT}/ssl; \
+      mkdir -p ${APP_ROOT}/cache; \
+      mkdir -p ${APP_ROOT}/run; \
+      mkdir -p /var/log/nginx; \
+      touch /var/log/nginx/access.log; \
+      touch /var/log/nginx/error.log; \
+      ln -sf /dev/stdout /var/log/nginx/access.log; \
+      ln -sf /dev/stderr /var/log/nginx/error.log;    
+
+  # :: copy root filesystem changes and add execution rights to init scripts
+    COPY ./rootfs /
+    RUN set -ex; \
+      chmod +x -R /usr/local/bin
+
+  # :: change home path for existing user and set correct permission
+    RUN set -ex; \
+      usermod -d ${APP_ROOT} docker; \
+      chown -R 1000:1000 \
+        ${APP_ROOT} \
+        /var/log/nginx;
+
+# :: Volumes
+  VOLUME ["${APP_ROOT}/etc", "${APP_ROOT}/www", "${APP_ROOT}/ssl"]
+
+# :: Monitor
+  HEALTHCHECK CMD /usr/local/bin/healthcheck.sh || exit 1
+
+# :: Start
+  USER docker
+  ENTRYPOINT ["/usr/local/bin/entrypoint.sh"]

hooks/pre_build

@@ -0,0 +1,2 @@
+#!/bin/bash
+docker run --rm --privileged multiarch/qemu-user-static:register --reset