paulmataruso/11note-docker-nginx
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

style and format changes (indent issue)

Browse Source
This commit is contained in:
ElevenNotes
2023-05-23 15:11:24 +02:00
parent e2aa2e9a18
commit 7df68db7c4
4 changed files with 331 additions and 339 deletions
Download Patch File Download Diff File Expand all files Collapse all files

42
README.md
View File

@@ -1,52 +1,38 @@
# docker-nginx
Dockerfile to create and run your own nginx process inside an alpine docker container. Nginx is compiled from source and currently has one added optional module.
Container to run your own nginx process inside an alpine docker container. Nginx is compiled from source and currently has additional modules.
## Volumes
/nginx/etc
Purpose: vHost config, must end in *.conf (set in /etc/nginx/nginx.conf)
/nginx/www
Purpose: Webroot for vHost
/nginx/ssl
Purpose: SSL certificate directory
* **/nginx/etc** - vHost config, must end in *.conf (set in /etc/nginx/nginx.conf)
* **/nginx/www** - Webroot for vHost
* **/nginx/ssl** - SSL certificate directory
## Run
```shell
docker run --name nginx \
-v volume-etc:/nginx/etc \
-v volume-www:/nginx/www \
-v volume-ssl:/nginx/ssl:ro \
-d 11notes/nginx:[tag]
-v /local/etc:/nginx/etc \
-v /local/www:/nginx/www \
-v /local/ssl:/nginx/ssl:ro \
-d 11notes/nginx:[tag]
```
## difference between official docker images
Additional plugins:
```shell
module_headers_more
module_headers_more
```
Nginx configuration:
```shell
all data moved to /nginx (in compiler!)
all data moved to /nginx (in compiler!)
```
## Docker -u 1000:1000 (no root initiative)
As part to make containers more secure, this container will not run as root, but as uid:gid 1000:1000. Therefore the default TCP port 80 was changed to 8080.
As part to make containers more secure, this container will not run as root, but as uid:gid 1000:1000. Therefore the default TCP port 80 was changed to 8080 (/source/default.conf).
## Build with
* [Alpine Linux](https://alpinelinux.org/) - Alpine Linux
* [nginx](https://github.com/nginxinc/docker-nginx) - Nginx
## Built with
* [Alpine Linux](https://alpinelinux.org/) - Offical Parent Container
* [nginx](https://nginx.org/) - Nginx
## Tips

252
amd64.dockerfile
View File

@@ -1,144 +1,146 @@
# :: Build
FROM alpine:latest as build
ENV NGINX_VERSION=1.24.0
ENV MODULE_HEADERS_MORE_NGINX_VERSION=0.34
FROM alpine:latest as build
ENV NGINX_VERSION=1.24.0
ENV MODULE_HEADERS_MORE_NGINX_VERSION=0.34
RUN set -ex; \
CONFIG="\
--prefix=/etc/nginx \
--sbin-path=/usr/sbin/nginx \
--modules-path=/usr/lib/nginx/modules \
--conf-path=/etc/nginx/nginx.conf \
--error-log-path=/var/log/nginx/error.log \
--http-log-path=/var/log/nginx/access.log \
--pid-path=/nginx/run/nginx.pid \
--lock-path=/nginx/run/nginx.lock \
--http-client-body-temp-path=/nginx/cache/client_temp \
--http-proxy-temp-path=/nginx/cache/proxy_temp \
--http-fastcgi-temp-path=/nginx/cache/fastcgi_temp \
--http-uwsgi-temp-path=/nginx/cache/uwsgi_temp \
--http-scgi-temp-path=/nginx/cache/scgi_temp \
--user=nginx \
--group=nginx \
--with-http_ssl_module \
--with-http_realip_module \
--with-http_addition_module \
--with-http_sub_module \
--with-http_dav_module \
--with-http_flv_module \
--with-http_mp4_module \
--with-http_gunzip_module \
--with-http_gzip_static_module \
--with-http_random_index_module \
--with-http_secure_link_module \
--with-http_stub_status_module \
--with-http_auth_request_module \
--with-http_xslt_module=dynamic \
--with-http_image_filter_module=dynamic \
--with-http_geoip_module=dynamic \
--with-threads \
--with-stream \
--with-stream_ssl_module \
--with-stream_ssl_preread_module \
--with-stream_realip_module \
--with-stream_geoip_module=dynamic \
--with-http_slice_module \
--with-mail \
--with-mail_ssl_module \
--with-compat \
--with-file-aio \
--with-http_v2_module \
--add-module=/usr/lib/nginx/modules/headers-more-nginx-module-${MODULE_HEADERS_MORE_NGINX_VERSION} \
"; \
apk add --no-cache --update \
curl \
tar \
gcc \
libc-dev \
make \
openssl-dev \
pcre2-dev \
zlib-dev \
linux-headers \
libxslt-dev \
gd-dev \
geoip-dev \
perl-dev \
libedit-dev \
bash \
alpine-sdk \
findutils; \
mkdir -p /usr/lib/nginx/modules; \
mkdir -p /usr/src; \
curl -SL https://github.com/openresty/headers-more-nginx-module/archive/v${MODULE_HEADERS_MORE_NGINX_VERSION}.tar.gz | tar -zxC /usr/lib/nginx/modules; \
curl -SL https://nginx.org/download/nginx-${NGINX_VERSION}.tar.gz | tar -zxC /usr/src; \
cd /usr/src/nginx-${NGINX_VERSION}; \
./configure $CONFIG --with-debug; \
make -j $(nproc); \
mv objs/nginx objs/nginx-debug; \
mv objs/ngx_http_xslt_filter_module.so objs/ngx_http_xslt_filter_module-debug.so; \
mv objs/ngx_http_image_filter_module.so objs/ngx_http_image_filter_module-debug.so; \
mv objs/ngx_http_geoip_module.so objs/ngx_http_geoip_module-debug.so; \
mv objs/ngx_stream_geoip_module.so objs/ngx_stream_geoip_module-debug.so; \
./configure $CONFIG; \
make -j $(nproc); \
make install; \
install -m755 objs/ngx_http_xslt_filter_module-debug.so /usr/lib/nginx/modules/ngx_http_xslt_filter_module-debug.so; \
install -m755 objs/ngx_http_image_filter_module-debug.so /usr/lib/nginx/modules/ngx_http_image_filter_module-debug.so; \
install -m755 objs/ngx_http_geoip_module-debug.so /usr/lib/nginx/modules/ngx_http_geoip_module-debug.so; \
install -m755 objs/ngx_stream_geoip_module-debug.so /usr/lib/nginx/modules/ngx_stream_geoip_module-debug.so; \
strip /usr/sbin/nginx*; \
strip /usr/lib/nginx/modules/*.so;
RUN set -ex; \
CONFIG="\
--prefix=/etc/nginx \
--sbin-path=/usr/sbin/nginx \
--modules-path=/usr/lib/nginx/modules \
--conf-path=/etc/nginx/nginx.conf \
--error-log-path=/var/log/nginx/error.log \
--http-log-path=/var/log/nginx/access.log \
--pid-path=/nginx/run/nginx.pid \
--lock-path=/nginx/run/nginx.lock \
--http-client-body-temp-path=/nginx/cache/client_temp \
--http-proxy-temp-path=/nginx/cache/proxy_temp \
--http-fastcgi-temp-path=/nginx/cache/fastcgi_temp \
--http-uwsgi-temp-path=/nginx/cache/uwsgi_temp \
--http-scgi-temp-path=/nginx/cache/scgi_temp \
--user=nginx \
--group=nginx \
--with-http_ssl_module \
--with-http_realip_module \
--with-http_addition_module \
--with-http_sub_module \
--with-http_dav_module \
--with-http_flv_module \
--with-http_mp4_module \
--with-http_gunzip_module \
--with-http_gzip_static_module \
--with-http_random_index_module \
--with-http_secure_link_module \
--with-http_stub_status_module \
--with-http_auth_request_module \
--with-http_xslt_module=dynamic \
--with-http_image_filter_module=dynamic \
--with-http_geoip_module=dynamic \
--with-threads \
--with-stream \
--with-stream_ssl_module \
--with-stream_ssl_preread_module \
--with-stream_realip_module \
--with-stream_geoip_module=dynamic \
--with-http_slice_module \
--with-mail \
--with-mail_ssl_module \
--with-compat \
--with-file-aio \
--with-http_v2_module \
--add-module=/usr/lib/nginx/modules/headers-more-nginx-module-${MODULE_HEADERS_MORE_NGINX_VERSION} \
"; \
apk add --no-cache --update \
curl \
tar \
gcc \
libc-dev \
make \
openssl-dev \
pcre2-dev \
zlib-dev \
linux-headers \
libxslt-dev \
gd-dev \
geoip-dev \
perl-dev \
libedit-dev \
bash \
alpine-sdk \
findutils; \
apk upgrade; \
mkdir -p /usr/lib/nginx/modules; \
mkdir -p /usr/src; \
curl -SL https://github.com/openresty/headers-more-nginx-module/archive/v${MODULE_HEADERS_MORE_NGINX_VERSION}.tar.gz | tar -zxC /usr/lib/nginx/modules; \
curl -SL https://nginx.org/download/nginx-${NGINX_VERSION}.tar.gz | tar -zxC /usr/src; \
cd /usr/src/nginx-${NGINX_VERSION}; \
./configure $CONFIG --with-debug; \
make -j $(nproc); \
mv objs/nginx objs/nginx-debug; \
mv objs/ngx_http_xslt_filter_module.so objs/ngx_http_xslt_filter_module-debug.so; \
mv objs/ngx_http_image_filter_module.so objs/ngx_http_image_filter_module-debug.so; \
mv objs/ngx_http_geoip_module.so objs/ngx_http_geoip_module-debug.so; \
mv objs/ngx_stream_geoip_module.so objs/ngx_stream_geoip_module-debug.so; \
./configure $CONFIG; \
make -j $(nproc); \
make install; \
install -m755 objs/ngx_http_xslt_filter_module-debug.so /usr/lib/nginx/modules/ngx_http_xslt_filter_module-debug.so; \
install -m755 objs/ngx_http_image_filter_module-debug.so /usr/lib/nginx/modules/ngx_http_image_filter_module-debug.so; \
install -m755 objs/ngx_http_geoip_module-debug.so /usr/lib/nginx/modules/ngx_http_geoip_module-debug.so; \
install -m755 objs/ngx_stream_geoip_module-debug.so /usr/lib/nginx/modules/ngx_stream_geoip_module-debug.so; \
strip /usr/sbin/nginx*; \
strip /usr/lib/nginx/modules/*.so;
# :: Header
FROM 11notes/alpine:stable
COPY --from=build /usr/sbin/nginx /usr/sbin
COPY --from=build /etc/nginx/ /etc/nginx
COPY --from=build /usr/lib/nginx/modules/ /etc/nginx/modules
FROM 11notes/alpine:stable
COPY --from=build /usr/sbin/nginx /usr/sbin
COPY --from=build /etc/nginx/ /etc/nginx
COPY --from=build /usr/lib/nginx/modules/ /etc/nginx/modules
# :: Run
USER root
USER root
# :: prepare
RUN set -ex; \
mkdir -p /nginx; \
mkdir -p /nginx/etc; \
mkdir -p /nginx/www; \
mkdir -p /nginx/ssl; \
mkdir -p /nginx/cache; \
mkdir -p /nginx/run;
# :: prepare
RUN set -ex; \
mkdir -p /nginx; \
mkdir -p /nginx/etc; \
mkdir -p /nginx/www; \
mkdir -p /nginx/ssl; \
mkdir -p /nginx/cache; \
mkdir -p /nginx/run; \
mkdir -p /var/log/nginx;
RUN set -ex; \
apk add --update --no-cache \
curl \
pcre2-dev; \
mkdir -p /var/log/nginx; \
touch /var/log/nginx/access.log; \
touch /var/log/nginx/error.log; \
ln -sf /dev/stdout /var/log/nginx/access.log; \
ln -sf /dev/stderr /var/log/nginx/error.log;
RUN set -ex; \
apk add --update --no-cache \
curl \
pcre2-dev; \
apk upgrade; \
touch /var/log/nginx/access.log; \
touch /var/log/nginx/error.log; \
ln -sf /dev/stdout /var/log/nginx/access.log; \
ln -sf /dev/stderr /var/log/nginx/error.log;
RUN set -ex; \
addgroup --gid 1000 -S nginx; \
adduser --uid 1000 -D -S -h /nginx -s /sbin/nologin -G nginx nginx;
RUN set -ex; \
addgroup --gid 1000 -S nginx; \
adduser --uid 1000 -D -S -h /nginx -s /sbin/nologin -G nginx nginx;
# :: copy root filesystem changes
# :: copy root filesystem changes
COPY ./rootfs /
RUN set -ex; \
chmod +x -R /usr/local/bin;
# :: docker -u 1000:1000 (no root initiative)
RUN set -ex; \
chown nginx:nginx -R \
/nginx \
/var/log/nginx;
# :: docker -u 1000:1000 (no root initiative)
RUN set -ex; \
chown nginx:nginx -R \
/nginx \
/var/log/nginx;
# :: Volumes
VOLUME ["/nginx/etc", "/nginx/www", "/nginx/ssl"]
VOLUME ["/nginx/etc", "/nginx/www", "/nginx/ssl"]
# :: Monitor
RUN set -ex; chmod +x /usr/local/bin/healthcheck.sh
HEALTHCHECK CMD /usr/local/bin/healthcheck.sh || exit 1
# :: Start
RUN set -ex; chmod +x /usr/local/bin/entrypoint.sh
USER nginx
ENTRYPOINT ["/usr/local/bin/entrypoint.sh"]
USER nginx
ENTRYPOINT ["/usr/local/bin/entrypoint.sh"]

188
arm32v7.dockerfile
View File

@@ -6,95 +6,96 @@
# :: Builder
FROM arm32v7/alpine:latest as build
COPY --from=qemu qemu-arm-static /usr/bin
ENV NGINX_VERSION 1.24.0
ENV ADD_MODULE_HEADERS_MORE_NGINX_VERSION 0.34
ENV NGINX_VERSION=1.24.0
ENV MODULE_HEADERS_MORE_NGINX_VERSION=0.34
RUN set -ex; \
CONFIG="\
--prefix=/etc/nginx \
--sbin-path=/usr/sbin/nginx \
--modules-path=/usr/lib/nginx/modules \
--conf-path=/etc/nginx/nginx.conf \
--error-log-path=/var/log/nginx/error.log \
--http-log-path=/var/log/nginx/access.log \
--pid-path=/nginx/run/nginx.pid \
--lock-path=/nginx/run/nginx.lock \
--http-client-body-temp-path=/nginx/cache/client_temp \
--http-proxy-temp-path=/nginx/cache/proxy_temp \
--http-fastcgi-temp-path=/nginx/cache/fastcgi_temp \
--http-uwsgi-temp-path=/nginx/cache/uwsgi_temp \
--http-scgi-temp-path=/nginx/cache/scgi_temp \
--user=nginx \
--group=nginx \
--with-http_ssl_module \
--with-http_realip_module \
--with-http_addition_module \
--with-http_sub_module \
--with-http_dav_module \
--with-http_flv_module \
--with-http_mp4_module \
--with-http_gunzip_module \
--with-http_gzip_static_module \
--with-http_random_index_module \
--with-http_secure_link_module \
--with-http_stub_status_module \
--with-http_auth_request_module \
--with-http_xslt_module=dynamic \
--with-http_image_filter_module=dynamic \
--with-http_geoip_module=dynamic \
--with-threads \
--with-stream \
--with-stream_ssl_module \
--with-stream_ssl_preread_module \
--with-stream_realip_module \
--with-stream_geoip_module=dynamic \
--with-http_slice_module \
--with-mail \
--with-mail_ssl_module \
--with-compat \
--with-file-aio \
--with-http_v2_module \
--add-module=/usr/lib/nginx/modules/headers-more-nginx-module-$ADD_MODULE_HEADERS_MORE_NGINX_VERSION \
"; \
apk add --no-cache --update \
curl \
tar \
gcc \
libc-dev \
make \
openssl-dev \
pcre2-dev \
zlib-dev \
linux-headers \
libxslt-dev \
gd-dev \
geoip-dev \
perl-dev \
libedit-dev \
bash \
alpine-sdk \
findutils; \
mkdir -p /usr/lib/nginx/modules; \
mkdir -p /usr/src; \
curl -SL https://github.com/openresty/headers-more-nginx-module/archive/v$ADD_MODULE_HEADERS_MORE_NGINX_VERSION.tar.gz | tar -zxC /usr/lib/nginx/modules; \
curl -SL https://nginx.org/download/nginx-$NGINX_VERSION.tar.gz | tar -zxC /usr/src; \
cd /usr/src/nginx-$NGINX_VERSION; \
./configure $CONFIG --with-debug; \
make -j $(nproc); \
mv objs/nginx objs/nginx-debug; \
mv objs/ngx_http_xslt_filter_module.so objs/ngx_http_xslt_filter_module-debug.so; \
mv objs/ngx_http_image_filter_module.so objs/ngx_http_image_filter_module-debug.so; \
mv objs/ngx_http_geoip_module.so objs/ngx_http_geoip_module-debug.so; \
mv objs/ngx_stream_geoip_module.so objs/ngx_stream_geoip_module-debug.so; \
./configure $CONFIG; \
make -j $(nproc); \
make install; \
install -m755 objs/ngx_http_xslt_filter_module-debug.so /usr/lib/nginx/modules/ngx_http_xslt_filter_module-debug.so; \
install -m755 objs/ngx_http_image_filter_module-debug.so /usr/lib/nginx/modules/ngx_http_image_filter_module-debug.so; \
install -m755 objs/ngx_http_geoip_module-debug.so /usr/lib/nginx/modules/ngx_http_geoip_module-debug.so; \
install -m755 objs/ngx_stream_geoip_module-debug.so /usr/lib/nginx/modules/ngx_stream_geoip_module-debug.so; \
strip /usr/sbin/nginx*; \
strip /usr/lib/nginx/modules/*.so;
RUN set -ex; \
CONFIG="\
--prefix=/etc/nginx \
--sbin-path=/usr/sbin/nginx \
--modules-path=/usr/lib/nginx/modules \
--conf-path=/etc/nginx/nginx.conf \
--error-log-path=/var/log/nginx/error.log \
--http-log-path=/var/log/nginx/access.log \
--pid-path=/nginx/run/nginx.pid \
--lock-path=/nginx/run/nginx.lock \
--http-client-body-temp-path=/nginx/cache/client_temp \
--http-proxy-temp-path=/nginx/cache/proxy_temp \
--http-fastcgi-temp-path=/nginx/cache/fastcgi_temp \
--http-uwsgi-temp-path=/nginx/cache/uwsgi_temp \
--http-scgi-temp-path=/nginx/cache/scgi_temp \
--user=nginx \
--group=nginx \
--with-http_ssl_module \
--with-http_realip_module \
--with-http_addition_module \
--with-http_sub_module \
--with-http_dav_module \
--with-http_flv_module \
--with-http_mp4_module \
--with-http_gunzip_module \
--with-http_gzip_static_module \
--with-http_random_index_module \
--with-http_secure_link_module \
--with-http_stub_status_module \
--with-http_auth_request_module \
--with-http_xslt_module=dynamic \
--with-http_image_filter_module=dynamic \
--with-http_geoip_module=dynamic \
--with-threads \
--with-stream \
--with-stream_ssl_module \
--with-stream_ssl_preread_module \
--with-stream_realip_module \
--with-stream_geoip_module=dynamic \
--with-http_slice_module \
--with-mail \
--with-mail_ssl_module \
--with-compat \
--with-file-aio \
--with-http_v2_module \
--add-module=/usr/lib/nginx/modules/headers-more-nginx-module-${MODULE_HEADERS_MORE_NGINX_VERSION} \
"; \
apk add --no-cache --update \
curl \
tar \
gcc \
libc-dev \
make \
openssl-dev \
pcre2-dev \
zlib-dev \
linux-headers \
libxslt-dev \
gd-dev \
geoip-dev \
perl-dev \
libedit-dev \
bash \
alpine-sdk \
findutils; \
apk upgrade; \
mkdir -p /usr/lib/nginx/modules; \
mkdir -p /usr/src; \
curl -SL https://github.com/openresty/headers-more-nginx-module/archive/v${MODULE_HEADERS_MORE_NGINX_VERSION}.tar.gz | tar -zxC /usr/lib/nginx/modules; \
curl -SL https://nginx.org/download/nginx-${NGINX_VERSION}.tar.gz | tar -zxC /usr/src; \
cd /usr/src/nginx-${NGINX_VERSION}; \
./configure $CONFIG --with-debug; \
make -j $(nproc); \
mv objs/nginx objs/nginx-debug; \
mv objs/ngx_http_xslt_filter_module.so objs/ngx_http_xslt_filter_module-debug.so; \
mv objs/ngx_http_image_filter_module.so objs/ngx_http_image_filter_module-debug.so; \
mv objs/ngx_http_geoip_module.so objs/ngx_http_geoip_module-debug.so; \
mv objs/ngx_stream_geoip_module.so objs/ngx_stream_geoip_module-debug.so; \
./configure $CONFIG; \
make -j $(nproc); \
make install; \
install -m755 objs/ngx_http_xslt_filter_module-debug.so /usr/lib/nginx/modules/ngx_http_xslt_filter_module-debug.so; \
install -m755 objs/ngx_http_image_filter_module-debug.so /usr/lib/nginx/modules/ngx_http_image_filter_module-debug.so; \
install -m755 objs/ngx_http_geoip_module-debug.so /usr/lib/nginx/modules/ngx_http_geoip_module-debug.so; \
install -m755 objs/ngx_stream_geoip_module-debug.so /usr/lib/nginx/modules/ngx_stream_geoip_module-debug.so; \
strip /usr/sbin/nginx*; \
strip /usr/lib/nginx/modules/*.so;
# :: Header
FROM 11notes/alpine:arm32v7-stable
@@ -113,13 +114,14 @@
mkdir -p /nginx/www; \
mkdir -p /nginx/ssl; \
mkdir -p /nginx/cache; \
mkdir -p /nginx/run;
mkdir -p /nginx/run; \
mkdir -p /var/log/nginx;
RUN set -ex; \
apk add --update --no-cache \
curl \
pcre2-dev; \
mkdir -p /var/log/nginx; \
apk upgrade; \
touch /var/log/nginx/access.log; \
touch /var/log/nginx/error.log; \
ln -sf /dev/stdout /var/log/nginx/access.log; \
@@ -129,8 +131,10 @@
addgroup --gid 1000 -S nginx; \
adduser --uid 1000 -D -S -h /nginx -s /sbin/nologin -G nginx nginx;
# :: copy root filesystem changes
# :: copy root filesystem changes
COPY ./rootfs /
RUN set -ex; \
chmod +x -R /usr/local/bin;
# :: docker -u 1000:1000 (no root initiative)
RUN set -ex; \
@@ -142,10 +146,8 @@
VOLUME ["/nginx/etc", "/nginx/www", "/nginx/ssl"]
# :: Monitor
RUN set -ex; chmod +x /usr/local/bin/healthcheck.sh
HEALTHCHECK CMD /usr/local/bin/healthcheck.sh || exit 1
# :: Start
RUN set -ex; chmod +x /usr/local/bin/entrypoint.sh
USER nginx
ENTRYPOINT ["/usr/local/bin/entrypoint.sh"]

188
arm64v8.dockerfile
View File

@@ -6,95 +6,96 @@
# :: Builder
FROM arm64v8/alpine:latest as build
COPY --from=qemu qemu-aarch64-static /usr/bin
ENV NGINX_VERSION 1.24.0
ENV ADD_MODULE_HEADERS_MORE_NGINX_VERSION 0.34
ENV NGINX_VERSION=1.24.0
ENV MODULE_HEADERS_MORE_NGINX_VERSION=0.34
RUN set -ex; \
CONFIG="\
--prefix=/etc/nginx \
--sbin-path=/usr/sbin/nginx \
--modules-path=/usr/lib/nginx/modules \
--conf-path=/etc/nginx/nginx.conf \
--error-log-path=/var/log/nginx/error.log \
--http-log-path=/var/log/nginx/access.log \
--pid-path=/nginx/run/nginx.pid \
--lock-path=/nginx/run/nginx.lock \
--http-client-body-temp-path=/nginx/cache/client_temp \
--http-proxy-temp-path=/nginx/cache/proxy_temp \
--http-fastcgi-temp-path=/nginx/cache/fastcgi_temp \
--http-uwsgi-temp-path=/nginx/cache/uwsgi_temp \
--http-scgi-temp-path=/nginx/cache/scgi_temp \
--user=nginx \
--group=nginx \
--with-http_ssl_module \
--with-http_realip_module \
--with-http_addition_module \
--with-http_sub_module \
--with-http_dav_module \
--with-http_flv_module \
--with-http_mp4_module \
--with-http_gunzip_module \
--with-http_gzip_static_module \
--with-http_random_index_module \
--with-http_secure_link_module \
--with-http_stub_status_module \
--with-http_auth_request_module \
--with-http_xslt_module=dynamic \
--with-http_image_filter_module=dynamic \
--with-http_geoip_module=dynamic \
--with-threads \
--with-stream \
--with-stream_ssl_module \
--with-stream_ssl_preread_module \
--with-stream_realip_module \
--with-stream_geoip_module=dynamic \
--with-http_slice_module \
--with-mail \
--with-mail_ssl_module \
--with-compat \
--with-file-aio \
--with-http_v2_module \
--add-module=/usr/lib/nginx/modules/headers-more-nginx-module-$ADD_MODULE_HEADERS_MORE_NGINX_VERSION \
"; \
apk add --no-cache --update \
curl \
tar \
gcc \
libc-dev \
make \
openssl-dev \
pcre2-dev \
zlib-dev \
linux-headers \
libxslt-dev \
gd-dev \
geoip-dev \
perl-dev \
libedit-dev \
bash \
alpine-sdk \
findutils; \
mkdir -p /usr/lib/nginx/modules; \
mkdir -p /usr/src; \
curl -SL https://github.com/openresty/headers-more-nginx-module/archive/v$ADD_MODULE_HEADERS_MORE_NGINX_VERSION.tar.gz | tar -zxC /usr/lib/nginx/modules; \
curl -SL https://nginx.org/download/nginx-$NGINX_VERSION.tar.gz | tar -zxC /usr/src; \
cd /usr/src/nginx-$NGINX_VERSION; \
./configure $CONFIG --with-debug; \
make -j $(nproc); \
mv objs/nginx objs/nginx-debug; \
mv objs/ngx_http_xslt_filter_module.so objs/ngx_http_xslt_filter_module-debug.so; \
mv objs/ngx_http_image_filter_module.so objs/ngx_http_image_filter_module-debug.so; \
mv objs/ngx_http_geoip_module.so objs/ngx_http_geoip_module-debug.so; \
mv objs/ngx_stream_geoip_module.so objs/ngx_stream_geoip_module-debug.so; \
./configure $CONFIG; \
make -j $(nproc); \
make install; \
install -m755 objs/ngx_http_xslt_filter_module-debug.so /usr/lib/nginx/modules/ngx_http_xslt_filter_module-debug.so; \
install -m755 objs/ngx_http_image_filter_module-debug.so /usr/lib/nginx/modules/ngx_http_image_filter_module-debug.so; \
install -m755 objs/ngx_http_geoip_module-debug.so /usr/lib/nginx/modules/ngx_http_geoip_module-debug.so; \
install -m755 objs/ngx_stream_geoip_module-debug.so /usr/lib/nginx/modules/ngx_stream_geoip_module-debug.so; \
strip /usr/sbin/nginx*; \
strip /usr/lib/nginx/modules/*.so;
RUN set -ex; \
CONFIG="\
--prefix=/etc/nginx \
--sbin-path=/usr/sbin/nginx \
--modules-path=/usr/lib/nginx/modules \
--conf-path=/etc/nginx/nginx.conf \
--error-log-path=/var/log/nginx/error.log \
--http-log-path=/var/log/nginx/access.log \
--pid-path=/nginx/run/nginx.pid \
--lock-path=/nginx/run/nginx.lock \
--http-client-body-temp-path=/nginx/cache/client_temp \
--http-proxy-temp-path=/nginx/cache/proxy_temp \
--http-fastcgi-temp-path=/nginx/cache/fastcgi_temp \
--http-uwsgi-temp-path=/nginx/cache/uwsgi_temp \
--http-scgi-temp-path=/nginx/cache/scgi_temp \
--user=nginx \
--group=nginx \
--with-http_ssl_module \
--with-http_realip_module \
--with-http_addition_module \
--with-http_sub_module \
--with-http_dav_module \
--with-http_flv_module \
--with-http_mp4_module \
--with-http_gunzip_module \
--with-http_gzip_static_module \
--with-http_random_index_module \
--with-http_secure_link_module \
--with-http_stub_status_module \
--with-http_auth_request_module \
--with-http_xslt_module=dynamic \
--with-http_image_filter_module=dynamic \
--with-http_geoip_module=dynamic \
--with-threads \
--with-stream \
--with-stream_ssl_module \
--with-stream_ssl_preread_module \
--with-stream_realip_module \
--with-stream_geoip_module=dynamic \
--with-http_slice_module \
--with-mail \
--with-mail_ssl_module \
--with-compat \
--with-file-aio \
--with-http_v2_module \
--add-module=/usr/lib/nginx/modules/headers-more-nginx-module-${MODULE_HEADERS_MORE_NGINX_VERSION} \
"; \
apk add --no-cache --update \
curl \
tar \
gcc \
libc-dev \
make \
openssl-dev \
pcre2-dev \
zlib-dev \
linux-headers \
libxslt-dev \
gd-dev \
geoip-dev \
perl-dev \
libedit-dev \
bash \
alpine-sdk \
findutils; \
apk upgrade; \
mkdir -p /usr/lib/nginx/modules; \
mkdir -p /usr/src; \
curl -SL https://github.com/openresty/headers-more-nginx-module/archive/v${MODULE_HEADERS_MORE_NGINX_VERSION}.tar.gz | tar -zxC /usr/lib/nginx/modules; \
curl -SL https://nginx.org/download/nginx-${NGINX_VERSION}.tar.gz | tar -zxC /usr/src; \
cd /usr/src/nginx-${NGINX_VERSION}; \
./configure $CONFIG --with-debug; \
make -j $(nproc); \
mv objs/nginx objs/nginx-debug; \
mv objs/ngx_http_xslt_filter_module.so objs/ngx_http_xslt_filter_module-debug.so; \
mv objs/ngx_http_image_filter_module.so objs/ngx_http_image_filter_module-debug.so; \
mv objs/ngx_http_geoip_module.so objs/ngx_http_geoip_module-debug.so; \
mv objs/ngx_stream_geoip_module.so objs/ngx_stream_geoip_module-debug.so; \
./configure $CONFIG; \
make -j $(nproc); \
make install; \
install -m755 objs/ngx_http_xslt_filter_module-debug.so /usr/lib/nginx/modules/ngx_http_xslt_filter_module-debug.so; \
install -m755 objs/ngx_http_image_filter_module-debug.so /usr/lib/nginx/modules/ngx_http_image_filter_module-debug.so; \
install -m755 objs/ngx_http_geoip_module-debug.so /usr/lib/nginx/modules/ngx_http_geoip_module-debug.so; \
install -m755 objs/ngx_stream_geoip_module-debug.so /usr/lib/nginx/modules/ngx_stream_geoip_module-debug.so; \
strip /usr/sbin/nginx*; \
strip /usr/lib/nginx/modules/*.so;
# :: Header
FROM 11notes/alpine:arm64v8-stable
@@ -113,13 +114,14 @@
mkdir -p /nginx/www; \
mkdir -p /nginx/ssl; \
mkdir -p /nginx/cache; \
mkdir -p /nginx/run;
mkdir -p /nginx/run; \
mkdir -p /var/log/nginx;
RUN set -ex; \
apk add --update --no-cache \
curl \
pcre2-dev; \
mkdir -p /var/log/nginx; \
apk upgrade; \
touch /var/log/nginx/access.log; \
touch /var/log/nginx/error.log; \
ln -sf /dev/stdout /var/log/nginx/access.log; \
@@ -129,8 +131,10 @@
addgroup --gid 1000 -S nginx; \
adduser --uid 1000 -D -S -h /nginx -s /sbin/nologin -G nginx nginx;
# :: copy root filesystem changes
# :: copy root filesystem changes
COPY ./rootfs /
RUN set -ex; \
chmod +x -R /usr/local/bin;
# :: docker -u 1000:1000 (no root initiative)
RUN set -ex; \
@@ -142,10 +146,8 @@
VOLUME ["/nginx/etc", "/nginx/www", "/nginx/ssl"]
# :: Monitor
RUN set -ex; chmod +x /usr/local/bin/healthcheck.sh
HEALTHCHECK CMD /usr/local/bin/healthcheck.sh || exit 1
# :: Start
RUN set -ex; chmod +x /usr/local/bin/entrypoint.sh
USER nginx
ENTRYPOINT ["/usr/local/bin/entrypoint.sh"]