diff --git a/README.md b/README.md index fac65a2..59db43c 100644 --- a/README.md +++ b/README.md @@ -1,52 +1,38 @@ # docker-nginx - -Dockerfile to create and run your own nginx process inside an alpine docker container. Nginx is compiled from source and currently has one added optional module. +Container to run your own nginx process inside an alpine docker container. Nginx is compiled from source and currently has additional modules. ## Volumes - -/nginx/etc - -Purpose: vHost config, must end in *.conf (set in /etc/nginx/nginx.conf) - -/nginx/www - -Purpose: Webroot for vHost - -/nginx/ssl - -Purpose: SSL certificate directory +* **/nginx/etc** - vHost config, must end in *.conf (set in /etc/nginx/nginx.conf) +* **/nginx/www** - Webroot for vHost +* **/nginx/ssl** - SSL certificate directory ## Run ```shell docker run --name nginx \ -  -v volume-etc:/nginx/etc \ -  -v volume-www:/nginx/www \ -  -v volume-ssl:/nginx/ssl:ro \ -  -d 11notes/nginx:[tag] + -v /local/etc:/nginx/etc \ + -v /local/www:/nginx/www \ + -v /local/ssl:/nginx/ssl:ro \ + -d 11notes/nginx:[tag] ``` ## difference between official docker images - Additional plugins: ```shell - module_headers_more + module_headers_more ``` Nginx configuration: - ```shell - all data moved to /nginx (in compiler!) + all data moved to /nginx (in compiler!) ``` ## Docker -u 1000:1000 (no root initiative) +As part to make containers more secure, this container will not run as root, but as uid:gid 1000:1000. Therefore the default TCP port 80 was changed to 8080. -As part to make containers more secure, this container will not run as root, but as uid:gid 1000:1000. Therefore the default TCP port 80 was changed to 8080 (/source/default.conf). - -## Build with - -* [Alpine Linux](https://alpinelinux.org/) - Alpine Linux -* [nginx](https://github.com/nginxinc/docker-nginx) - Nginx +## Built with +* [Alpine Linux](https://alpinelinux.org/) - Offical Parent Container +* [nginx](https://nginx.org/) - Nginx ## Tips diff --git a/amd64.dockerfile b/amd64.dockerfile index 621d004..ad9b04d 100644 --- a/amd64.dockerfile +++ b/amd64.dockerfile @@ -1,144 +1,146 @@ # :: Build - FROM alpine:latest as build - ENV NGINX_VERSION=1.24.0 - ENV MODULE_HEADERS_MORE_NGINX_VERSION=0.34 + FROM alpine:latest as build + ENV NGINX_VERSION=1.24.0 + ENV MODULE_HEADERS_MORE_NGINX_VERSION=0.34 - RUN set -ex; \ - CONFIG="\ - --prefix=/etc/nginx \ - --sbin-path=/usr/sbin/nginx \ - --modules-path=/usr/lib/nginx/modules \ - --conf-path=/etc/nginx/nginx.conf \ - --error-log-path=/var/log/nginx/error.log \ - --http-log-path=/var/log/nginx/access.log \ - --pid-path=/nginx/run/nginx.pid \ - --lock-path=/nginx/run/nginx.lock \ - --http-client-body-temp-path=/nginx/cache/client_temp \ - --http-proxy-temp-path=/nginx/cache/proxy_temp \ - --http-fastcgi-temp-path=/nginx/cache/fastcgi_temp \ - --http-uwsgi-temp-path=/nginx/cache/uwsgi_temp \ - --http-scgi-temp-path=/nginx/cache/scgi_temp \ - --user=nginx \ - --group=nginx \ - --with-http_ssl_module \ - --with-http_realip_module \ - --with-http_addition_module \ - --with-http_sub_module \ - --with-http_dav_module \ - --with-http_flv_module \ - --with-http_mp4_module \ - --with-http_gunzip_module \ - --with-http_gzip_static_module \ - --with-http_random_index_module \ - --with-http_secure_link_module \ - --with-http_stub_status_module \ - --with-http_auth_request_module \ - --with-http_xslt_module=dynamic \ - --with-http_image_filter_module=dynamic \ - --with-http_geoip_module=dynamic \ - --with-threads \ - --with-stream \ - --with-stream_ssl_module \ - --with-stream_ssl_preread_module \ - --with-stream_realip_module \ - --with-stream_geoip_module=dynamic \ - --with-http_slice_module \ - --with-mail \ - --with-mail_ssl_module \ - --with-compat \ - --with-file-aio \ - --with-http_v2_module \ - --add-module=/usr/lib/nginx/modules/headers-more-nginx-module-${MODULE_HEADERS_MORE_NGINX_VERSION} \ - "; \ - apk add --no-cache --update \ - curl \ - tar \ - gcc \ - libc-dev \ - make \ - openssl-dev \ - pcre2-dev \ - zlib-dev \ - linux-headers \ - libxslt-dev \ - gd-dev \ - geoip-dev \ - perl-dev \ - libedit-dev \ - bash \ - alpine-sdk \ - findutils; \ - mkdir -p /usr/lib/nginx/modules; \ - mkdir -p /usr/src; \ - curl -SL https://github.com/openresty/headers-more-nginx-module/archive/v${MODULE_HEADERS_MORE_NGINX_VERSION}.tar.gz | tar -zxC /usr/lib/nginx/modules; \ - curl -SL https://nginx.org/download/nginx-${NGINX_VERSION}.tar.gz | tar -zxC /usr/src; \ - cd /usr/src/nginx-${NGINX_VERSION}; \ - ./configure $CONFIG --with-debug; \ - make -j $(nproc); \ - mv objs/nginx objs/nginx-debug; \ - mv objs/ngx_http_xslt_filter_module.so objs/ngx_http_xslt_filter_module-debug.so; \ - mv objs/ngx_http_image_filter_module.so objs/ngx_http_image_filter_module-debug.so; \ - mv objs/ngx_http_geoip_module.so objs/ngx_http_geoip_module-debug.so; \ - mv objs/ngx_stream_geoip_module.so objs/ngx_stream_geoip_module-debug.so; \ - ./configure $CONFIG; \ - make -j $(nproc); \ - make install; \ - install -m755 objs/ngx_http_xslt_filter_module-debug.so /usr/lib/nginx/modules/ngx_http_xslt_filter_module-debug.so; \ - install -m755 objs/ngx_http_image_filter_module-debug.so /usr/lib/nginx/modules/ngx_http_image_filter_module-debug.so; \ - install -m755 objs/ngx_http_geoip_module-debug.so /usr/lib/nginx/modules/ngx_http_geoip_module-debug.so; \ - install -m755 objs/ngx_stream_geoip_module-debug.so /usr/lib/nginx/modules/ngx_stream_geoip_module-debug.so; \ - strip /usr/sbin/nginx*; \ - strip /usr/lib/nginx/modules/*.so; + RUN set -ex; \ + CONFIG="\ + --prefix=/etc/nginx \ + --sbin-path=/usr/sbin/nginx \ + --modules-path=/usr/lib/nginx/modules \ + --conf-path=/etc/nginx/nginx.conf \ + --error-log-path=/var/log/nginx/error.log \ + --http-log-path=/var/log/nginx/access.log \ + --pid-path=/nginx/run/nginx.pid \ + --lock-path=/nginx/run/nginx.lock \ + --http-client-body-temp-path=/nginx/cache/client_temp \ + --http-proxy-temp-path=/nginx/cache/proxy_temp \ + --http-fastcgi-temp-path=/nginx/cache/fastcgi_temp \ + --http-uwsgi-temp-path=/nginx/cache/uwsgi_temp \ + --http-scgi-temp-path=/nginx/cache/scgi_temp \ + --user=nginx \ + --group=nginx \ + --with-http_ssl_module \ + --with-http_realip_module \ + --with-http_addition_module \ + --with-http_sub_module \ + --with-http_dav_module \ + --with-http_flv_module \ + --with-http_mp4_module \ + --with-http_gunzip_module \ + --with-http_gzip_static_module \ + --with-http_random_index_module \ + --with-http_secure_link_module \ + --with-http_stub_status_module \ + --with-http_auth_request_module \ + --with-http_xslt_module=dynamic \ + --with-http_image_filter_module=dynamic \ + --with-http_geoip_module=dynamic \ + --with-threads \ + --with-stream \ + --with-stream_ssl_module \ + --with-stream_ssl_preread_module \ + --with-stream_realip_module \ + --with-stream_geoip_module=dynamic \ + --with-http_slice_module \ + --with-mail \ + --with-mail_ssl_module \ + --with-compat \ + --with-file-aio \ + --with-http_v2_module \ + --add-module=/usr/lib/nginx/modules/headers-more-nginx-module-${MODULE_HEADERS_MORE_NGINX_VERSION} \ + "; \ + apk add --no-cache --update \ + curl \ + tar \ + gcc \ + libc-dev \ + make \ + openssl-dev \ + pcre2-dev \ + zlib-dev \ + linux-headers \ + libxslt-dev \ + gd-dev \ + geoip-dev \ + perl-dev \ + libedit-dev \ + bash \ + alpine-sdk \ + findutils; \ + apk upgrade; \ + mkdir -p /usr/lib/nginx/modules; \ + mkdir -p /usr/src; \ + curl -SL https://github.com/openresty/headers-more-nginx-module/archive/v${MODULE_HEADERS_MORE_NGINX_VERSION}.tar.gz | tar -zxC /usr/lib/nginx/modules; \ + curl -SL https://nginx.org/download/nginx-${NGINX_VERSION}.tar.gz | tar -zxC /usr/src; \ + cd /usr/src/nginx-${NGINX_VERSION}; \ + ./configure $CONFIG --with-debug; \ + make -j $(nproc); \ + mv objs/nginx objs/nginx-debug; \ + mv objs/ngx_http_xslt_filter_module.so objs/ngx_http_xslt_filter_module-debug.so; \ + mv objs/ngx_http_image_filter_module.so objs/ngx_http_image_filter_module-debug.so; \ + mv objs/ngx_http_geoip_module.so objs/ngx_http_geoip_module-debug.so; \ + mv objs/ngx_stream_geoip_module.so objs/ngx_stream_geoip_module-debug.so; \ + ./configure $CONFIG; \ + make -j $(nproc); \ + make install; \ + install -m755 objs/ngx_http_xslt_filter_module-debug.so /usr/lib/nginx/modules/ngx_http_xslt_filter_module-debug.so; \ + install -m755 objs/ngx_http_image_filter_module-debug.so /usr/lib/nginx/modules/ngx_http_image_filter_module-debug.so; \ + install -m755 objs/ngx_http_geoip_module-debug.so /usr/lib/nginx/modules/ngx_http_geoip_module-debug.so; \ + install -m755 objs/ngx_stream_geoip_module-debug.so /usr/lib/nginx/modules/ngx_stream_geoip_module-debug.so; \ + strip /usr/sbin/nginx*; \ + strip /usr/lib/nginx/modules/*.so; # :: Header - FROM 11notes/alpine:stable - COPY --from=build /usr/sbin/nginx /usr/sbin - COPY --from=build /etc/nginx/ /etc/nginx - COPY --from=build /usr/lib/nginx/modules/ /etc/nginx/modules + FROM 11notes/alpine:stable + COPY --from=build /usr/sbin/nginx /usr/sbin + COPY --from=build /etc/nginx/ /etc/nginx + COPY --from=build /usr/lib/nginx/modules/ /etc/nginx/modules # :: Run - USER root + USER root - # :: prepare - RUN set -ex; \ - mkdir -p /nginx; \ - mkdir -p /nginx/etc; \ - mkdir -p /nginx/www; \ - mkdir -p /nginx/ssl; \ - mkdir -p /nginx/cache; \ - mkdir -p /nginx/run; + # :: prepare + RUN set -ex; \ + mkdir -p /nginx; \ + mkdir -p /nginx/etc; \ + mkdir -p /nginx/www; \ + mkdir -p /nginx/ssl; \ + mkdir -p /nginx/cache; \ + mkdir -p /nginx/run; \ + mkdir -p /var/log/nginx; - RUN set -ex; \ - apk add --update --no-cache \ - curl \ - pcre2-dev; \ - mkdir -p /var/log/nginx; \ - touch /var/log/nginx/access.log; \ - touch /var/log/nginx/error.log; \ - ln -sf /dev/stdout /var/log/nginx/access.log; \ - ln -sf /dev/stderr /var/log/nginx/error.log; + RUN set -ex; \ + apk add --update --no-cache \ + curl \ + pcre2-dev; \ + apk upgrade; \ + touch /var/log/nginx/access.log; \ + touch /var/log/nginx/error.log; \ + ln -sf /dev/stdout /var/log/nginx/access.log; \ + ln -sf /dev/stderr /var/log/nginx/error.log; - RUN set -ex; \ - addgroup --gid 1000 -S nginx; \ - adduser --uid 1000 -D -S -h /nginx -s /sbin/nologin -G nginx nginx; + RUN set -ex; \ + addgroup --gid 1000 -S nginx; \ + adduser --uid 1000 -D -S -h /nginx -s /sbin/nologin -G nginx nginx; - # :: copy root filesystem changes + # :: copy root filesystem changes COPY ./rootfs / + RUN set -ex; \ + chmod +x -R /usr/local/bin; - # :: docker -u 1000:1000 (no root initiative) - RUN set -ex; \ - chown nginx:nginx -R \ - /nginx \ - /var/log/nginx; + # :: docker -u 1000:1000 (no root initiative) + RUN set -ex; \ + chown nginx:nginx -R \ + /nginx \ + /var/log/nginx; # :: Volumes - VOLUME ["/nginx/etc", "/nginx/www", "/nginx/ssl"] + VOLUME ["/nginx/etc", "/nginx/www", "/nginx/ssl"] # :: Monitor - RUN set -ex; chmod +x /usr/local/bin/healthcheck.sh HEALTHCHECK CMD /usr/local/bin/healthcheck.sh || exit 1 # :: Start - RUN set -ex; chmod +x /usr/local/bin/entrypoint.sh - USER nginx - ENTRYPOINT ["/usr/local/bin/entrypoint.sh"] \ No newline at end of file + USER nginx + ENTRYPOINT ["/usr/local/bin/entrypoint.sh"] \ No newline at end of file diff --git a/arm32v7.dockerfile b/arm32v7.dockerfile index dbfca40..5cbd7fb 100644 --- a/arm32v7.dockerfile +++ b/arm32v7.dockerfile @@ -6,95 +6,96 @@ # :: Builder FROM arm32v7/alpine:latest as build COPY --from=qemu qemu-arm-static /usr/bin - ENV NGINX_VERSION 1.24.0 - ENV ADD_MODULE_HEADERS_MORE_NGINX_VERSION 0.34 + ENV NGINX_VERSION=1.24.0 + ENV MODULE_HEADERS_MORE_NGINX_VERSION=0.34 - RUN set -ex; \ - CONFIG="\ - --prefix=/etc/nginx \ - --sbin-path=/usr/sbin/nginx \ - --modules-path=/usr/lib/nginx/modules \ - --conf-path=/etc/nginx/nginx.conf \ - --error-log-path=/var/log/nginx/error.log \ - --http-log-path=/var/log/nginx/access.log \ - --pid-path=/nginx/run/nginx.pid \ - --lock-path=/nginx/run/nginx.lock \ - --http-client-body-temp-path=/nginx/cache/client_temp \ - --http-proxy-temp-path=/nginx/cache/proxy_temp \ - --http-fastcgi-temp-path=/nginx/cache/fastcgi_temp \ - --http-uwsgi-temp-path=/nginx/cache/uwsgi_temp \ - --http-scgi-temp-path=/nginx/cache/scgi_temp \ - --user=nginx \ - --group=nginx \ - --with-http_ssl_module \ - --with-http_realip_module \ - --with-http_addition_module \ - --with-http_sub_module \ - --with-http_dav_module \ - --with-http_flv_module \ - --with-http_mp4_module \ - --with-http_gunzip_module \ - --with-http_gzip_static_module \ - --with-http_random_index_module \ - --with-http_secure_link_module \ - --with-http_stub_status_module \ - --with-http_auth_request_module \ - --with-http_xslt_module=dynamic \ - --with-http_image_filter_module=dynamic \ - --with-http_geoip_module=dynamic \ - --with-threads \ - --with-stream \ - --with-stream_ssl_module \ - --with-stream_ssl_preread_module \ - --with-stream_realip_module \ - --with-stream_geoip_module=dynamic \ - --with-http_slice_module \ - --with-mail \ - --with-mail_ssl_module \ - --with-compat \ - --with-file-aio \ - --with-http_v2_module \ - --add-module=/usr/lib/nginx/modules/headers-more-nginx-module-$ADD_MODULE_HEADERS_MORE_NGINX_VERSION \ - "; \ - apk add --no-cache --update \ - curl \ - tar \ - gcc \ - libc-dev \ - make \ - openssl-dev \ - pcre2-dev \ - zlib-dev \ - linux-headers \ - libxslt-dev \ - gd-dev \ - geoip-dev \ - perl-dev \ - libedit-dev \ - bash \ - alpine-sdk \ - findutils; \ - mkdir -p /usr/lib/nginx/modules; \ - mkdir -p /usr/src; \ - curl -SL https://github.com/openresty/headers-more-nginx-module/archive/v$ADD_MODULE_HEADERS_MORE_NGINX_VERSION.tar.gz | tar -zxC /usr/lib/nginx/modules; \ - curl -SL https://nginx.org/download/nginx-$NGINX_VERSION.tar.gz | tar -zxC /usr/src; \ - cd /usr/src/nginx-$NGINX_VERSION; \ - ./configure $CONFIG --with-debug; \ - make -j $(nproc); \ - mv objs/nginx objs/nginx-debug; \ - mv objs/ngx_http_xslt_filter_module.so objs/ngx_http_xslt_filter_module-debug.so; \ - mv objs/ngx_http_image_filter_module.so objs/ngx_http_image_filter_module-debug.so; \ - mv objs/ngx_http_geoip_module.so objs/ngx_http_geoip_module-debug.so; \ - mv objs/ngx_stream_geoip_module.so objs/ngx_stream_geoip_module-debug.so; \ - ./configure $CONFIG; \ - make -j $(nproc); \ - make install; \ - install -m755 objs/ngx_http_xslt_filter_module-debug.so /usr/lib/nginx/modules/ngx_http_xslt_filter_module-debug.so; \ - install -m755 objs/ngx_http_image_filter_module-debug.so /usr/lib/nginx/modules/ngx_http_image_filter_module-debug.so; \ - install -m755 objs/ngx_http_geoip_module-debug.so /usr/lib/nginx/modules/ngx_http_geoip_module-debug.so; \ - install -m755 objs/ngx_stream_geoip_module-debug.so /usr/lib/nginx/modules/ngx_stream_geoip_module-debug.so; \ - strip /usr/sbin/nginx*; \ - strip /usr/lib/nginx/modules/*.so; + RUN set -ex; \ + CONFIG="\ + --prefix=/etc/nginx \ + --sbin-path=/usr/sbin/nginx \ + --modules-path=/usr/lib/nginx/modules \ + --conf-path=/etc/nginx/nginx.conf \ + --error-log-path=/var/log/nginx/error.log \ + --http-log-path=/var/log/nginx/access.log \ + --pid-path=/nginx/run/nginx.pid \ + --lock-path=/nginx/run/nginx.lock \ + --http-client-body-temp-path=/nginx/cache/client_temp \ + --http-proxy-temp-path=/nginx/cache/proxy_temp \ + --http-fastcgi-temp-path=/nginx/cache/fastcgi_temp \ + --http-uwsgi-temp-path=/nginx/cache/uwsgi_temp \ + --http-scgi-temp-path=/nginx/cache/scgi_temp \ + --user=nginx \ + --group=nginx \ + --with-http_ssl_module \ + --with-http_realip_module \ + --with-http_addition_module \ + --with-http_sub_module \ + --with-http_dav_module \ + --with-http_flv_module \ + --with-http_mp4_module \ + --with-http_gunzip_module \ + --with-http_gzip_static_module \ + --with-http_random_index_module \ + --with-http_secure_link_module \ + --with-http_stub_status_module \ + --with-http_auth_request_module \ + --with-http_xslt_module=dynamic \ + --with-http_image_filter_module=dynamic \ + --with-http_geoip_module=dynamic \ + --with-threads \ + --with-stream \ + --with-stream_ssl_module \ + --with-stream_ssl_preread_module \ + --with-stream_realip_module \ + --with-stream_geoip_module=dynamic \ + --with-http_slice_module \ + --with-mail \ + --with-mail_ssl_module \ + --with-compat \ + --with-file-aio \ + --with-http_v2_module \ + --add-module=/usr/lib/nginx/modules/headers-more-nginx-module-${MODULE_HEADERS_MORE_NGINX_VERSION} \ + "; \ + apk add --no-cache --update \ + curl \ + tar \ + gcc \ + libc-dev \ + make \ + openssl-dev \ + pcre2-dev \ + zlib-dev \ + linux-headers \ + libxslt-dev \ + gd-dev \ + geoip-dev \ + perl-dev \ + libedit-dev \ + bash \ + alpine-sdk \ + findutils; \ + apk upgrade; \ + mkdir -p /usr/lib/nginx/modules; \ + mkdir -p /usr/src; \ + curl -SL https://github.com/openresty/headers-more-nginx-module/archive/v${MODULE_HEADERS_MORE_NGINX_VERSION}.tar.gz | tar -zxC /usr/lib/nginx/modules; \ + curl -SL https://nginx.org/download/nginx-${NGINX_VERSION}.tar.gz | tar -zxC /usr/src; \ + cd /usr/src/nginx-${NGINX_VERSION}; \ + ./configure $CONFIG --with-debug; \ + make -j $(nproc); \ + mv objs/nginx objs/nginx-debug; \ + mv objs/ngx_http_xslt_filter_module.so objs/ngx_http_xslt_filter_module-debug.so; \ + mv objs/ngx_http_image_filter_module.so objs/ngx_http_image_filter_module-debug.so; \ + mv objs/ngx_http_geoip_module.so objs/ngx_http_geoip_module-debug.so; \ + mv objs/ngx_stream_geoip_module.so objs/ngx_stream_geoip_module-debug.so; \ + ./configure $CONFIG; \ + make -j $(nproc); \ + make install; \ + install -m755 objs/ngx_http_xslt_filter_module-debug.so /usr/lib/nginx/modules/ngx_http_xslt_filter_module-debug.so; \ + install -m755 objs/ngx_http_image_filter_module-debug.so /usr/lib/nginx/modules/ngx_http_image_filter_module-debug.so; \ + install -m755 objs/ngx_http_geoip_module-debug.so /usr/lib/nginx/modules/ngx_http_geoip_module-debug.so; \ + install -m755 objs/ngx_stream_geoip_module-debug.so /usr/lib/nginx/modules/ngx_stream_geoip_module-debug.so; \ + strip /usr/sbin/nginx*; \ + strip /usr/lib/nginx/modules/*.so; # :: Header FROM 11notes/alpine:arm32v7-stable @@ -113,13 +114,14 @@ mkdir -p /nginx/www; \ mkdir -p /nginx/ssl; \ mkdir -p /nginx/cache; \ - mkdir -p /nginx/run; + mkdir -p /nginx/run; \ + mkdir -p /var/log/nginx; RUN set -ex; \ apk add --update --no-cache \ curl \ pcre2-dev; \ - mkdir -p /var/log/nginx; \ + apk upgrade; \ touch /var/log/nginx/access.log; \ touch /var/log/nginx/error.log; \ ln -sf /dev/stdout /var/log/nginx/access.log; \ @@ -129,8 +131,10 @@ addgroup --gid 1000 -S nginx; \ adduser --uid 1000 -D -S -h /nginx -s /sbin/nologin -G nginx nginx; - # :: copy root filesystem changes + # :: copy root filesystem changes COPY ./rootfs / + RUN set -ex; \ + chmod +x -R /usr/local/bin; # :: docker -u 1000:1000 (no root initiative) RUN set -ex; \ @@ -142,10 +146,8 @@ VOLUME ["/nginx/etc", "/nginx/www", "/nginx/ssl"] # :: Monitor - RUN set -ex; chmod +x /usr/local/bin/healthcheck.sh HEALTHCHECK CMD /usr/local/bin/healthcheck.sh || exit 1 # :: Start - RUN set -ex; chmod +x /usr/local/bin/entrypoint.sh USER nginx ENTRYPOINT ["/usr/local/bin/entrypoint.sh"] \ No newline at end of file diff --git a/arm64v8.dockerfile b/arm64v8.dockerfile index 2bec927..13e3377 100644 --- a/arm64v8.dockerfile +++ b/arm64v8.dockerfile @@ -6,95 +6,96 @@ # :: Builder FROM arm64v8/alpine:latest as build COPY --from=qemu qemu-aarch64-static /usr/bin - ENV NGINX_VERSION 1.24.0 - ENV ADD_MODULE_HEADERS_MORE_NGINX_VERSION 0.34 + ENV NGINX_VERSION=1.24.0 + ENV MODULE_HEADERS_MORE_NGINX_VERSION=0.34 - RUN set -ex; \ - CONFIG="\ - --prefix=/etc/nginx \ - --sbin-path=/usr/sbin/nginx \ - --modules-path=/usr/lib/nginx/modules \ - --conf-path=/etc/nginx/nginx.conf \ - --error-log-path=/var/log/nginx/error.log \ - --http-log-path=/var/log/nginx/access.log \ - --pid-path=/nginx/run/nginx.pid \ - --lock-path=/nginx/run/nginx.lock \ - --http-client-body-temp-path=/nginx/cache/client_temp \ - --http-proxy-temp-path=/nginx/cache/proxy_temp \ - --http-fastcgi-temp-path=/nginx/cache/fastcgi_temp \ - --http-uwsgi-temp-path=/nginx/cache/uwsgi_temp \ - --http-scgi-temp-path=/nginx/cache/scgi_temp \ - --user=nginx \ - --group=nginx \ - --with-http_ssl_module \ - --with-http_realip_module \ - --with-http_addition_module \ - --with-http_sub_module \ - --with-http_dav_module \ - --with-http_flv_module \ - --with-http_mp4_module \ - --with-http_gunzip_module \ - --with-http_gzip_static_module \ - --with-http_random_index_module \ - --with-http_secure_link_module \ - --with-http_stub_status_module \ - --with-http_auth_request_module \ - --with-http_xslt_module=dynamic \ - --with-http_image_filter_module=dynamic \ - --with-http_geoip_module=dynamic \ - --with-threads \ - --with-stream \ - --with-stream_ssl_module \ - --with-stream_ssl_preread_module \ - --with-stream_realip_module \ - --with-stream_geoip_module=dynamic \ - --with-http_slice_module \ - --with-mail \ - --with-mail_ssl_module \ - --with-compat \ - --with-file-aio \ - --with-http_v2_module \ - --add-module=/usr/lib/nginx/modules/headers-more-nginx-module-$ADD_MODULE_HEADERS_MORE_NGINX_VERSION \ - "; \ - apk add --no-cache --update \ - curl \ - tar \ - gcc \ - libc-dev \ - make \ - openssl-dev \ - pcre2-dev \ - zlib-dev \ - linux-headers \ - libxslt-dev \ - gd-dev \ - geoip-dev \ - perl-dev \ - libedit-dev \ - bash \ - alpine-sdk \ - findutils; \ - mkdir -p /usr/lib/nginx/modules; \ - mkdir -p /usr/src; \ - curl -SL https://github.com/openresty/headers-more-nginx-module/archive/v$ADD_MODULE_HEADERS_MORE_NGINX_VERSION.tar.gz | tar -zxC /usr/lib/nginx/modules; \ - curl -SL https://nginx.org/download/nginx-$NGINX_VERSION.tar.gz | tar -zxC /usr/src; \ - cd /usr/src/nginx-$NGINX_VERSION; \ - ./configure $CONFIG --with-debug; \ - make -j $(nproc); \ - mv objs/nginx objs/nginx-debug; \ - mv objs/ngx_http_xslt_filter_module.so objs/ngx_http_xslt_filter_module-debug.so; \ - mv objs/ngx_http_image_filter_module.so objs/ngx_http_image_filter_module-debug.so; \ - mv objs/ngx_http_geoip_module.so objs/ngx_http_geoip_module-debug.so; \ - mv objs/ngx_stream_geoip_module.so objs/ngx_stream_geoip_module-debug.so; \ - ./configure $CONFIG; \ - make -j $(nproc); \ - make install; \ - install -m755 objs/ngx_http_xslt_filter_module-debug.so /usr/lib/nginx/modules/ngx_http_xslt_filter_module-debug.so; \ - install -m755 objs/ngx_http_image_filter_module-debug.so /usr/lib/nginx/modules/ngx_http_image_filter_module-debug.so; \ - install -m755 objs/ngx_http_geoip_module-debug.so /usr/lib/nginx/modules/ngx_http_geoip_module-debug.so; \ - install -m755 objs/ngx_stream_geoip_module-debug.so /usr/lib/nginx/modules/ngx_stream_geoip_module-debug.so; \ - strip /usr/sbin/nginx*; \ - strip /usr/lib/nginx/modules/*.so; + RUN set -ex; \ + CONFIG="\ + --prefix=/etc/nginx \ + --sbin-path=/usr/sbin/nginx \ + --modules-path=/usr/lib/nginx/modules \ + --conf-path=/etc/nginx/nginx.conf \ + --error-log-path=/var/log/nginx/error.log \ + --http-log-path=/var/log/nginx/access.log \ + --pid-path=/nginx/run/nginx.pid \ + --lock-path=/nginx/run/nginx.lock \ + --http-client-body-temp-path=/nginx/cache/client_temp \ + --http-proxy-temp-path=/nginx/cache/proxy_temp \ + --http-fastcgi-temp-path=/nginx/cache/fastcgi_temp \ + --http-uwsgi-temp-path=/nginx/cache/uwsgi_temp \ + --http-scgi-temp-path=/nginx/cache/scgi_temp \ + --user=nginx \ + --group=nginx \ + --with-http_ssl_module \ + --with-http_realip_module \ + --with-http_addition_module \ + --with-http_sub_module \ + --with-http_dav_module \ + --with-http_flv_module \ + --with-http_mp4_module \ + --with-http_gunzip_module \ + --with-http_gzip_static_module \ + --with-http_random_index_module \ + --with-http_secure_link_module \ + --with-http_stub_status_module \ + --with-http_auth_request_module \ + --with-http_xslt_module=dynamic \ + --with-http_image_filter_module=dynamic \ + --with-http_geoip_module=dynamic \ + --with-threads \ + --with-stream \ + --with-stream_ssl_module \ + --with-stream_ssl_preread_module \ + --with-stream_realip_module \ + --with-stream_geoip_module=dynamic \ + --with-http_slice_module \ + --with-mail \ + --with-mail_ssl_module \ + --with-compat \ + --with-file-aio \ + --with-http_v2_module \ + --add-module=/usr/lib/nginx/modules/headers-more-nginx-module-${MODULE_HEADERS_MORE_NGINX_VERSION} \ + "; \ + apk add --no-cache --update \ + curl \ + tar \ + gcc \ + libc-dev \ + make \ + openssl-dev \ + pcre2-dev \ + zlib-dev \ + linux-headers \ + libxslt-dev \ + gd-dev \ + geoip-dev \ + perl-dev \ + libedit-dev \ + bash \ + alpine-sdk \ + findutils; \ + apk upgrade; \ + mkdir -p /usr/lib/nginx/modules; \ + mkdir -p /usr/src; \ + curl -SL https://github.com/openresty/headers-more-nginx-module/archive/v${MODULE_HEADERS_MORE_NGINX_VERSION}.tar.gz | tar -zxC /usr/lib/nginx/modules; \ + curl -SL https://nginx.org/download/nginx-${NGINX_VERSION}.tar.gz | tar -zxC /usr/src; \ + cd /usr/src/nginx-${NGINX_VERSION}; \ + ./configure $CONFIG --with-debug; \ + make -j $(nproc); \ + mv objs/nginx objs/nginx-debug; \ + mv objs/ngx_http_xslt_filter_module.so objs/ngx_http_xslt_filter_module-debug.so; \ + mv objs/ngx_http_image_filter_module.so objs/ngx_http_image_filter_module-debug.so; \ + mv objs/ngx_http_geoip_module.so objs/ngx_http_geoip_module-debug.so; \ + mv objs/ngx_stream_geoip_module.so objs/ngx_stream_geoip_module-debug.so; \ + ./configure $CONFIG; \ + make -j $(nproc); \ + make install; \ + install -m755 objs/ngx_http_xslt_filter_module-debug.so /usr/lib/nginx/modules/ngx_http_xslt_filter_module-debug.so; \ + install -m755 objs/ngx_http_image_filter_module-debug.so /usr/lib/nginx/modules/ngx_http_image_filter_module-debug.so; \ + install -m755 objs/ngx_http_geoip_module-debug.so /usr/lib/nginx/modules/ngx_http_geoip_module-debug.so; \ + install -m755 objs/ngx_stream_geoip_module-debug.so /usr/lib/nginx/modules/ngx_stream_geoip_module-debug.so; \ + strip /usr/sbin/nginx*; \ + strip /usr/lib/nginx/modules/*.so; # :: Header FROM 11notes/alpine:arm64v8-stable @@ -113,13 +114,14 @@ mkdir -p /nginx/www; \ mkdir -p /nginx/ssl; \ mkdir -p /nginx/cache; \ - mkdir -p /nginx/run; + mkdir -p /nginx/run; \ + mkdir -p /var/log/nginx; RUN set -ex; \ apk add --update --no-cache \ curl \ pcre2-dev; \ - mkdir -p /var/log/nginx; \ + apk upgrade; \ touch /var/log/nginx/access.log; \ touch /var/log/nginx/error.log; \ ln -sf /dev/stdout /var/log/nginx/access.log; \ @@ -129,8 +131,10 @@ addgroup --gid 1000 -S nginx; \ adduser --uid 1000 -D -S -h /nginx -s /sbin/nologin -G nginx nginx; - # :: copy root filesystem changes + # :: copy root filesystem changes COPY ./rootfs / + RUN set -ex; \ + chmod +x -R /usr/local/bin; # :: docker -u 1000:1000 (no root initiative) RUN set -ex; \ @@ -142,10 +146,8 @@ VOLUME ["/nginx/etc", "/nginx/www", "/nginx/ssl"] # :: Monitor - RUN set -ex; chmod +x /usr/local/bin/healthcheck.sh HEALTHCHECK CMD /usr/local/bin/healthcheck.sh || exit 1 # :: Start - RUN set -ex; chmod +x /usr/local/bin/entrypoint.sh USER nginx ENTRYPOINT ["/usr/local/bin/entrypoint.sh"] \ No newline at end of file