paulmataruso/11note-docker-nginx
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

style and format changes (indent issue)

Browse Source
This commit is contained in:
ElevenNotes
2023-05-23 15:11:24 +02:00
parent e2aa2e9a18
commit 7df68db7c4
4 changed files with 331 additions and 339 deletions
Download Patch File Download Diff File Expand all files Collapse all files

42
README.md
View File

@@ -1,52 +1,38 @@
# docker-nginx # docker-nginx
Container to run your own nginx process inside an alpine docker container. Nginx is compiled from source and currently has additional modules.
Dockerfile to create and run your own nginx process inside an alpine docker container. Nginx is compiled from source and currently has one added optional module.
## Volumes ## Volumes
* **/nginx/etc** - vHost config, must end in *.conf (set in /etc/nginx/nginx.conf)
/nginx/etc * **/nginx/www** - Webroot for vHost
* **/nginx/ssl** - SSL certificate directory
Purpose: vHost config, must end in *.conf (set in /etc/nginx/nginx.conf)
/nginx/www
Purpose: Webroot for vHost
/nginx/ssl
Purpose: SSL certificate directory
## Run ## Run
```shell ```shell
docker run --name nginx \ docker run --name nginx \
-v volume-etc:/nginx/etc \ -v /local/etc:/nginx/etc \
-v volume-www:/nginx/www \ -v /local/www:/nginx/www \
-v volume-ssl:/nginx/ssl:ro \ -v /local/ssl:/nginx/ssl:ro \
-d 11notes/nginx:[tag] -d 11notes/nginx:[tag]
``` ```
## difference between official docker images ## difference between official docker images
Additional plugins: Additional plugins:
```shell ```shell
module_headers_more module_headers_more
``` ```
Nginx configuration: Nginx configuration:
```shell ```shell
all data moved to /nginx (in compiler!) all data moved to /nginx (in compiler!)
``` ```
## Docker -u 1000:1000 (no root initiative) ## Docker -u 1000:1000 (no root initiative)
As part to make containers more secure, this container will not run as root, but as uid:gid 1000:1000. Therefore the default TCP port 80 was changed to 8080.
As part to make containers more secure, this container will not run as root, but as uid:gid 1000:1000. Therefore the default TCP port 80 was changed to 8080 (/source/default.conf). ## Built with
* [Alpine Linux](https://alpinelinux.org/) - Offical Parent Container
## Build with * [nginx](https://nginx.org/) - Nginx
* [Alpine Linux](https://alpinelinux.org/) - Alpine Linux
* [nginx](https://github.com/nginxinc/docker-nginx) - Nginx
## Tips ## Tips

252
amd64.dockerfile
View File

@@ -1,144 +1,146 @@
# :: Build # :: Build
FROM alpine:latest as build FROM alpine:latest as build
ENV NGINX_VERSION=1.24.0 ENV NGINX_VERSION=1.24.0
ENV MODULE_HEADERS_MORE_NGINX_VERSION=0.34 ENV MODULE_HEADERS_MORE_NGINX_VERSION=0.34
RUN set -ex; \ RUN set -ex; \
CONFIG="\ CONFIG="\
--prefix=/etc/nginx \ --prefix=/etc/nginx \
--sbin-path=/usr/sbin/nginx \ --sbin-path=/usr/sbin/nginx \
--modules-path=/usr/lib/nginx/modules \ --modules-path=/usr/lib/nginx/modules \
--conf-path=/etc/nginx/nginx.conf \ --conf-path=/etc/nginx/nginx.conf \
--error-log-path=/var/log/nginx/error.log \ --error-log-path=/var/log/nginx/error.log \
--http-log-path=/var/log/nginx/access.log \ --http-log-path=/var/log/nginx/access.log \
--pid-path=/nginx/run/nginx.pid \ --pid-path=/nginx/run/nginx.pid \
--lock-path=/nginx/run/nginx.lock \ --lock-path=/nginx/run/nginx.lock \
--http-client-body-temp-path=/nginx/cache/client_temp \ --http-client-body-temp-path=/nginx/cache/client_temp \
--http-proxy-temp-path=/nginx/cache/proxy_temp \ --http-proxy-temp-path=/nginx/cache/proxy_temp \
--http-fastcgi-temp-path=/nginx/cache/fastcgi_temp \ --http-fastcgi-temp-path=/nginx/cache/fastcgi_temp \
--http-uwsgi-temp-path=/nginx/cache/uwsgi_temp \ --http-uwsgi-temp-path=/nginx/cache/uwsgi_temp \
--http-scgi-temp-path=/nginx/cache/scgi_temp \ --http-scgi-temp-path=/nginx/cache/scgi_temp \
--user=nginx \ --user=nginx \
--group=nginx \ --group=nginx \
--with-http_ssl_module \ --with-http_ssl_module \
--with-http_realip_module \ --with-http_realip_module \
--with-http_addition_module \ --with-http_addition_module \
--with-http_sub_module \ --with-http_sub_module \
--with-http_dav_module \ --with-http_dav_module \
--with-http_flv_module \ --with-http_flv_module \
--with-http_mp4_module \ --with-http_mp4_module \
--with-http_gunzip_module \ --with-http_gunzip_module \
--with-http_gzip_static_module \ --with-http_gzip_static_module \
--with-http_random_index_module \ --with-http_random_index_module \
--with-http_secure_link_module \ --with-http_secure_link_module \
--with-http_stub_status_module \ --with-http_stub_status_module \
--with-http_auth_request_module \ --with-http_auth_request_module \
--with-http_xslt_module=dynamic \ --with-http_xslt_module=dynamic \
--with-http_image_filter_module=dynamic \ --with-http_image_filter_module=dynamic \
--with-http_geoip_module=dynamic \ --with-http_geoip_module=dynamic \
--with-threads \ --with-threads \
--with-stream \ --with-stream \
--with-stream_ssl_module \ --with-stream_ssl_module \
--with-stream_ssl_preread_module \ --with-stream_ssl_preread_module \
--with-stream_realip_module \ --with-stream_realip_module \
--with-stream_geoip_module=dynamic \ --with-stream_geoip_module=dynamic \
--with-http_slice_module \ --with-http_slice_module \
--with-mail \ --with-mail \
--with-mail_ssl_module \ --with-mail_ssl_module \
--with-compat \ --with-compat \
--with-file-aio \ --with-file-aio \
--with-http_v2_module \ --with-http_v2_module \
--add-module=/usr/lib/nginx/modules/headers-more-nginx-module-${MODULE_HEADERS_MORE_NGINX_VERSION} \ --add-module=/usr/lib/nginx/modules/headers-more-nginx-module-${MODULE_HEADERS_MORE_NGINX_VERSION} \
"; \ "; \
apk add --no-cache --update \ apk add --no-cache --update \
curl \ curl \
tar \ tar \
gcc \ gcc \
libc-dev \ libc-dev \
make \ make \
openssl-dev \ openssl-dev \
pcre2-dev \ pcre2-dev \
zlib-dev \ zlib-dev \
linux-headers \ linux-headers \
libxslt-dev \ libxslt-dev \
gd-dev \ gd-dev \
geoip-dev \ geoip-dev \
perl-dev \ perl-dev \
libedit-dev \ libedit-dev \
bash \ bash \
alpine-sdk \ alpine-sdk \
findutils; \ findutils; \
mkdir -p /usr/lib/nginx/modules; \ apk upgrade; \
mkdir -p /usr/src; \ mkdir -p /usr/lib/nginx/modules; \
curl -SL https://github.com/openresty/headers-more-nginx-module/archive/v${MODULE_HEADERS_MORE_NGINX_VERSION}.tar.gz | tar -zxC /usr/lib/nginx/modules; \ mkdir -p /usr/src; \
curl -SL https://nginx.org/download/nginx-${NGINX_VERSION}.tar.gz | tar -zxC /usr/src; \ curl -SL https://github.com/openresty/headers-more-nginx-module/archive/v${MODULE_HEADERS_MORE_NGINX_VERSION}.tar.gz | tar -zxC /usr/lib/nginx/modules; \
cd /usr/src/nginx-${NGINX_VERSION}; \ curl -SL https://nginx.org/download/nginx-${NGINX_VERSION}.tar.gz | tar -zxC /usr/src; \
./configure $CONFIG --with-debug; \ cd /usr/src/nginx-${NGINX_VERSION}; \
make -j $(nproc); \ ./configure $CONFIG --with-debug; \
mv objs/nginx objs/nginx-debug; \ make -j $(nproc); \
mv objs/ngx_http_xslt_filter_module.so objs/ngx_http_xslt_filter_module-debug.so; \ mv objs/nginx objs/nginx-debug; \
mv objs/ngx_http_image_filter_module.so objs/ngx_http_image_filter_module-debug.so; \ mv objs/ngx_http_xslt_filter_module.so objs/ngx_http_xslt_filter_module-debug.so; \
mv objs/ngx_http_geoip_module.so objs/ngx_http_geoip_module-debug.so; \ mv objs/ngx_http_image_filter_module.so objs/ngx_http_image_filter_module-debug.so; \
mv objs/ngx_stream_geoip_module.so objs/ngx_stream_geoip_module-debug.so; \ mv objs/ngx_http_geoip_module.so objs/ngx_http_geoip_module-debug.so; \
./configure $CONFIG; \ mv objs/ngx_stream_geoip_module.so objs/ngx_stream_geoip_module-debug.so; \
make -j $(nproc); \ ./configure $CONFIG; \
make install; \ make -j $(nproc); \
install -m755 objs/ngx_http_xslt_filter_module-debug.so /usr/lib/nginx/modules/ngx_http_xslt_filter_module-debug.so; \ make install; \
install -m755 objs/ngx_http_image_filter_module-debug.so /usr/lib/nginx/modules/ngx_http_image_filter_module-debug.so; \ install -m755 objs/ngx_http_xslt_filter_module-debug.so /usr/lib/nginx/modules/ngx_http_xslt_filter_module-debug.so; \
install -m755 objs/ngx_http_geoip_module-debug.so /usr/lib/nginx/modules/ngx_http_geoip_module-debug.so; \ install -m755 objs/ngx_http_image_filter_module-debug.so /usr/lib/nginx/modules/ngx_http_image_filter_module-debug.so; \
install -m755 objs/ngx_stream_geoip_module-debug.so /usr/lib/nginx/modules/ngx_stream_geoip_module-debug.so; \ install -m755 objs/ngx_http_geoip_module-debug.so /usr/lib/nginx/modules/ngx_http_geoip_module-debug.so; \
strip /usr/sbin/nginx*; \ install -m755 objs/ngx_stream_geoip_module-debug.so /usr/lib/nginx/modules/ngx_stream_geoip_module-debug.so; \
strip /usr/lib/nginx/modules/*.so; strip /usr/sbin/nginx*; \
strip /usr/lib/nginx/modules/*.so;
# :: Header # :: Header
FROM 11notes/alpine:stable FROM 11notes/alpine:stable
COPY --from=build /usr/sbin/nginx /usr/sbin COPY --from=build /usr/sbin/nginx /usr/sbin
COPY --from=build /etc/nginx/ /etc/nginx COPY --from=build /etc/nginx/ /etc/nginx
COPY --from=build /usr/lib/nginx/modules/ /etc/nginx/modules COPY --from=build /usr/lib/nginx/modules/ /etc/nginx/modules
# :: Run # :: Run
USER root USER root
# :: prepare # :: prepare
RUN set -ex; \ RUN set -ex; \
mkdir -p /nginx; \ mkdir -p /nginx; \
mkdir -p /nginx/etc; \ mkdir -p /nginx/etc; \
mkdir -p /nginx/www; \ mkdir -p /nginx/www; \
mkdir -p /nginx/ssl; \ mkdir -p /nginx/ssl; \
mkdir -p /nginx/cache; \ mkdir -p /nginx/cache; \
mkdir -p /nginx/run; mkdir -p /nginx/run; \
mkdir -p /var/log/nginx;
RUN set -ex; \ RUN set -ex; \
apk add --update --no-cache \ apk add --update --no-cache \
curl \ curl \
pcre2-dev; \ pcre2-dev; \
mkdir -p /var/log/nginx; \ apk upgrade; \
touch /var/log/nginx/access.log; \ touch /var/log/nginx/access.log; \
touch /var/log/nginx/error.log; \ touch /var/log/nginx/error.log; \
ln -sf /dev/stdout /var/log/nginx/access.log; \ ln -sf /dev/stdout /var/log/nginx/access.log; \
ln -sf /dev/stderr /var/log/nginx/error.log; ln -sf /dev/stderr /var/log/nginx/error.log;
RUN set -ex; \ RUN set -ex; \
addgroup --gid 1000 -S nginx; \ addgroup --gid 1000 -S nginx; \
adduser --uid 1000 -D -S -h /nginx -s /sbin/nologin -G nginx nginx; adduser --uid 1000 -D -S -h /nginx -s /sbin/nologin -G nginx nginx;
# :: copy root filesystem changes # :: copy root filesystem changes
COPY ./rootfs / COPY ./rootfs /
RUN set -ex; \
chmod +x -R /usr/local/bin;
# :: docker -u 1000:1000 (no root initiative) # :: docker -u 1000:1000 (no root initiative)
RUN set -ex; \ RUN set -ex; \
chown nginx:nginx -R \ chown nginx:nginx -R \
/nginx \ /nginx \
/var/log/nginx; /var/log/nginx;
# :: Volumes # :: Volumes
VOLUME ["/nginx/etc", "/nginx/www", "/nginx/ssl"] VOLUME ["/nginx/etc", "/nginx/www", "/nginx/ssl"]
# :: Monitor # :: Monitor
RUN set -ex; chmod +x /usr/local/bin/healthcheck.sh
HEALTHCHECK CMD /usr/local/bin/healthcheck.sh || exit 1 HEALTHCHECK CMD /usr/local/bin/healthcheck.sh || exit 1
# :: Start # :: Start
RUN set -ex; chmod +x /usr/local/bin/entrypoint.sh USER nginx
USER nginx ENTRYPOINT ["/usr/local/bin/entrypoint.sh"]
ENTRYPOINT ["/usr/local/bin/entrypoint.sh"]

188
arm32v7.dockerfile
View File

@@ -6,95 +6,96 @@
# :: Builder # :: Builder
FROM arm32v7/alpine:latest as build FROM arm32v7/alpine:latest as build
COPY --from=qemu qemu-arm-static /usr/bin COPY --from=qemu qemu-arm-static /usr/bin
ENV NGINX_VERSION 1.24.0 ENV NGINX_VERSION=1.24.0
ENV ADD_MODULE_HEADERS_MORE_NGINX_VERSION 0.34 ENV MODULE_HEADERS_MORE_NGINX_VERSION=0.34
RUN set -ex; \ RUN set -ex; \
CONFIG="\ CONFIG="\
--prefix=/etc/nginx \ --prefix=/etc/nginx \
--sbin-path=/usr/sbin/nginx \ --sbin-path=/usr/sbin/nginx \
--modules-path=/usr/lib/nginx/modules \ --modules-path=/usr/lib/nginx/modules \
--conf-path=/etc/nginx/nginx.conf \ --conf-path=/etc/nginx/nginx.conf \
--error-log-path=/var/log/nginx/error.log \ --error-log-path=/var/log/nginx/error.log \
--http-log-path=/var/log/nginx/access.log \ --http-log-path=/var/log/nginx/access.log \
--pid-path=/nginx/run/nginx.pid \ --pid-path=/nginx/run/nginx.pid \
--lock-path=/nginx/run/nginx.lock \ --lock-path=/nginx/run/nginx.lock \
--http-client-body-temp-path=/nginx/cache/client_temp \ --http-client-body-temp-path=/nginx/cache/client_temp \
--http-proxy-temp-path=/nginx/cache/proxy_temp \ --http-proxy-temp-path=/nginx/cache/proxy_temp \
--http-fastcgi-temp-path=/nginx/cache/fastcgi_temp \ --http-fastcgi-temp-path=/nginx/cache/fastcgi_temp \
--http-uwsgi-temp-path=/nginx/cache/uwsgi_temp \ --http-uwsgi-temp-path=/nginx/cache/uwsgi_temp \
--http-scgi-temp-path=/nginx/cache/scgi_temp \ --http-scgi-temp-path=/nginx/cache/scgi_temp \
--user=nginx \ --user=nginx \
--group=nginx \ --group=nginx \
--with-http_ssl_module \ --with-http_ssl_module \
--with-http_realip_module \ --with-http_realip_module \
--with-http_addition_module \ --with-http_addition_module \
--with-http_sub_module \ --with-http_sub_module \
--with-http_dav_module \ --with-http_dav_module \
--with-http_flv_module \ --with-http_flv_module \
--with-http_mp4_module \ --with-http_mp4_module \
--with-http_gunzip_module \ --with-http_gunzip_module \
--with-http_gzip_static_module \ --with-http_gzip_static_module \
--with-http_random_index_module \ --with-http_random_index_module \
--with-http_secure_link_module \ --with-http_secure_link_module \
--with-http_stub_status_module \ --with-http_stub_status_module \
--with-http_auth_request_module \ --with-http_auth_request_module \
--with-http_xslt_module=dynamic \ --with-http_xslt_module=dynamic \
--with-http_image_filter_module=dynamic \ --with-http_image_filter_module=dynamic \
--with-http_geoip_module=dynamic \ --with-http_geoip_module=dynamic \
--with-threads \ --with-threads \
--with-stream \ --with-stream \
--with-stream_ssl_module \ --with-stream_ssl_module \
--with-stream_ssl_preread_module \ --with-stream_ssl_preread_module \
--with-stream_realip_module \ --with-stream_realip_module \
--with-stream_geoip_module=dynamic \ --with-stream_geoip_module=dynamic \
--with-http_slice_module \ --with-http_slice_module \
--with-mail \ --with-mail \
--with-mail_ssl_module \ --with-mail_ssl_module \
--with-compat \ --with-compat \
--with-file-aio \ --with-file-aio \
--with-http_v2_module \ --with-http_v2_module \
--add-module=/usr/lib/nginx/modules/headers-more-nginx-module-$ADD_MODULE_HEADERS_MORE_NGINX_VERSION \ --add-module=/usr/lib/nginx/modules/headers-more-nginx-module-${MODULE_HEADERS_MORE_NGINX_VERSION} \
"; \ "; \
apk add --no-cache --update \ apk add --no-cache --update \
curl \ curl \
tar \ tar \
gcc \ gcc \
libc-dev \ libc-dev \
make \ make \
openssl-dev \ openssl-dev \
pcre2-dev \ pcre2-dev \
zlib-dev \ zlib-dev \
linux-headers \ linux-headers \
libxslt-dev \ libxslt-dev \
gd-dev \ gd-dev \
geoip-dev \ geoip-dev \
perl-dev \ perl-dev \
libedit-dev \ libedit-dev \
bash \ bash \
alpine-sdk \ alpine-sdk \
findutils; \ findutils; \
mkdir -p /usr/lib/nginx/modules; \ apk upgrade; \
mkdir -p /usr/src; \ mkdir -p /usr/lib/nginx/modules; \
curl -SL https://github.com/openresty/headers-more-nginx-module/archive/v$ADD_MODULE_HEADERS_MORE_NGINX_VERSION.tar.gz | tar -zxC /usr/lib/nginx/modules; \ mkdir -p /usr/src; \
curl -SL https://nginx.org/download/nginx-$NGINX_VERSION.tar.gz | tar -zxC /usr/src; \ curl -SL https://github.com/openresty/headers-more-nginx-module/archive/v${MODULE_HEADERS_MORE_NGINX_VERSION}.tar.gz | tar -zxC /usr/lib/nginx/modules; \
cd /usr/src/nginx-$NGINX_VERSION; \ curl -SL https://nginx.org/download/nginx-${NGINX_VERSION}.tar.gz | tar -zxC /usr/src; \
./configure $CONFIG --with-debug; \ cd /usr/src/nginx-${NGINX_VERSION}; \
make -j $(nproc); \ ./configure $CONFIG --with-debug; \
mv objs/nginx objs/nginx-debug; \ make -j $(nproc); \
mv objs/ngx_http_xslt_filter_module.so objs/ngx_http_xslt_filter_module-debug.so; \ mv objs/nginx objs/nginx-debug; \
mv objs/ngx_http_image_filter_module.so objs/ngx_http_image_filter_module-debug.so; \ mv objs/ngx_http_xslt_filter_module.so objs/ngx_http_xslt_filter_module-debug.so; \
mv objs/ngx_http_geoip_module.so objs/ngx_http_geoip_module-debug.so; \ mv objs/ngx_http_image_filter_module.so objs/ngx_http_image_filter_module-debug.so; \
mv objs/ngx_stream_geoip_module.so objs/ngx_stream_geoip_module-debug.so; \ mv objs/ngx_http_geoip_module.so objs/ngx_http_geoip_module-debug.so; \
./configure $CONFIG; \ mv objs/ngx_stream_geoip_module.so objs/ngx_stream_geoip_module-debug.so; \
make -j $(nproc); \ ./configure $CONFIG; \
make install; \ make -j $(nproc); \
install -m755 objs/ngx_http_xslt_filter_module-debug.so /usr/lib/nginx/modules/ngx_http_xslt_filter_module-debug.so; \ make install; \
install -m755 objs/ngx_http_image_filter_module-debug.so /usr/lib/nginx/modules/ngx_http_image_filter_module-debug.so; \ install -m755 objs/ngx_http_xslt_filter_module-debug.so /usr/lib/nginx/modules/ngx_http_xslt_filter_module-debug.so; \
install -m755 objs/ngx_http_geoip_module-debug.so /usr/lib/nginx/modules/ngx_http_geoip_module-debug.so; \ install -m755 objs/ngx_http_image_filter_module-debug.so /usr/lib/nginx/modules/ngx_http_image_filter_module-debug.so; \
install -m755 objs/ngx_stream_geoip_module-debug.so /usr/lib/nginx/modules/ngx_stream_geoip_module-debug.so; \ install -m755 objs/ngx_http_geoip_module-debug.so /usr/lib/nginx/modules/ngx_http_geoip_module-debug.so; \
strip /usr/sbin/nginx*; \ install -m755 objs/ngx_stream_geoip_module-debug.so /usr/lib/nginx/modules/ngx_stream_geoip_module-debug.so; \
strip /usr/lib/nginx/modules/*.so; strip /usr/sbin/nginx*; \
strip /usr/lib/nginx/modules/*.so;
# :: Header # :: Header
FROM 11notes/alpine:arm32v7-stable FROM 11notes/alpine:arm32v7-stable
@@ -113,13 +114,14 @@
mkdir -p /nginx/www; \ mkdir -p /nginx/www; \
mkdir -p /nginx/ssl; \ mkdir -p /nginx/ssl; \
mkdir -p /nginx/cache; \ mkdir -p /nginx/cache; \
mkdir -p /nginx/run; mkdir -p /nginx/run; \
mkdir -p /var/log/nginx;
RUN set -ex; \ RUN set -ex; \
apk add --update --no-cache \ apk add --update --no-cache \
curl \ curl \
pcre2-dev; \ pcre2-dev; \
mkdir -p /var/log/nginx; \ apk upgrade; \
touch /var/log/nginx/access.log; \ touch /var/log/nginx/access.log; \
touch /var/log/nginx/error.log; \ touch /var/log/nginx/error.log; \
ln -sf /dev/stdout /var/log/nginx/access.log; \ ln -sf /dev/stdout /var/log/nginx/access.log; \
@@ -129,8 +131,10 @@
addgroup --gid 1000 -S nginx; \ addgroup --gid 1000 -S nginx; \
adduser --uid 1000 -D -S -h /nginx -s /sbin/nologin -G nginx nginx; adduser --uid 1000 -D -S -h /nginx -s /sbin/nologin -G nginx nginx;
# :: copy root filesystem changes # :: copy root filesystem changes
COPY ./rootfs / COPY ./rootfs /
RUN set -ex; \
chmod +x -R /usr/local/bin;
# :: docker -u 1000:1000 (no root initiative) # :: docker -u 1000:1000 (no root initiative)
RUN set -ex; \ RUN set -ex; \
@@ -142,10 +146,8 @@
VOLUME ["/nginx/etc", "/nginx/www", "/nginx/ssl"] VOLUME ["/nginx/etc", "/nginx/www", "/nginx/ssl"]
# :: Monitor # :: Monitor
RUN set -ex; chmod +x /usr/local/bin/healthcheck.sh
HEALTHCHECK CMD /usr/local/bin/healthcheck.sh || exit 1 HEALTHCHECK CMD /usr/local/bin/healthcheck.sh || exit 1
# :: Start # :: Start
RUN set -ex; chmod +x /usr/local/bin/entrypoint.sh
USER nginx USER nginx
ENTRYPOINT ["/usr/local/bin/entrypoint.sh"] ENTRYPOINT ["/usr/local/bin/entrypoint.sh"]

188
arm64v8.dockerfile
View File

@@ -6,95 +6,96 @@
# :: Builder # :: Builder
FROM arm64v8/alpine:latest as build FROM arm64v8/alpine:latest as build
COPY --from=qemu qemu-aarch64-static /usr/bin COPY --from=qemu qemu-aarch64-static /usr/bin
ENV NGINX_VERSION 1.24.0 ENV NGINX_VERSION=1.24.0
ENV ADD_MODULE_HEADERS_MORE_NGINX_VERSION 0.34 ENV MODULE_HEADERS_MORE_NGINX_VERSION=0.34
RUN set -ex; \ RUN set -ex; \
CONFIG="\ CONFIG="\
--prefix=/etc/nginx \ --prefix=/etc/nginx \
--sbin-path=/usr/sbin/nginx \ --sbin-path=/usr/sbin/nginx \
--modules-path=/usr/lib/nginx/modules \ --modules-path=/usr/lib/nginx/modules \
--conf-path=/etc/nginx/nginx.conf \ --conf-path=/etc/nginx/nginx.conf \
--error-log-path=/var/log/nginx/error.log \ --error-log-path=/var/log/nginx/error.log \
--http-log-path=/var/log/nginx/access.log \ --http-log-path=/var/log/nginx/access.log \
--pid-path=/nginx/run/nginx.pid \ --pid-path=/nginx/run/nginx.pid \
--lock-path=/nginx/run/nginx.lock \ --lock-path=/nginx/run/nginx.lock \
--http-client-body-temp-path=/nginx/cache/client_temp \ --http-client-body-temp-path=/nginx/cache/client_temp \
--http-proxy-temp-path=/nginx/cache/proxy_temp \ --http-proxy-temp-path=/nginx/cache/proxy_temp \
--http-fastcgi-temp-path=/nginx/cache/fastcgi_temp \ --http-fastcgi-temp-path=/nginx/cache/fastcgi_temp \
--http-uwsgi-temp-path=/nginx/cache/uwsgi_temp \ --http-uwsgi-temp-path=/nginx/cache/uwsgi_temp \
--http-scgi-temp-path=/nginx/cache/scgi_temp \ --http-scgi-temp-path=/nginx/cache/scgi_temp \
--user=nginx \ --user=nginx \
--group=nginx \ --group=nginx \
--with-http_ssl_module \ --with-http_ssl_module \
--with-http_realip_module \ --with-http_realip_module \
--with-http_addition_module \ --with-http_addition_module \
--with-http_sub_module \ --with-http_sub_module \
--with-http_dav_module \ --with-http_dav_module \
--with-http_flv_module \ --with-http_flv_module \
--with-http_mp4_module \ --with-http_mp4_module \
--with-http_gunzip_module \ --with-http_gunzip_module \
--with-http_gzip_static_module \ --with-http_gzip_static_module \
--with-http_random_index_module \ --with-http_random_index_module \
--with-http_secure_link_module \ --with-http_secure_link_module \
--with-http_stub_status_module \ --with-http_stub_status_module \
--with-http_auth_request_module \ --with-http_auth_request_module \
--with-http_xslt_module=dynamic \ --with-http_xslt_module=dynamic \
--with-http_image_filter_module=dynamic \ --with-http_image_filter_module=dynamic \
--with-http_geoip_module=dynamic \ --with-http_geoip_module=dynamic \
--with-threads \ --with-threads \
--with-stream \ --with-stream \
--with-stream_ssl_module \ --with-stream_ssl_module \
--with-stream_ssl_preread_module \ --with-stream_ssl_preread_module \
--with-stream_realip_module \ --with-stream_realip_module \
--with-stream_geoip_module=dynamic \ --with-stream_geoip_module=dynamic \
--with-http_slice_module \ --with-http_slice_module \
--with-mail \ --with-mail \
--with-mail_ssl_module \ --with-mail_ssl_module \
--with-compat \ --with-compat \
--with-file-aio \ --with-file-aio \
--with-http_v2_module \ --with-http_v2_module \
--add-module=/usr/lib/nginx/modules/headers-more-nginx-module-$ADD_MODULE_HEADERS_MORE_NGINX_VERSION \ --add-module=/usr/lib/nginx/modules/headers-more-nginx-module-${MODULE_HEADERS_MORE_NGINX_VERSION} \
"; \ "; \
apk add --no-cache --update \ apk add --no-cache --update \
curl \ curl \
tar \ tar \
gcc \ gcc \
libc-dev \ libc-dev \
make \ make \
openssl-dev \ openssl-dev \
pcre2-dev \ pcre2-dev \
zlib-dev \ zlib-dev \
linux-headers \ linux-headers \
libxslt-dev \ libxslt-dev \
gd-dev \ gd-dev \
geoip-dev \ geoip-dev \
perl-dev \ perl-dev \
libedit-dev \ libedit-dev \
bash \ bash \
alpine-sdk \ alpine-sdk \
findutils; \ findutils; \
mkdir -p /usr/lib/nginx/modules; \ apk upgrade; \
mkdir -p /usr/src; \ mkdir -p /usr/lib/nginx/modules; \
curl -SL https://github.com/openresty/headers-more-nginx-module/archive/v$ADD_MODULE_HEADERS_MORE_NGINX_VERSION.tar.gz | tar -zxC /usr/lib/nginx/modules; \ mkdir -p /usr/src; \
curl -SL https://nginx.org/download/nginx-$NGINX_VERSION.tar.gz | tar -zxC /usr/src; \ curl -SL https://github.com/openresty/headers-more-nginx-module/archive/v${MODULE_HEADERS_MORE_NGINX_VERSION}.tar.gz | tar -zxC /usr/lib/nginx/modules; \
cd /usr/src/nginx-$NGINX_VERSION; \ curl -SL https://nginx.org/download/nginx-${NGINX_VERSION}.tar.gz | tar -zxC /usr/src; \
./configure $CONFIG --with-debug; \ cd /usr/src/nginx-${NGINX_VERSION}; \
make -j $(nproc); \ ./configure $CONFIG --with-debug; \
mv objs/nginx objs/nginx-debug; \ make -j $(nproc); \
mv objs/ngx_http_xslt_filter_module.so objs/ngx_http_xslt_filter_module-debug.so; \ mv objs/nginx objs/nginx-debug; \
mv objs/ngx_http_image_filter_module.so objs/ngx_http_image_filter_module-debug.so; \ mv objs/ngx_http_xslt_filter_module.so objs/ngx_http_xslt_filter_module-debug.so; \
mv objs/ngx_http_geoip_module.so objs/ngx_http_geoip_module-debug.so; \ mv objs/ngx_http_image_filter_module.so objs/ngx_http_image_filter_module-debug.so; \
mv objs/ngx_stream_geoip_module.so objs/ngx_stream_geoip_module-debug.so; \ mv objs/ngx_http_geoip_module.so objs/ngx_http_geoip_module-debug.so; \
./configure $CONFIG; \ mv objs/ngx_stream_geoip_module.so objs/ngx_stream_geoip_module-debug.so; \
make -j $(nproc); \ ./configure $CONFIG; \
make install; \ make -j $(nproc); \
install -m755 objs/ngx_http_xslt_filter_module-debug.so /usr/lib/nginx/modules/ngx_http_xslt_filter_module-debug.so; \ make install; \
install -m755 objs/ngx_http_image_filter_module-debug.so /usr/lib/nginx/modules/ngx_http_image_filter_module-debug.so; \ install -m755 objs/ngx_http_xslt_filter_module-debug.so /usr/lib/nginx/modules/ngx_http_xslt_filter_module-debug.so; \
install -m755 objs/ngx_http_geoip_module-debug.so /usr/lib/nginx/modules/ngx_http_geoip_module-debug.so; \ install -m755 objs/ngx_http_image_filter_module-debug.so /usr/lib/nginx/modules/ngx_http_image_filter_module-debug.so; \
install -m755 objs/ngx_stream_geoip_module-debug.so /usr/lib/nginx/modules/ngx_stream_geoip_module-debug.so; \ install -m755 objs/ngx_http_geoip_module-debug.so /usr/lib/nginx/modules/ngx_http_geoip_module-debug.so; \
strip /usr/sbin/nginx*; \ install -m755 objs/ngx_stream_geoip_module-debug.so /usr/lib/nginx/modules/ngx_stream_geoip_module-debug.so; \
strip /usr/lib/nginx/modules/*.so; strip /usr/sbin/nginx*; \
strip /usr/lib/nginx/modules/*.so;
# :: Header # :: Header
FROM 11notes/alpine:arm64v8-stable FROM 11notes/alpine:arm64v8-stable
@@ -113,13 +114,14 @@
mkdir -p /nginx/www; \ mkdir -p /nginx/www; \
mkdir -p /nginx/ssl; \ mkdir -p /nginx/ssl; \
mkdir -p /nginx/cache; \ mkdir -p /nginx/cache; \
mkdir -p /nginx/run; mkdir -p /nginx/run; \
mkdir -p /var/log/nginx;
RUN set -ex; \ RUN set -ex; \
apk add --update --no-cache \ apk add --update --no-cache \
curl \ curl \
pcre2-dev; \ pcre2-dev; \
mkdir -p /var/log/nginx; \ apk upgrade; \
touch /var/log/nginx/access.log; \ touch /var/log/nginx/access.log; \
touch /var/log/nginx/error.log; \ touch /var/log/nginx/error.log; \
ln -sf /dev/stdout /var/log/nginx/access.log; \ ln -sf /dev/stdout /var/log/nginx/access.log; \
@@ -129,8 +131,10 @@
addgroup --gid 1000 -S nginx; \ addgroup --gid 1000 -S nginx; \
adduser --uid 1000 -D -S -h /nginx -s /sbin/nologin -G nginx nginx; adduser --uid 1000 -D -S -h /nginx -s /sbin/nologin -G nginx nginx;
# :: copy root filesystem changes # :: copy root filesystem changes
COPY ./rootfs / COPY ./rootfs /
RUN set -ex; \
chmod +x -R /usr/local/bin;
# :: docker -u 1000:1000 (no root initiative) # :: docker -u 1000:1000 (no root initiative)
RUN set -ex; \ RUN set -ex; \
@@ -142,10 +146,8 @@
VOLUME ["/nginx/etc", "/nginx/www", "/nginx/ssl"] VOLUME ["/nginx/etc", "/nginx/www", "/nginx/ssl"]
# :: Monitor # :: Monitor
RUN set -ex; chmod +x /usr/local/bin/healthcheck.sh
HEALTHCHECK CMD /usr/local/bin/healthcheck.sh || exit 1 HEALTHCHECK CMD /usr/local/bin/healthcheck.sh || exit 1
# :: Start # :: Start
RUN set -ex; chmod +x /usr/local/bin/entrypoint.sh
USER nginx USER nginx
ENTRYPOINT ["/usr/local/bin/entrypoint.sh"] ENTRYPOINT ["/usr/local/bin/entrypoint.sh"]