!change HEALTHCHECK_URL is now the complete URL

2023-12-14 09:10:57 +01:00
parent 62d7ef079c
commit 91bdc8f980
6 changed files with 47 additions and 29 deletions
--- a/.gitignore
+++ b/.gitignore
@@ -1 +1,2 @@
-maintain/
+maintain/
 /build
--- a/README.md
+++ b/README.md
@@ -1,4 +1,6 @@
 # Alpine :: Nginx
 ![size](https://img.shields.io/docker/image-size/11notes/nginx/2.6.0?color=0eb305) ![version](https://img.shields.io/docker/v/11notes/nginx?color=eb7a09) ![pulls](https://img.shields.io/docker/pulls/11notes/nginx?color=2b75d6) ![activity](https://img.shields.io/github/commit-activity/m/11notes/docker-nginx?color=c91cb8) ![commit-last](https://img.shields.io/github/last-commit/11notes/docker-nginx?color=c91cb8)
 Run Nginx based on Alpine Linux. Small, lightweight, secure and fast 🏔️
 ## Volumes
@@ -21,14 +23,12 @@ docker run --name nginx \
 | `user` | docker | user docker |
 | `uid` | 1000 | user id 1000 |
 | `gid` | 1000 | group id 1000 |
 | `home` | /nginx | home directory of user docker |
 ## Environment
-| Parameter | Value |Default |
+| Parameter | Value | Default |
 | --- | --- | --- |
-| `HEALTHCHECK_PROTO` | http or https | http |
+| `HEALTHCHECK_URL` | URL to check for health of conatiner | https://localhost:8443/ping |
 | `HEALTHCHECK_HOST` | localhost or 127.0.0.1 or a dedicated IP | localhost |
 | `HEALTHCHECK_PORT` | any TCP port | 8080 |
 | `HEALTHCHECK_URL` | any URL, must start with / | / |
 ## Delta
 Additional plugins:
@@ -37,14 +37,13 @@ Additional plugins:
  module_headers_more
 ```
-## Parent
+## Parent image
 * [11notes/alpine:stable](https://github.com/11notes/docker-alpine)
-## Built with
+## Built with and thanks to
 * [nginx](https://nginx.org)
 * [Alpine Linux](https://alpinelinux.org)
 ## Tips
-* You can find some [examples](examples) of special backend configurations
+* Only use rootless container runtime (podman, rootless docker)
-* Don't bind to ports < 1024 (requires root), use NAT/reverse proxy
+* Don't bind to ports < 1024 (requires root), use NAT/reverse proxy (haproxy, traefik, nginx)
 * [Permanent Stroage](https://github.com/11notes/alpine-docker-netshare) - Module to store permanent container data via NFS/CIFS and more
--- a/amd64.dockerfile
+++ b/amd64.dockerfile
@@ -1,6 +1,6 @@
 # :: Build
  FROM alpine:latest as build
-  ENV NGINX_VERSION=1.24.0
+  ENV APP_VERSION=1.24.0
  ENV MODULE_HEADERS_MORE_NGINX_VERSION=0.34
  RUN set -ex; \
@@ -72,8 +72,8 @@
    mkdir -p /usr/lib/nginx/modules; \
    mkdir -p /usr/src; \
    curl -SL https://github.com/openresty/headers-more-nginx-module/archive/v${MODULE_HEADERS_MORE_NGINX_VERSION}.tar.gz | tar -zxC /usr/lib/nginx/modules; \
-    curl -SL https://nginx.org/download/nginx-${NGINX_VERSION}.tar.gz | tar -zxC /usr/src; \
+    curl -SL https://nginx.org/download/nginx-${APP_VERSION}.tar.gz | tar -zxC /usr/src; \
-    cd /usr/src/nginx-${NGINX_VERSION}; \
+    cd /usr/src/nginx-${APP_VERSION}; \
    ./configure $CONFIG --with-debug; \
    make -j $(nproc); \
    mv objs/nginx objs/nginx-debug; \
@@ -93,6 +93,8 @@
 # :: Header
  FROM 11notes/alpine:stable
  ENV APP_NAME=nginx
  ENV APP_ROOT=/nginx
  COPY --from=build /usr/sbin/nginx /usr/sbin
  COPY --from=build /etc/nginx/ /etc/nginx
  COPY --from=build /usr/lib/nginx/modules/ /etc/nginx/modules
@@ -103,17 +105,18 @@
  # :: update image
    RUN set -ex; \
      apk add --no-cache \
        openssl \
        pcre2-dev; \
      apk --no-cache upgrade;
  # :: prepare image
    RUN set -ex; \
-      mkdir -p /nginx; \
+      mkdir -p ${APP_ROOT}; \
-      mkdir -p /nginx/etc; \
+      mkdir -p ${APP_ROOT}/etc; \
-      mkdir -p /nginx/www; \
+      mkdir -p ${APP_ROOT}/www; \
-      mkdir -p /nginx/ssl; \
+      mkdir -p ${APP_ROOT}/ssl; \
-      mkdir -p /nginx/cache; \
+      mkdir -p ${APP_ROOT}/cache; \
-      mkdir -p /nginx/run; \
+      mkdir -p ${APP_ROOT}/run; \
      mkdir -p /var/log/nginx; \
      touch /var/log/nginx/access.log; \
      touch /var/log/nginx/error.log; \
@@ -127,13 +130,13 @@
  # :: change home path for existing user and set correct permission
    RUN set -ex; \
-      usermod -d /nginx docker; \
+      usermod -d ${APP_ROOT} docker; \
      chown -R 1000:1000 \
-        /nginx \
+        ${APP_ROOT} \
        /var/log/nginx;
 # :: Volumes
-  VOLUME ["/nginx/etc", "/nginx/www", "/nginx/ssl"]
+  VOLUME ["${APP_ROOT}/etc", "${APP_ROOT}/www", "${APP_ROOT}/ssl"]
 # :: Monitor
  HEALTHCHECK CMD /usr/local/bin/healthcheck.sh || exit 1
--- a/rootfs/nginx/etc/default.conf
+++ b/rootfs/nginx/etc/default.conf
@@ -0,0 +1,11 @@
 server {
  listen 8443 default_server ssl http2;
  server_name _;
  ssl_certificate /nginx/ssl/default.crt;
  ssl_certificate_key /nginx/ssl/default.key;
  location /ping {
    return 200;
  }
 }
--- a/rootfs/usr/local/bin/entrypoint.sh
+++ b/rootfs/usr/local/bin/entrypoint.sh
@@ -1,5 +1,12 @@
 #!/bin/ash
-  if [ -z "$1" ]; then
+  if [ ! -f "${APP_ROOT}/ssl/default.crt" ]; then
    openssl req -x509 -newkey rsa:4096 -subj "/C=XX/ST=XX/L=XX/O=XX/OU=XX/CN=${APP_NAME}" \
      -keyout "${APP_ROOT}/ssl/default.key" \
      -out "${APP_ROOT}/ssl/default.crt" \
      -days 3650 -nodes -sha256 &> /dev/null
  fi
  if [ -z "${1}" ]; then
    set -- "nginx" \
      -g \
      'daemon off;'
--- a/rootfs/usr/local/bin/healthcheck.sh
+++ b/rootfs/usr/local/bin/healthcheck.sh
@@ -1,6 +1,3 @@
 #!/bin/ash
-  if [ -z "${HEALTHCHECK_PROTO}" ]; then HEALTHCHECK_PROTO=http; fi
+  HEALTHCHECK_URL=${HEALTHCHECK_URL:-https://localhost:8443/ping}
-  if [ -z "${HEALTHCHECK_HOST}" ]; then HEALTHCHECK_HOST=localhost; fi
+  curl --insecure --max-time 3 -kILs --fail ${HEALTHCHECK_URL}
  if [ -z "${HEALTHCHECK_PORT}" ]; then HEALTHCHECK_PORT=8080; fi
  if [ -z "${HEALTHCHECK_URL}" ]; then HEALTHCHECK_URL=/; fi
  curl --max-time 5 -kILs --fail ${HEALTHCHECK_PROTO}://${HEALTHCHECK_HOST}:${HEALTHCHECK_PORT}${HEALTHCHECK_URL}