diff --git a/amd64.dockerfile b/amd64.dockerfile index 5b440e4..621d004 100644 --- a/amd64.dockerfile +++ b/amd64.dockerfile @@ -1,8 +1,7 @@ # :: Build - FROM alpine:latest as nginx + FROM alpine:latest as build ENV NGINX_VERSION=1.24.0 ENV MODULE_HEADERS_MORE_NGINX_VERSION=0.34 - ENV MODULE_NTLM_VERSION=1.19.3 RUN set -ex; \ CONFIG="\ @@ -50,7 +49,6 @@ --with-file-aio \ --with-http_v2_module \ --add-module=/usr/lib/nginx/modules/headers-more-nginx-module-${MODULE_HEADERS_MORE_NGINX_VERSION} \ - --add-module=/usr/lib/nginx/modules/nginx-ntlm-module-${MODULE_NTLM_VERSION} \ "; \ apk add --no-cache --update \ curl \ @@ -73,7 +71,6 @@ mkdir -p /usr/lib/nginx/modules; \ mkdir -p /usr/src; \ curl -SL https://github.com/openresty/headers-more-nginx-module/archive/v${MODULE_HEADERS_MORE_NGINX_VERSION}.tar.gz | tar -zxC /usr/lib/nginx/modules; \ - curl -SL https://github.com/gabihodoroaga/nginx-ntlm-module/archive/refs/tags/v${MODULE_NTLM_VERSION}.tar.gz | tar -zxC /usr/lib/nginx/modules; \ curl -SL https://nginx.org/download/nginx-${NGINX_VERSION}.tar.gz | tar -zxC /usr/src; \ cd /usr/src/nginx-${NGINX_VERSION}; \ ./configure $CONFIG --with-debug; \ @@ -94,10 +91,10 @@ strip /usr/lib/nginx/modules/*.so; # :: Header - FROM alpine:latest - COPY --from=nginx /usr/sbin/nginx /usr/sbin - COPY --from=nginx /etc/nginx/ /etc/nginx - COPY --from=nginx /usr/lib/nginx/modules/ /etc/nginx/modules + FROM 11notes/alpine:stable + COPY --from=build /usr/sbin/nginx /usr/sbin + COPY --from=build /etc/nginx/ /etc/nginx + COPY --from=build /usr/lib/nginx/modules/ /etc/nginx/modules # :: Run USER root @@ -113,8 +110,7 @@ RUN set -ex; \ apk add --update --no-cache \ - curl \ - shadow \ + curl \ pcre2-dev; \ mkdir -p /var/log/nginx; \ touch /var/log/nginx/access.log; \ diff --git a/arm32v7.dockerfile b/arm32v7.dockerfile index ba9ee19..dbfca40 100644 --- a/arm32v7.dockerfile +++ b/arm32v7.dockerfile @@ -1,11 +1,11 @@ # :: Arch - FROM alpine AS builder - ENV QEMU_URL https://github.com/balena-io/qemu/releases/download/v3.0.0%2Bresin/qemu-3.0.0+resin-arm.tar.gz - RUN apk add curl && curl -L ${QEMU_URL} | tar zxvf - -C . && mv qemu-3.0.0+resin-arm/qemu-arm-static . + FROM alpine AS qemu + ENV QEMU_URL https://github.com/balena-io/qemu/releases/download/v3.0.0%2Bresin/qemu-3.0.0+resin-arm.tar.gz + RUN apk add curl && curl -L ${QEMU_URL} | tar zxvf - -C . && mv qemu-3.0.0+resin-arm/qemu-arm-static . # :: Builder - FROM arm32v7/alpine:latest as nginx - COPY --from=builder qemu-arm-static /usr/bin + FROM arm32v7/alpine:latest as build + COPY --from=qemu qemu-arm-static /usr/bin ENV NGINX_VERSION 1.24.0 ENV ADD_MODULE_HEADERS_MORE_NGINX_VERSION 0.34 @@ -97,56 +97,55 @@ strip /usr/lib/nginx/modules/*.so; # :: Header - FROM arm32v7/alpine:latest - COPY --from=builder qemu-arm-static /usr/bin - COPY --from=nginx /usr/sbin/nginx /usr/sbin - COPY --from=nginx /etc/nginx/ /etc/nginx - COPY --from=nginx /usr/lib/nginx/modules/ /etc/nginx/modules + FROM 11notes/alpine:arm32v7-stable + COPY --from=qemu qemu-arm-static /usr/bin + COPY --from=build /usr/sbin/nginx /usr/sbin + COPY --from=build /etc/nginx/ /etc/nginx + COPY --from=build /usr/lib/nginx/modules/ /etc/nginx/modules # :: Run - USER root + USER root - # :: prepare - RUN set -ex; \ - mkdir -p /nginx; \ - mkdir -p /nginx/etc; \ - mkdir -p /nginx/www; \ - mkdir -p /nginx/ssl; \ - mkdir -p /nginx/cache; \ - mkdir -p /nginx/run; + # :: prepare + RUN set -ex; \ + mkdir -p /nginx; \ + mkdir -p /nginx/etc; \ + mkdir -p /nginx/www; \ + mkdir -p /nginx/ssl; \ + mkdir -p /nginx/cache; \ + mkdir -p /nginx/run; - RUN set -ex; \ - apk add --update --no-cache \ - curl \ - shadow \ - pcre2-dev; \ - mkdir -p /var/log/nginx; \ - touch /var/log/nginx/access.log; \ - touch /var/log/nginx/error.log; \ - ln -sf /dev/stdout /var/log/nginx/access.log; \ - ln -sf /dev/stderr /var/log/nginx/error.log; + RUN set -ex; \ + apk add --update --no-cache \ + curl \ + pcre2-dev; \ + mkdir -p /var/log/nginx; \ + touch /var/log/nginx/access.log; \ + touch /var/log/nginx/error.log; \ + ln -sf /dev/stdout /var/log/nginx/access.log; \ + ln -sf /dev/stderr /var/log/nginx/error.log; - RUN set -ex; \ - addgroup --gid 1000 -S nginx; \ - adduser --uid 1000 -D -S -h /nginx -s /sbin/nologin -G nginx nginx; + RUN set -ex; \ + addgroup --gid 1000 -S nginx; \ + adduser --uid 1000 -D -S -h /nginx -s /sbin/nologin -G nginx nginx; - # :: copy root filesystem changes - COPY ./rootfs / + # :: copy root filesystem changes + COPY ./rootfs / - # :: docker -u 1000:1000 (no root initiative) - RUN set -ex; \ - chown nginx:nginx -R \ - /nginx \ - /var/log/nginx; + # :: docker -u 1000:1000 (no root initiative) + RUN set -ex; \ + chown nginx:nginx -R \ + /nginx \ + /var/log/nginx; # :: Volumes - VOLUME ["/nginx/etc", "/nginx/www", "/nginx/ssl"] + VOLUME ["/nginx/etc", "/nginx/www", "/nginx/ssl"] # :: Monitor - RUN set -ex; chmod +x /usr/local/bin/healthcheck.sh - HEALTHCHECK CMD /usr/local/bin/healthcheck.sh || exit 1 + RUN set -ex; chmod +x /usr/local/bin/healthcheck.sh + HEALTHCHECK CMD /usr/local/bin/healthcheck.sh || exit 1 # :: Start - RUN set -ex; chmod +x /usr/local/bin/entrypoint.sh - USER nginx - ENTRYPOINT ["/usr/local/bin/entrypoint.sh"] \ No newline at end of file + RUN set -ex; chmod +x /usr/local/bin/entrypoint.sh + USER nginx + ENTRYPOINT ["/usr/local/bin/entrypoint.sh"] \ No newline at end of file diff --git a/arm64v8.dockerfile b/arm64v8.dockerfile index 66955a8..2bec927 100644 --- a/arm64v8.dockerfile +++ b/arm64v8.dockerfile @@ -1,11 +1,11 @@ # :: Arch - FROM alpine AS builder - ENV QEMU_URL https://github.com/balena-io/qemu/releases/download/v3.0.0%2Bresin/qemu-3.0.0+resin-aarch64.tar.gz - RUN apk add curl && curl -L ${QEMU_URL} | tar zxvf - -C . && mv qemu-3.0.0+resin-aarch64/qemu-aarch64-static . + FROM alpine AS qemu + ENV QEMU_URL https://github.com/balena-io/qemu/releases/download/v3.0.0%2Bresin/qemu-3.0.0+resin-aarch64.tar.gz + RUN apk add curl && curl -L ${QEMU_URL} | tar zxvf - -C . && mv qemu-3.0.0+resin-aarch64/qemu-aarch64-static . # :: Builder - FROM arm64v8/alpine:latest as nginx - COPY --from=builder qemu-aarch64-static /usr/bin + FROM arm64v8/alpine:latest as build + COPY --from=qemu qemu-aarch64-static /usr/bin ENV NGINX_VERSION 1.24.0 ENV ADD_MODULE_HEADERS_MORE_NGINX_VERSION 0.34 @@ -97,56 +97,55 @@ strip /usr/lib/nginx/modules/*.so; # :: Header - FROM arm64v8/alpine:latest - COPY --from=builder qemu-aarch64-static /usr/bin - COPY --from=nginx /usr/sbin/nginx /usr/sbin - COPY --from=nginx /etc/nginx/ /etc/nginx - COPY --from=nginx /usr/lib/nginx/modules/ /etc/nginx/modules + FROM 11notes/alpine:arm64v8-stable + COPY --from=qemu qemu-aarch64-static /usr/bin + COPY --from=build /usr/sbin/nginx /usr/sbin + COPY --from=build /etc/nginx/ /etc/nginx + COPY --from=build /usr/lib/nginx/modules/ /etc/nginx/modules # :: Run - USER root + USER root - # :: prepare - RUN set -ex; \ - mkdir -p /nginx; \ - mkdir -p /nginx/etc; \ - mkdir -p /nginx/www; \ - mkdir -p /nginx/ssl; \ - mkdir -p /nginx/cache; \ - mkdir -p /nginx/run; + # :: prepare + RUN set -ex; \ + mkdir -p /nginx; \ + mkdir -p /nginx/etc; \ + mkdir -p /nginx/www; \ + mkdir -p /nginx/ssl; \ + mkdir -p /nginx/cache; \ + mkdir -p /nginx/run; - RUN set -ex; \ - apk add --update --no-cache \ - curl \ - shadow \ - pcre2-dev; \ - mkdir -p /var/log/nginx; \ - touch /var/log/nginx/access.log; \ - touch /var/log/nginx/error.log; \ - ln -sf /dev/stdout /var/log/nginx/access.log; \ - ln -sf /dev/stderr /var/log/nginx/error.log; + RUN set -ex; \ + apk add --update --no-cache \ + curl \ + pcre2-dev; \ + mkdir -p /var/log/nginx; \ + touch /var/log/nginx/access.log; \ + touch /var/log/nginx/error.log; \ + ln -sf /dev/stdout /var/log/nginx/access.log; \ + ln -sf /dev/stderr /var/log/nginx/error.log; - RUN set -ex; \ - addgroup --gid 1000 -S nginx; \ - adduser --uid 1000 -D -S -h /nginx -s /sbin/nologin -G nginx nginx; + RUN set -ex; \ + addgroup --gid 1000 -S nginx; \ + adduser --uid 1000 -D -S -h /nginx -s /sbin/nologin -G nginx nginx; - # :: copy root filesystem changes - COPY ./rootfs / + # :: copy root filesystem changes + COPY ./rootfs / - # :: docker -u 1000:1000 (no root initiative) - RUN set -ex; \ - chown nginx:nginx -R \ - /nginx \ - /var/log/nginx; + # :: docker -u 1000:1000 (no root initiative) + RUN set -ex; \ + chown nginx:nginx -R \ + /nginx \ + /var/log/nginx; # :: Volumes - VOLUME ["/nginx/etc", "/nginx/www", "/nginx/ssl"] + VOLUME ["/nginx/etc", "/nginx/www", "/nginx/ssl"] # :: Monitor - RUN set -ex; chmod +x /usr/local/bin/healthcheck.sh - HEALTHCHECK CMD /usr/local/bin/healthcheck.sh || exit 1 + RUN set -ex; chmod +x /usr/local/bin/healthcheck.sh + HEALTHCHECK CMD /usr/local/bin/healthcheck.sh || exit 1 # :: Start - RUN set -ex; chmod +x /usr/local/bin/entrypoint.sh - USER nginx - ENTRYPOINT ["/usr/local/bin/entrypoint.sh"] \ No newline at end of file + RUN set -ex; chmod +x /usr/local/bin/entrypoint.sh + USER nginx + ENTRYPOINT ["/usr/local/bin/entrypoint.sh"] \ No newline at end of file diff --git a/rootfs/etc/nginx/nginx.conf b/rootfs/etc/nginx/nginx.conf index 68f8d0d..4743cde 100644 --- a/rootfs/etc/nginx/nginx.conf +++ b/rootfs/etc/nginx/nginx.conf @@ -10,9 +10,8 @@ events { } http { - log_format main '$remote_addr - $remote_user [$time_local] "$request" ' - '$status $body_bytes_sent "$http_referer" ' - '"$http_user_agent" "$http_x_forwarded_for"'; + log_format main escape=json '{"log":"main","time":"$time_iso8601","server":{"name":"$server_name", "protocol":"$server_protocol"}, "client":{"ip":"$remote_addr", "x-forwarded-for":"$http_x_forwarded_for", "user":"$remote_user"},"request":{"method":"$request_method", "url":"$request_uri", "time":"$request_time", "status":$status}}'; + log_format proxy escape=json '{"log":"proxy", "time":"$time_iso8601","server":{"name":"$server_name", "protocol":"$server_protocol"}}, "client":{"ip":"$remote_addr", "x-forwarded-for":"$http_x_forwarded_for", "user":"$remote_user"},"request":{"method":"$request_method", "url":"$request_uri", "time":"$request_time", "status":$status}, "proxy":{"host":"$upstream_addr", "time":{"connect":"$upstream_connect_time", "response":"$upstream_response_time", "header":"$upstream_header_time"}, "io":{"bytes":{"sent":"$upstream_bytes_sent", "received":"$upstream_bytes_received"}}, "cache":"$upstream_cache_status", "status":"$upstream_status"}}'; access_log off; server_tokens off; @@ -20,21 +19,23 @@ http { include mime.types; default_type application/octet-stream; + sendfile on; + aio on; tcp_nopush on; tcp_nodelay on; gzip on; - client_max_body_size 1M; - keepalive_timeout 65; + client_max_body_size 8M; + keepalive_timeout 90; keepalive_requests 102400; reset_timedout_connection on; client_body_timeout 10; send_timeout 5; - open_file_cache max=204800 inactive=20s; - open_file_cache_valid 60s; + open_file_cache max=204800 inactive=5m; + open_file_cache_valid 2m; open_file_cache_min_uses 2; - open_file_cache_errors on; + open_file_cache_errors off; include /nginx/etc/*.conf; } \ No newline at end of file diff --git a/rootfs/nginx/etc/default.conf b/rootfs/nginx/etc/default.conf index 71503f8..64f7492 100644 --- a/rootfs/nginx/etc/default.conf +++ b/rootfs/nginx/etc/default.conf @@ -1,7 +1,7 @@ server { listen 8080 default_server; server_name _; - root /nginx/www/default; + root /nginx/www; location / { try_files $uri /index.html; diff --git a/rootfs/nginx/www/default/index.html b/rootfs/nginx/www/index.html similarity index 100% rename from rootfs/nginx/www/default/index.html rename to rootfs/nginx/www/index.html diff --git a/rootfs/usr/local/bin/entrypoint.sh b/rootfs/usr/local/bin/entrypoint.sh index 54b5ceb..c702fd2 100644 --- a/rootfs/usr/local/bin/entrypoint.sh +++ b/rootfs/usr/local/bin/entrypoint.sh @@ -1,8 +1,8 @@ #!/bin/ash if [ -z "$1" ]; then - set -- "nginx" \ - -g \ - 'daemon off;' + set -- "nginx" \ + -g \ + 'daemon off;' fi exec "$@" \ No newline at end of file diff --git a/rootfs/usr/local/bin/healthcheck.sh b/rootfs/usr/local/bin/healthcheck.sh index ee42d92..c2766ba 100644 --- a/rootfs/usr/local/bin/healthcheck.sh +++ b/rootfs/usr/local/bin/healthcheck.sh @@ -1,2 +1,2 @@ -#!/bin/sh +#!/bin/ash curl --max-time 5 -kILs --fail http://localhost:8080 \ No newline at end of file