change base image to 11notes/alpine

amd64.dockerfile

@@ -1,8 +1,7 @@
 # :: Build
-	FROM alpine:latest as nginx
+	FROM alpine:latest as build
 	ENV NGINX_VERSION=1.24.0
 	ENV MODULE_HEADERS_MORE_NGINX_VERSION=0.34
-  ENV MODULE_NTLM_VERSION=1.19.3
 
     RUN set -ex; \
 		CONFIG="\
@@ -50,7 +49,6 @@
 			--with-file-aio \
 			--with-http_v2_module \
 			--add-module=/usr/lib/nginx/modules/headers-more-nginx-module-${MODULE_HEADERS_MORE_NGINX_VERSION} \
-      --add-module=/usr/lib/nginx/modules/nginx-ntlm-module-${MODULE_NTLM_VERSION} \
 		"; \
         apk add --no-cache --update \
 			curl \
@@ -73,7 +71,6 @@
 		mkdir -p /usr/lib/nginx/modules; \
 		mkdir -p /usr/src; \
 		curl -SL https://github.com/openresty/headers-more-nginx-module/archive/v${MODULE_HEADERS_MORE_NGINX_VERSION}.tar.gz | tar -zxC /usr/lib/nginx/modules; \
-    curl -SL https://github.com/gabihodoroaga/nginx-ntlm-module/archive/refs/tags/v${MODULE_NTLM_VERSION}.tar.gz | tar -zxC /usr/lib/nginx/modules; \
 		curl -SL https://nginx.org/download/nginx-${NGINX_VERSION}.tar.gz | tar -zxC /usr/src; \
 		cd /usr/src/nginx-${NGINX_VERSION}; \
 		./configure $CONFIG --with-debug; \
@@ -94,10 +91,10 @@
 		strip /usr/lib/nginx/modules/*.so;
 
 # :: Header
-	FROM alpine:latest
-	COPY --from=nginx /usr/sbin/nginx /usr/sbin
-	COPY --from=nginx /etc/nginx/ /etc/nginx
-	COPY --from=nginx /usr/lib/nginx/modules/ /etc/nginx/modules
+	FROM 11notes/alpine:stable
+	COPY --from=build /usr/sbin/nginx /usr/sbin
+	COPY --from=build /etc/nginx/ /etc/nginx
+	COPY --from=build /usr/lib/nginx/modules/ /etc/nginx/modules
 
 # :: Run
 	USER root
@@ -113,8 +110,7 @@
 
 		RUN set -ex; \
 			apk add --update --no-cache \
-				curl \
-				shadow \
+        curl \
 				pcre2-dev; \
 			mkdir -p /var/log/nginx; \
 			touch /var/log/nginx/access.log; \

arm32v7.dockerfile

@@ -1,11 +1,11 @@
 # :: Arch
-    FROM alpine AS builder
-    ENV QEMU_URL https://github.com/balena-io/qemu/releases/download/v3.0.0%2Bresin/qemu-3.0.0+resin-arm.tar.gz
-    RUN apk add curl && curl -L ${QEMU_URL} | tar zxvf - -C . && mv qemu-3.0.0+resin-arm/qemu-arm-static .
+  FROM alpine AS qemu
+  ENV QEMU_URL https://github.com/balena-io/qemu/releases/download/v3.0.0%2Bresin/qemu-3.0.0+resin-arm.tar.gz
+  RUN apk add curl && curl -L ${QEMU_URL} | tar zxvf - -C . && mv qemu-3.0.0+resin-arm/qemu-arm-static .
 
 # :: Builder
-	FROM arm32v7/alpine:latest as nginx
-    COPY --from=builder qemu-arm-static /usr/bin
+	FROM arm32v7/alpine:latest as build
+  COPY --from=qemu qemu-arm-static /usr/bin
 	ENV NGINX_VERSION 1.24.0
 	ENV ADD_MODULE_HEADERS_MORE_NGINX_VERSION 0.34
 
@@ -97,56 +97,55 @@
 		strip /usr/lib/nginx/modules/*.so;
 
 # :: Header
-	FROM arm32v7/alpine:latest
-	COPY --from=builder qemu-arm-static /usr/bin
-	COPY --from=nginx /usr/sbin/nginx /usr/sbin
-	COPY --from=nginx /etc/nginx/ /etc/nginx
-	COPY --from=nginx /usr/lib/nginx/modules/ /etc/nginx/modules
+	FROM 11notes/alpine:arm32v7-stable
+	COPY --from=qemu qemu-arm-static /usr/bin
+	COPY --from=build /usr/sbin/nginx /usr/sbin
+	COPY --from=build /etc/nginx/ /etc/nginx
+	COPY --from=build /usr/lib/nginx/modules/ /etc/nginx/modules
 
 # :: Run
-	USER root
+  USER root
 
-	# :: prepare
-        RUN set -ex; \
-            mkdir -p /nginx; \
-            mkdir -p /nginx/etc; \
-            mkdir -p /nginx/www; \
-			mkdir -p /nginx/ssl; \
-			mkdir -p /nginx/cache; \
-			mkdir -p /nginx/run;
+  # :: prepare
+  RUN set -ex; \
+    mkdir -p /nginx; \
+    mkdir -p /nginx/etc; \
+    mkdir -p /nginx/www; \
+    mkdir -p /nginx/ssl; \
+    mkdir -p /nginx/cache; \
+    mkdir -p /nginx/run;
 
-		RUN set -ex; \
-			apk add --update --no-cache \
-				curl \
-				shadow \
-				pcre2-dev; \
-			mkdir -p /var/log/nginx; \
-			touch /var/log/nginx/access.log; \
-			touch /var/log/nginx/error.log; \
-			ln -sf /dev/stdout /var/log/nginx/access.log; \
-			ln -sf /dev/stderr /var/log/nginx/error.log;
+  RUN set -ex; \
+    apk add --update --no-cache \
+      curl \
+      pcre2-dev; \
+    mkdir -p /var/log/nginx; \
+    touch /var/log/nginx/access.log; \
+    touch /var/log/nginx/error.log; \
+    ln -sf /dev/stdout /var/log/nginx/access.log; \
+    ln -sf /dev/stderr /var/log/nginx/error.log;
 
-		RUN set -ex; \
-			addgroup --gid 1000 -S nginx; \
-			adduser --uid 1000 -D -S -h /nginx -s /sbin/nologin -G nginx nginx;
+  RUN set -ex; \
+    addgroup --gid 1000 -S nginx; \
+    adduser --uid 1000 -D -S -h /nginx -s /sbin/nologin -G nginx nginx;
 
-	# :: copy root filesystem changes
-        COPY ./rootfs /
+  # :: copy root filesystem changes
+    COPY ./rootfs /
 
-	# :: docker -u 1000:1000 (no root initiative)
-		RUN set -ex; \
-			chown nginx:nginx -R \
-				/nginx \
-				/var/log/nginx;
+  # :: docker -u 1000:1000 (no root initiative)
+    RUN set -ex; \
+      chown nginx:nginx -R \
+        /nginx \
+        /var/log/nginx;
 
 # :: Volumes
-	VOLUME ["/nginx/etc", "/nginx/www", "/nginx/ssl"]
+  VOLUME ["/nginx/etc", "/nginx/www", "/nginx/ssl"]
 
 # :: Monitor
-    RUN set -ex; chmod +x /usr/local/bin/healthcheck.sh
-    HEALTHCHECK CMD /usr/local/bin/healthcheck.sh || exit 1
+  RUN set -ex; chmod +x /usr/local/bin/healthcheck.sh
+  HEALTHCHECK CMD /usr/local/bin/healthcheck.sh || exit 1
 
 # :: Start
-	RUN set -ex; chmod +x /usr/local/bin/entrypoint.sh
-	USER nginx
-	ENTRYPOINT ["/usr/local/bin/entrypoint.sh"]
+  RUN set -ex; chmod +x /usr/local/bin/entrypoint.sh
+  USER nginx
+  ENTRYPOINT ["/usr/local/bin/entrypoint.sh"]

arm64v8.dockerfile

@@ -1,11 +1,11 @@
 # :: Arch
-    FROM alpine AS builder
-    ENV QEMU_URL https://github.com/balena-io/qemu/releases/download/v3.0.0%2Bresin/qemu-3.0.0+resin-aarch64.tar.gz
-    RUN apk add curl && curl -L ${QEMU_URL} | tar zxvf - -C . && mv qemu-3.0.0+resin-aarch64/qemu-aarch64-static .
+  FROM alpine AS qemu
+  ENV QEMU_URL https://github.com/balena-io/qemu/releases/download/v3.0.0%2Bresin/qemu-3.0.0+resin-aarch64.tar.gz
+  RUN apk add curl && curl -L ${QEMU_URL} | tar zxvf - -C . && mv qemu-3.0.0+resin-aarch64/qemu-aarch64-static .
 
 # :: Builder
-	FROM arm64v8/alpine:latest as nginx
-    COPY --from=builder qemu-aarch64-static /usr/bin
+	FROM arm64v8/alpine:latest as build
+  COPY --from=qemu qemu-aarch64-static /usr/bin
 	ENV NGINX_VERSION 1.24.0
 	ENV ADD_MODULE_HEADERS_MORE_NGINX_VERSION 0.34
 
@@ -97,56 +97,55 @@
 		strip /usr/lib/nginx/modules/*.so;
 
 # :: Header
-	FROM arm64v8/alpine:latest
-	COPY --from=builder qemu-aarch64-static /usr/bin
-	COPY --from=nginx /usr/sbin/nginx /usr/sbin
-	COPY --from=nginx /etc/nginx/ /etc/nginx
-	COPY --from=nginx /usr/lib/nginx/modules/ /etc/nginx/modules
+	FROM 11notes/alpine:arm64v8-stable
+	COPY --from=qemu qemu-aarch64-static /usr/bin
+	COPY --from=build /usr/sbin/nginx /usr/sbin
+	COPY --from=build /etc/nginx/ /etc/nginx
+	COPY --from=build /usr/lib/nginx/modules/ /etc/nginx/modules
 
 # :: Run
-	USER root
+  USER root
 
-	# :: prepare
-        RUN set -ex; \
-            mkdir -p /nginx; \
-            mkdir -p /nginx/etc; \
-            mkdir -p /nginx/www; \
-			mkdir -p /nginx/ssl; \
-			mkdir -p /nginx/cache; \
-			mkdir -p /nginx/run;
+  # :: prepare
+  RUN set -ex; \
+    mkdir -p /nginx; \
+    mkdir -p /nginx/etc; \
+    mkdir -p /nginx/www; \
+    mkdir -p /nginx/ssl; \
+    mkdir -p /nginx/cache; \
+    mkdir -p /nginx/run;
 
-		RUN set -ex; \
-			apk add --update --no-cache \
-				curl \
-				shadow \
-				pcre2-dev; \
-			mkdir -p /var/log/nginx; \
-			touch /var/log/nginx/access.log; \
-			touch /var/log/nginx/error.log; \
-			ln -sf /dev/stdout /var/log/nginx/access.log; \
-			ln -sf /dev/stderr /var/log/nginx/error.log;
+  RUN set -ex; \
+    apk add --update --no-cache \
+      curl \
+      pcre2-dev; \
+    mkdir -p /var/log/nginx; \
+    touch /var/log/nginx/access.log; \
+    touch /var/log/nginx/error.log; \
+    ln -sf /dev/stdout /var/log/nginx/access.log; \
+    ln -sf /dev/stderr /var/log/nginx/error.log;
 
-		RUN set -ex; \
-			addgroup --gid 1000 -S nginx; \
-			adduser --uid 1000 -D -S -h /nginx -s /sbin/nologin -G nginx nginx;
+  RUN set -ex; \
+    addgroup --gid 1000 -S nginx; \
+    adduser --uid 1000 -D -S -h /nginx -s /sbin/nologin -G nginx nginx;
 
-	# :: copy root filesystem changes
-        COPY ./rootfs /
+  # :: copy root filesystem changes
+    COPY ./rootfs /
 
-	# :: docker -u 1000:1000 (no root initiative)
-		RUN set -ex; \
-			chown nginx:nginx -R \
-				/nginx \
-				/var/log/nginx;
+  # :: docker -u 1000:1000 (no root initiative)
+    RUN set -ex; \
+      chown nginx:nginx -R \
+        /nginx \
+        /var/log/nginx;
 
 # :: Volumes
-	VOLUME ["/nginx/etc", "/nginx/www", "/nginx/ssl"]
+  VOLUME ["/nginx/etc", "/nginx/www", "/nginx/ssl"]
 
 # :: Monitor
-    RUN set -ex; chmod +x /usr/local/bin/healthcheck.sh
-    HEALTHCHECK CMD /usr/local/bin/healthcheck.sh || exit 1
+  RUN set -ex; chmod +x /usr/local/bin/healthcheck.sh
+  HEALTHCHECK CMD /usr/local/bin/healthcheck.sh || exit 1
 
 # :: Start
-	RUN set -ex; chmod +x /usr/local/bin/entrypoint.sh
-	USER nginx
-	ENTRYPOINT ["/usr/local/bin/entrypoint.sh"]
+  RUN set -ex; chmod +x /usr/local/bin/entrypoint.sh
+  USER nginx
+  ENTRYPOINT ["/usr/local/bin/entrypoint.sh"]

rootfs/etc/nginx/nginx.conf

@@ -10,9 +10,8 @@ events {
 }
 
 http {
-  log_format main '$remote_addr - $remote_user [$time_local] "$request" '
-                  '$status $body_bytes_sent "$http_referer" '
-							    '"$http_user_agent" "$http_x_forwarded_for"';
+  log_format main escape=json '{"log":"main","time":"$time_iso8601","server":{"name":"$server_name", "protocol":"$server_protocol"}, "client":{"ip":"$remote_addr", "x-forwarded-for":"$http_x_forwarded_for", "user":"$remote_user"},"request":{"method":"$request_method", "url":"$request_uri", "time":"$request_time", "status":$status}}';
+  log_format proxy escape=json '{"log":"proxy", "time":"$time_iso8601","server":{"name":"$server_name", "protocol":"$server_protocol"}}, "client":{"ip":"$remote_addr", "x-forwarded-for":"$http_x_forwarded_for", "user":"$remote_user"},"request":{"method":"$request_method", "url":"$request_uri", "time":"$request_time", "status":$status}, "proxy":{"host":"$upstream_addr", "time":{"connect":"$upstream_connect_time", "response":"$upstream_response_time", "header":"$upstream_header_time"}, "io":{"bytes":{"sent":"$upstream_bytes_sent", "received":"$upstream_bytes_received"}}, "cache":"$upstream_cache_status", "status":"$upstream_status"}}';
 
   access_log off;
   server_tokens off;
@@ -20,21 +19,23 @@ http {
   include mime.types;
   default_type application/octet-stream;
 
+  sendfile on;
+  aio on;
   tcp_nopush on;
   tcp_nodelay on;
   gzip on;
 
-  client_max_body_size 1M;
-  keepalive_timeout 65;
+  client_max_body_size 8M;
+  keepalive_timeout 90;
   keepalive_requests 102400;
   reset_timedout_connection on;
   client_body_timeout 10;
   send_timeout 5;
 
-  open_file_cache max=204800 inactive=20s;
-  open_file_cache_valid 60s;
+  open_file_cache max=204800 inactive=5m;
+  open_file_cache_valid 2m;
   open_file_cache_min_uses 2;
-  open_file_cache_errors on;
+  open_file_cache_errors off;
 
   include /nginx/etc/*.conf;
 }

rootfs/nginx/etc/default.conf

@@ -1,7 +1,7 @@
 server {
   listen 8080 default_server;
   server_name _;
-  root /nginx/www/default;
+  root /nginx/www;
 
   location / {
     try_files $uri /index.html;

rootfs/usr/local/bin/entrypoint.sh

@@ -1,8 +1,8 @@
 #!/bin/ash
   if [ -z "$1" ]; then
-      set -- "nginx" \
-          -g \
-          'daemon off;'
+    set -- "nginx" \
+      -g \
+      'daemon off;'
   fi
 
   exec "$@"

rootfs/usr/local/bin/healthcheck.sh

@@ -1,2 +1,2 @@
-#!/bin/sh
+#!/bin/ash
   curl --max-time 5 -kILs --fail http://localhost:8080