178 lines
6.4 KiB
Docker
178 lines
6.4 KiB
Docker
# ------ Header ------ #
|
|
FROM alpine:3.8
|
|
|
|
# ------ original nginx docker alpine source compile! ------ #
|
|
ENV NGINX_VERSION 1.15.7
|
|
|
|
# additional nginx modules
|
|
ENV ADD_MODULE_HEADERS_MORE_NGINX_VERSION 0.33
|
|
|
|
# additional module: headers-more
|
|
RUN apk add --no-cache --virtual .module_headers_more curl tar \
|
|
&& mkdir -p /usr/lib/nginx/modules \
|
|
&& curl -SL https://github.com/openresty/headers-more-nginx-module/archive/v$ADD_MODULE_HEADERS_MORE_NGINX_VERSION.tar.gz | tar -zxC /usr/lib/nginx/modules \
|
|
&& apk del .module_headers_more
|
|
|
|
RUN GPG_KEYS=B0F4253373F8F6F510D42178520A9993A1C052F8 \
|
|
&& CONFIG="\
|
|
--prefix=/etc/nginx \
|
|
--sbin-path=/usr/sbin/nginx \
|
|
--modules-path=/usr/lib/nginx/modules \
|
|
--conf-path=/etc/nginx/nginx.conf \
|
|
--error-log-path=/var/log/nginx/error.log \
|
|
--http-log-path=/var/log/nginx/access.log \
|
|
--pid-path=/var/run/nginx.pid \
|
|
--lock-path=/var/run/nginx.lock \
|
|
--http-client-body-temp-path=/var/cache/nginx/client_temp \
|
|
--http-proxy-temp-path=/var/cache/nginx/proxy_temp \
|
|
--http-fastcgi-temp-path=/var/cache/nginx/fastcgi_temp \
|
|
--http-uwsgi-temp-path=/var/cache/nginx/uwsgi_temp \
|
|
--http-scgi-temp-path=/var/cache/nginx/scgi_temp \
|
|
--user=nginx \
|
|
--group=nginx \
|
|
--with-http_ssl_module \
|
|
--with-http_realip_module \
|
|
--with-http_addition_module \
|
|
--with-http_sub_module \
|
|
--with-http_dav_module \
|
|
--with-http_flv_module \
|
|
--with-http_mp4_module \
|
|
--with-http_gunzip_module \
|
|
--with-http_gzip_static_module \
|
|
--with-http_random_index_module \
|
|
--with-http_secure_link_module \
|
|
--with-http_stub_status_module \
|
|
--with-http_auth_request_module \
|
|
--with-http_xslt_module=dynamic \
|
|
--with-http_image_filter_module=dynamic \
|
|
--with-http_geoip_module=dynamic \
|
|
--with-threads \
|
|
--with-stream \
|
|
--with-stream_ssl_module \
|
|
--with-stream_ssl_preread_module \
|
|
--with-stream_realip_module \
|
|
--with-stream_geoip_module=dynamic \
|
|
--with-http_slice_module \
|
|
--with-mail \
|
|
--with-mail_ssl_module \
|
|
--with-compat \
|
|
--with-file-aio \
|
|
--with-http_v2_module \
|
|
--add-module=/usr/lib/nginx/modules/headers-more-nginx-module-$ADD_MODULE_HEADERS_MORE_NGINX_VERSION \
|
|
" \
|
|
&& addgroup --gid 1000 -S nginx \
|
|
&& adduser --uid 1000 -D -S -h /var/cache/nginx -s /sbin/nologin -G nginx nginx \
|
|
&& apk add --no-cache --virtual .build-deps \
|
|
gcc \
|
|
libc-dev \
|
|
make \
|
|
openssl-dev \
|
|
pcre-dev \
|
|
zlib-dev \
|
|
linux-headers \
|
|
curl \
|
|
gnupg1 \
|
|
libxslt-dev \
|
|
gd-dev \
|
|
geoip-dev \
|
|
&& curl -fSL https://nginx.org/download/nginx-$NGINX_VERSION.tar.gz -o nginx.tar.gz \
|
|
&& curl -fSL https://nginx.org/download/nginx-$NGINX_VERSION.tar.gz.asc -o nginx.tar.gz.asc \
|
|
&& export GNUPGHOME="$(mktemp -d)" \
|
|
&& found=''; \
|
|
for server in \
|
|
ha.pool.sks-keyservers.net \
|
|
hkp://keyserver.ubuntu.com:80 \
|
|
hkp://p80.pool.sks-keyservers.net:80 \
|
|
pgp.mit.edu \
|
|
; do \
|
|
echo "Fetching GPG key $GPG_KEYS from $server"; \
|
|
gpg --keyserver "$server" --keyserver-options timeout=10 --recv-keys "$GPG_KEYS" && found=yes && break; \
|
|
done; \
|
|
test -z "$found" && echo >&2 "error: failed to fetch GPG key $GPG_KEYS" && exit 1; \
|
|
gpg --batch --verify nginx.tar.gz.asc nginx.tar.gz \
|
|
&& rm -rf "$GNUPGHOME" nginx.tar.gz.asc \
|
|
&& mkdir -p /usr/src \
|
|
&& tar -zxC /usr/src -f nginx.tar.gz \
|
|
&& rm nginx.tar.gz \
|
|
&& cd /usr/src/nginx-$NGINX_VERSION \
|
|
&& ./configure $CONFIG --with-debug \
|
|
&& make -j$(getconf _NPROCESSORS_ONLN) \
|
|
&& mv objs/nginx objs/nginx-debug \
|
|
&& mv objs/ngx_http_xslt_filter_module.so objs/ngx_http_xslt_filter_module-debug.so \
|
|
&& mv objs/ngx_http_image_filter_module.so objs/ngx_http_image_filter_module-debug.so \
|
|
&& mv objs/ngx_http_geoip_module.so objs/ngx_http_geoip_module-debug.so \
|
|
&& mv objs/ngx_stream_geoip_module.so objs/ngx_stream_geoip_module-debug.so \
|
|
&& ./configure $CONFIG \
|
|
&& make -j$(getconf _NPROCESSORS_ONLN) \
|
|
&& make install \
|
|
&& rm -rf /etc/nginx/html/ \
|
|
&& mkdir /etc/nginx/conf.d/ \
|
|
&& mkdir -p /usr/share/nginx/html/ \
|
|
&& install -m644 html/index.html /usr/share/nginx/html/ \
|
|
&& install -m644 html/50x.html /usr/share/nginx/html/ \
|
|
&& install -m755 objs/nginx-debug /usr/sbin/nginx-debug \
|
|
&& install -m755 objs/ngx_http_xslt_filter_module-debug.so /usr/lib/nginx/modules/ngx_http_xslt_filter_module-debug.so \
|
|
&& install -m755 objs/ngx_http_image_filter_module-debug.so /usr/lib/nginx/modules/ngx_http_image_filter_module-debug.so \
|
|
&& install -m755 objs/ngx_http_geoip_module-debug.so /usr/lib/nginx/modules/ngx_http_geoip_module-debug.so \
|
|
&& install -m755 objs/ngx_stream_geoip_module-debug.so /usr/lib/nginx/modules/ngx_stream_geoip_module-debug.so \
|
|
&& ln -s ../../usr/lib/nginx/modules /etc/nginx/modules \
|
|
&& strip /usr/sbin/nginx* \
|
|
&& strip /usr/lib/nginx/modules/*.so \
|
|
&& rm -rf /usr/src/nginx-$NGINX_VERSION \
|
|
\
|
|
# Bring in gettext so we can get `envsubst`, then throw
|
|
# the rest away. To do this, we need to install `gettext`
|
|
# then move `envsubst` out of the way so `gettext` can
|
|
# be deleted completely, then move `envsubst` back.
|
|
&& apk add --no-cache --virtual .gettext gettext \
|
|
&& mv /usr/bin/envsubst /tmp/ \
|
|
\
|
|
&& runDeps="$( \
|
|
scanelf --needed --nobanner --format '%n#p' /usr/sbin/nginx /usr/lib/nginx/modules/*.so /tmp/envsubst \
|
|
| tr ',' '\n' \
|
|
| sort -u \
|
|
| awk 'system("[ -e /usr/local/lib/" $1 " ]") == 0 { next } { print "so:" $1 }' \
|
|
)" \
|
|
&& apk add --no-cache --virtual .nginx-rundeps $runDeps \
|
|
&& apk del .build-deps \
|
|
&& apk del .gettext \
|
|
&& mv /tmp/envsubst /usr/local/bin/ \
|
|
\
|
|
# Bring in tzdata so users could set the timezones through the environment
|
|
# variables
|
|
&& apk add --no-cache tzdata \
|
|
\
|
|
# forward request and error logs to docker log collector
|
|
&& ln -sf /dev/stdout /var/log/nginx/access.log \
|
|
&& ln -sf /dev/stderr /var/log/nginx/error.log
|
|
|
|
#custom
|
|
RUN mkdir -p /nginx \
|
|
&& mkdir -p /nginx/etc \
|
|
&& mkdir -p /nginx/www \
|
|
&& mkdir -p /nginx/www/default \
|
|
&& mkdir -p /nginx/ssl \
|
|
&& rm /etc/nginx/nginx.conf \
|
|
&& touch /var/run/nginx.pid
|
|
|
|
COPY ./source/nginx.conf /etc/nginx/nginx.conf
|
|
COPY ./source/default.conf /nginx/etc/default.conf
|
|
COPY ./source/index.html /nginx/www/default/index.html
|
|
|
|
RUN chown nginx:nginx -R /nginx /var/run/nginx.pid
|
|
|
|
STOPSIGNAL SIGTERM
|
|
|
|
#debug
|
|
RUN ls -lah /nginx/* \
|
|
&& ls -lah /etc/nginx/* \
|
|
&& id -u nginx \
|
|
&& id -g nginx \
|
|
&& cat /etc/nginx/nginx.conf
|
|
|
|
# ------ define volumes ------ #
|
|
VOLUME ["/nginx/etc", "/nginx/www", "/nginx/ssl"]
|
|
|
|
# ------ entrypoint for container ------ #
|
|
USER nginx:nginx
|
|
CMD ["nginx", "-g", "daemon off;"] |