diff --git a/Dockerfile b/Dockerfile new file mode 100644 index 0000000..bb54f63 --- /dev/null +++ b/Dockerfile @@ -0,0 +1,163 @@ +ARG NGINX_VERSION=1.20.1 +ARG CONFIG="\ + --prefix=/etc/nginx \ + --sbin-path=/usr/sbin/nginx \ + --modules-path=/usr/lib/nginx/modules \ + --conf-path=/etc/nginx/nginx.conf \ + --error-log-path=/var/log/nginx/error.log \ + --http-log-path=/var/log/nginx/access.log \ + --pid-path=/var/run/nginx.pid \ + --lock-path=/var/run/nginx.lock \ + --http-client-body-temp-path=/var/cache/nginx/client_temp \ + --http-proxy-temp-path=/var/cache/nginx/proxy_temp \ + --http-fastcgi-temp-path=/var/cache/nginx/fastcgi_temp \ + --http-uwsgi-temp-path=/var/cache/nginx/uwsgi_temp \ + --http-scgi-temp-path=/var/cache/nginx/scgi_temp \ + --user=nginx \ + --group=nginx \ + --with-http_ssl_module \ + --with-http_realip_module \ + --with-http_addition_module \ + --with-http_sub_module \ + --with-http_dav_module \ + --with-http_flv_module \ + --with-http_mp4_module \ + --with-http_gunzip_module \ + --with-http_gzip_static_module \ + --with-http_random_index_module \ + --with-http_secure_link_module \ + --with-http_stub_status_module \ + --with-http_auth_request_module \ + --with-http_xslt_module=dynamic \ + --with-http_image_filter_module=dynamic \ + --with-http_geoip_module=dynamic \ + --with-threads \ + --with-stream \ + --with-stream_ssl_module \ + --with-stream_ssl_preread_module \ + --with-stream_realip_module \ + --with-stream_geoip_module=dynamic \ + --with-http_slice_module \ + --with-mail \ + --with-mail_ssl_module \ + --with-compat \ + --with-file-aio \ + --with-http_v2_module \ + --add-module=/usr/src/ngx_brotli \ + " + +FROM alpine:3.14 +LABEL maintainer="NGINX Docker Maintainers " + +ARG NGINX_VERSION +ARG NGX_BROTLI_COMMIT +ARG CONFIG + +RUN \ + apk add --no-cache --virtual .build-deps \ + gcc \ + libc-dev \ + make \ + openssl-dev \ + pcre-dev \ + zlib-dev \ + linux-headers \ + curl \ + gnupg1 \ + libxslt-dev \ + gd-dev \ + geoip-dev \ + && apk add --no-cache --virtual .brotli-build-deps \ + autoconf \ + libtool \ + automake \ + git \ + g++ \ + cmake + +COPY nginx.pub /tmp/nginx.pub + +RUN \ + mkdir -p /usr/src/ngx_brotli \ + && cd /usr/src/ngx_brotli \ + && git init \ + && git remote add origin https://github.com/google/ngx_brotli.git \ + && git fetch --depth 1 origin $NGX_BROTLI_COMMIT \ + && git checkout --recurse-submodules -q FETCH_HEAD \ + && git submodule update --init --depth 1 \ + && cd .. \ + && curl -fSL https://nginx.org/download/nginx-$NGINX_VERSION.tar.gz -o nginx.tar.gz \ + && curl -fSL https://nginx.org/download/nginx-$NGINX_VERSION.tar.gz.asc -o nginx.tar.gz.asc \ + && sha512sum nginx.tar.gz nginx.tar.gz.asc \ + && export GNUPGHOME="$(mktemp -d)" \ + && gpg --import /tmp/nginx.pub \ + && gpg --batch --verify nginx.tar.gz.asc nginx.tar.gz \ + && mkdir -p /usr/src \ + && tar -zxC /usr/src -f nginx.tar.gz + +RUN \ + cd /usr/src/nginx-$NGINX_VERSION \ + && ./configure $CONFIG --with-debug \ + && make -j$(getconf _NPROCESSORS_ONLN) \ + && mv objs/nginx objs/nginx-debug \ + && mv objs/ngx_http_xslt_filter_module.so objs/ngx_http_xslt_filter_module-debug.so \ + && mv objs/ngx_http_image_filter_module.so objs/ngx_http_image_filter_module-debug.so \ + && mv objs/ngx_http_geoip_module.so objs/ngx_http_geoip_module-debug.so \ + && mv objs/ngx_stream_geoip_module.so objs/ngx_stream_geoip_module-debug.so \ + && ./configure $CONFIG \ + && make -j$(getconf _NPROCESSORS_ONLN) + +RUN \ + cd /usr/src/nginx-$NGINX_VERSION \ + && make install \ + && rm -rf /etc/nginx/html/ \ + && mkdir /etc/nginx/conf.d/ \ + && mkdir -p /usr/share/nginx/html/ \ + && install -m644 html/index.html /usr/share/nginx/html/ \ + && install -m644 html/50x.html /usr/share/nginx/html/ \ + && install -m755 objs/nginx-debug /usr/sbin/nginx-debug \ + && install -m755 objs/ngx_http_xslt_filter_module-debug.so /usr/lib/nginx/modules/ngx_http_xslt_filter_module-debug.so \ + && install -m755 objs/ngx_http_image_filter_module-debug.so /usr/lib/nginx/modules/ngx_http_image_filter_module-debug.so \ + && install -m755 objs/ngx_http_geoip_module-debug.so /usr/lib/nginx/modules/ngx_http_geoip_module-debug.so \ + && install -m755 objs/ngx_stream_geoip_module-debug.so /usr/lib/nginx/modules/ngx_stream_geoip_module-debug.so \ + && strip /usr/sbin/nginx* \ + && strip /usr/lib/nginx/modules/*.so \ + \ + && apk add --no-cache --virtual .gettext gettext \ + \ + && scanelf --needed --nobanner /usr/sbin/nginx /usr/lib/nginx/modules/*.so /usr/bin/envsubst \ + | awk '{ gsub(/,/, "\nso:", $2); print "so:" $2 }' \ + | sort -u \ + | xargs -r apk info --installed \ + | sort -u > /tmp/runDeps.txt + +FROM alpine:3.14 +ARG NGINX_VERSION + +COPY --from=0 /tmp/runDeps.txt /tmp/runDeps.txt +COPY --from=0 /etc/nginx /etc/nginx +COPY --from=0 /usr/lib/nginx/modules/*.so /usr/lib/nginx/modules/ +COPY --from=0 /usr/sbin/nginx /usr/sbin/nginx-debug /usr/sbin/ +COPY --from=0 /usr/share/nginx/html/* /usr/share/nginx/html/ +COPY --from=0 /usr/bin/envsubst /usr/local/bin/envsubst + +RUN \ + addgroup -S nginx \ + && adduser -D -S -h /var/cache/nginx -s /sbin/nologin -G nginx nginx \ + && apk add --no-cache --virtual .nginx-rundeps tzdata $(cat /tmp/runDeps.txt) \ + && rm /tmp/runDeps.txt \ + && ln -s /usr/lib/nginx/modules /etc/nginx/modules \ + # forward request and error logs to docker log collector + && mkdir /var/log/nginx \ + && touch /var/log/nginx/access.log /var/log/nginx/error.log \ + && ln -sf /dev/stdout /var/log/nginx/access.log \ + && ln -sf /dev/stderr /var/log/nginx/error.log + +COPY nginx.conf /etc/nginx/nginx.conf +COPY nginx.vh.default.conf /etc/nginx/conf.d/default.conf + +EXPOSE 80 443 + +STOPSIGNAL SIGTERM + +CMD ["nginx", "-g", "daemon off;"]