librewolf
/
bunkerized-nginx
mirror of https://github.com/bunkerity/bunkerized-nginx
4
0
Fork 1
Code Issues Projects Releases Wiki Activity

use nginx:stable-alpine as base image

This commit is contained in:
bunkerity 2020-10-18 16:26:33 +02:00
parent 34254a09e9
commit 676571e4a4
7 changed files with 44 additions and 32 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
Dockerfile
View File

@ -1,10 +1,13 @@
FROM alpine
FROM nginx:stable-alpine AS builder
COPY compile.sh /tmp/compile.sh
RUN chmod +x /tmp/compile.sh && \
/tmp/compile.sh && \
rm -rf /tmp/*
FROM nginx:stable-alpine
COPY --from=builder /*.so /usr/local/nginx/modules/
COPY entrypoint.sh /opt/entrypoint.sh
COPY confs/ /opt/confs
COPY scripts/ /opt/scripts
@ -14,8 +17,7 @@ COPY lua/ /opt/lua
RUN apk --no-cache add php7-fpm certbot libstdc++ libmaxminddb geoip pcre yajl fail2ban clamav apache2-utils rsyslog openssl lua libgd && \
chmod +x /opt/entrypoint.sh /opt/scripts/* && \
mkdir /opt/entrypoint.d && \
adduser -h /dev/null -g '' -s /sbin/nologin -D -H nginx
mkdir /opt/entrypoint.d
VOLUME /www /http-confs /server-confs /modsec-confs /modsec-crs-confs

8
Dockerfile-amd64
View File

@ -1,10 +1,13 @@
FROM amd64/alpine
FROM amd64/nginx:stable-alpine AS builder
COPY compile.sh /tmp/compile.sh
RUN chmod +x /tmp/compile.sh && \
/tmp/compile.sh && \
rm -rf /tmp/*
FROM amd64/nginx:stable-alpine
COPY --from=builder /*.so /usr/local/nginx/modules/
COPY entrypoint.sh /opt/entrypoint.sh
COPY confs/ /opt/confs
COPY scripts/ /opt/scripts
@ -14,8 +17,7 @@ COPY lua/ /opt/lua
RUN apk --no-cache add php7-fpm certbot libstdc++ libmaxminddb geoip pcre yajl fail2ban clamav apache2-utils rsyslog openssl lua libgd && \
chmod +x /opt/entrypoint.sh /opt/scripts/* && \
mkdir /opt/entrypoint.d && \
adduser -h /dev/null -g '' -s /sbin/nologin -D -H nginx
mkdir /opt/entrypoint.d
VOLUME /www /http-confs /server-confs /modsec-confs /modsec-crs-confs

13
Dockerfile-arm32v7
View File

@ -1,17 +1,17 @@
FROM alpine AS builder
FROM arm32v7/nginx:stable-alpine AS builder
ENV QEMU_URL https://github.com/balena-io/qemu/releases/download/v4.0.0%2Bbalena2/qemu-4.0.0.balena2-arm.tar.gz
RUN apk add curl && curl -L ${QEMU_URL} | tar zxvf - -C . --strip-components 1
FROM arm32v7/alpine
COPY --from=builder qemu-arm-static /usr/bin
COPY compile.sh /tmp/compile.sh
RUN chmod +x /tmp/compile.sh && \
/tmp/compile.sh && \
rm -rf /tmp/*
FROM arm32v7/nginx:stable-alpine
COPY --from=builder qemu-arm-static /usr/bin
COPY --from=builder /*.so /usr/local/nginx/modules/
COPY entrypoint.sh /opt/entrypoint.sh
COPY confs/ /opt/confs
COPY scripts/ /opt/scripts
@ -21,8 +21,7 @@ COPY lua/ /opt/lua
RUN apk --no-cache add php7-fpm certbot libstdc++ libmaxminddb geoip pcre yajl fail2ban clamav apache2-utils rsyslog openssl lua libgd && \
chmod +x /opt/entrypoint.sh /opt/scripts/* && \
mkdir /opt/entrypoint.d && \
adduser -h /dev/null -g '' -s /sbin/nologin -D -H nginx
mkdir /opt/entrypoint.d
VOLUME /www /http-confs /server-confs /modsec-confs /modsec-crs-confs

13
Dockerfile-arm64v8
View File

@ -1,17 +1,17 @@
FROM alpine AS builder
FROM arm64v8/nginx:stable-alpine AS builder
ENV QEMU_URL https://github.com/balena-io/qemu/releases/download/v4.0.0%2Bbalena2/qemu-4.0.0.balena2-aarch64.tar.gz
RUN apk add curl && curl -L ${QEMU_URL} | tar zxvf - -C . --strip-components 1
FROM arm64v8/alpine
COPY --from=builder qemu-aarch64-static /usr/bin
COPY compile.sh /tmp/compile.sh
RUN chmod +x /tmp/compile.sh && \
/tmp/compile.sh && \
rm -rf /tmp/*
FROM arm64v8/nginx:stable-alpine
COPY --from=builder qemu-aarch64-static /usr/bin
COPY --from=builder /*.so /usr/local/nginx/modules/
COPY entrypoint.sh /opt/entrypoint.sh
COPY confs/ /opt/confs
COPY scripts/ /opt/scripts
@ -21,8 +21,7 @@ COPY lua/ /opt/lua
RUN apk --no-cache add php7-fpm certbot libstdc++ libmaxminddb geoip pcre yajl fail2ban clamav apache2-utils rsyslog openssl lua libgd && \
chmod +x /opt/entrypoint.sh /opt/scripts/* && \
mkdir /opt/entrypoint.d && \
adduser -h /dev/null -g '' -s /sbin/nologin -D -H nginx
mkdir /opt/entrypoint.d
VOLUME /www /http-confs /server-confs /modsec-confs /modsec-crs-confs

8
Dockerfile-i386
View File

@ -1,10 +1,13 @@
FROM i386/alpine
FROM i386/nginx:stable-alpine AS builder
COPY compile.sh /tmp/compile.sh
RUN chmod +x /tmp/compile.sh && \
/tmp/compile.sh && \
rm -rf /tmp/*
FROM i386/nginx:stable-alpine
COPY --from=builder /*.so /usr/local/nginx/modules/
COPY entrypoint.sh /opt/entrypoint.sh
COPY confs/ /opt/confs
COPY scripts/ /opt/scripts
@ -14,8 +17,7 @@ COPY lua/ /opt/lua
RUN apk --no-cache add php7-fpm certbot libstdc++ libmaxminddb geoip pcre yajl fail2ban clamav apache2-utils rsyslog openssl lua libgd && \
chmod +x /opt/entrypoint.sh /opt/scripts/* && \
mkdir /opt/entrypoint.d && \
adduser -h /dev/null -g '' -s /sbin/nologin -D -H nginx
mkdir /opt/entrypoint.d
VOLUME /www /http-confs /server-confs /modsec-confs /modsec-crs-confs

18
compile.sh
View File

@ -76,16 +76,16 @@ git clone https://github.com/openresty/lua-nginx-module.git
export LUAJIT_LIB=/usr/local/lib
export LUAJIT_INC=/usr/local/include/luajit-2.1
# compile and install nginx
# compile and install dynamic modules
cd /tmp
VERSION="1.18.0"
wget https://nginx.org/download/nginx-${VERSION}.tar.gz
tar -xvzf nginx-${VERSION}.tar.gz
cd nginx-${VERSION}
./configure --prefix=/etc/nginx --sbin-path=/usr/sbin/nginx --conf-path=/etc/nginx/nginx.conf --pid-path=/run/nginx/nginx.pid --modules-path=/usr/lib/nginx/modules --with-file-aio --with-http_ssl_module --with-http_v2_module --with-http_realip_module --add-module=/tmp/ModSecurity-nginx --add-module=/tmp/headers-more-nginx-module --add-module=/tmp/ngx_http_geoip2_module --add-module=/tmp/nginx_cookie_flag_module --add-module=/tmp/lua-nginx-module
make -j $NTASK
make install
strip /usr/sbin/nginx
wget https://nginx.org/download/nginx-${NGINX_VERSION}.tar.gz
tar -xvzf nginx-${NGINX_VERSION}.tar.gz
cd nginx-$NGINX_VERSION
CONFARGS=$(nginx -V 2>&1 | sed -n -e 's/^.*arguments: //p')
CONFARGS=${CONFARGS/-Os -fomit-frame-pointer/-Os}
./configure $CONFARGS --add-dynamic-module=/tmp/ModSecurity-nginx --add-dynamic-module=/tmp/headers-more-nginx-module --add-dynamic-module=/tmp/ngx_http_geoip2_module --add-dynamic-module=/tmp/nginx_cookie_flag_module --add-dynamic-module=/tmp/lua-nginx-module
make -j $NTASK modules
cp ./objs/*.so /
# remove build dependencies
apk del build

8
confs/nginx.conf
View File

@ -1,5 +1,13 @@
# /etc/nginx/nginx.conf
# load dynamic modules
load_module /usr/local/nginx/modules/ngx_http_cookie_flag_filter_module.so;
load_module /usr/local/nginx/modules/ngx_http_geoip2_module.so;
load_module /usr/local/nginx/modules/ngx_http_headers_more_filter_module.so;
load_module /usr/local/nginx/modules/ngx_http_lua_module.so;
load_module /usr/local/nginx/modules/ngx_http_modsecurity_module.so;
load_module /usr/local/nginx/modules/ngx_stream_geoip2_module.so;
# run as daemon
daemon on;