use nginx:stable-alpine as base image
This commit is contained in:
parent
34254a09e9
commit
676571e4a4
|
@ -1,10 +1,13 @@
|
|||
FROM alpine
|
||||
FROM nginx:stable-alpine AS builder
|
||||
|
||||
COPY compile.sh /tmp/compile.sh
|
||||
RUN chmod +x /tmp/compile.sh && \
|
||||
/tmp/compile.sh && \
|
||||
rm -rf /tmp/*
|
||||
|
||||
FROM nginx:stable-alpine
|
||||
|
||||
COPY --from=builder /*.so /usr/local/nginx/modules/
|
||||
COPY entrypoint.sh /opt/entrypoint.sh
|
||||
COPY confs/ /opt/confs
|
||||
COPY scripts/ /opt/scripts
|
||||
|
@ -14,8 +17,7 @@ COPY lua/ /opt/lua
|
|||
|
||||
RUN apk --no-cache add php7-fpm certbot libstdc++ libmaxminddb geoip pcre yajl fail2ban clamav apache2-utils rsyslog openssl lua libgd && \
|
||||
chmod +x /opt/entrypoint.sh /opt/scripts/* && \
|
||||
mkdir /opt/entrypoint.d && \
|
||||
adduser -h /dev/null -g '' -s /sbin/nologin -D -H nginx
|
||||
mkdir /opt/entrypoint.d
|
||||
|
||||
VOLUME /www /http-confs /server-confs /modsec-confs /modsec-crs-confs
|
||||
|
||||
|
|
|
@ -1,10 +1,13 @@
|
|||
FROM amd64/alpine
|
||||
FROM amd64/nginx:stable-alpine AS builder
|
||||
|
||||
COPY compile.sh /tmp/compile.sh
|
||||
RUN chmod +x /tmp/compile.sh && \
|
||||
/tmp/compile.sh && \
|
||||
rm -rf /tmp/*
|
||||
|
||||
FROM amd64/nginx:stable-alpine
|
||||
|
||||
COPY --from=builder /*.so /usr/local/nginx/modules/
|
||||
COPY entrypoint.sh /opt/entrypoint.sh
|
||||
COPY confs/ /opt/confs
|
||||
COPY scripts/ /opt/scripts
|
||||
|
@ -14,8 +17,7 @@ COPY lua/ /opt/lua
|
|||
|
||||
RUN apk --no-cache add php7-fpm certbot libstdc++ libmaxminddb geoip pcre yajl fail2ban clamav apache2-utils rsyslog openssl lua libgd && \
|
||||
chmod +x /opt/entrypoint.sh /opt/scripts/* && \
|
||||
mkdir /opt/entrypoint.d && \
|
||||
adduser -h /dev/null -g '' -s /sbin/nologin -D -H nginx
|
||||
mkdir /opt/entrypoint.d
|
||||
|
||||
VOLUME /www /http-confs /server-confs /modsec-confs /modsec-crs-confs
|
||||
|
||||
|
|
|
@ -1,17 +1,17 @@
|
|||
FROM alpine AS builder
|
||||
FROM arm32v7/nginx:stable-alpine AS builder
|
||||
|
||||
ENV QEMU_URL https://github.com/balena-io/qemu/releases/download/v4.0.0%2Bbalena2/qemu-4.0.0.balena2-arm.tar.gz
|
||||
RUN apk add curl && curl -L ${QEMU_URL} | tar zxvf - -C . --strip-components 1
|
||||
|
||||
FROM arm32v7/alpine
|
||||
|
||||
COPY --from=builder qemu-arm-static /usr/bin
|
||||
|
||||
COPY compile.sh /tmp/compile.sh
|
||||
RUN chmod +x /tmp/compile.sh && \
|
||||
/tmp/compile.sh && \
|
||||
rm -rf /tmp/*
|
||||
|
||||
FROM arm32v7/nginx:stable-alpine
|
||||
|
||||
COPY --from=builder qemu-arm-static /usr/bin
|
||||
COPY --from=builder /*.so /usr/local/nginx/modules/
|
||||
COPY entrypoint.sh /opt/entrypoint.sh
|
||||
COPY confs/ /opt/confs
|
||||
COPY scripts/ /opt/scripts
|
||||
|
@ -21,8 +21,7 @@ COPY lua/ /opt/lua
|
|||
|
||||
RUN apk --no-cache add php7-fpm certbot libstdc++ libmaxminddb geoip pcre yajl fail2ban clamav apache2-utils rsyslog openssl lua libgd && \
|
||||
chmod +x /opt/entrypoint.sh /opt/scripts/* && \
|
||||
mkdir /opt/entrypoint.d && \
|
||||
adduser -h /dev/null -g '' -s /sbin/nologin -D -H nginx
|
||||
mkdir /opt/entrypoint.d
|
||||
|
||||
VOLUME /www /http-confs /server-confs /modsec-confs /modsec-crs-confs
|
||||
|
||||
|
|
|
@ -1,17 +1,17 @@
|
|||
FROM alpine AS builder
|
||||
FROM arm64v8/nginx:stable-alpine AS builder
|
||||
|
||||
ENV QEMU_URL https://github.com/balena-io/qemu/releases/download/v4.0.0%2Bbalena2/qemu-4.0.0.balena2-aarch64.tar.gz
|
||||
RUN apk add curl && curl -L ${QEMU_URL} | tar zxvf - -C . --strip-components 1
|
||||
|
||||
FROM arm64v8/alpine
|
||||
|
||||
COPY --from=builder qemu-aarch64-static /usr/bin
|
||||
|
||||
COPY compile.sh /tmp/compile.sh
|
||||
RUN chmod +x /tmp/compile.sh && \
|
||||
/tmp/compile.sh && \
|
||||
rm -rf /tmp/*
|
||||
|
||||
FROM arm64v8/nginx:stable-alpine
|
||||
|
||||
COPY --from=builder qemu-aarch64-static /usr/bin
|
||||
COPY --from=builder /*.so /usr/local/nginx/modules/
|
||||
COPY entrypoint.sh /opt/entrypoint.sh
|
||||
COPY confs/ /opt/confs
|
||||
COPY scripts/ /opt/scripts
|
||||
|
@ -21,8 +21,7 @@ COPY lua/ /opt/lua
|
|||
|
||||
RUN apk --no-cache add php7-fpm certbot libstdc++ libmaxminddb geoip pcre yajl fail2ban clamav apache2-utils rsyslog openssl lua libgd && \
|
||||
chmod +x /opt/entrypoint.sh /opt/scripts/* && \
|
||||
mkdir /opt/entrypoint.d && \
|
||||
adduser -h /dev/null -g '' -s /sbin/nologin -D -H nginx
|
||||
mkdir /opt/entrypoint.d
|
||||
|
||||
VOLUME /www /http-confs /server-confs /modsec-confs /modsec-crs-confs
|
||||
|
||||
|
|
|
@ -1,10 +1,13 @@
|
|||
FROM i386/alpine
|
||||
FROM i386/nginx:stable-alpine AS builder
|
||||
|
||||
COPY compile.sh /tmp/compile.sh
|
||||
RUN chmod +x /tmp/compile.sh && \
|
||||
/tmp/compile.sh && \
|
||||
rm -rf /tmp/*
|
||||
|
||||
FROM i386/nginx:stable-alpine
|
||||
|
||||
COPY --from=builder /*.so /usr/local/nginx/modules/
|
||||
COPY entrypoint.sh /opt/entrypoint.sh
|
||||
COPY confs/ /opt/confs
|
||||
COPY scripts/ /opt/scripts
|
||||
|
@ -14,8 +17,7 @@ COPY lua/ /opt/lua
|
|||
|
||||
RUN apk --no-cache add php7-fpm certbot libstdc++ libmaxminddb geoip pcre yajl fail2ban clamav apache2-utils rsyslog openssl lua libgd && \
|
||||
chmod +x /opt/entrypoint.sh /opt/scripts/* && \
|
||||
mkdir /opt/entrypoint.d && \
|
||||
adduser -h /dev/null -g '' -s /sbin/nologin -D -H nginx
|
||||
mkdir /opt/entrypoint.d
|
||||
|
||||
VOLUME /www /http-confs /server-confs /modsec-confs /modsec-crs-confs
|
||||
|
||||
|
|
18
compile.sh
18
compile.sh
|
@ -76,16 +76,16 @@ git clone https://github.com/openresty/lua-nginx-module.git
|
|||
export LUAJIT_LIB=/usr/local/lib
|
||||
export LUAJIT_INC=/usr/local/include/luajit-2.1
|
||||
|
||||
# compile and install nginx
|
||||
# compile and install dynamic modules
|
||||
cd /tmp
|
||||
VERSION="1.18.0"
|
||||
wget https://nginx.org/download/nginx-${VERSION}.tar.gz
|
||||
tar -xvzf nginx-${VERSION}.tar.gz
|
||||
cd nginx-${VERSION}
|
||||
./configure --prefix=/etc/nginx --sbin-path=/usr/sbin/nginx --conf-path=/etc/nginx/nginx.conf --pid-path=/run/nginx/nginx.pid --modules-path=/usr/lib/nginx/modules --with-file-aio --with-http_ssl_module --with-http_v2_module --with-http_realip_module --add-module=/tmp/ModSecurity-nginx --add-module=/tmp/headers-more-nginx-module --add-module=/tmp/ngx_http_geoip2_module --add-module=/tmp/nginx_cookie_flag_module --add-module=/tmp/lua-nginx-module
|
||||
make -j $NTASK
|
||||
make install
|
||||
strip /usr/sbin/nginx
|
||||
wget https://nginx.org/download/nginx-${NGINX_VERSION}.tar.gz
|
||||
tar -xvzf nginx-${NGINX_VERSION}.tar.gz
|
||||
cd nginx-$NGINX_VERSION
|
||||
CONFARGS=$(nginx -V 2>&1 | sed -n -e 's/^.*arguments: //p')
|
||||
CONFARGS=${CONFARGS/-Os -fomit-frame-pointer/-Os}
|
||||
./configure $CONFARGS --add-dynamic-module=/tmp/ModSecurity-nginx --add-dynamic-module=/tmp/headers-more-nginx-module --add-dynamic-module=/tmp/ngx_http_geoip2_module --add-dynamic-module=/tmp/nginx_cookie_flag_module --add-dynamic-module=/tmp/lua-nginx-module
|
||||
make -j $NTASK modules
|
||||
cp ./objs/*.so /
|
||||
|
||||
# remove build dependencies
|
||||
apk del build
|
||||
|
|
|
@ -1,5 +1,13 @@
|
|||
# /etc/nginx/nginx.conf
|
||||
|
||||
# load dynamic modules
|
||||
load_module /usr/local/nginx/modules/ngx_http_cookie_flag_filter_module.so;
|
||||
load_module /usr/local/nginx/modules/ngx_http_geoip2_module.so;
|
||||
load_module /usr/local/nginx/modules/ngx_http_headers_more_filter_module.so;
|
||||
load_module /usr/local/nginx/modules/ngx_http_lua_module.so;
|
||||
load_module /usr/local/nginx/modules/ngx_http_modsecurity_module.so;
|
||||
load_module /usr/local/nginx/modules/ngx_stream_geoip2_module.so;
|
||||
|
||||
# run as daemon
|
||||
daemon on;
|
||||
|
||||
|
|
Loading…
Reference in New Issue