-
Notifications
You must be signed in to change notification settings - Fork 3
/
Copy pathDockerfile
201 lines (193 loc) · 9.25 KB
/
Dockerfile
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
FROM ubuntu:20.04
LABEL maintainer="[email protected]"
# Define NGINX versions for NGINX Plus and NGINX Plus modules
# Uncomment this block and the versioned nginxPackages in the main RUN
# instruction to install a specific release
# https://docs.nginx.com/nginx/releases/
ENV NGINX_VERSION 24
# https://nginx.org/en/docs/njs/changes.html
ENV NJS_VERSION 0.5.2
# https://plus-pkgs.nginx.com
ENV PKG_RELEASE 1~focal
## Install Nginx Plus
# Download certificate and key from the customer portal https://account.f5.com/myf5
# and copy to the build context and set correct permissions
RUN mkdir -p /etc/ssl/nginx
COPY etc/ssl/nginx/nginx-repo.crt /etc/ssl/nginx/nginx-repo.crt
COPY etc/ssl/nginx/nginx-repo.key /etc/ssl/nginx/nginx-repo.key
RUN set -x \
&& chmod 644 /etc/ssl/nginx/* \
# Create nginx user/group first, to be consistent throughout Docker variants
&& addgroup --system --gid 1001 nginx \
&& adduser --system --disabled-login --ingroup nginx --no-create-home --home /nonexistent --gecos "nginx user" --shell /bin/false --uid 1001 nginx \
# Install prerequisite packages, vim for editing, then Install NGINX Plus
&& apt-get update && apt-get upgrade -y \
&& DEBIAN_FRONTEND=noninteractive apt-get -qq -y install --no-install-recommends apt-transport-https lsb-release ca-certificates wget dnsutils gnupg vim-tiny apt-utils \
# Install NGINX Plus from repo (https://cs.nginx.com/repo_setup)
&& wget http://nginx.org/keys/nginx_signing.key && apt-key add nginx_signing.key \
&& printf "deb https://plus-pkgs.nginx.com/ubuntu `lsb_release -cs` nginx-plus\n" | tee /etc/apt/sources.list.d/nginx-plus.list \
&& wget -P /etc/apt/apt.conf.d https://cs.nginx.com/static/files/90nginx \
&& apt-get update \
#
## Install the latest release of NGINX Plus and/or NGINX Plus modules
## Optionally use versioned packages over defaults to specify a release
# List available versions:
&& apt-cache policy nginx-plus \
## Uncomment one:
&& DEBIAN_FRONTEND=noninteractive apt-get -qq -y install --no-install-recommends nginx-plus \
# && DEBIAN_FRONTEND=noninteractive apt-get -qq -y install --no-install-recommends nginx-plus=${NGINX_VERSION}-${PKG_RELEASE} \
#
## Optional: Install NGINX Plus Dynamic Modules (3rd-party) from repo
## See https://www.nginx.com/products/nginx/modules
## Some modules include debug binaries, install module ending with "-dbg"
## Uncomment one:
## njs dynamic modules
#nginx-plus-module-njs \
#nginx-plus-module-dbg \
#nginx-plus-module-njs=${NGINX_VERSION}+${NJS_VERSION}-${PKG_RELEASE} \
#nginx-plus-module-njs-dbg=${NGINX_VERSION}+${NJS_VERSION}-${PKG_RELEASE} \
## NGINX high Availablity keepalived
#nginx-ha-keepalived \
## NGINX agent for New Relic \
#nginx-nr-agent \
## SPNEGO for Kerberos authentication
#nginx-plus-module-auth-spnego
#nginx-plus-module-auth-spnego-dbg
#nginx-plus-module-auth-spnego=${NGINX_VERSION}+${NJS_VERSION}-${PKG_RELEASE}
#nginx-plus-module-auth-spnego-dbg=${NGINX_VERSION}+${NJS_VERSION}-${PKG_RELEASE}
## brotli compression dynamic modules
#nginx-plus-module-brotli \
#nginx-plus-module-brotli-dbg \
#nginx-plus-module-brotli=${NGINX_VERSION}-${PKG_RELEASE} \
#nginx-plus-module-brotli-dbg=${NGINX_VERSION}-${PKG_RELEASE} \
## cookie flag dynamic module
#nginx-plus-module-cookie-flag \
#nginx-plus-module-cookie-flag-dbg
#nginx-plus-module-cookie-flag=${NGINX_VERSION}-${PKG_RELEASE} \
#nginx-plus-module-cookie-flag-dbg=${NGINX_VERSION}-${PKG_RELEASE} \
## Encrypted-Session dynamic module
#nginx-plus-module-encrypted-session \
#nginx-plus-module-encrypted-session=${NGINX_VERSION}-${PKG_RELEASE} \
#nginx-plus-module-encrypted-session-dbg \
#nginx-plus-module-encrypted-session-dbg=${NGINX_VERSION}-${PKG_RELEASE} \
## FIPS Check
#nginx-plus-module-fips-check \
#nginx-plus-module-fips-check-dbg \
#nginx-plus-module-fips-check=${NGINX_VERSION}-${PKG_RELEASE} \
#nginx-plus-module-fips-check-dbg=${NGINX_VERSION}-${PKG_RELEASE} \
## GeoIP dynamic modules
#nginx-plus-module-geoip \
#nginx-plus-module-geoip-dbg \
#nginx-plus-module-geoip=${NGINX_VERSION}-${PKG_RELEASE} \
#nginx-plus-module-geoip-dbg=${NGINX_VERSION}-${PKG_RELEASE} \
## GeoIP2 dynamic modules
#nginx-plus-module-geoip2 \
#nginx-plus-module-geoip2-dbg \
#nginx-plus-module-geoip2=${NGINX_VERSION}-${PKG_RELEASE} \
#nginx-plus-module-geoip2-dbg=${NGINX_VERSION}-${PKG_RELEASE} \
## headers-more dynamic module
#nginx-plus-module-headers-more \
#nginx-plus-module-headers-more-dbg \
#nginx-plus-module-headers-more=${NGINX_VERSION}-${PKG_RELEASE} \
#nginx-plus-module-headers-more-dbg=${NGINX_VERSION}-${PKG_RELEASE} \
## image filter dynamic module
#nginx-plus-module-image-filter \
#nginx-plus-module-image-filter-dbg \
#nginx-plus-module-image-filter=${NGINX_VERSION}-${PKG_RELEASE} \
#nginx-plus-module-image-filter-dbg=${NGINX_VERSION}-${PKG_RELEASE} \
## Lua dynamic module
#nginx-plus-module-lua \
#nginx-plus-module-lua-dbg \
#nginx-plus-module-lua=${NGINX_VERSION}-${PKG_RELEASE} \
#nginx-plus-module-lua-dbg=${NGINX_VERSION}-${PKG_RELEASE} \
## ModSecurity dynamic module
#nginx-plus-module-modsecurity \
#nginx-plus-module-modsecurity-dbg \
#nginx-plus-module-modsecurity=${NGINX_VERSION}-${PKG_RELEASE} \
#nginx-plus-module-modsecurity-dbg=${NGINX_VERSION}-${PKG_RELEASE} \
## Nginx Development Kit dynamic module
#nginx-plus-module-ndk \
#nginx-plus-module-ndk-dbg \
#nginx-plus-module-ndk=${NGINX_VERSION}-${PKG_RELEASE} \
#nginx-plus-module-ndk-dbg=${NGINX_VERSION}-${PKG_RELEASE} \
## OpenTracing dynamic module
#nginx-plus-module-opentracing \
#nginx-plus-module-opentracing-dbg \
#nginx-plus-module-opentracing=${NGINX_VERSION}-${PKG_RELEASE} \
#nginx-plus-module-opentracing-dbg=${NGINX_VERSION}-${PKG_RELEASE} \
## Phusion Passenger Open Source dynamic module
#nginx-plus-module-passenger \
#nginx-plus-module-passenger-dbg \
#nginx-plus-module-passenger=${NGINX_VERSION}-${PKG_RELEASE} \
#nginx-plus-module-passenger-dbg=${NGINX_VERSION}-${PKG_RELEASE} \
## Perl dynamic module
#nginx-plus-module-perl \
#nginx-plus-module-perl-dbg \
#nginx-plus-module-perl=${NGINX_VERSION}-${PKG_RELEASE} \
#nginx-plus-module-perl-dbg=${NGINX_VERSION}-${PKG_RELEASE} \
## Prometheus exporter NJS module
#nginx-plus-module-prometheus \
#nginx-plus-module-prometheus=${NGINX_VERSION}-${PKG_RELEASE} \
## RTMP dynamic module
#nginx-plus-module-rtmp \
#nginx-plus-module-rtmp-dbg \
#nginx-plus-module-rtmp=${NGINX_VERSION}-${PKG_RELEASE} \
#nginx-plus-module-rtmp-dbg=${NGINX_VERSION}-${PKG_RELEASE} \
## set-misc dynamic module
#nginx-plus-module-set-misc \
#nginx-plus-module-set-misc-dbg \
#nginx-plus-module-set-misc=${NGINX_VERSION}-${PKG_RELEASE} \
#nginx-plus-module-set-misc-dbg=${NGINX_VERSION}-${PKG_RELEASE} \
## HTTP Substitutions Filter dynamic module
#nginx-plus-module-subs-filter \
#nginx-plus-module-subs-filter-dbg \
#nginx-plus-module-subs-filter=${NGINX_VERSION}-${PKG_RELEASE} \
#nginx-plus-module-subs-filter-dbg=${NGINX_VERSION}-${PKG_RELEASE} \
## xslt dynamic module
#nginx-plus-module-xslt \
#nginx-plus-module-xslt-dbg \
#nginx-plus-module-xslt=${NGINX_VERSION}-${PKG_RELEASE} \
#nginx-plus-module-xslt-dbg=${NGINX_VERSION}-${PKG_RELEASE} \
## NGINX Sync Script nginx-sync.sh
#nginx-sync \
# Remove default nginx config
&& rm /etc/nginx/conf.d/default.conf \
# Optional: Create cache folder and set permissions for proxy caching
&& mkdir -p /var/cache/nginx \
&& chown -R nginx /var/cache/nginx \
# Optional: Create State file folder and set permissions
&& mkdir -p /var/lib/nginx/state \
&& chown -R nginx /var/lib/nginx/state \
# Set permissions
&& chown -R nginx:nginx /etc/nginx \
# Forward request and error logs to docker log collector
&& ln -sf /dev/stdout /var/log/nginx/access.log \
&& ln -sf /dev/stderr /var/log/nginx/error.log \
# Raise the limits to successfully run benchmarks
&& ulimit -c -m -s -t unlimited \
# Cleanup
&& apt-get remove --purge --auto-remove -y gnupg lsb-release apt-utils \
&& rm -rf /var/lib/apt/lists/* /etc/apt/sources.list.d/nginx-plus.list \
&& rm -rf /etc/apt/apt.conf.d/90nginx \
&& rm -rf nginx_signing.key \
# Remove the cert/keys from the image
&& rm /etc/ssl/nginx/nginx-repo.crt /etc/ssl/nginx/nginx-repo.key
# Optional: COPY over any of your SSL certs for HTTPS servers
# e.g.
COPY etc/ssl /etc/ssl
# COPY web content
COPY usr/share/nginx/html /usr/share/nginx/html
# COPY Nginx configuration directory
COPY etc/nginx /etc/nginx
RUN chown -R nginx:nginx /etc/nginx \
# Check imported NGINX config
&& nginx -t \
# Forward request logs to docker log collector
&& ln -sf /dev/stdout /var/log/nginx/access.log \
&& ln -sf /dev/stderr /var/log/nginx/error.log \
# **Remove the Nginx Plus cert/keys from the image**
&& rm /etc/ssl/nginx/nginx-repo.crt /etc/ssl/nginx/nginx-repo.key
# EXPOSE ports, HTTP 80, HTTPS 443 and, Nginx status page 8080
EXPOSE 80 443 8080
STOPSIGNAL SIGTERM
CMD ["nginx", "-g", "daemon off;"]