Skip to content

Commit bcf5e2b

Browse files
yrccondoryrccondor
committed
Update Dockerfile
1 parent e8643e0 commit bcf5e2b

File tree

1 file changed

+163
-164
lines changed

1 file changed

+163
-164
lines changed

Dockerfile

Lines changed: 163 additions & 164 deletions
Original file line numberDiff line numberDiff line change
@@ -1,165 +1,164 @@
1-
FROM alpine:3.9
2-
3-
LABEL maintainer="NGINX Docker Maintainers <[email protected]>"
4-
5-
ENV NGINX_VERSION 1.15.9
6-
7-
RUN GPG_KEYS=B0F4253373F8F6F510D42178520A9993A1C052F8 \
8-
&& CONFIG="\
9-
--add-module=../ngx_brotli \
10-
--with-openssl=../openssl-1.1.1b \
11-
--prefix=/etc/nginx \
12-
--sbin-path=/usr/sbin/nginx \
13-
--modules-path=/usr/lib/nginx/modules \
14-
--conf-path=/etc/nginx/nginx.conf \
15-
--error-log-path=/var/log/nginx/error.log \
16-
--http-log-path=/var/log/nginx/access.log \
17-
--pid-path=/var/run/nginx.pid \
18-
--lock-path=/var/run/nginx.lock \
19-
--http-client-body-temp-path=/var/cache/nginx/client_temp \
20-
--http-proxy-temp-path=/var/cache/nginx/proxy_temp \
21-
--http-fastcgi-temp-path=/var/cache/nginx/fastcgi_temp \
22-
--http-uwsgi-temp-path=/var/cache/nginx/uwsgi_temp \
23-
--http-scgi-temp-path=/var/cache/nginx/scgi_temp \
24-
--user=nginx \
25-
--group=nginx \
26-
--with-http_ssl_module \
27-
--with-http_realip_module \
28-
--with-http_addition_module \
29-
--with-http_sub_module \
30-
--with-http_dav_module \
31-
--with-http_flv_module \
32-
--with-http_mp4_module \
33-
--with-http_gunzip_module \
34-
--with-http_gzip_static_module \
35-
--with-http_random_index_module \
36-
--with-http_secure_link_module \
37-
--with-http_stub_status_module \
38-
--with-http_auth_request_module \
39-
--with-http_xslt_module=dynamic \
40-
--with-http_image_filter_module=dynamic \
41-
--with-http_geoip_module=dynamic \
42-
--with-threads \
43-
--with-stream \
44-
--with-stream_ssl_module \
45-
--with-stream_ssl_preread_module \
46-
--with-stream_realip_module \
47-
--with-stream_geoip_module=dynamic \
48-
--with-http_slice_module \
49-
--with-mail \
50-
--with-mail_ssl_module \
51-
--with-compat \
52-
--with-file-aio \
53-
--with-http_v2_module \
54-
" \
55-
&& addgroup -S nginx \
56-
&& adduser -D -S -h /var/cache/nginx -s /sbin/nologin -G nginx nginx \
57-
&& apk add --no-cache --virtual .build-deps \
58-
gcc \
59-
libc-dev \
60-
make \
61-
openssl-dev \
62-
pcre-dev \
63-
zlib-dev \
64-
linux-headers \
65-
curl \
66-
gnupg1 \
67-
libxslt-dev \
68-
gd-dev \
69-
geoip-dev \
70-
git \
71-
patch \
72-
&& curl -fSL https://nginx.org/download/nginx-$NGINX_VERSION.tar.gz -o nginx.tar.gz \
73-
&& curl -fSL https://nginx.org/download/nginx-$NGINX_VERSION.tar.gz.asc -o nginx.tar.gz.asc \
74-
&& curl -fSL https://www.openssl.org/source/openssl-1.1.1b.tar.gz -o openssl-1.1.1b.tar.gz \
75-
&& export GNUPGHOME="$(mktemp -d)" \
76-
&& found=''; \
77-
for server in \
78-
ha.pool.sks-keyservers.net \
79-
hkp://keyserver.ubuntu.com:80 \
80-
hkp://p80.pool.sks-keyservers.net:80 \
81-
pgp.mit.edu \
82-
; do \
83-
echo "Fetching GPG key $GPG_KEYS from $server"; \
84-
gpg --keyserver "$server" --keyserver-options timeout=10 --recv-keys "$GPG_KEYS" && found=yes && break; \
85-
done; \
86-
test -z "$found" && echo >&2 "error: failed to fetch GPG key $GPG_KEYS" && exit 1; \
87-
gpg --batch --verify nginx.tar.gz.asc nginx.tar.gz \
88-
&& rm -rf "$GNUPGHOME" nginx.tar.gz.asc \
89-
&& mkdir -p /usr/src \
90-
&& tar -zxC /usr/src -f nginx.tar.gz \
91-
&& tar -zxC /usr/src -f openssl-1.1.1b.tar.gz \
92-
&& rm -f nginx.tar.gz \
93-
&& rm -f openssl-1.1.1b.tar.gz \
94-
&& cd /usr/src \
95-
&& git clone https://github.com/hakasenyang/openssl-patch.git \
96-
&& cd openssl-1.1.1b \
97-
&& patch -p1 < ../openssl-patch/openssl-equal-1.1.1b_ciphers.patch \
98-
&& cd /usr/src \
99-
&& git clone https://github.com/google/ngx_brotli.git \
100-
&& cd ngx_brotli \
101-
&& git submodule init \
102-
&& git submodule update \
103-
&& cd /usr/src/nginx-$NGINX_VERSION \
104-
&& ./configure $CONFIG --with-debug \
105-
&& make -j$(getconf _NPROCESSORS_ONLN) \
106-
&& mv objs/nginx objs/nginx-debug \
107-
&& mv objs/ngx_http_xslt_filter_module.so objs/ngx_http_xslt_filter_module-debug.so \
108-
&& mv objs/ngx_http_image_filter_module.so objs/ngx_http_image_filter_module-debug.so \
109-
&& mv objs/ngx_http_geoip_module.so objs/ngx_http_geoip_module-debug.so \
110-
&& mv objs/ngx_stream_geoip_module.so objs/ngx_stream_geoip_module-debug.so \
111-
&& ./configure $CONFIG \
112-
&& make -j$(getconf _NPROCESSORS_ONLN) \
113-
&& make install \
114-
&& rm -rf /etc/nginx/html/ \
115-
&& mkdir /etc/nginx/conf.d/ \
116-
&& mkdir -p /usr/share/nginx/html/ \
117-
&& install -m644 html/index.html /usr/share/nginx/html/ \
118-
&& install -m644 html/50x.html /usr/share/nginx/html/ \
119-
&& install -m755 objs/nginx-debug /usr/sbin/nginx-debug \
120-
&& install -m755 objs/ngx_http_xslt_filter_module-debug.so /usr/lib/nginx/modules/ngx_http_xslt_filter_module-debug.so \
121-
&& install -m755 objs/ngx_http_image_filter_module-debug.so /usr/lib/nginx/modules/ngx_http_image_filter_module-debug.so \
122-
&& install -m755 objs/ngx_http_geoip_module-debug.so /usr/lib/nginx/modules/ngx_http_geoip_module-debug.so \
123-
&& install -m755 objs/ngx_stream_geoip_module-debug.so /usr/lib/nginx/modules/ngx_stream_geoip_module-debug.so \
124-
&& ln -s ../../usr/lib/nginx/modules /etc/nginx/modules \
125-
&& strip /usr/sbin/nginx* \
126-
&& strip /usr/lib/nginx/modules/*.so \
127-
&& rm -rf /usr/src/nginx-$NGINX_VERSION \
128-
&& rm -rf /usr/src/openssl-1.1.1b \
129-
&& rm -rf /usr/src/ngx_brotli \
130-
&& rm -rf /usr/src/openssl-patch \
131-
\
132-
# Bring in gettext so we can get `envsubst`, then throw
133-
# the rest away. To do this, we need to install `gettext`
134-
# then move `envsubst` out of the way so `gettext` can
135-
# be deleted completely, then move `envsubst` back.
136-
&& apk add --no-cache --virtual .gettext gettext \
137-
&& mv /usr/bin/envsubst /tmp/ \
138-
\
139-
&& runDeps="$( \
140-
scanelf --needed --nobanner --format '%n#p' /usr/sbin/nginx /usr/lib/nginx/modules/*.so /tmp/envsubst \
141-
| tr ',' '\n' \
142-
| sort -u \
143-
| awk 'system("[ -e /usr/local/lib/" $1 " ]") == 0 { next } { print "so:" $1 }' \
144-
)" \
145-
&& apk add --no-cache --virtual .nginx-rundeps $runDeps \
146-
&& apk del .build-deps \
147-
&& apk del .gettext \
148-
&& mv /tmp/envsubst /usr/local/bin/ \
149-
\
150-
# Bring in tzdata so users could set the timezones through the environment
151-
# variables
152-
&& apk add --no-cache tzdata \
153-
\
154-
# forward request and error logs to docker log collector
155-
&& ln -sf /dev/stdout /var/log/nginx/access.log \
156-
&& ln -sf /dev/stderr /var/log/nginx/error.log
157-
158-
COPY nginx.conf /etc/nginx/nginx.conf
159-
COPY nginx.vh.default.conf /etc/nginx/conf.d/default.conf
160-
161-
EXPOSE 80
162-
163-
STOPSIGNAL SIGTERM
164-
1+
FROM alpine:3.9
2+
3+
LABEL maintainer="NGINX Docker Maintainers <[email protected]>"
4+
5+
ENV NGINX_VERSION 1.15.9
6+
7+
RUN GPG_KEYS=B0F4253373F8F6F510D42178520A9993A1C052F8 \
8+
&& CONFIG="\
9+
--add-module=../ngx_brotli \
10+
--with-openssl=../openssl-1.1.1b \
11+
--prefix=/etc/nginx \
12+
--sbin-path=/usr/sbin/nginx \
13+
--modules-path=/usr/lib/nginx/modules \
14+
--conf-path=/etc/nginx/nginx.conf \
15+
--error-log-path=/var/log/nginx/error.log \
16+
--http-log-path=/var/log/nginx/access.log \
17+
--pid-path=/var/run/nginx.pid \
18+
--lock-path=/var/run/nginx.lock \
19+
--http-client-body-temp-path=/var/cache/nginx/client_temp \
20+
--http-proxy-temp-path=/var/cache/nginx/proxy_temp \
21+
--http-fastcgi-temp-path=/var/cache/nginx/fastcgi_temp \
22+
--http-uwsgi-temp-path=/var/cache/nginx/uwsgi_temp \
23+
--http-scgi-temp-path=/var/cache/nginx/scgi_temp \
24+
--user=nginx \
25+
--group=nginx \
26+
--with-http_ssl_module \
27+
--with-http_realip_module \
28+
--with-http_addition_module \
29+
--with-http_sub_module \
30+
--with-http_dav_module \
31+
--with-http_flv_module \
32+
--with-http_mp4_module \
33+
--with-http_gunzip_module \
34+
--with-http_gzip_static_module \
35+
--with-http_random_index_module \
36+
--with-http_secure_link_module \
37+
--with-http_stub_status_module \
38+
--with-http_auth_request_module \
39+
--with-http_xslt_module=dynamic \
40+
--with-http_image_filter_module=dynamic \
41+
--with-http_geoip_module=dynamic \
42+
--with-threads \
43+
--with-stream \
44+
--with-stream_ssl_module \
45+
--with-stream_ssl_preread_module \
46+
--with-stream_realip_module \
47+
--with-stream_geoip_module=dynamic \
48+
--with-http_slice_module \
49+
--with-mail \
50+
--with-mail_ssl_module \
51+
--with-compat \
52+
--with-file-aio \
53+
--with-http_v2_module \
54+
" \
55+
&& addgroup -S nginx \
56+
&& adduser -D -S -h /var/cache/nginx -s /sbin/nologin -G nginx nginx \
57+
&& apk add --no-cache --virtual .build-deps \
58+
gcc \
59+
libc-dev \
60+
make \
61+
openssl-dev \
62+
pcre-dev \
63+
zlib-dev \
64+
linux-headers \
65+
curl \
66+
gnupg1 \
67+
libxslt-dev \
68+
gd-dev \
69+
geoip-dev \
70+
git \
71+
patch \
72+
&& curl -fSL https://nginx.org/download/nginx-$NGINX_VERSION.tar.gz -o nginx.tar.gz \
73+
&& curl -fSL https://nginx.org/download/nginx-$NGINX_VERSION.tar.gz.asc -o nginx.tar.gz.asc \
74+
&& curl -fSL https://www.openssl.org/source/openssl-1.1.1b.tar.gz -o openssl-1.1.1b.tar.gz \
75+
&& export GNUPGHOME="$(mktemp -d)" \
76+
&& found=''; \
77+
for server in \
78+
ha.pool.sks-keyservers.net \
79+
hkp://keyserver.ubuntu.com:80 \
80+
hkp://p80.pool.sks-keyservers.net:80 \
81+
pgp.mit.edu \
82+
; do \
83+
echo "Fetching GPG key $GPG_KEYS from $server"; \
84+
gpg --keyserver "$server" --keyserver-options timeout=10 --recv-keys "$GPG_KEYS" && found=yes && break; \
85+
done; \
86+
test -z "$found" && echo >&2 "error: failed to fetch GPG key $GPG_KEYS" && exit 1; \
87+
gpg --batch --verify nginx.tar.gz.asc nginx.tar.gz \
88+
&& rm -rf "$GNUPGHOME" nginx.tar.gz.asc \
89+
&& mkdir -p /usr/src \
90+
&& tar -zxC /usr/src -f nginx.tar.gz \
91+
&& tar -zxC /usr/src -f openssl-1.1.1b.tar.gz \
92+
&& rm -f nginx.tar.gz \
93+
&& rm -f openssl-1.1.1b.tar.gz \
94+
&& cd /usr/src \
95+
&& git clone https://github.com/hakasenyang/openssl-patch.git \
96+
&& cd openssl-1.1.1b \
97+
&& patch -p1 < ../openssl-patch/openssl-equal-1.1.1b_ciphers.patch \
98+
&& cd /usr/src \
99+
&& git clone https://github.com/google/ngx_brotli.git \
100+
&& cd ngx_brotli \
101+
&& git submodule update --init \
102+
&& cd /usr/src/nginx-$NGINX_VERSION \
103+
&& ./configure $CONFIG --with-debug \
104+
&& make -j$(getconf _NPROCESSORS_ONLN) \
105+
&& mv objs/nginx objs/nginx-debug \
106+
&& mv objs/ngx_http_xslt_filter_module.so objs/ngx_http_xslt_filter_module-debug.so \
107+
&& mv objs/ngx_http_image_filter_module.so objs/ngx_http_image_filter_module-debug.so \
108+
&& mv objs/ngx_http_geoip_module.so objs/ngx_http_geoip_module-debug.so \
109+
&& mv objs/ngx_stream_geoip_module.so objs/ngx_stream_geoip_module-debug.so \
110+
&& ./configure $CONFIG \
111+
&& make -j$(getconf _NPROCESSORS_ONLN) \
112+
&& make install \
113+
&& rm -rf /etc/nginx/html/ \
114+
&& mkdir /etc/nginx/conf.d/ \
115+
&& mkdir -p /usr/share/nginx/html/ \
116+
&& install -m644 html/index.html /usr/share/nginx/html/ \
117+
&& install -m644 html/50x.html /usr/share/nginx/html/ \
118+
&& install -m755 objs/nginx-debug /usr/sbin/nginx-debug \
119+
&& install -m755 objs/ngx_http_xslt_filter_module-debug.so /usr/lib/nginx/modules/ngx_http_xslt_filter_module-debug.so \
120+
&& install -m755 objs/ngx_http_image_filter_module-debug.so /usr/lib/nginx/modules/ngx_http_image_filter_module-debug.so \
121+
&& install -m755 objs/ngx_http_geoip_module-debug.so /usr/lib/nginx/modules/ngx_http_geoip_module-debug.so \
122+
&& install -m755 objs/ngx_stream_geoip_module-debug.so /usr/lib/nginx/modules/ngx_stream_geoip_module-debug.so \
123+
&& ln -s ../../usr/lib/nginx/modules /etc/nginx/modules \
124+
&& strip /usr/sbin/nginx* \
125+
&& strip /usr/lib/nginx/modules/*.so \
126+
&& rm -rf /usr/src/nginx-$NGINX_VERSION \
127+
&& rm -rf /usr/src/openssl-1.1.1b \
128+
&& rm -rf /usr/src/ngx_brotli \
129+
&& rm -rf /usr/src/openssl-patch \
130+
\
131+
# Bring in gettext so we can get `envsubst`, then throw
132+
# the rest away. To do this, we need to install `gettext`
133+
# then move `envsubst` out of the way so `gettext` can
134+
# be deleted completely, then move `envsubst` back.
135+
&& apk add --no-cache --virtual .gettext gettext \
136+
&& mv /usr/bin/envsubst /tmp/ \
137+
\
138+
&& runDeps="$( \
139+
scanelf --needed --nobanner --format '%n#p' /usr/sbin/nginx /usr/lib/nginx/modules/*.so /tmp/envsubst \
140+
| tr ',' '\n' \
141+
| sort -u \
142+
| awk 'system("[ -e /usr/local/lib/" $1 " ]") == 0 { next } { print "so:" $1 }' \
143+
)" \
144+
&& apk add --no-cache --virtual .nginx-rundeps $runDeps \
145+
&& apk del .build-deps \
146+
&& apk del .gettext \
147+
&& mv /tmp/envsubst /usr/local/bin/ \
148+
\
149+
# Bring in tzdata so users could set the timezones through the environment
150+
# variables
151+
&& apk add --no-cache tzdata \
152+
\
153+
# forward request and error logs to docker log collector
154+
&& ln -sf /dev/stdout /var/log/nginx/access.log \
155+
&& ln -sf /dev/stderr /var/log/nginx/error.log
156+
157+
COPY nginx.conf /etc/nginx/nginx.conf
158+
COPY nginx.vh.default.conf /etc/nginx/conf.d/default.conf
159+
160+
EXPOSE 80
161+
162+
STOPSIGNAL SIGTERM
163+
165164
CMD ["nginx", "-g", "daemon off;"]

0 commit comments

Comments
 (0)