docker-nginx-ssl/Dockerfile

# SPDX-FileCopyrightText: 2018 - 2024 Daniel Wolf <nephatrine@gmail.com>
#
# SPDX-License-Identifier: ISC

# hadolint ignore=DL3007
FROM code.nephatrine.net/nephnet/nxb-alpine:latest AS builder

# hadolint ignore=DL3018
RUN apk add --no-cache gd-dev geoip-dev libatomic_ops-dev libxslt-dev pcre-dev

ARG NGINX_VERSION=release-1.25.4
RUN git -C /root clone -b "$NGINX_VERSION" --single-branch --depth=1 https://github.com/nginx/nginx.git
WORKDIR /root/nginx

RUN ./auto/configure \
  --prefix=/var/www \
  --sbin-path=/usr/sbin/nginx \
  --modules-path=/usr/lib/nginx/modules \
  --conf-path=/etc/nginx/nginx.conf \
  --error-log-path=/var/log/nginx/error.log \
  --pid-path=/var/run/nginx.pid \
  --lock-path=/var/run/nginx.lock \
  --user=guardian \
  --group=users \
  --with-threads \
  --with-file-aio \
  --with-http_ssl_module \
  --with-http_v2_module \
  --with-http_v3_module \
  --with-http_realip_module \
  --with-http_addition_module \
  --with-http_xslt_module=dynamic \
  --with-http_image_filter_module=dynamic \
  --with-http_geoip_module=dynamic \
  --with-http_sub_module \
  --with-http_dav_module \
  --with-http_mp4_module \
  --with-http_gunzip_module \
  --with-http_gzip_static_module \
  --with-http_auth_request_module \
  --with-http_random_index_module \
  --with-http_secure_link_module \
  --with-http_slice_module \
  --http-log-path=/var/log/nginx/access.log \
  --http-client-body-temp-path=/var/cache/nginx/client_body \
  --http-proxy-temp-path=/var/cache/nginx/proxy \
  --http-fastcgi-temp-path=/var/cache/nginx/fastcgi \
  --http-uwsgi-temp-path=/var/cache/nginx/uwsgi \
  --http-scgi-temp-path=/var/cache/nginx/scgi \
  --with-mail=dynamic \
  --with-mail_ssl_module \
  --with-stream=dynamic \
  --with-stream_ssl_module \
  --with-stream_realip_module \
  --with-stream_geoip_module=dynamic \
  --with-stream_ssl_preread_module \
  --with-compat \
  --with-pcre \
  --with-pcre-jit \
  --with-libatomic \
 && make -j$(( $(getconf _NPROCESSORS_ONLN) / 2 + 1 )) \
 && make -j$(( $(getconf _NPROCESSORS_ONLN) / 2 + 1 )) install

# ------------------------------

# hadolint ignore=DL3007
FROM code.nephatrine.net/nephnet/alpine-s6:latest
LABEL maintainer="Daniel Wolf <nephatrine@gmail.com>"

# hadolint ignore=DL3013,DL3018
RUN apk add --no-cache certbot geoip libgd libxslt pcre py3-pip \
 && pip3 install --no-cache-dir --break-system-packages zope.component \
 && mkdir -p /etc/nginx /usr/lib/nginx /var/cache/nginx /var/log/nginx /var/www \
 && rm -rf /tmp/* /var/tmp/*

COPY --from=builder /etc/nginx/ /etc/nginx/
COPY --from=builder /usr/lib/nginx/ /usr/lib/nginx/
COPY --from=builder /usr/sbin/nginx /usr/sbin/
COPY --from=builder /var/www/ /var/www/
COPY override /

EXPOSE 80/tcp 443/tcp 443/udp
migrate to docker buildx 2024-03-05 14:05:35 -05:00			`# SPDX-FileCopyrightText: 2018 - 2024 Daniel Wolf <nephatrine@gmail.com>`
update to v1.25.3 2023-10-25 10:58:37 -04:00			`#`
			`# SPDX-License-Identifier: ISC`

fix: keep hadolint satiated 2024-03-29 13:38:03 -04:00			`# hadolint ignore=DL3007`
refactor: rewrite ci workflows 2024-03-27 22:46:31 -04:00			`FROM code.nephatrine.net/nephnet/nxb-alpine:latest AS builder`
initial commit 2018-05-02 14:35:49 -04:00
fix: keep hadolint satiated 2024-03-29 13:38:03 -04:00			`# hadolint ignore=DL3018`
			`RUN apk add --no-cache gd-dev geoip-dev libatomic_ops-dev libxslt-dev pcre-dev`
split built into two steps 2022-03-03 17:18:34 -05:00
update to nginx v1.25.4 2024-02-28 11:00:53 -05:00			`ARG NGINX_VERSION=release-1.25.4`
use /root instead of HOME 2023-04-17 12:22:57 -04:00			`RUN git -C /root clone -b "$NGINX_VERSION" --single-branch --depth=1 https://github.com/nginx/nginx.git`
fix: keep hadolint satiated 2024-03-29 13:38:03 -04:00			`WORKDIR /root/nginx`
use multi-stage builds 2022-04-20 12:17:35 -04:00
fix: keep hadolint satiated 2024-03-29 13:38:03 -04:00			`RUN ./auto/configure \`
initial commit 2018-05-02 14:35:49 -04:00			`--prefix=/var/www \`
			`--sbin-path=/usr/sbin/nginx \`
			`--modules-path=/usr/lib/nginx/modules \`
			`--conf-path=/etc/nginx/nginx.conf \`
			`--error-log-path=/var/log/nginx/error.log \`
			`--pid-path=/var/run/nginx.pid \`
			`--lock-path=/var/run/nginx.lock \`
			`--user=guardian \`
			`--group=users \`
			`--with-threads \`
			`--with-file-aio \`
			`--with-http_ssl_module \`
			`--with-http_v2_module \`
build HTTP/3 module 2023-06-18 16:31:27 -04:00			`--with-http_v3_module \`
initial commit 2018-05-02 14:35:49 -04:00			`--with-http_realip_module \`
			`--with-http_addition_module \`
			`--with-http_xslt_module=dynamic \`
			`--with-http_image_filter_module=dynamic \`
			`--with-http_geoip_module=dynamic \`
			`--with-http_sub_module \`
			`--with-http_dav_module \`
			`--with-http_mp4_module \`
			`--with-http_gunzip_module \`
			`--with-http_gzip_static_module \`
			`--with-http_auth_request_module \`
			`--with-http_random_index_module \`
			`--with-http_secure_link_module \`
			`--with-http_slice_module \`
			`--http-log-path=/var/log/nginx/access.log \`
			`--http-client-body-temp-path=/var/cache/nginx/client_body \`
			`--http-proxy-temp-path=/var/cache/nginx/proxy \`
			`--http-fastcgi-temp-path=/var/cache/nginx/fastcgi \`
			`--http-uwsgi-temp-path=/var/cache/nginx/uwsgi \`
			`--http-scgi-temp-path=/var/cache/nginx/scgi \`
			`--with-mail=dynamic \`
			`--with-mail_ssl_module \`
			`--with-stream=dynamic \`
			`--with-stream_ssl_module \`
			`--with-stream_realip_module \`
			`--with-stream_geoip_module=dynamic \`
			`--with-stream_ssl_preread_module \`
			`--with-compat \`
			`--with-pcre \`
			`--with-pcre-jit \`
			`--with-libatomic \`
tailor number of make jobs to system 2023-06-30 19:07:35 -04:00			`&& make -j$(( $(getconf _NPROCESSORS_ONLN) / 2 + 1 )) \`
			`&& make -j$(( $(getconf _NPROCESSORS_ONLN) / 2 + 1 )) install`
use multi-stage builds 2022-04-20 12:17:35 -04:00
chore: just add a comment to separate build stages 2024-03-29 14:23:44 -04:00			`# ------------------------------`

fix: keep hadolint satiated 2024-03-29 13:38:03 -04:00			`# hadolint ignore=DL3007`
refactor: rewrite ci workflows 2024-03-27 22:46:31 -04:00			`FROM code.nephatrine.net/nephnet/alpine-s6:latest`
use multi-stage builds 2022-04-20 12:17:35 -04:00			`LABEL maintainer="Daniel Wolf <nephatrine@gmail.com>"`
first update in a long while 2021-04-26 16:42:32 -04:00
fix: keep hadolint satiated 2024-03-29 13:38:03 -04:00			`# hadolint ignore=DL3013,DL3018`
			`RUN apk add --no-cache certbot geoip libgd libxslt pcre py3-pip \`
			`&& pip3 install --no-cache-dir --break-system-packages zope.component \`
need --break-system-packages for newer alpine version 2024-02-28 11:17:38 -05:00			`&& mkdir -p /etc/nginx /usr/lib/nginx /var/cache/nginx /var/log/nginx /var/www \`
			`&& rm -rf /tmp/* /var/tmp/*`
use multi-stage builds 2022-04-20 12:17:35 -04:00
			`COPY --from=builder /etc/nginx/ /etc/nginx/`
			`COPY --from=builder /usr/lib/nginx/ /usr/lib/nginx/`
			`COPY --from=builder /usr/sbin/nginx /usr/sbin/`
			`COPY --from=builder /var/www/ /var/www/`
first update in a long while 2021-04-26 16:42:32 -04:00			`COPY override /`
use multi-stage builds 2022-04-20 12:17:35 -04:00
update EXPOSE 2023-06-18 22:06:17 -04:00			`EXPOSE 80/tcp 443/tcp 443/udp`