407 lines
18 KiB
Docker
Raw Normal View History

2024-07-27 18:47:35 +03:00
##################################################################
##################################################################
##################################################################
# Temp Build Layer
##################################################################
##################################################################
##################################################################
FROM epicmorg/debian:bookworm-develop AS build
LABEL maintainer="EpicMorg DevTeam, developer@epicm.org"
ARG DEBIAN_FRONTEND=noninteractive
##################################################################
# Nginx
##################################################################
ENV NGINX_VERSION=1.27.0
ENV NGINX_DIR=${EMG_LOCAL_BASE_DIR}/nginx/${NGINX_VERSION}
ENV NGINX_BIN_DIR=${NGINX_SBIN_DIR}
ENV NGINX_CONF_DIR=/etc/nginx
ENV NGINX_MODULES_DIR=${NGINX_CONF_DIR}/modules
ENV NGINX_MODULES_PERL_DIR=${NGINX_CONF_DIR}/modules-perl
ENV NGINX_SBIN_DIR=${NGINX_DIR}/sbin
ENV NGINX_CACHE_DIR=/var/cache/nginx
ENV NGINX_LOGS_DIR=/var/log/nginx
ENV NGINX_LOCK_DIR=/var/lock/nginx
ENV NGINX_LOCK=${NGINX_LOCK_DIR}/nginx.lock
ENV NGINX_HTML_DIR=${NGINX_DIR}/html
ENV NGINX_PID_DIR=/var/run/nginx
ENV NGINX_PID=${NGINX_PID_DIR}/nginx.pid
ENV NGINX_SRC_DIR=${NGINX_DIR}/src
ARG NGINX_DOWNLOAD_URL=http://nginx.org/download/nginx-${NGINX_VERSION}.tar.gz
ARG NGINX_TEMP=/tmp/nginx-${NGINX_VERSION}.tar.gz
ARG NGINX_TEMP_SRC=/tmp/nginx-${NGINX_VERSION}
# NJS
ENV NJS_VERSION=0.8.5
ARG NJS_DOWNLOAD_URL=https://github.com/nginx/njs
##################################################################
# Prepare zlib
##################################################################
WORKDIR ${ZLIB_SRC_DIR}
RUN ./configure \
--static \
--prefix=${ZLIB_DIR}
##################################################################
# Prepare pcre2
##################################################################
WORKDIR ${PCRE_SRC_DIR}
RUN ./configure --prefix=${PCRE_DIR} \
--disable-silent-rules \
--disable-shared \
--enable-static \
--enable-rebuild-chartables \
--enable-pcre2-8 \
--enable-pcre2-16 \
--enable-pcre2-32 \
--enable-jit \
--enable-newline-is-cr \
--enable-newline-is-lf \
--enable-newline-is-anycrlf \
--enable-newline-is-any \
--enable-newline-is-nul \
--enable-bsr-anycrlf \
--enable-pcre2grep-libz \
--enable-pcre2grep-libbz2 \
--enable-pcre2test-libedit \
--enable-unicode \
--enable-valgrind \
--enable-fuzz-support \
--enable-diff-fuzz-support
##################################################################
# Prepare openssl
##################################################################
WORKDIR ${OPENSSL_33_SRC_DIR}
RUN ./config \
no-shared \
zlib \
--with-zlib-include=${ZLIB_DIR}/include \
--with-zlib-lib=${ZLIB_DIR}/lib \
--with-zstd-include=${ZSTD_DIR}/include \
--with-zstd-lib=${ZSTD_DIR}/lib \
enable-ktls \
enable-ec_nistp_64_gcc_128 \
enable-egd \
enable-fips \
enable-ssl-trace\
enable-trace \
threads \
sctp \
--release \
--prefix=${OPENSSL_33_DIR} && \
cp -rfv ${OPENSSL_33_INC_DIR}/* /usr/local/include && \
cp -rfv ${OPENSSL_33_LIB_DIR}/* /usr/local/lib
##################################################################
# Prepare IP2Location-C-Library
##################################################################
WORKDIR ${IP2LOC_SRC_DIR}
RUN autoreconf -i -v --force && \
aclocal && \
automake --gnu --add-missing && \
autoconf && \
autoreconf -i -v --force && \
./configure \
--prefix=${IP2LOC_DIR} \
--disable-silent-rules \
--disable-shared \
--enable-static
##################################################################
# Prepare Nginx
##################################################################
RUN mkdir -p ${NGINX_DIR} ${NGINX_SRC_DIR}
ADD ${NGINX_DOWNLOAD_URL} /tmp
WORKDIR ${NGINX_TEMP_SRC}
RUN tar -xf ${NGINX_TEMP} --directory /tmp && \
#
git clone --depth 1 --branch ${NJS_VERSION} ${NJS_DOWNLOAD_URL} modules/nginx-njs && \
#
git clone https://github.com/openresty/headers-more-nginx-module modules/http-headers-more-filter && \
git clone https://github.com/sto/ngx_http_auth_pam_module modules/http-auth-pam && \
git clone https://github.com/openresty/lua-nginx-module modules/http-lua && \
git clone https://github.com/chrislim2888/ip2location-nginx modules/ip2location-nginx && \
git clone https://github.com/leev/ngx_http_geoip2_module modules/http-geoip2 && \
#
git clone https://github.com/arut/nginx-dav-ext-module modules/http-dav-ext && \
git clone https://github.com/openresty/echo-nginx-module modules/http-echo && \
git clone https://github.com/aperezdc/ngx-fancyindex modules/http-fancyindex && \
git clone https://github.com/slact/nchan modules/nchan && \
git clone https://github.com/masterzen/nginx-upload-progress-module modules/http-uploadprogress && \
git clone https://github.com/yaoweibin/ngx_http_substitutions_filter_module modules/http-subs-filter && \
git clone https://github.com/grahamedgecombe/nginx-ct modules/ssl-ct && \
git clone https://github.com/stnoonan/spnego-http-auth-nginx-module modules/spnego-http-auth-nginx-module && \
git clone https://github.com/flavioribeiro/nginx-audio-track-for-hls-module modules/nginx-audio-track-for-hls-module && \
git clone https://github.com/kaltura/nginx-vod-module modules/nginx-vod-module && \
git clone https://github.com/vozlt/nginx-module-vts modules/nginx-module-vts && \
git clone https://github.com/evanmiller/mod_zip modules/mod-zip && \
git clone https://github.com/alibaba/nginx-http-user-agent modules/nginx-http-user-agent && \
git clone https://github.com/youzee/nginx-unzip-module modules/nginx-unzip-module && \
git clone https://github.com/vladbondarenko/ngx_webp modules/ngx-webp && \
git clone https://github.com/openresty/xss-nginx-module modules/xss-nginx-module && \
git clone https://github.com/openresty/set-misc-nginx-module modules/set-misc-nginx-module && \
git clone https://github.com/arut/nginx-rtmp-module modules/rtmp && \
git clone https://github.com/kvspb/nginx-auth-ldap modules/http-auth-ldap && \
git clone https://github.com/simplresty/ngx_devel_kit modules/http-ndk && \
git clone https://github.com/itoffshore/nginx-upstream-fair modules/http-upstream-fair && \
git clone https://github.com/yaoweibin/nginx_upstream_check_module modules/nginx-upstream-check-module
RUN cp -rf ${NGINX_TEMP_SRC}/* ${NGINX_SRC_DIR} && \
cp -rfv /usr/local/share/epicmorg/libxml2/2.13.2/include/libxml2/libxml/* /usr/include && \
cp -rfv /usr/local/share/epicmorg/libxslt/1.1.42/include/libexslt/* /usr/include && \
cp -rfv /usr/local/share/epicmorg/libxslt/1.1.42/include/libxslt/* /usr/include && \
cp -rfv /usr/local/share/epicmorg/luajit2/2.1/include/luajit-2.1/* /usr/include && \
cp -rfv /usr/local/share/epicmorg/gperftools/2.15/include/google/* /usr/include && \
cp -rfv /usr/local/share/epicmorg/gperftools/2.15/include/gperftools/* /usr/include && \
cp -rfv /usr/local/share/epicmorg/libgd/2.3.3/include/* /usr/include && \
cp -rfv /usr/local/share/epicmorg/libxml2/2.13.2/lib/* /usr/lib && \
cp -rfv /usr/local/share/epicmorg/libxslt/1.1.42/lib/* /usr/lib && \
cp -rfv /usr/local/share/epicmorg/luajit2/2.1/lib/* /usr/lib && \
cp -rfv /usr/local/share/epicmorg/libgd/2.3.3/lib/* /usr/lib && \
cp -rfv /usr/local/share/epicmorg/gperftools/2.15/lib/* /usr/lib && \
cp -rfv /usr/local/share/epicmorg/geoip/1.6.12/lib/* /usr/lib && \
ldconfig && \
2024-07-27 18:47:35 +03:00
./configure \
--user=www-data \
--group=www-data \
--prefix=${NGINX_DIR} \
--sbin-path=${NGINX_SBIN_DIR}/nginx \
--conf-path=${NGINX_CONF_DIR}/nginx.conf \
--http-log-path=${NGINX_LOGS_DIR}/access.log \
--error-log-path=${NGINX_LOGS_DIR}/error.log \
--modules-path=${NGINX_MODULES_DIR} \
--with-perl_modules_path=${NGINX_MODULES_PERL_DIR} \
--lock-path=${NGINX_LOCK} \
--pid-path=${NGINX_PID} \
--http-client-body-temp-path=${NGINX_CACHE_DIR}/body \
--http-fastcgi-temp-path=${NGINX_CACHE_DIR}/fastcgi \
--http-proxy-temp-path=${NGINX_CACHE_DIR}/proxy \
--http-scgi-temp-path=${NGINX_CACHE_DIR}/scgi \
--http-uwsgi-temp-path=${NGINX_CACHE_DIR}/uwsgi \
--with-cc-opt="-I/usr/local/share/epicmorg/ip2location/8.7.0/include \
-I/usr/local/share/epicmorg/libxml2/2.13.2/include/libxml2/libxml \
-I/usr/local/share/epicmorg/libxslt/1.1.42/include/libexslt \
-I/usr/local/share/epicmorg/libxslt/1.1.42/include/libxslt \
-I/usr/local/share/epicmorg/luajit2/2.1/include/luajit-2.1 \
-I/usr/local/share/epicmorg/libgd/2.3.3/include \
-I/usr/local/share/epicmorg/gperftools/2.15/include/google \
-I/usr/local/share/epicmorg/gperftools/2.15/include/gperftools \
-I/usr/local/share/epicmorg/geoip/1.6.12/include \
-static -g -O2 -lz -fPIC -Wdate-time -D_FORTIFY_SOURCE=2 -fstack-protector-strong \
-Wno-error=unused-but-set-variable -Wformat -Wno-error=date-time -Wno-error=implicit-fallthrough \
-Wno-error=cast-function-type -Wno-error=format-security -Wno-error=implicit-function-declaration \
-Wno-error=deprecated-declarations -Wno-error=unused-result" \
--with-ld-opt="-L/usr/local/share/epicmorg/ip2location/8.7.0/lib \
-L/usr/local/share/epicmorg/libxml2/2.13.2/lib \
-L/usr/local/share/epicmorg/libxslt/1.1.42/lib \
-L/usr/local/share/epicmorg/luajit2/2.1/lib \
-L/usr/local/share/epicmorg/libgd/2.3.3/lib \
-L/usr/local/share/epicmorg/gperftools/2.15/lib \
-L/usr/local/share/epicmorg/geoip/1.6.12/lib \
-static -Wl,-z,relro -Wl,-z,now -lz -fPIC" \
2024-07-27 18:47:35 +03:00
--with-pcre=${PCRE_SRC_DIR} \
--with-pcre-jit \
--with-zlib=${ZLIB_SRC_DIR} \
--with-zlib-opt="--static" \
--with-libatomic \
--with-openssl=${OPENSSL_33_SRC_DIR} \
--with-openssl-opt="no-shared zlib --with-zlib-include=${ZLIB_INC_DIR} --with-zlib-lib=${ZLIB_LIB_DIR} --with-zstd-include=${ZSTD_INC_DIR} --with-zstd-lib=${ZSTD_LIB_DIR} enable-ktls enable-ec_nistp_64_gcc_128 enable-egd enable-fips enable-ssl-trace enable-trace threads sctp --release" \
--with-threads \
--with-file-aio \
--with-compat \
--with-select_module \
--with-poll_module \
--without-quic_bpf_module \
--with-http_ssl_module \
--with-http_v2_module \
--with-http_v3_module \
--with-http_realip_module \
--with-http_addition_module \
--with-http_geoip_module \
--with-http_sub_module \
--with-http_dav_module \
--with-http_flv_module \
--with-http_mp4_module \
--with-http_gunzip_module \
--with-http_gzip_static_module \
--with-http_auth_request_module \
--with-http_random_index_module \
--with-http_secure_link_module \
--with-http_degradation_module \
--with-http_slice_module \
--with-http_stub_status_module \
--with-mail \
--with-mail_ssl_module \
--with-stream \
--with-stream_ssl_module \
--with-stream_realip_module \
--with-stream_geoip_module \
--with-stream_ssl_preread_module \
--with-cpp_test_module \
--add-module=modules/http-headers-more-filter \
--add-module=modules/nginx-http-user-agent \
--add-module=modules/http-ndk \
--add-module=modules/http-echo \
--add-module=modules/http-fancyindex \
--add-module=modules/nchan \
--add-module=modules/http-uploadprogress \
--add-module=modules/http-subs-filter \
--add-module=modules/mod-zip \
--add-module=modules/http-geoip2 \
2024-07-28 01:48:50 +03:00
--add-module=modules/nginx-vod-module \
--add-module=modules/ngx-webp \
--add-module=modules/set-misc-nginx-module \
--add-module=modules/rtmp \
--add-module=modules/http-upstream-fair \
--add-module=modules/nginx-upstream-check-module \
2024-07-27 18:47:35 +03:00
## xslt fuck
## --with-http_xslt_module \
## xslt fuck
## --add-module=modules/nginx-njs/nginx \
## lua fuck
## --add-module=modules/http-lua \
## ip2location fuck
## --add-module=modules/ip2location-nginx \
## xslt fuck
## --add-module=modules/http-dav-ext \
## gd fuck
## --with-http_image_filter_module \
## perftools fuck
2024-07-30 23:31:58 +03:00
## --with-google_perftools_module \
2024-07-27 18:47:35 +03:00
## perl problem fuck
## --with-http_perl_module \
##
## --with-perl_modules_path=${NGINX_MODULES_PERL_DIR} \
## some compile fuck
## --add-module=modules/http-auth-pam \
## some compile fuck
## --add-module=modules/nginx-audio-track-for-hls-module \
## some compile fuck
## --add-module=modules/nginx-module-vts \
## some compile fuck
## --add-module=modules/nginx-unzip-module \
2024-07-28 01:48:50 +03:00
## some compile fuck
## --add-module=modules/spnego-http-auth-nginx-module \
2024-07-27 18:47:35 +03:00
## ssl outdated compile fuck
##--add-module=modules/ssl-ct \
2024-07-28 01:48:50 +03:00
## undefined reference to `sasl_getprop'
## --add-module=modules/http-auth-ldap \
2024-07-27 18:47:35 +03:00
&& \
2024-07-30 23:31:58 +03:00
make -j$(nproc) && \
make -j$(nproc) install
2024-07-27 18:47:35 +03:00
RUN rm -rfv ${NGINX_CONF_DIR}/nginx.conf && \
mkdir -p ${NGINX_MODULES_DIR} ${NGINX_MODULES_PERL_DIR}
##################################################################
# cleanup
##################################################################
RUN echo "clean up" && \
apt-get clean -y && \
apt-get autoclean -y && \
rm -rfv /var/lib/apt/lists/* && \
rm -rfv /tmp/* && \
rm -rfv /var/cache/apt/archives/*.deb
2024-07-28 01:48:50 +03:00
RUN updatedb
2024-07-27 18:47:35 +03:00
##################################################################
##################################################################
##################################################################
# Main Final Layer
##################################################################
##################################################################
##################################################################
FROM epicmorg/debian:bookworm
ENV NGINX_VERSION=1.27.0
ENV NGINX_DIR=${EMG_LOCAL_BASE_DIR}/nginx/${NGINX_VERSION}
ENV NGINX_BIN_DIR=${NGINX_SBIN_DIR}
ENV NGINX_CONF_DIR=/etc/nginx
ENV NGINX_MODULES_DIR=${NGINX_CONF_DIR}/modules
ENV NGINX_MODULES_PERL_DIR=${NGINX_CONF_DIR}/modules-perl
ENV NGINX_SBIN_DIR=${NGINX_DIR}/sbin
ENV NGINX_CACHE_DIR=/var/cache/nginx
ENV NGINX_LOGS_DIR=/var/log/nginx
ENV NGINX_LOCK_DIR=/var/lock/nginx
ENV NGINX_LOCK=${NGINX_LOCK_DIR}/nginx.lock
ENV NGINX_HTML_DIR=${NGINX_DIR}/html
ENV NGINX_PID_DIR=/var/run/nginx
ENV NGINX_PID=${NGINX_PID_DIR}/nginx.pid
ENV NGINX_SRC_DIR=${NGINX_DIR}/src
##################################################################
# Copy compilled nginx from dev stage and prepare
##################################################################
COPY --from=build ${NGINX_CONF_DIR} ${NGINX_CONF_DIR}
COPY --from=build ${NGINX_DIR} ${NGINX_DIR}
COPY etc /etc
RUN mkdir -p \
${NGINX_CONF_DIR}/sites-enabled \
${NGINX_CONF_DIR}/modules-enabled \
${NGINX_LOCK_DIR} \
${NGINX_LOGS_DIR} \
${NGINX_PID_DIR} \
/var/www \
2024-07-27 18:47:35 +03:00
&& \
mv ${NGINX_HTML_DIR} /var/www/ &\
2024-07-27 18:47:35 +03:00
ln -sfv /etc/ssl/dhparam.pem ${NGINX_CONF_DIR}/dhparam.pem && \
ln -sfv ${NGINX_MODULES_DIR} ${NGINX_DIR}/modules && \
ln -sfv ${NGINX_MODULES_PERL_DIR} ${NGINX_DIR}/modules-perl && \
ln -sfv ${NGINX_CACHE_DIR} ${NGINX_DIR}/cache && \
ln -sfv ${NGINX_LOGS_DIR} ${NGINX_DIR}/logs && \
2024-07-28 01:48:50 +03:00
ln -sfv /dev/stdout /var/log/nginx/access.log && \
ln -sfv /dev/stderr /var/log/nginx/error.log && \
2024-07-27 18:47:35 +03:00
ln -sfv /var/lock/nginx ${NGINX_DIR}/lock && \
ln -sfv /var/run/nginx ${NGINX_DIR}/run && \
ln -sfv /var/www/html ${NGINX_HTML_DIR} && \
ln -sfv ${NGINX_DIR} /usr/share/nginx
2024-07-27 18:47:35 +03:00
##################################################################
# Add nginx to $PATH
##################################################################
ENV PATH="${NGINX_SBIN_DIR}:${PATH}"
##################################################################
# Expose default nginx ports
##################################################################
EXPOSE 80 443
##################################################################
# Setup volume with nginx cache
##################################################################
VOLUME ["${NGINX_CACHE_DIR}"]
##################################################################
# Setup nginx workdir
##################################################################
2024-07-28 01:48:50 +03:00
WORKDIR ${NGINX_DIR}
2024-07-27 18:47:35 +03:00
##################################################################
# cleanup
##################################################################
RUN echo "clean up" && \
apt-get clean -y && \
apt-get autoclean -y && \
rm -rfv /var/lib/apt/lists/* && \
rm -rfv /tmp/* && \
rm -rfv /var/cache/apt/archives/*.deb
2024-07-28 01:48:50 +03:00
RUN updatedb
2024-07-27 18:47:35 +03:00
##################################################################
# Run nginx in foreground
##################################################################
RUN nginx -V
CMD ["nginx", "-g", "daemon off;"]
2024-07-28 01:48:50 +03:00
#TODO:
2024-07-30 23:31:58 +03:00
# fix and redeploy develop (blocker!) -- DONE
2024-07-28 01:48:50 +03:00
# add link to /usr/src/nginx/<version> -> <nginx-dir>/src folder to final layer