diff --git a/linux/ecosystem/epicmorg/debian/11-bullseye/develop/Dockerfile b/linux/ecosystem/epicmorg/debian/11-bullseye/develop/Dockerfile index 8b3cd1e44..e26b87578 100644 --- a/linux/ecosystem/epicmorg/debian/11-bullseye/develop/Dockerfile +++ b/linux/ecosystem/epicmorg/debian/11-bullseye/develop/Dockerfile @@ -88,7 +88,7 @@ ARG GO_DOWNLOAD_URL=https://go.dev/dl/go${GO_VERSION}.linux-amd64.tar.gz ARG GO_TEMP=/tmp/go${GO_VERSION}.linux-amd64.tar.gz # PCRE source tarball -ENV PCRE_VERSION=10.44 +ENV PCRE_VERSION=10.45 ENV PCRE_DIR=${EMG_LOCAL_BASE_DIR}/pcre2/${PCRE_VERSION} ENV PCRE_BIN_DIR=${PCRE_DIR}/bin ENV PCRE_LIB_DIR=${PCRE_DIR}/lib @@ -297,7 +297,7 @@ ARG OPENSSL_34_TEMP=/tmp/openssl-${OPENSSL_34_VERSION}.tar.gz ARG OPENSSL_34_TEMP_SRC=/tmp/openssl-${OPENSSL_34_VERSION} # OpenSSL 3.5 -ENV OPENSSL_35_VERSION=3.5.5 +ENV OPENSSL_35_VERSION=3.5.0 ENV OPENSSL_35_DIR=${EMG_LOCAL_BASE_DIR}/openssl/${OPENSSL_35_VERSION} ENV OPENSSL_35_BIN_DIR=${OPENSSL_35_DIR}/bin ENV OPENSSL_35_INC_DIR=${OPENSSL_35_DIR}/include diff --git a/linux/ecosystem/epicmorg/debian/12-bookworm/develop/Dockerfile b/linux/ecosystem/epicmorg/debian/12-bookworm/develop/Dockerfile index c1ad2db87..00ffe3ed6 100644 --- a/linux/ecosystem/epicmorg/debian/12-bookworm/develop/Dockerfile +++ b/linux/ecosystem/epicmorg/debian/12-bookworm/develop/Dockerfile @@ -88,7 +88,7 @@ ARG GO_DOWNLOAD_URL=https://go.dev/dl/go${GO_VERSION}.linux-amd64.tar.gz ARG GO_TEMP=/tmp/go${GO_VERSION}.linux-amd64.tar.gz # PCRE source tarball -ENV PCRE_VERSION=10.44 +ENV PCRE_VERSION=10.45 ENV PCRE_DIR=${EMG_LOCAL_BASE_DIR}/pcre2/${PCRE_VERSION} ENV PCRE_BIN_DIR=${PCRE_DIR}/bin ENV PCRE_LIB_DIR=${PCRE_DIR}/lib @@ -297,7 +297,7 @@ ARG OPENSSL_34_TEMP=/tmp/openssl-${OPENSSL_34_VERSION}.tar.gz ARG OPENSSL_34_TEMP_SRC=/tmp/openssl-${OPENSSL_34_VERSION} # OpenSSL 3.5 -ENV OPENSSL_35_VERSION=3.5.5 +ENV OPENSSL_35_VERSION=3.5.0 ENV OPENSSL_35_DIR=${EMG_LOCAL_BASE_DIR}/openssl/${OPENSSL_35_VERSION} ENV OPENSSL_35_BIN_DIR=${OPENSSL_35_DIR}/bin ENV OPENSSL_35_INC_DIR=${OPENSSL_35_DIR}/include diff --git a/linux/ecosystem/epicmorg/debian/13-trixie/develop/Dockerfile b/linux/ecosystem/epicmorg/debian/13-trixie/develop/Dockerfile index 7dc6d36b9..7e44fa77d 100644 --- a/linux/ecosystem/epicmorg/debian/13-trixie/develop/Dockerfile +++ b/linux/ecosystem/epicmorg/debian/13-trixie/develop/Dockerfile @@ -102,7 +102,7 @@ ARG GO_DOWNLOAD_URL=https://go.dev/dl/go${GO_VERSION}.linux-amd64.tar.gz ARG GO_TEMP=/tmp/go${GO_VERSION}.linux-amd64.tar.gz # PCRE source tarball -ENV PCRE_VERSION=10.44 +ENV PCRE_VERSION=10.45 ENV PCRE_DIR=${EMG_LOCAL_BASE_DIR}/pcre2/${PCRE_VERSION} ENV PCRE_BIN_DIR=${PCRE_DIR}/bin ENV PCRE_LIB_DIR=${PCRE_DIR}/lib @@ -311,7 +311,7 @@ ARG OPENSSL_34_TEMP=/tmp/openssl-${OPENSSL_34_VERSION}.tar.gz ARG OPENSSL_34_TEMP_SRC=/tmp/openssl-${OPENSSL_34_VERSION} # OpenSSL 3.5 -ENV OPENSSL_35_VERSION=3.5.5 +ENV OPENSSL_35_VERSION=3.5.0 ENV OPENSSL_35_DIR=${EMG_LOCAL_BASE_DIR}/openssl/${OPENSSL_35_VERSION} ENV OPENSSL_35_BIN_DIR=${OPENSSL_35_DIR}/bin ENV OPENSSL_35_INC_DIR=${OPENSSL_35_DIR}/include diff --git a/linux/ecosystem/epicmorg/debian/sid/develop/Dockerfile b/linux/ecosystem/epicmorg/debian/sid/develop/Dockerfile index 03aafee9b..f38b814da 100644 --- a/linux/ecosystem/epicmorg/debian/sid/develop/Dockerfile +++ b/linux/ecosystem/epicmorg/debian/sid/develop/Dockerfile @@ -88,7 +88,7 @@ ARG GO_DOWNLOAD_URL=https://go.dev/dl/go${GO_VERSION}.linux-amd64.tar.gz ARG GO_TEMP=/tmp/go${GO_VERSION}.linux-amd64.tar.gz # PCRE source tarball -ENV PCRE_VERSION=10.44 +ENV PCRE_VERSION=10.45 ENV PCRE_DIR=${EMG_LOCAL_BASE_DIR}/pcre2/${PCRE_VERSION} ENV PCRE_BIN_DIR=${PCRE_DIR}/bin ENV PCRE_LIB_DIR=${PCRE_DIR}/lib @@ -297,7 +297,7 @@ ARG OPENSSL_34_TEMP=/tmp/openssl-${OPENSSL_34_VERSION}.tar.gz ARG OPENSSL_34_TEMP_SRC=/tmp/openssl-${OPENSSL_34_VERSION} # OpenSSL 3.5 -ENV OPENSSL_35_VERSION=3.5.5 +ENV OPENSSL_35_VERSION=3.5.0 ENV OPENSSL_35_DIR=${EMG_LOCAL_BASE_DIR}/openssl/${OPENSSL_35_VERSION} ENV OPENSSL_35_BIN_DIR=${OPENSSL_35_DIR}/bin ENV OPENSSL_35_INC_DIR=${OPENSSL_35_DIR}/include diff --git a/linux/ecosystem/nginx/1.28.0/main/Dockerfile b/linux/ecosystem/nginx/1.28.0/main/Dockerfile new file mode 100644 index 000000000..291f25771 --- /dev/null +++ b/linux/ecosystem/nginx/1.28.0/main/Dockerfile @@ -0,0 +1,424 @@ +################################################################## +################################################################## +################################################################## +# Temp Build Layer +################################################################## +################################################################## +################################################################## +FROM quay.io/epicmorg/debian:bookworm-develop AS build +LABEL maintainer="EpicMorg DevTeam, developer@epicm.org" +ARG DEBIAN_FRONTEND=noninteractive + +################################################################## +# Nginx +################################################################## +ENV NGINX_VERSION=1.28.0 +ENV NGINX_DIR=${EMG_LOCAL_BASE_DIR}/nginx/${NGINX_VERSION} +ENV NGINX_BIN_DIR=${NGINX_SBIN_DIR} +ENV NGINX_CONF_DIR=/etc/nginx +ENV NGINX_MODULES_DIR=${NGINX_CONF_DIR}/modules +ENV NGINX_MODULES_PERL_DIR=${NGINX_CONF_DIR}/modules-perl +ENV NGINX_SBIN_DIR=${NGINX_DIR}/sbin +ENV NGINX_CACHE_DIR=/var/cache/nginx +ENV NGINX_LOGS_DIR=/var/log/nginx +ENV NGINX_LOCK_DIR=/var/lock/nginx +ENV NGINX_LOCK=${NGINX_LOCK_DIR}/nginx.lock +ENV NGINX_HTML_DIR=${NGINX_DIR}/html +ENV NGINX_PID_DIR=/run/nginx +ENV NGINX_PID=${NGINX_PID_DIR}/nginx.pid +ENV NGINX_SRC_DIR=/usr/local/src/nginx/${NGINX_VERSION} +ARG NGINX_DOWNLOAD_URL=http://nginx.org/download/nginx-${NGINX_VERSION}.tar.gz +ARG NGINX_TEMP=/tmp/nginx-${NGINX_VERSION}.tar.gz +ARG NGINX_TEMP_SRC=/tmp/nginx-${NGINX_VERSION} + +# NJS +ENV NJS_VERSION=0.8.10 +ARG NJS_DOWNLOAD_URL=https://github.com/nginx/njs + +################################################################## +# Prepare zlib +################################################################## +WORKDIR ${ZLIB_SRC_DIR} +RUN ./configure \ + --static \ + --prefix=${ZLIB_DIR} + +################################################################## +# Prepare pcre2 +################################################################## +WORKDIR ${PCRE_SRC_DIR} +RUN CFLAGS="-Wno-error -fPIC" CXXFLAGS="-fPIC" ./configure --prefix=${PCRE_DIR} \ + --disable-silent-rules \ + --enable-shared \ + --enable-static \ + --enable-rebuild-chartables \ + --enable-pcre2-8 \ + --enable-pcre2-16 \ + --enable-pcre2-32 \ + --enable-jit \ + --enable-newline-is-cr \ + --enable-newline-is-lf \ + --enable-newline-is-anycrlf \ + --enable-newline-is-any \ + --enable-newline-is-nul \ + --enable-bsr-anycrlf \ + --enable-pcre2grep-libz \ + --enable-pcre2grep-libbz2 \ + --enable-pcre2test-libedit \ + --enable-unicode \ + --enable-valgrind \ + --enable-fuzz-support \ + --enable-diff-fuzz-support + +################################################################## +# Prepare openssl +################################################################## +WORKDIR ${OPENSSL_35_SRC_DIR} +RUN CFLAGS="-Wno-error -fPIC" CXXFLAGS="-fPIC" ./config \ + zlib \ + --with-zlib-include=${ZLIB_DIR}/include \ + --with-zlib-lib=${ZLIB_DIR}/lib \ + --with-zstd-include=${ZSTD_DIR}/include \ + --with-zstd-lib=${ZSTD_DIR}/lib \ + enable-ktls \ + enable-ec_nistp_64_gcc_128 \ + enable-egd \ +# enable-fips \ + enable-ssl-trace\ + enable-trace \ + threads \ + sctp \ + shared \ + --release \ + --prefix=${OPENSSL_35_DIR} && \ + cp -rfv ${OPENSSL_35_INC_DIR}/* /usr/local/include && \ + cp -rfv ${OPENSSL_35_LIB_DIR}/* /usr/local/lib + +################################################################## +# Prepare IP2Location-C-Library +################################################################## +WORKDIR ${IP2LOC_SRC_DIR} +RUN CFLAGS="-Wno-error -fPIC" CXXFLAGS="-fPIC" autoreconf -i -v --force && \ + aclocal && \ + CFLAGS="-Wno-error -fPIC" CXXFLAGS="-fPIC" automake --gnu --add-missing && \ + autoconf && \ + autoreconf -i -v --force && \ + CFLAGS="-Wno-error -fPIC" CXXFLAGS="-fPIC" ./configure \ + --prefix=${IP2LOC_DIR} \ + --disable-silent-rules \ + --disable-shared \ + --enable-static + +################################################################## +# Prepare Nginx +################################################################## +RUN mkdir -p ${NGINX_DIR} ${NGINX_SRC_DIR} +ADD ${NGINX_DOWNLOAD_URL} /tmp + +WORKDIR ${NGINX_TEMP_SRC} + +RUN tar -xf ${NGINX_TEMP} --directory /tmp && \ +# + git clone --depth 1 --branch ${NJS_VERSION} ${NJS_DOWNLOAD_URL} modules/nginx-njs && \ +# + git clone https://github.com/openresty/headers-more-nginx-module modules/http-headers-more-filter && \ + git clone https://github.com/sto/ngx_http_auth_pam_module modules/http-auth-pam && \ + git clone https://github.com/openresty/lua-nginx-module modules/http-lua && \ + git clone https://github.com/chrislim2888/ip2location-nginx modules/ip2location-nginx && \ + git clone https://github.com/leev/ngx_http_geoip2_module modules/http-geoip2 && \ +# + git clone https://github.com/arut/nginx-dav-ext-module modules/http-dav-ext && \ + git clone https://github.com/openresty/echo-nginx-module modules/http-echo && \ + git clone https://github.com/aperezdc/ngx-fancyindex modules/http-fancyindex && \ + git clone https://github.com/slact/nchan modules/nchan && \ + git clone https://github.com/masterzen/nginx-upload-progress-module modules/http-uploadprogress && \ + git clone https://github.com/yaoweibin/ngx_http_substitutions_filter_module modules/http-subs-filter && \ + git clone https://github.com/grahamedgecombe/nginx-ct modules/ssl-ct && \ + git clone https://github.com/stnoonan/spnego-http-auth-nginx-module modules/spnego-http-auth-nginx-module && \ + git clone https://github.com/flavioribeiro/nginx-audio-track-for-hls-module modules/nginx-audio-track-for-hls-module && \ + git clone https://github.com/kaltura/nginx-vod-module modules/nginx-vod-module && \ + git clone https://github.com/vozlt/nginx-module-vts modules/nginx-module-vts && \ + git clone https://github.com/evanmiller/mod_zip modules/mod-zip && \ + git clone https://github.com/alibaba/nginx-http-user-agent modules/nginx-http-user-agent && \ + git clone https://github.com/youzee/nginx-unzip-module modules/nginx-unzip-module && \ + git clone https://github.com/vladbondarenko/ngx_webp modules/ngx-webp && \ + git clone https://github.com/openresty/xss-nginx-module modules/xss-nginx-module && \ + git clone https://github.com/openresty/set-misc-nginx-module modules/set-misc-nginx-module && \ + git clone https://github.com/arut/nginx-rtmp-module modules/rtmp && \ + git clone https://github.com/kvspb/nginx-auth-ldap modules/http-auth-ldap && \ + git clone https://github.com/simplresty/ngx_devel_kit modules/http-ndk && \ + git clone https://github.com/itoffshore/nginx-upstream-fair modules/http-upstream-fair && \ + git clone https://github.com/yaoweibin/nginx_upstream_check_module modules/nginx-upstream-check-module + +RUN cp -rf ${NGINX_TEMP_SRC}/* ${NGINX_SRC_DIR} && \ + cp -rfv /usr/local/share/epicmorg/libxml2/2.13.5/include/* /usr/include && \ + cp -rfv /usr/local/share/epicmorg/libxslt/1.1.42/include/* /usr/include && \ + cp -rfv /usr/local/share/epicmorg/luajit2/2.1/include/* /usr/include && \ + cp -rfv /usr/local/share/epicmorg/gperftools/2.15/include/* /usr/include && \ + cp -rfv /usr/local/share/epicmorg/libatomic_ops/7.8.2/include/* /usr/include && \ + cp -rfv /usr/local/share/epicmorg/libgd/2.3.3/include/* /usr/include && \ + cp -rfv /usr/local/share/epicmorg/libxml2/2.13.5/lib/* /usr/lib && \ + cp -rfv /usr/local/share/epicmorg/libxslt/1.1.42/lib/* /usr/lib && \ + cp -rfv /usr/local/share/epicmorg/luajit2/2.1/lib/* /usr/lib && \ + cp -rfv /usr/local/share/epicmorg/libgd/2.3.3/lib/* /usr/lib && \ + cp -rfv /usr/local/share/epicmorg/libatomic_ops/7.8.2/lib/* /usr/lib && \ + cp -rfv /usr/local/share/epicmorg/gperftools/2.15/lib/* /usr/lib && \ + cp -rfv /usr/local/share/epicmorg/geoip/1.6.12/lib/* /usr/lib && \ + cp -rfv /usr/local/share/epicmorg/libxml2/2.13.5/lib/* /usr/lib/x86_64-linux-gnu && \ + cp -rfv /usr/local/share/epicmorg/libxslt/1.1.42/lib/* /usr/lib/x86_64-linux-gnu && \ + cp -rfv /usr/local/share/epicmorg/luajit2/2.1/lib/* /usr/lib/x86_64-linux-gnu && \ + cp -rfv /usr/local/share/epicmorg/libgd/2.3.3/lib/* /usr/lib/x86_64-linux-gnu && \ + cp -rfv /usr/local/share/epicmorg/libatomic_ops/7.8.2/lib/* /usr/lib/x86_64-linux-gnu && \ + cp -rfv /usr/local/share/epicmorg/gperftools/2.15/lib/* /usr/lib/x86_64-linux-gnu && \ + cp -rfv /usr/local/share/epicmorg/geoip/1.6.12/lib/* /usr/lib/x86_64-linux-gnu && \ + ldconfig && \ + CFLAGS="-Wno-error -fPIC" CXXFLAGS="-fPIC" ./configure \ + --user=www-data \ + --group=www-data \ + --prefix=${NGINX_DIR} \ + --sbin-path=${NGINX_SBIN_DIR}/nginx \ + --conf-path=${NGINX_CONF_DIR}/nginx.conf \ + --http-log-path=${NGINX_LOGS_DIR}/access.log \ + --error-log-path=${NGINX_LOGS_DIR}/error.log \ + --modules-path=${NGINX_MODULES_DIR} \ + --with-perl_modules_path=${NGINX_MODULES_PERL_DIR} \ + --lock-path=${NGINX_LOCK} \ + --pid-path=${NGINX_PID} \ + --http-client-body-temp-path=${NGINX_CACHE_DIR}/body \ + --http-fastcgi-temp-path=${NGINX_CACHE_DIR}/fastcgi \ + --http-proxy-temp-path=${NGINX_CACHE_DIR}/proxy \ + --http-scgi-temp-path=${NGINX_CACHE_DIR}/scgi \ + --http-uwsgi-temp-path=${NGINX_CACHE_DIR}/uwsgi \ + --with-cc-opt="-I/usr/local/share/epicmorg/ip2location/8.7.0/include \ + -I/usr/local/share/epicmorg/libxml2/2.13.5/include \ + -I/usr/local/share/epicmorg/libxslt/1.1.42/include \ + -I/usr/local/share/epicmorg/luajit2/2.1/include \ + -I/usr/local/share/epicmorg/libgd/2.3.3/include \ + -I/usr/local/share/epicmorg/gperftools/2.15/include\ + -I/usr/local/share/epicmorg/geoip/1.6.12/include \ + -I/usr/local/share/epicmorg/libxml2/2.13.5/include/libxml2/libxml \ + -I/usr/local/share/epicmorg/libxslt/1.1.42/include/libexslt \ + -I/usr/local/share/epicmorg/libxslt/1.1.42/include/libxslt \ + -I/usr/local/share/epicmorg/luajit2/2.1/include/luajit-2.1 \ + -I/usr/local/share/epicmorg/gperftools/2.15/include/google \ + -I/usr/local/share/epicmorg/gperftools/2.15/include/gperftools \ + -I/usr/include/x86_64-linux-gnu/libavcodec \ + -I/usr/include/x86_64-linux-gnu \ + -I/usr/include \ + -static -g -O2 -lz -fPIC -Wdate-time -D_FORTIFY_SOURCE=2 -fstack-protector-strong \ + -Wno-error=unused-but-set-variable -Wformat -Wno-error=date-time -Wno-error=implicit-fallthrough \ + -Wno-error=cast-function-type -Wno-error=format-security -Wno-error=implicit-function-declaration \ + -Wno-error=deprecated-declarations -Wno-error=unused-result" \ + --with-ld-opt="-L/usr/local/share/epicmorg/ip2location/8.7.0/lib \ + -L/usr/local/share/epicmorg/libxml2/2.13.5/lib \ + -L/usr/local/share/epicmorg/libxslt/1.1.42/lib \ + -L/usr/local/share/epicmorg/luajit2/2.1/lib \ + -L/usr/local/share/epicmorg/libgd/2.3.3/lib \ + -L/usr/local/share/epicmorg/gperftools/2.15/lib \ + -L/usr/local/share/epicmorg/geoip/1.6.12/lib \ + -L/usr/lib/x86_64-linux-gnu \ + -L/usr/lib \ + -static -Wl,-z,relro -Wl,-z,now -lz -fPIC" \ + --with-pcre=${PCRE_SRC_DIR} \ + --with-pcre-jit \ + --with-zlib=${ZLIB_SRC_DIR} \ + --with-zlib-opt="--static" \ + --with-libatomic \ + --with-openssl=${OPENSSL_35_SRC_DIR} \ + --with-openssl-opt="shared zlib --with-zlib-include=${ZLIB_INC_DIR} --with-zlib-lib=${ZLIB_LIB_DIR} --with-zstd-include=${ZSTD_INC_DIR} --with-zstd-lib=${ZSTD_LIB_DIR} enable-ktls enable-ec_nistp_64_gcc_128 enable-egd enable-ssl-trace enable-trace threads sctp --release" \ + --with-threads \ + --with-file-aio \ + --with-compat \ + --with-select_module \ + --with-poll_module \ + --without-quic_bpf_module \ + --with-http_ssl_module \ + --with-http_v2_module \ + --with-http_v3_module \ + --with-http_realip_module \ + --with-http_addition_module \ + --with-http_geoip_module \ + --with-http_sub_module \ + --with-http_dav_module \ + --with-http_flv_module \ + --with-http_mp4_module \ + --with-http_gunzip_module \ + --with-http_gzip_static_module \ + --with-http_auth_request_module \ + --with-http_random_index_module \ + --with-http_secure_link_module \ + --with-http_degradation_module \ + --with-http_slice_module \ + --with-http_stub_status_module \ + --with-mail \ + --with-mail_ssl_module \ + --with-stream \ + --with-stream_ssl_module \ + --with-stream_realip_module \ + --with-stream_geoip_module \ + --with-stream_ssl_preread_module \ + --with-cpp_test_module \ + --add-module=modules/http-headers-more-filter \ + --add-module=modules/nginx-http-user-agent \ + --add-module=modules/http-ndk \ + --add-module=modules/http-echo \ + --add-module=modules/http-fancyindex \ + --add-module=modules/nchan \ + --add-module=modules/http-uploadprogress \ + --add-module=modules/http-subs-filter \ + --add-module=modules/mod-zip \ + --add-module=modules/http-geoip2 \ + --add-module=modules/nginx-vod-module \ + --add-module=modules/ngx-webp \ + --add-module=modules/set-misc-nginx-module \ + --add-module=modules/rtmp \ + --add-module=modules/http-upstream-fair \ + --add-module=modules/nginx-upstream-check-module \ +## xslt fuck +## --with-http_xslt_module \ +## xslt fuck +## --add-module=modules/nginx-njs/nginx \ +## lua fuck +## --add-module=modules/http-lua \ +## ip2location fuck +## --add-module=modules/ip2location-nginx \ +## xslt fuck +## --add-module=modules/http-dav-ext \ +## gd fuck +## --with-http_image_filter_module \ +## perftools fuck +## --with-google_perftools_module \ +## perl problem fuck +## --with-http_perl_module \ +## +## --with-perl_modules_path=${NGINX_MODULES_PERL_DIR} \ +## some compile fuck +## --add-module=modules/http-auth-pam \ +## some compile fuck +## --add-module=modules/nginx-audio-track-for-hls-module \ +## some compile fuck +## --add-module=modules/nginx-module-vts \ +## some compile fuck +## --add-module=modules/nginx-unzip-module \ +## some compile fuck +## --add-module=modules/spnego-http-auth-nginx-module \ +## ssl outdated compile fuck +##--add-module=modules/ssl-ct \ +## undefined reference to `sasl_getprop' +## --add-module=modules/http-auth-ldap \ + && \ + make -j$(nproc) && \ + make -j$(nproc) install + +RUN rm -rfv ${NGINX_CONF_DIR}/nginx.conf && \ + mkdir -p ${NGINX_MODULES_DIR} ${NGINX_MODULES_PERL_DIR} + +################################################################## +# Cleanup +################################################################## +RUN echo "clean up" && \ + apt-get clean -y && \ + apt-get autoclean -y && \ + rm -rfv /var/lib/apt/lists/* && \ + rm -rfv /var/cache/apt/archives/*.deb && \ + rm -rfv /root/tmp/* && \ + rm -rfv /tmp/* + +RUN updatedb + +################################################################## +################################################################## +################################################################## +# Main Final Layer +################################################################## +################################################################## +################################################################## +FROM quay.io/epicmorg/debian:bookworm + +ENV NGINX_VERSION=1.28.0 +ENV NGINX_DIR=${EMG_LOCAL_BASE_DIR}/nginx/${NGINX_VERSION} +ENV NGINX_BIN_DIR=${NGINX_SBIN_DIR} +ENV NGINX_CONF_DIR=/etc/nginx +ENV NGINX_MODULES_DIR=${NGINX_CONF_DIR}/modules +ENV NGINX_MODULES_PERL_DIR=${NGINX_CONF_DIR}/modules-perl +ENV NGINX_SBIN_DIR=${NGINX_DIR}/sbin +ENV NGINX_CACHE_DIR=/var/cache/nginx +ENV NGINX_LOGS_DIR=/var/log/nginx +ENV NGINX_LOCK_DIR=/var/lock/nginx +ENV NGINX_LOCK=${NGINX_LOCK_DIR}/nginx.lock +ENV NGINX_HTML_DIR=${NGINX_DIR}/html +ENV NGINX_PID_DIR=/run/nginx +ENV NGINX_PID=${NGINX_PID_DIR}/nginx.pid +ENV NGINX_SRC_DIR=/usr/local/src/nginx/${NGINX_VERSION} + +################################################################## +# Copy compilled nginx from dev stage and prepare +################################################################## +RUN mkdir -p \ + ${NGINX_CONF_DIR}/sites-enabled \ + ${NGINX_CONF_DIR}/modules-enabled \ + ${NGINX_LOCK_DIR} \ + ${NGINX_LOGS_DIR} \ + ${NGINX_PID_DIR} \ + ${NGINX_SRC_DIR} \ + /var/www + +COPY --from=build ${NGINX_SRC_DIR} ${NGINX_SRC_DIR} +COPY --from=build ${NGINX_CONF_DIR} ${NGINX_CONF_DIR} +COPY --from=build ${NGINX_DIR} ${NGINX_DIR} +COPY etc /etc + +RUN mv ${NGINX_HTML_DIR} /var/www/ &\ + ln -sfv /etc/ssl/dhparam.pem ${NGINX_CONF_DIR}/dhparam.pem && \ + ln -sfv ${NGINX_MODULES_DIR} ${NGINX_DIR}/modules && \ + ln -sfv ${NGINX_MODULES_PERL_DIR} ${NGINX_DIR}/modules-perl && \ + ln -sfv ${NGINX_CACHE_DIR} ${NGINX_DIR}/cache && \ + ln -sfv ${NGINX_LOGS_DIR} ${NGINX_DIR}/logs && \ + ln -sfv /dev/stdout /var/log/nginx/access.log && \ + ln -sfv /dev/stderr /var/log/nginx/error.log && \ + ln -sfv /var/lock/nginx ${NGINX_DIR}/lock && \ + ln -sfv /var/run/nginx ${NGINX_DIR}/run && \ + ln -sfv /etc/nginx ${NGINX_DIR}/etc && \ + ln -sfv /var/www/html ${NGINX_HTML_DIR} && \ + ln -sfv ${NGINX_SRC_DIR} ${NGINX_DIR}/src && \ + ln -sfv ${NGINX_DIR} /usr/share/nginx + +################################################################## +# Add nginx to $PATH +################################################################## +ENV PATH="${NGINX_SBIN_DIR}:${PATH}" + +################################################################## +# Expose default nginx ports +################################################################## +EXPOSE 80 443 + +################################################################## +# Setup volume with nginx cache +################################################################## +VOLUME ["${NGINX_CACHE_DIR}"] + +################################################################## +# Setup nginx workdir +################################################################## +WORKDIR ${NGINX_DIR} + +################################################################## +# Cleanup +################################################################## +RUN echo "clean up" && \ + apt-get clean -y && \ + apt-get autoclean -y && \ + rm -rfv /var/lib/apt/lists/* && \ + rm -rfv /var/cache/apt/archives/*.deb && \ + rm -rfv /root/tmp/* && \ + rm -rfv /tmp/* + +RUN updatedb + +################################################################## +# Run nginx in foreground +################################################################## +RUN nginx -V + +CMD ["nginx", "-g", "daemon off;"] diff --git a/linux/ecosystem/nginx/1.28.0/main/Makefile b/linux/ecosystem/nginx/1.28.0/main/Makefile new file mode 100644 index 000000000..1e4371492 --- /dev/null +++ b/linux/ecosystem/nginx/1.28.0/main/Makefile @@ -0,0 +1,44 @@ +all: app + +app: + make pip + make build + make deploy + make clean + +build: + make build-buildah + +deploy: + make deploy-buildah + +build-buildah: + buildah-wrapper --build + +deploy-buildah: + buildah-wrapper --deploy + +build-kaniko: + kaniko-wrapper --kaniko-image gcr.io/kaniko-project/executor:debug --dry-run + +deploy-kaniko: + kaniko-wrapper --deploy --kaniko-image gcr.io/kaniko-project/executor:debug + +build-compose: + docker-compose build --compress --parallel --progress plain + +deploy-compose: + docker-compose push + +clean: + docker container prune -f + docker image prune -f + docker network prune -f + docker volume prune -f + docker system prune -af + buildah rm -a + buildah rmi -a + +pip: + pip3 install --break-system-packages --no-cache-dir kaniko-wrapper buildah-wrapper + pip install --break-system-packages --no-cache-dir kaniko-wrapper buildah-wrapper \ No newline at end of file diff --git a/linux/ecosystem/nginx/1.28.0/main/README.md b/linux/ecosystem/nginx/1.28.0/main/README.md new file mode 100644 index 000000000..4805d4763 --- /dev/null +++ b/linux/ecosystem/nginx/1.28.0/main/README.md @@ -0,0 +1,29 @@ +# Compose example + +```yml +services: + balancer: + image: epicmorg/balancer + restart: unless-stopped + ports: + - "0.0.0.0:80:80" + - "0.0.0.0:443:443" + volumes: + - /etc/localtime:/etc/localtime + - /etc/timezone:/etc/timezone + - /etc/letsencrypt:/etc/letsencrypt + - nginx:/etc/nginx + - nginx-usr:/usr/share/nginx/html + - /var/lib/nginx +# extra_hosts: +# - "example.com:192.168.0.11" + depends_on: + - websites + tmpfs: + - /tmp +volumes: + nginx: + external: true + nginx-usr: + external: true +``` diff --git a/linux/ecosystem/nginx/1.28.0/main/docker-compose.yml b/linux/ecosystem/nginx/1.28.0/main/docker-compose.yml new file mode 100644 index 000000000..29c1310fa --- /dev/null +++ b/linux/ecosystem/nginx/1.28.0/main/docker-compose.yml @@ -0,0 +1,5 @@ +services: + app: + image: "quay.io/epicmorg/nginx:1.28.0" + build: + context: . diff --git a/linux/ecosystem/nginx/1.28.0/main/docker-entrypoint.sh b/linux/ecosystem/nginx/1.28.0/main/docker-entrypoint.sh new file mode 100644 index 000000000..9ebcd6a91 --- /dev/null +++ b/linux/ecosystem/nginx/1.28.0/main/docker-entrypoint.sh @@ -0,0 +1,16 @@ +#!/bin/bash + +if [[ -z "${FIX_WWW_DATA}" ]]; then + echo "[nginx] env FIX_WWW_DATA is not set. Skipping..." +elif [ "${FIX_WWW_DATA}" == "false" ]; then + echo "[nginx] env FIX_WWW_DATA is set to false. Skipping..." +elif [ "${FIX_WWW_DATA}" == "true" ]; then + echo "[nginx] Changing permissions for /var/www path. Dont worry, please wait." + chown www-data:www-data /var/www -R + echo "[nginx] Done" +else + echo "[nginx] env FIX_WWW_DATA is set to strange value. Skipping..." +fi + +echo "[nginx] Starting up" +nginx -g 'daemon off;' diff --git a/linux/ecosystem/nginx/1.28.0/main/etc/default/nginx b/linux/ecosystem/nginx/1.28.0/main/etc/default/nginx new file mode 100644 index 000000000..09b8fd0a7 --- /dev/null +++ b/linux/ecosystem/nginx/1.28.0/main/etc/default/nginx @@ -0,0 +1,10 @@ +# Note: You may want to look at the following page before setting the ULIMIT. +# http://wiki.nginx.org/CoreModule#worker_rlimit_nofile +# Set the ulimit variable if you need defaults to change. +# Example: ULIMIT="-n 4096" +#ULIMIT="-n 4096" + +# Define the stop schedule for nginx +# see the start-stop-daemon --retry documentation for more information +# +#STOP_SCHEDULE="QUIT/5/TERM/5/KILL/5" diff --git a/linux/ecosystem/nginx/1.28.0/main/etc/init.d/nginx b/linux/ecosystem/nginx/1.28.0/main/etc/init.d/nginx new file mode 100644 index 000000000..db10b7df0 --- /dev/null +++ b/linux/ecosystem/nginx/1.28.0/main/etc/init.d/nginx @@ -0,0 +1,196 @@ +#!/bin/sh + +### BEGIN INIT INFO +# Provides: nginx +# Required-Start: $local_fs $remote_fs $network $syslog $named +# Required-Stop: $local_fs $remote_fs $network $syslog $named +# Default-Start: 2 3 4 5 +# Default-Stop: 0 1 6 +# Short-Description: starts the nginx web server +# Description: starts nginx using start-stop-daemon +### END INIT INFO + +PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin +DAEMON=/usr/sbin/nginx +NAME=nginx +DESC=nginx + +# Include nginx defaults if available +if [ -r /etc/default/nginx ]; then + . /etc/default/nginx +fi + +STOP_SCHEDULE="${STOP_SCHEDULE:-QUIT/5/TERM/5/KILL/5}" + +test -x $DAEMON || exit 0 + +. /lib/init/vars.sh +. /lib/lsb/init-functions + +# Try to extract nginx pidfile +PID=$(cat /etc/nginx/nginx.conf | grep -Ev '^\s*#' | awk 'BEGIN { RS="[;{}]" } { if ($1 == "pid") print $2 }' | head -n1) +if [ -z "$PID" ]; then + PID=/run/nginx.pid +fi + +if [ -n "$ULIMIT" ]; then + # Set ulimit if it is set in /etc/default/nginx + ulimit $ULIMIT +fi + +start_nginx() { + # Start the daemon/service + # + # Returns: + # 0 if daemon has been started + # 1 if daemon was already running + # 2 if daemon could not be started + start-stop-daemon --start --quiet --pidfile $PID --exec $DAEMON --test > /dev/null \ + || return 1 + start-stop-daemon --start --quiet --pidfile $PID --exec $DAEMON -- \ + $DAEMON_OPTS 2>/dev/null \ + || return 2 +} + +test_config() { + # Test the nginx configuration + $DAEMON -t $DAEMON_OPTS >/dev/null 2>&1 +} + +stop_nginx() { + # Stops the daemon/service + # + # Return + # 0 if daemon has been stopped + # 1 if daemon was already stopped + # 2 if daemon could not be stopped + # other if a failure occurred + start-stop-daemon --stop --quiet --retry=$STOP_SCHEDULE --pidfile $PID --name $NAME + RETVAL="$?" + sleep 1 + return "$RETVAL" +} + +reload_nginx() { + # Function that sends a SIGHUP to the daemon/service + start-stop-daemon --stop --signal HUP --quiet --pidfile $PID --name $NAME + return 0 +} + +rotate_logs() { + # Rotate log files + start-stop-daemon --stop --signal USR1 --quiet --pidfile $PID --name $NAME + return 0 +} + +upgrade_nginx() { + # Online upgrade nginx executable + # http://nginx.org/en/docs/control.html + # + # Return + # 0 if nginx has been successfully upgraded + # 1 if nginx is not running + # 2 if the pid files were not created on time + # 3 if the old master could not be killed + if start-stop-daemon --stop --signal USR2 --quiet --pidfile $PID --name $NAME; then + # Wait for both old and new master to write their pid file + while [ ! -s "${PID}.oldbin" ] || [ ! -s "${PID}" ]; do + cnt=`expr $cnt + 1` + if [ $cnt -gt 10 ]; then + return 2 + fi + sleep 1 + done + # Everything is ready, gracefully stop the old master + if start-stop-daemon --stop --signal QUIT --quiet --pidfile "${PID}.oldbin" --name $NAME; then + return 0 + else + return 3 + fi + else + return 1 + fi +} + +case "$1" in + start) + log_daemon_msg "Starting $DESC" "$NAME" + start_nginx + case "$?" in + 0|1) log_end_msg 0 ;; + 2) log_end_msg 1 ;; + esac + ;; + stop) + log_daemon_msg "Stopping $DESC" "$NAME" + stop_nginx + case "$?" in + 0|1) log_end_msg 0 ;; + 2) log_end_msg 1 ;; + esac + ;; + restart) + log_daemon_msg "Restarting $DESC" "$NAME" + + # Check configuration before stopping nginx + if ! test_config; then + log_end_msg 1 # Configuration error + exit $? + fi + + stop_nginx + case "$?" in + 0|1) + start_nginx + case "$?" in + 0) log_end_msg 0 ;; + 1) log_end_msg 1 ;; # Old process is still running + *) log_end_msg 1 ;; # Failed to start + esac + ;; + *) + # Failed to stop + log_end_msg 1 + ;; + esac + ;; + reload|force-reload) + log_daemon_msg "Reloading $DESC configuration" "$NAME" + + # Check configuration before stopping nginx + # + # This is not entirely correct since the on-disk nginx binary + # may differ from the in-memory one, but that's not common. + # We prefer to check the configuration and return an error + # to the administrator. + if ! test_config; then + log_end_msg 1 # Configuration error + exit $? + fi + + reload_nginx + log_end_msg $? + ;; + configtest|testconfig) + log_daemon_msg "Testing $DESC configuration" + test_config + log_end_msg $? + ;; + status) + status_of_proc -p $PID "$DAEMON" "$NAME" && exit 0 || exit $? + ;; + upgrade) + log_daemon_msg "Upgrading binary" "$NAME" + upgrade_nginx + log_end_msg $? + ;; + rotate) + log_daemon_msg "Re-opening $DESC log files" "$NAME" + rotate_logs + log_end_msg $? + ;; + *) + echo "Usage: $NAME {start|stop|restart|reload|force-reload|status|configtest|rotate|upgrade}" >&2 + exit 3 + ;; +esac diff --git a/linux/ecosystem/nginx/1.28.0/main/etc/logrotate.d/nginx b/linux/ecosystem/nginx/1.28.0/main/etc/logrotate.d/nginx new file mode 100644 index 000000000..423c6ad18 --- /dev/null +++ b/linux/ecosystem/nginx/1.28.0/main/etc/logrotate.d/nginx @@ -0,0 +1,18 @@ +/var/log/nginx/*.log { + daily + missingok + rotate 14 + compress + delaycompress + notifempty + create 0640 www-data adm + sharedscripts + prerotate + if [ -d /etc/logrotate.d/httpd-prerotate ]; then \ + run-parts /etc/logrotate.d/httpd-prerotate; \ + fi \ + endscript + postrotate + invoke-rc.d nginx rotate >/dev/null 2>&1 + endscript +} diff --git a/linux/ecosystem/nginx/1.28.0/main/etc/nginx/modules-avalible/additional.conf b/linux/ecosystem/nginx/1.28.0/main/etc/nginx/modules-avalible/additional.conf new file mode 100644 index 000000000..fc5386454 --- /dev/null +++ b/linux/ecosystem/nginx/1.28.0/main/etc/nginx/modules-avalible/additional.conf @@ -0,0 +1,3 @@ +# NOTE: When nginx build as static binary - all modules will be included in main nginx binary. + +# load_module "/etc/nginx/modules/ngx_some_module.so"; diff --git a/linux/ecosystem/nginx/1.28.0/main/etc/nginx/modules-avalible/default.conf b/linux/ecosystem/nginx/1.28.0/main/etc/nginx/modules-avalible/default.conf new file mode 100644 index 000000000..fc5386454 --- /dev/null +++ b/linux/ecosystem/nginx/1.28.0/main/etc/nginx/modules-avalible/default.conf @@ -0,0 +1,3 @@ +# NOTE: When nginx build as static binary - all modules will be included in main nginx binary. + +# load_module "/etc/nginx/modules/ngx_some_module.so"; diff --git a/linux/ecosystem/nginx/1.28.0/main/etc/nginx/nginx.conf b/linux/ecosystem/nginx/1.28.0/main/etc/nginx/nginx.conf new file mode 100644 index 000000000..75dad302b --- /dev/null +++ b/linux/ecosystem/nginx/1.28.0/main/etc/nginx/nginx.conf @@ -0,0 +1,95 @@ +include /etc/nginx/modules-enabled/*.conf; + +user www-data; +worker_processes auto; +pid /var/run/nginx/nginx.pid; +lock_file /var/lock/nginx/nginx.lock; + +events { + worker_connections 768; + # multi_accept on; +} + +http { + + ## + # Basic Settings + ## + + sendfile on; + tcp_nopush on; + tcp_nodelay on; + keepalive_timeout 65; + types_hash_max_size 512; + types_hash_bucket_size 128; + # server_tokens off; + + server_names_hash_max_size 512; + server_names_hash_bucket_size 128; + # server_name_in_redirect off; + + variables_hash_max_size 2048; + variables_hash_bucket_size 512; + + include /etc/nginx/mime.types; + default_type application/octet-stream; + + ## + # SSL Settings + ## + + ssl_protocols TLSv1 TLSv1.1 TLSv1.2; # Dropping SSLv3, ref: POODLE + ssl_prefer_server_ciphers on; + + ## + # Logging Settings + ## + log_format main '$remote_addr - $remote_user [$time_local] "$request" ' + '$status $body_bytes_sent "$http_referer" ' + '"$http_user_agent" "$http_x_forwarded_for"'; + + access_log /var/log/nginx/access.log; + error_log /var/log/nginx/error.log; + + ## + # Gzip Settings + ## + + gzip on; + + # gzip_vary on; + # gzip_proxied any; + # gzip_comp_level 6; + # gzip_buffers 16 8k; + # gzip_http_version 1.1; + # gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript; + + ## + # Virtual Host Configs + ## + + include /etc/nginx/conf.d/*.conf; + include /etc/nginx/sites-enabled/*; +} + + +#mail { +# # See sample authentication script at: +# # http://wiki.nginx.org/ImapAuthenticateWithApachePhpScript +# +# # auth_http localhost/auth.php; +# # pop3_capabilities "TOP" "USER"; +# # imap_capabilities "IMAP4rev1" "UIDPLUS"; +# +# server { +# listen localhost:110; +# protocol pop3; +# proxy on; +# } +# +# server { +# listen localhost:143; +# protocol imap; +# proxy on; +# } +#} diff --git a/linux/ecosystem/nginx/1.28.0/main/etc/nginx/sites-available/default.conf b/linux/ecosystem/nginx/1.28.0/main/etc/nginx/sites-available/default.conf new file mode 100644 index 000000000..f5c5e1b78 --- /dev/null +++ b/linux/ecosystem/nginx/1.28.0/main/etc/nginx/sites-available/default.conf @@ -0,0 +1,91 @@ +## +# You should look at the following URL's in order to grasp a solid understanding +# of Nginx configuration files in order to fully unleash the power of Nginx. +# https://www.nginx.com/resources/wiki/start/ +# https://www.nginx.com/resources/wiki/start/topics/tutorials/config_pitfalls/ +# https://wiki.debian.org/Nginx/DirectoryStructure +# +# In most cases, administrators will remove this file from sites-enabled/ and +# leave it as reference inside of sites-available where it will continue to be +# updated by the nginx packaging team. +# +# This file will automatically load configuration files provided by other +# applications, such as Drupal or Wordpress. These applications will be made +# available underneath a path with that package name, such as /drupal8. +# +# Please see /usr/share/doc/nginx-doc/examples/ for more detailed examples. +## + +# Default server configuration +# +server { + listen 80 default_server; + listen [::]:80 default_server; + + # SSL configuration + # + # listen 443 ssl default_server; + # listen [::]:443 ssl default_server; + # + # Note: You should disable gzip for SSL traffic. + # See: https://bugs.debian.org/773332 + # + # Read up on ssl_ciphers to ensure a secure configuration. + # See: https://bugs.debian.org/765782 + # + # Self signed certs generated by the ssl-cert package + # Don't use them in a production server! + # + # include snippets/snakeoil.conf; + + root /var/www/html; + + # Add index.php to the list if you are using PHP + index index.html index.htm index.nginx-debian.html; + + server_name _; + + location / { + # First attempt to serve request as file, then + # as directory, then fall back to displaying a 404. + try_files $uri $uri/ =404; + } + + # pass PHP scripts to FastCGI server + # + #location ~ \.php$ { + # include snippets/fastcgi-php.conf; + # + # # With php-fpm (or other unix sockets): + # fastcgi_pass unix:/run/php/php7.3-fpm.sock; + # # With php-cgi (or other tcp sockets): + # fastcgi_pass 127.0.0.1:9000; + #} + + # deny access to .htaccess files, if Apache's document root + # concurs with nginx's one + # + #location ~ /\.ht { + # deny all; + #} +} + + +# Virtual Host configuration for example.com +# +# You can move that to a different file under sites-available/ and symlink that +# to sites-enabled/ to enable it. +# +#server { +# listen 80; +# listen [::]:80; +# +# server_name example.com; +# +# root /var/www/example.com; +# index index.html; +# +# location / { +# try_files $uri $uri/ =404; +# } +#} diff --git a/linux/ecosystem/nginx/1.28.0/main/etc/nginx/snippets/fastcgi-php.conf b/linux/ecosystem/nginx/1.28.0/main/etc/nginx/snippets/fastcgi-php.conf new file mode 100644 index 000000000..467a9e732 --- /dev/null +++ b/linux/ecosystem/nginx/1.28.0/main/etc/nginx/snippets/fastcgi-php.conf @@ -0,0 +1,13 @@ +# regex to split $uri to $fastcgi_script_name and $fastcgi_path +fastcgi_split_path_info ^(.+?\.php)(/.*)$; + +# Check that the PHP script exists before passing it +try_files $fastcgi_script_name =404; + +# Bypass the fact that try_files resets $fastcgi_path_info +# see: http://trac.nginx.org/nginx/ticket/321 +set $path_info $fastcgi_path_info; +fastcgi_param PATH_INFO $path_info; + +fastcgi_index index.php; +include fastcgi.conf; diff --git a/linux/ecosystem/nginx/1.28.0/main/etc/nginx/snippets/proxy_params.conf b/linux/ecosystem/nginx/1.28.0/main/etc/nginx/snippets/proxy_params.conf new file mode 100644 index 000000000..df75bc5d7 --- /dev/null +++ b/linux/ecosystem/nginx/1.28.0/main/etc/nginx/snippets/proxy_params.conf @@ -0,0 +1,4 @@ +proxy_set_header Host $http_host; +proxy_set_header X-Real-IP $remote_addr; +proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; +proxy_set_header X-Forwarded-Proto $scheme; diff --git a/linux/ecosystem/nginx/1.28.0/main/etc/nginx/snippets/snakeoil.conf b/linux/ecosystem/nginx/1.28.0/main/etc/nginx/snippets/snakeoil.conf new file mode 100644 index 000000000..ad26c3e21 --- /dev/null +++ b/linux/ecosystem/nginx/1.28.0/main/etc/nginx/snippets/snakeoil.conf @@ -0,0 +1,5 @@ +# Self signed certificates generated by the ssl-cert package +# Don't use them in a production server! + +ssl_certificate /etc/ssl/certs/ssl-cert-snakeoil.pem; +ssl_certificate_key /etc/ssl/private/ssl-cert-snakeoil.key; diff --git a/linux/ecosystem/nginx/1.28.0/main/etc/ufw/applications.d/nginx b/linux/ecosystem/nginx/1.28.0/main/etc/ufw/applications.d/nginx new file mode 100644 index 000000000..0cb044972 --- /dev/null +++ b/linux/ecosystem/nginx/1.28.0/main/etc/ufw/applications.d/nginx @@ -0,0 +1,14 @@ +[Nginx HTTP] +title=Web Server (Nginx, HTTP) +description=Small, but very powerful and efficient web server +ports=80/tcp + +[Nginx HTTPS] +title=Web Server (Nginx, HTTPS) +description=Small, but very powerful and efficient web server +ports=443/tcp + +[Nginx Full] +title=Web Server (Nginx, HTTP + HTTPS) +description=Small, but very powerful and efficient web server +ports=80,443/tcp