EpicMorg/docker-scripts
2
1
Fork 0
mirror of https://github.com/EpicMorg/docker-scripts.git synced 2025-04-30 00:49:26 +03:00
Code Issues Projects Releases Wiki Activity

nginx 1.28.0

Browse Source
This commit is contained in:
stam 2025-04-28 01:41:48 +03:00
parent 9fc71389b3
commit 1f3a1885e6
Signed by: stam
GPG Key ID: 4F57E51F9C45F8CD
20 changed files with 978 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
linux/ecosystem/epicmorg/debian/11-bullseye/develop/Dockerfile
View File

@ -88,7 +88,7 @@ ARG GO_DOWNLOAD_URL=https://go.dev/dl/go${GO_VERSION}.linux-amd64.tar.gz
ARG GO_TEMP=/tmp/go${GO_VERSION}.linux-amd64.tar.gz
# PCRE source tarball
ENV PCRE_VERSION=10.44
ENV PCRE_VERSION=10.45
ENV PCRE_DIR=${EMG_LOCAL_BASE_DIR}/pcre2/${PCRE_VERSION}
ENV PCRE_BIN_DIR=${PCRE_DIR}/bin
ENV PCRE_LIB_DIR=${PCRE_DIR}/lib
@ -297,7 +297,7 @@ ARG OPENSSL_34_TEMP=/tmp/openssl-${OPENSSL_34_VERSION}.tar.gz
ARG OPENSSL_34_TEMP_SRC=/tmp/openssl-${OPENSSL_34_VERSION}
# OpenSSL 3.5
ENV OPENSSL_35_VERSION=3.5.5
ENV OPENSSL_35_VERSION=3.5.0
ENV OPENSSL_35_DIR=${EMG_LOCAL_BASE_DIR}/openssl/${OPENSSL_35_VERSION}
ENV OPENSSL_35_BIN_DIR=${OPENSSL_35_DIR}/bin
ENV OPENSSL_35_INC_DIR=${OPENSSL_35_DIR}/include

4
linux/ecosystem/epicmorg/debian/12-bookworm/develop/Dockerfile
View File

@ -88,7 +88,7 @@ ARG GO_DOWNLOAD_URL=https://go.dev/dl/go${GO_VERSION}.linux-amd64.tar.gz
ARG GO_TEMP=/tmp/go${GO_VERSION}.linux-amd64.tar.gz
# PCRE source tarball
ENV PCRE_VERSION=10.44
ENV PCRE_VERSION=10.45
ENV PCRE_DIR=${EMG_LOCAL_BASE_DIR}/pcre2/${PCRE_VERSION}
ENV PCRE_BIN_DIR=${PCRE_DIR}/bin
ENV PCRE_LIB_DIR=${PCRE_DIR}/lib
@ -297,7 +297,7 @@ ARG OPENSSL_34_TEMP=/tmp/openssl-${OPENSSL_34_VERSION}.tar.gz
ARG OPENSSL_34_TEMP_SRC=/tmp/openssl-${OPENSSL_34_VERSION}
# OpenSSL 3.5
ENV OPENSSL_35_VERSION=3.5.5
ENV OPENSSL_35_VERSION=3.5.0
ENV OPENSSL_35_DIR=${EMG_LOCAL_BASE_DIR}/openssl/${OPENSSL_35_VERSION}
ENV OPENSSL_35_BIN_DIR=${OPENSSL_35_DIR}/bin
ENV OPENSSL_35_INC_DIR=${OPENSSL_35_DIR}/include

4
linux/ecosystem/epicmorg/debian/13-trixie/develop/Dockerfile
View File

@ -102,7 +102,7 @@ ARG GO_DOWNLOAD_URL=https://go.dev/dl/go${GO_VERSION}.linux-amd64.tar.gz
ARG GO_TEMP=/tmp/go${GO_VERSION}.linux-amd64.tar.gz
# PCRE source tarball
ENV PCRE_VERSION=10.44
ENV PCRE_VERSION=10.45
ENV PCRE_DIR=${EMG_LOCAL_BASE_DIR}/pcre2/${PCRE_VERSION}
ENV PCRE_BIN_DIR=${PCRE_DIR}/bin
ENV PCRE_LIB_DIR=${PCRE_DIR}/lib
@ -311,7 +311,7 @@ ARG OPENSSL_34_TEMP=/tmp/openssl-${OPENSSL_34_VERSION}.tar.gz
ARG OPENSSL_34_TEMP_SRC=/tmp/openssl-${OPENSSL_34_VERSION}
# OpenSSL 3.5
ENV OPENSSL_35_VERSION=3.5.5
ENV OPENSSL_35_VERSION=3.5.0
ENV OPENSSL_35_DIR=${EMG_LOCAL_BASE_DIR}/openssl/${OPENSSL_35_VERSION}
ENV OPENSSL_35_BIN_DIR=${OPENSSL_35_DIR}/bin
ENV OPENSSL_35_INC_DIR=${OPENSSL_35_DIR}/include

4
linux/ecosystem/epicmorg/debian/sid/develop/Dockerfile
View File

@ -88,7 +88,7 @@ ARG GO_DOWNLOAD_URL=https://go.dev/dl/go${GO_VERSION}.linux-amd64.tar.gz
ARG GO_TEMP=/tmp/go${GO_VERSION}.linux-amd64.tar.gz
# PCRE source tarball
ENV PCRE_VERSION=10.44
ENV PCRE_VERSION=10.45
ENV PCRE_DIR=${EMG_LOCAL_BASE_DIR}/pcre2/${PCRE_VERSION}
ENV PCRE_BIN_DIR=${PCRE_DIR}/bin
ENV PCRE_LIB_DIR=${PCRE_DIR}/lib
@ -297,7 +297,7 @@ ARG OPENSSL_34_TEMP=/tmp/openssl-${OPENSSL_34_VERSION}.tar.gz
ARG OPENSSL_34_TEMP_SRC=/tmp/openssl-${OPENSSL_34_VERSION}
# OpenSSL 3.5
ENV OPENSSL_35_VERSION=3.5.5
ENV OPENSSL_35_VERSION=3.5.0
ENV OPENSSL_35_DIR=${EMG_LOCAL_BASE_DIR}/openssl/${OPENSSL_35_VERSION}
ENV OPENSSL_35_BIN_DIR=${OPENSSL_35_DIR}/bin
ENV OPENSSL_35_INC_DIR=${OPENSSL_35_DIR}/include

424
linux/ecosystem/nginx/1.28.0/main/Dockerfile Normal file
View File

@ -0,0 +1,424 @@
##################################################################
##################################################################
##################################################################
# Temp Build Layer
##################################################################
##################################################################
##################################################################
FROM quay.io/epicmorg/debian:bookworm-develop AS build
LABEL maintainer="EpicMorg DevTeam, developer@epicm.org"
ARG DEBIAN_FRONTEND=noninteractive
##################################################################
# Nginx
##################################################################
ENV NGINX_VERSION=1.28.0
ENV NGINX_DIR=${EMG_LOCAL_BASE_DIR}/nginx/${NGINX_VERSION}
ENV NGINX_BIN_DIR=${NGINX_SBIN_DIR}
ENV NGINX_CONF_DIR=/etc/nginx
ENV NGINX_MODULES_DIR=${NGINX_CONF_DIR}/modules
ENV NGINX_MODULES_PERL_DIR=${NGINX_CONF_DIR}/modules-perl
ENV NGINX_SBIN_DIR=${NGINX_DIR}/sbin
ENV NGINX_CACHE_DIR=/var/cache/nginx
ENV NGINX_LOGS_DIR=/var/log/nginx
ENV NGINX_LOCK_DIR=/var/lock/nginx
ENV NGINX_LOCK=${NGINX_LOCK_DIR}/nginx.lock
ENV NGINX_HTML_DIR=${NGINX_DIR}/html
ENV NGINX_PID_DIR=/run/nginx
ENV NGINX_PID=${NGINX_PID_DIR}/nginx.pid
ENV NGINX_SRC_DIR=/usr/local/src/nginx/${NGINX_VERSION}
ARG NGINX_DOWNLOAD_URL=http://nginx.org/download/nginx-${NGINX_VERSION}.tar.gz
ARG NGINX_TEMP=/tmp/nginx-${NGINX_VERSION}.tar.gz
ARG NGINX_TEMP_SRC=/tmp/nginx-${NGINX_VERSION}
# NJS
ENV NJS_VERSION=0.8.10
ARG NJS_DOWNLOAD_URL=https://github.com/nginx/njs
##################################################################
# Prepare zlib
##################################################################
WORKDIR ${ZLIB_SRC_DIR}
RUN ./configure \
--static \
--prefix=${ZLIB_DIR}
##################################################################
# Prepare pcre2
##################################################################
WORKDIR ${PCRE_SRC_DIR}
RUN CFLAGS="-Wno-error -fPIC" CXXFLAGS="-fPIC" ./configure --prefix=${PCRE_DIR} \
--disable-silent-rules \
--enable-shared \
--enable-static \
--enable-rebuild-chartables \
--enable-pcre2-8 \
--enable-pcre2-16 \
--enable-pcre2-32 \
--enable-jit \
--enable-newline-is-cr \
--enable-newline-is-lf \
--enable-newline-is-anycrlf \
--enable-newline-is-any \
--enable-newline-is-nul \
--enable-bsr-anycrlf \
--enable-pcre2grep-libz \
--enable-pcre2grep-libbz2 \
--enable-pcre2test-libedit \
--enable-unicode \
--enable-valgrind \
--enable-fuzz-support \
--enable-diff-fuzz-support
##################################################################
# Prepare openssl
##################################################################
WORKDIR ${OPENSSL_35_SRC_DIR}
RUN CFLAGS="-Wno-error -fPIC" CXXFLAGS="-fPIC" ./config \
zlib \
--with-zlib-include=${ZLIB_DIR}/include \
--with-zlib-lib=${ZLIB_DIR}/lib \
--with-zstd-include=${ZSTD_DIR}/include \
--with-zstd-lib=${ZSTD_DIR}/lib \
enable-ktls \
enable-ec_nistp_64_gcc_128 \
enable-egd \
# enable-fips \
enable-ssl-trace\
enable-trace \
threads \
sctp \
shared \
--release \
--prefix=${OPENSSL_35_DIR} && \
cp -rfv ${OPENSSL_35_INC_DIR}/* /usr/local/include && \
cp -rfv ${OPENSSL_35_LIB_DIR}/* /usr/local/lib
##################################################################
# Prepare IP2Location-C-Library
##################################################################
WORKDIR ${IP2LOC_SRC_DIR}
RUN CFLAGS="-Wno-error -fPIC" CXXFLAGS="-fPIC" autoreconf -i -v --force && \
aclocal && \
CFLAGS="-Wno-error -fPIC" CXXFLAGS="-fPIC" automake --gnu --add-missing && \
autoconf && \
autoreconf -i -v --force && \
CFLAGS="-Wno-error -fPIC" CXXFLAGS="-fPIC" ./configure \
--prefix=${IP2LOC_DIR} \
--disable-silent-rules \
--disable-shared \
--enable-static
##################################################################
# Prepare Nginx
##################################################################
RUN mkdir -p ${NGINX_DIR} ${NGINX_SRC_DIR}
ADD ${NGINX_DOWNLOAD_URL} /tmp
WORKDIR ${NGINX_TEMP_SRC}
RUN tar -xf ${NGINX_TEMP} --directory /tmp && \
#
git clone --depth 1 --branch ${NJS_VERSION} ${NJS_DOWNLOAD_URL} modules/nginx-njs && \
#
git clone https://github.com/openresty/headers-more-nginx-module modules/http-headers-more-filter && \
git clone https://github.com/sto/ngx_http_auth_pam_module modules/http-auth-pam && \
git clone https://github.com/openresty/lua-nginx-module modules/http-lua && \
git clone https://github.com/chrislim2888/ip2location-nginx modules/ip2location-nginx && \
git clone https://github.com/leev/ngx_http_geoip2_module modules/http-geoip2 && \
#
git clone https://github.com/arut/nginx-dav-ext-module modules/http-dav-ext && \
git clone https://github.com/openresty/echo-nginx-module modules/http-echo && \
git clone https://github.com/aperezdc/ngx-fancyindex modules/http-fancyindex && \
git clone https://github.com/slact/nchan modules/nchan && \
git clone https://github.com/masterzen/nginx-upload-progress-module modules/http-uploadprogress && \
git clone https://github.com/yaoweibin/ngx_http_substitutions_filter_module modules/http-subs-filter && \
git clone https://github.com/grahamedgecombe/nginx-ct modules/ssl-ct && \
git clone https://github.com/stnoonan/spnego-http-auth-nginx-module modules/spnego-http-auth-nginx-module && \
git clone https://github.com/flavioribeiro/nginx-audio-track-for-hls-module modules/nginx-audio-track-for-hls-module && \
git clone https://github.com/kaltura/nginx-vod-module modules/nginx-vod-module && \
git clone https://github.com/vozlt/nginx-module-vts modules/nginx-module-vts && \
git clone https://github.com/evanmiller/mod_zip modules/mod-zip && \
git clone https://github.com/alibaba/nginx-http-user-agent modules/nginx-http-user-agent && \
git clone https://github.com/youzee/nginx-unzip-module modules/nginx-unzip-module && \
git clone https://github.com/vladbondarenko/ngx_webp modules/ngx-webp && \
git clone https://github.com/openresty/xss-nginx-module modules/xss-nginx-module && \
git clone https://github.com/openresty/set-misc-nginx-module modules/set-misc-nginx-module && \
git clone https://github.com/arut/nginx-rtmp-module modules/rtmp && \
git clone https://github.com/kvspb/nginx-auth-ldap modules/http-auth-ldap && \
git clone https://github.com/simplresty/ngx_devel_kit modules/http-ndk && \
git clone https://github.com/itoffshore/nginx-upstream-fair modules/http-upstream-fair && \
git clone https://github.com/yaoweibin/nginx_upstream_check_module modules/nginx-upstream-check-module
RUN cp -rf ${NGINX_TEMP_SRC}/* ${NGINX_SRC_DIR} && \
cp -rfv /usr/local/share/epicmorg/libxml2/2.13.5/include/* /usr/include && \
cp -rfv /usr/local/share/epicmorg/libxslt/1.1.42/include/* /usr/include && \
cp -rfv /usr/local/share/epicmorg/luajit2/2.1/include/* /usr/include && \
cp -rfv /usr/local/share/epicmorg/gperftools/2.15/include/* /usr/include && \
cp -rfv /usr/local/share/epicmorg/libatomic_ops/7.8.2/include/* /usr/include && \
cp -rfv /usr/local/share/epicmorg/libgd/2.3.3/include/* /usr/include && \
cp -rfv /usr/local/share/epicmorg/libxml2/2.13.5/lib/* /usr/lib && \
cp -rfv /usr/local/share/epicmorg/libxslt/1.1.42/lib/* /usr/lib && \
cp -rfv /usr/local/share/epicmorg/luajit2/2.1/lib/* /usr/lib && \
cp -rfv /usr/local/share/epicmorg/libgd/2.3.3/lib/* /usr/lib && \
cp -rfv /usr/local/share/epicmorg/libatomic_ops/7.8.2/lib/* /usr/lib && \
cp -rfv /usr/local/share/epicmorg/gperftools/2.15/lib/* /usr/lib && \
cp -rfv /usr/local/share/epicmorg/geoip/1.6.12/lib/* /usr/lib && \
cp -rfv /usr/local/share/epicmorg/libxml2/2.13.5/lib/* /usr/lib/x86_64-linux-gnu && \
cp -rfv /usr/local/share/epicmorg/libxslt/1.1.42/lib/* /usr/lib/x86_64-linux-gnu && \
cp -rfv /usr/local/share/epicmorg/luajit2/2.1/lib/* /usr/lib/x86_64-linux-gnu && \
cp -rfv /usr/local/share/epicmorg/libgd/2.3.3/lib/* /usr/lib/x86_64-linux-gnu && \
cp -rfv /usr/local/share/epicmorg/libatomic_ops/7.8.2/lib/* /usr/lib/x86_64-linux-gnu && \
cp -rfv /usr/local/share/epicmorg/gperftools/2.15/lib/* /usr/lib/x86_64-linux-gnu && \
cp -rfv /usr/local/share/epicmorg/geoip/1.6.12/lib/* /usr/lib/x86_64-linux-gnu && \
ldconfig && \
CFLAGS="-Wno-error -fPIC" CXXFLAGS="-fPIC" ./configure \
--user=www-data \
--group=www-data \
--prefix=${NGINX_DIR} \
--sbin-path=${NGINX_SBIN_DIR}/nginx \
--conf-path=${NGINX_CONF_DIR}/nginx.conf \
--http-log-path=${NGINX_LOGS_DIR}/access.log \
--error-log-path=${NGINX_LOGS_DIR}/error.log \
--modules-path=${NGINX_MODULES_DIR} \
--with-perl_modules_path=${NGINX_MODULES_PERL_DIR} \
--lock-path=${NGINX_LOCK} \
--pid-path=${NGINX_PID} \
--http-client-body-temp-path=${NGINX_CACHE_DIR}/body \
--http-fastcgi-temp-path=${NGINX_CACHE_DIR}/fastcgi \
--http-proxy-temp-path=${NGINX_CACHE_DIR}/proxy \
--http-scgi-temp-path=${NGINX_CACHE_DIR}/scgi \
--http-uwsgi-temp-path=${NGINX_CACHE_DIR}/uwsgi \
--with-cc-opt="-I/usr/local/share/epicmorg/ip2location/8.7.0/include \
-I/usr/local/share/epicmorg/libxml2/2.13.5/include \
-I/usr/local/share/epicmorg/libxslt/1.1.42/include \
-I/usr/local/share/epicmorg/luajit2/2.1/include \
-I/usr/local/share/epicmorg/libgd/2.3.3/include \
-I/usr/local/share/epicmorg/gperftools/2.15/include\
-I/usr/local/share/epicmorg/geoip/1.6.12/include \
-I/usr/local/share/epicmorg/libxml2/2.13.5/include/libxml2/libxml \
-I/usr/local/share/epicmorg/libxslt/1.1.42/include/libexslt \
-I/usr/local/share/epicmorg/libxslt/1.1.42/include/libxslt \
-I/usr/local/share/epicmorg/luajit2/2.1/include/luajit-2.1 \
-I/usr/local/share/epicmorg/gperftools/2.15/include/google \
-I/usr/local/share/epicmorg/gperftools/2.15/include/gperftools \
-I/usr/include/x86_64-linux-gnu/libavcodec \
-I/usr/include/x86_64-linux-gnu \
-I/usr/include \
-static -g -O2 -lz -fPIC -Wdate-time -D_FORTIFY_SOURCE=2 -fstack-protector-strong \
-Wno-error=unused-but-set-variable -Wformat -Wno-error=date-time -Wno-error=implicit-fallthrough \
-Wno-error=cast-function-type -Wno-error=format-security -Wno-error=implicit-function-declaration \
-Wno-error=deprecated-declarations -Wno-error=unused-result" \
--with-ld-opt="-L/usr/local/share/epicmorg/ip2location/8.7.0/lib \
-L/usr/local/share/epicmorg/libxml2/2.13.5/lib \
-L/usr/local/share/epicmorg/libxslt/1.1.42/lib \
-L/usr/local/share/epicmorg/luajit2/2.1/lib \
-L/usr/local/share/epicmorg/libgd/2.3.3/lib \
-L/usr/local/share/epicmorg/gperftools/2.15/lib \
-L/usr/local/share/epicmorg/geoip/1.6.12/lib \
-L/usr/lib/x86_64-linux-gnu \
-L/usr/lib \
-static -Wl,-z,relro -Wl,-z,now -lz -fPIC" \
--with-pcre=${PCRE_SRC_DIR} \
--with-pcre-jit \
--with-zlib=${ZLIB_SRC_DIR} \
--with-zlib-opt="--static" \
--with-libatomic \
--with-openssl=${OPENSSL_35_SRC_DIR} \
--with-openssl-opt="shared zlib --with-zlib-include=${ZLIB_INC_DIR} --with-zlib-lib=${ZLIB_LIB_DIR} --with-zstd-include=${ZSTD_INC_DIR} --with-zstd-lib=${ZSTD_LIB_DIR} enable-ktls enable-ec_nistp_64_gcc_128 enable-egd enable-ssl-trace enable-trace threads sctp --release" \
--with-threads \
--with-file-aio \
--with-compat \
--with-select_module \
--with-poll_module \
--without-quic_bpf_module \
--with-http_ssl_module \
--with-http_v2_module \
--with-http_v3_module \
--with-http_realip_module \
--with-http_addition_module \
--with-http_geoip_module \
--with-http_sub_module \
--with-http_dav_module \
--with-http_flv_module \
--with-http_mp4_module \
--with-http_gunzip_module \
--with-http_gzip_static_module \
--with-http_auth_request_module \
--with-http_random_index_module \
--with-http_secure_link_module \
--with-http_degradation_module \
--with-http_slice_module \
--with-http_stub_status_module \
--with-mail \
--with-mail_ssl_module \
--with-stream \
--with-stream_ssl_module \
--with-stream_realip_module \
--with-stream_geoip_module \
--with-stream_ssl_preread_module \
--with-cpp_test_module \
--add-module=modules/http-headers-more-filter \
--add-module=modules/nginx-http-user-agent \
--add-module=modules/http-ndk \
--add-module=modules/http-echo \
--add-module=modules/http-fancyindex \
--add-module=modules/nchan \
--add-module=modules/http-uploadprogress \
--add-module=modules/http-subs-filter \
--add-module=modules/mod-zip \
--add-module=modules/http-geoip2 \
--add-module=modules/nginx-vod-module \
--add-module=modules/ngx-webp \
--add-module=modules/set-misc-nginx-module \
--add-module=modules/rtmp \
--add-module=modules/http-upstream-fair \
--add-module=modules/nginx-upstream-check-module \
## xslt fuck
## --with-http_xslt_module \
## xslt fuck
## --add-module=modules/nginx-njs/nginx \
## lua fuck
## --add-module=modules/http-lua \
## ip2location fuck
## --add-module=modules/ip2location-nginx \
## xslt fuck
## --add-module=modules/http-dav-ext \
## gd fuck
## --with-http_image_filter_module \
## perftools fuck
## --with-google_perftools_module \
## perl problem fuck
## --with-http_perl_module \
##
## --with-perl_modules_path=${NGINX_MODULES_PERL_DIR} \
## some compile fuck
## --add-module=modules/http-auth-pam \
## some compile fuck
## --add-module=modules/nginx-audio-track-for-hls-module \
## some compile fuck
## --add-module=modules/nginx-module-vts \
## some compile fuck
## --add-module=modules/nginx-unzip-module \
## some compile fuck
## --add-module=modules/spnego-http-auth-nginx-module \
## ssl outdated compile fuck
##--add-module=modules/ssl-ct \
## undefined reference to `sasl_getprop'
## --add-module=modules/http-auth-ldap \
&& \
make -j$(nproc) && \
make -j$(nproc) install
RUN rm -rfv ${NGINX_CONF_DIR}/nginx.conf && \
mkdir -p ${NGINX_MODULES_DIR} ${NGINX_MODULES_PERL_DIR}
##################################################################
# Cleanup
##################################################################
RUN echo "clean up" && \
apt-get clean -y && \
apt-get autoclean -y && \
rm -rfv /var/lib/apt/lists/* && \
rm -rfv /var/cache/apt/archives/*.deb && \
rm -rfv /root/tmp/* && \
rm -rfv /tmp/*
RUN updatedb
##################################################################
##################################################################
##################################################################
# Main Final Layer
##################################################################
##################################################################
##################################################################
FROM quay.io/epicmorg/debian:bookworm
ENV NGINX_VERSION=1.28.0
ENV NGINX_DIR=${EMG_LOCAL_BASE_DIR}/nginx/${NGINX_VERSION}
ENV NGINX_BIN_DIR=${NGINX_SBIN_DIR}
ENV NGINX_CONF_DIR=/etc/nginx
ENV NGINX_MODULES_DIR=${NGINX_CONF_DIR}/modules
ENV NGINX_MODULES_PERL_DIR=${NGINX_CONF_DIR}/modules-perl
ENV NGINX_SBIN_DIR=${NGINX_DIR}/sbin
ENV NGINX_CACHE_DIR=/var/cache/nginx
ENV NGINX_LOGS_DIR=/var/log/nginx
ENV NGINX_LOCK_DIR=/var/lock/nginx
ENV NGINX_LOCK=${NGINX_LOCK_DIR}/nginx.lock
ENV NGINX_HTML_DIR=${NGINX_DIR}/html
ENV NGINX_PID_DIR=/run/nginx
ENV NGINX_PID=${NGINX_PID_DIR}/nginx.pid
ENV NGINX_SRC_DIR=/usr/local/src/nginx/${NGINX_VERSION}
##################################################################
# Copy compilled nginx from dev stage and prepare
##################################################################
RUN mkdir -p \
${NGINX_CONF_DIR}/sites-enabled \
${NGINX_CONF_DIR}/modules-enabled \
${NGINX_LOCK_DIR} \
${NGINX_LOGS_DIR} \
${NGINX_PID_DIR} \
${NGINX_SRC_DIR} \
/var/www
COPY --from=build ${NGINX_SRC_DIR} ${NGINX_SRC_DIR}
COPY --from=build ${NGINX_CONF_DIR} ${NGINX_CONF_DIR}
COPY --from=build ${NGINX_DIR} ${NGINX_DIR}
COPY etc /etc
RUN mv ${NGINX_HTML_DIR} /var/www/ &\
ln -sfv /etc/ssl/dhparam.pem ${NGINX_CONF_DIR}/dhparam.pem && \
ln -sfv ${NGINX_MODULES_DIR} ${NGINX_DIR}/modules && \
ln -sfv ${NGINX_MODULES_PERL_DIR} ${NGINX_DIR}/modules-perl && \
ln -sfv ${NGINX_CACHE_DIR} ${NGINX_DIR}/cache && \
ln -sfv ${NGINX_LOGS_DIR} ${NGINX_DIR}/logs && \
ln -sfv /dev/stdout /var/log/nginx/access.log && \
ln -sfv /dev/stderr /var/log/nginx/error.log && \
ln -sfv /var/lock/nginx ${NGINX_DIR}/lock && \
ln -sfv /var/run/nginx ${NGINX_DIR}/run && \
ln -sfv /etc/nginx ${NGINX_DIR}/etc && \
ln -sfv /var/www/html ${NGINX_HTML_DIR} && \
ln -sfv ${NGINX_SRC_DIR} ${NGINX_DIR}/src && \
ln -sfv ${NGINX_DIR} /usr/share/nginx
##################################################################
# Add nginx to $PATH
##################################################################
ENV PATH="${NGINX_SBIN_DIR}:${PATH}"
##################################################################
# Expose default nginx ports
##################################################################
EXPOSE 80 443
##################################################################
# Setup volume with nginx cache
##################################################################
VOLUME ["${NGINX_CACHE_DIR}"]
##################################################################
# Setup nginx workdir
##################################################################
WORKDIR ${NGINX_DIR}
##################################################################
# Cleanup
##################################################################
RUN echo "clean up" && \
apt-get clean -y && \
apt-get autoclean -y && \
rm -rfv /var/lib/apt/lists/* && \
rm -rfv /var/cache/apt/archives/*.deb && \
rm -rfv /root/tmp/* && \
rm -rfv /tmp/*
RUN updatedb
##################################################################
# Run nginx in foreground
##################################################################
RUN nginx -V
CMD ["nginx", "-g", "daemon off;"]

44
linux/ecosystem/nginx/1.28.0/main/Makefile Normal file
View File

@ -0,0 +1,44 @@
all: app
app:
make pip
make build
make deploy
make clean
build:
make build-buildah
deploy:
make deploy-buildah
build-buildah:
buildah-wrapper --build
deploy-buildah:
buildah-wrapper --deploy
build-kaniko:
kaniko-wrapper --kaniko-image gcr.io/kaniko-project/executor:debug --dry-run
deploy-kaniko:
kaniko-wrapper --deploy --kaniko-image gcr.io/kaniko-project/executor:debug
build-compose:
docker-compose build --compress --parallel --progress plain
deploy-compose:
docker-compose push
clean:
docker container prune -f
docker image prune -f
docker network prune -f
docker volume prune -f
docker system prune -af
buildah rm -a
buildah rmi -a
pip:
pip3 install --break-system-packages --no-cache-dir kaniko-wrapper buildah-wrapper
pip install --break-system-packages --no-cache-dir kaniko-wrapper buildah-wrapper

29
linux/ecosystem/nginx/1.28.0/main/README.md Normal file
View File

@ -0,0 +1,29 @@
# Compose example
```yml
services:
balancer:
image: epicmorg/balancer
restart: unless-stopped
ports:
- "0.0.0.0:80:80"
- "0.0.0.0:443:443"
volumes:
- /etc/localtime:/etc/localtime
- /etc/timezone:/etc/timezone
- /etc/letsencrypt:/etc/letsencrypt
- nginx:/etc/nginx
- nginx-usr:/usr/share/nginx/html
- /var/lib/nginx
# extra_hosts:
# - "example.com:192.168.0.11"
depends_on:
- websites
tmpfs:
- /tmp
volumes:
nginx:
external: true
nginx-usr:
external: true
```

5
linux/ecosystem/nginx/1.28.0/main/docker-compose.yml Normal file
View File

@ -0,0 +1,5 @@
services:
app:
image: "quay.io/epicmorg/nginx:1.28.0"
build:
context: .

16
linux/ecosystem/nginx/1.28.0/main/docker-entrypoint.sh Normal file
View File

@ -0,0 +1,16 @@
#!/bin/bash
if [[ -z "${FIX_WWW_DATA}" ]]; then
echo "[nginx] env FIX_WWW_DATA is not set. Skipping..."
elif [ "${FIX_WWW_DATA}" == "false" ]; then
echo "[nginx] env FIX_WWW_DATA is set to false. Skipping..."
elif [ "${FIX_WWW_DATA}" == "true" ]; then
echo "[nginx] Changing permissions for /var/www path. Dont worry, please wait."
chown www-data:www-data /var/www -R
echo "[nginx] Done"
else
echo "[nginx] env FIX_WWW_DATA is set to strange value. Skipping..."
fi
echo "[nginx] Starting up"
nginx -g 'daemon off;'

10
linux/ecosystem/nginx/1.28.0/main/etc/default/nginx Normal file
View File

@ -0,0 +1,10 @@
# Note: You may want to look at the following page before setting the ULIMIT.
# http://wiki.nginx.org/CoreModule#worker_rlimit_nofile
# Set the ulimit variable if you need defaults to change.
# Example: ULIMIT="-n 4096"
#ULIMIT="-n 4096"
# Define the stop schedule for nginx
# see the start-stop-daemon --retry documentation for more information
#
#STOP_SCHEDULE="QUIT/5/TERM/5/KILL/5"

196
linux/ecosystem/nginx/1.28.0/main/etc/init.d/nginx Normal file
View File

@ -0,0 +1,196 @@
#!/bin/sh
### BEGIN INIT INFO
# Provides: nginx
# Required-Start: $local_fs $remote_fs $network $syslog $named
# Required-Stop: $local_fs $remote_fs $network $syslog $named
# Default-Start: 2 3 4 5
# Default-Stop: 0 1 6
# Short-Description: starts the nginx web server
# Description: starts nginx using start-stop-daemon
### END INIT INFO
PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin
DAEMON=/usr/sbin/nginx
NAME=nginx
DESC=nginx
# Include nginx defaults if available
if [ -r /etc/default/nginx ]; then
. /etc/default/nginx
fi
STOP_SCHEDULE="${STOP_SCHEDULE:-QUIT/5/TERM/5/KILL/5}"
test -x $DAEMON || exit 0
. /lib/init/vars.sh
. /lib/lsb/init-functions
# Try to extract nginx pidfile
PID=$(cat /etc/nginx/nginx.conf | grep -Ev '^\s*#' | awk 'BEGIN { RS="[;{}]" } { if ($1 == "pid") print $2 }' | head -n1)
if [ -z "$PID" ]; then
PID=/run/nginx.pid
fi
if [ -n "$ULIMIT" ]; then
# Set ulimit if it is set in /etc/default/nginx
ulimit $ULIMIT
fi
start_nginx() {
# Start the daemon/service
#
# Returns:
# 0 if daemon has been started
# 1 if daemon was already running
# 2 if daemon could not be started
start-stop-daemon --start --quiet --pidfile $PID --exec $DAEMON --test > /dev/null \
|| return 1
start-stop-daemon --start --quiet --pidfile $PID --exec $DAEMON -- \
$DAEMON_OPTS 2>/dev/null \
|| return 2
}
test_config() {
# Test the nginx configuration
$DAEMON -t $DAEMON_OPTS >/dev/null 2>&1
}
stop_nginx() {
# Stops the daemon/service
#
# Return
# 0 if daemon has been stopped
# 1 if daemon was already stopped
# 2 if daemon could not be stopped
# other if a failure occurred
start-stop-daemon --stop --quiet --retry=$STOP_SCHEDULE --pidfile $PID --name $NAME
RETVAL="$?"
sleep 1
return "$RETVAL"
}
reload_nginx() {
# Function that sends a SIGHUP to the daemon/service
start-stop-daemon --stop --signal HUP --quiet --pidfile $PID --name $NAME
return 0
}
rotate_logs() {
# Rotate log files
start-stop-daemon --stop --signal USR1 --quiet --pidfile $PID --name $NAME
return 0
}
upgrade_nginx() {
# Online upgrade nginx executable
# http://nginx.org/en/docs/control.html
#
# Return
# 0 if nginx has been successfully upgraded
# 1 if nginx is not running
# 2 if the pid files were not created on time
# 3 if the old master could not be killed
if start-stop-daemon --stop --signal USR2 --quiet --pidfile $PID --name $NAME; then
# Wait for both old and new master to write their pid file
while [ ! -s "${PID}.oldbin" ] || [ ! -s "${PID}" ]; do
cnt=`expr $cnt + 1`
if [ $cnt -gt 10 ]; then
return 2
fi
sleep 1
done
# Everything is ready, gracefully stop the old master
if start-stop-daemon --stop --signal QUIT --quiet --pidfile "${PID}.oldbin" --name $NAME; then
return 0
else
return 3
fi
else
return 1
fi
}
case "$1" in
start)
log_daemon_msg "Starting $DESC" "$NAME"
start_nginx
case "$?" in
0|1) log_end_msg 0 ;;
2) log_end_msg 1 ;;
esac
;;
stop)
log_daemon_msg "Stopping $DESC" "$NAME"
stop_nginx
case "$?" in
0|1) log_end_msg 0 ;;
2) log_end_msg 1 ;;
esac
;;
restart)
log_daemon_msg "Restarting $DESC" "$NAME"
# Check configuration before stopping nginx
if ! test_config; then
log_end_msg 1 # Configuration error
exit $?
fi
stop_nginx
case "$?" in
0|1)
start_nginx
case "$?" in
0) log_end_msg 0 ;;
1) log_end_msg 1 ;; # Old process is still running
*) log_end_msg 1 ;; # Failed to start
esac
;;
*)
# Failed to stop
log_end_msg 1
;;
esac
;;
reload|force-reload)
log_daemon_msg "Reloading $DESC configuration" "$NAME"
# Check configuration before stopping nginx
#
# This is not entirely correct since the on-disk nginx binary
# may differ from the in-memory one, but that's not common.
# We prefer to check the configuration and return an error
# to the administrator.
if ! test_config; then
log_end_msg 1 # Configuration error
exit $?
fi
reload_nginx
log_end_msg $?
;;
configtest|testconfig)
log_daemon_msg "Testing $DESC configuration"
test_config
log_end_msg $?
;;
status)
status_of_proc -p $PID "$DAEMON" "$NAME" && exit 0 || exit $?
;;
upgrade)
log_daemon_msg "Upgrading binary" "$NAME"
upgrade_nginx
log_end_msg $?
;;
rotate)
log_daemon_msg "Re-opening $DESC log files" "$NAME"
rotate_logs
log_end_msg $?
;;
*)
echo "Usage: $NAME {start|stop|restart|reload|force-reload|status|configtest|rotate|upgrade}" >&2
exit 3
;;
esac

18
linux/ecosystem/nginx/1.28.0/main/etc/logrotate.d/nginx Normal file
View File

@ -0,0 +1,18 @@
/var/log/nginx/*.log {
daily
missingok
rotate 14
compress
delaycompress
notifempty
create 0640 www-data adm
sharedscripts
prerotate
if [ -d /etc/logrotate.d/httpd-prerotate ]; then \
run-parts /etc/logrotate.d/httpd-prerotate; \
fi \
endscript
postrotate
invoke-rc.d nginx rotate >/dev/null 2>&1
endscript
}

3
linux/ecosystem/nginx/1.28.0/main/etc/nginx/modules-avalible/additional.conf Normal file
View File

@ -0,0 +1,3 @@
# NOTE: When nginx build as static binary - all modules will be included in main nginx binary.
# load_module "/etc/nginx/modules/ngx_some_module.so";

3
linux/ecosystem/nginx/1.28.0/main/etc/nginx/modules-avalible/default.conf Normal file
View File

@ -0,0 +1,3 @@
# NOTE: When nginx build as static binary - all modules will be included in main nginx binary.
# load_module "/etc/nginx/modules/ngx_some_module.so";

95
linux/ecosystem/nginx/1.28.0/main/etc/nginx/nginx.conf Normal file
View File

@ -0,0 +1,95 @@
include /etc/nginx/modules-enabled/*.conf;
user www-data;
worker_processes auto;
pid /var/run/nginx/nginx.pid;
lock_file /var/lock/nginx/nginx.lock;
events {
worker_connections 768;
# multi_accept on;
}
http {
##
# Basic Settings
##
sendfile on;
tcp_nopush on;
tcp_nodelay on;
keepalive_timeout 65;
types_hash_max_size 512;
types_hash_bucket_size 128;
# server_tokens off;
server_names_hash_max_size 512;
server_names_hash_bucket_size 128;
# server_name_in_redirect off;
variables_hash_max_size 2048;
variables_hash_bucket_size 512;
include /etc/nginx/mime.types;
default_type application/octet-stream;
##
# SSL Settings
##
ssl_protocols TLSv1 TLSv1.1 TLSv1.2; # Dropping SSLv3, ref: POODLE
ssl_prefer_server_ciphers on;
##
# Logging Settings
##
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
access_log /var/log/nginx/access.log;
error_log /var/log/nginx/error.log;
##
# Gzip Settings
##
gzip on;
# gzip_vary on;
# gzip_proxied any;
# gzip_comp_level 6;
# gzip_buffers 16 8k;
# gzip_http_version 1.1;
# gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript;
##
# Virtual Host Configs
##
include /etc/nginx/conf.d/*.conf;
include /etc/nginx/sites-enabled/*;
}
#mail {
# # See sample authentication script at:
# # http://wiki.nginx.org/ImapAuthenticateWithApachePhpScript
#
# # auth_http localhost/auth.php;
# # pop3_capabilities "TOP" "USER";
# # imap_capabilities "IMAP4rev1" "UIDPLUS";
#
# server {
# listen localhost:110;
# protocol pop3;
# proxy on;
# }
#
# server {
# listen localhost:143;
# protocol imap;
# proxy on;
# }
#}

91
linux/ecosystem/nginx/1.28.0/main/etc/nginx/sites-available/default.conf Normal file
View File

@ -0,0 +1,91 @@
##
# You should look at the following URL's in order to grasp a solid understanding
# of Nginx configuration files in order to fully unleash the power of Nginx.
# https://www.nginx.com/resources/wiki/start/
# https://www.nginx.com/resources/wiki/start/topics/tutorials/config_pitfalls/
# https://wiki.debian.org/Nginx/DirectoryStructure
#
# In most cases, administrators will remove this file from sites-enabled/ and
# leave it as reference inside of sites-available where it will continue to be
# updated by the nginx packaging team.
#
# This file will automatically load configuration files provided by other
# applications, such as Drupal or Wordpress. These applications will be made
# available underneath a path with that package name, such as /drupal8.
#
# Please see /usr/share/doc/nginx-doc/examples/ for more detailed examples.
##
# Default server configuration
#
server {
listen 80 default_server;
listen [::]:80 default_server;
# SSL configuration
#
# listen 443 ssl default_server;
# listen [::]:443 ssl default_server;
#
# Note: You should disable gzip for SSL traffic.
# See: https://bugs.debian.org/773332
#
# Read up on ssl_ciphers to ensure a secure configuration.
# See: https://bugs.debian.org/765782
#
# Self signed certs generated by the ssl-cert package
# Don't use them in a production server!
#
# include snippets/snakeoil.conf;
root /var/www/html;
# Add index.php to the list if you are using PHP
index index.html index.htm index.nginx-debian.html;
server_name _;
location / {
# First attempt to serve request as file, then
# as directory, then fall back to displaying a 404.
try_files $uri $uri/ =404;
}
# pass PHP scripts to FastCGI server
#
#location ~ \.php$ {
# include snippets/fastcgi-php.conf;
#
# # With php-fpm (or other unix sockets):
# fastcgi_pass unix:/run/php/php7.3-fpm.sock;
# # With php-cgi (or other tcp sockets):
# fastcgi_pass 127.0.0.1:9000;
#}
# deny access to .htaccess files, if Apache's document root
# concurs with nginx's one
#
#location ~ /\.ht {
# deny all;
#}
}
# Virtual Host configuration for example.com
#
# You can move that to a different file under sites-available/ and symlink that
# to sites-enabled/ to enable it.
#
#server {
# listen 80;
# listen [::]:80;
#
# server_name example.com;
#
# root /var/www/example.com;
# index index.html;
#
# location / {
# try_files $uri $uri/ =404;
# }
#}

13
linux/ecosystem/nginx/1.28.0/main/etc/nginx/snippets/fastcgi-php.conf Normal file
View File

@ -0,0 +1,13 @@
# regex to split $uri to $fastcgi_script_name and $fastcgi_path
fastcgi_split_path_info ^(.+?\.php)(/.*)$;
# Check that the PHP script exists before passing it
try_files $fastcgi_script_name =404;
# Bypass the fact that try_files resets $fastcgi_path_info
# see: http://trac.nginx.org/nginx/ticket/321
set $path_info $fastcgi_path_info;
fastcgi_param PATH_INFO $path_info;
fastcgi_index index.php;
include fastcgi.conf;

4
linux/ecosystem/nginx/1.28.0/main/etc/nginx/snippets/proxy_params.conf Normal file
View File

@ -0,0 +1,4 @@
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;

5
linux/ecosystem/nginx/1.28.0/main/etc/nginx/snippets/snakeoil.conf Normal file
View File

@ -0,0 +1,5 @@
# Self signed certificates generated by the ssl-cert package
# Don't use them in a production server!
ssl_certificate /etc/ssl/certs/ssl-cert-snakeoil.pem;
ssl_certificate_key /etc/ssl/private/ssl-cert-snakeoil.key;

14
linux/ecosystem/nginx/1.28.0/main/etc/ufw/applications.d/nginx Normal file
View File

@ -0,0 +1,14 @@
[Nginx HTTP]
title=Web Server (Nginx, HTTP)
description=Small, but very powerful and efficient web server
ports=80/tcp
[Nginx HTTPS]
title=Web Server (Nginx, HTTPS)
description=Small, but very powerful and efficient web server
ports=443/tcp
[Nginx Full]
title=Web Server (Nginx, HTTP + HTTPS)
description=Small, but very powerful and efficient web server
ports=80,443/tcp