Walter Oggioni
b78fa2111d
All checks were successful
CI / Build nginx docker images (push) Successful in 31m45s
112 lines
3.3 KiB
Docker
112 lines
3.3 KiB
Docker
ARG NGINX_BRANCH=vanilla
|
|
FROM alpine:latest AS base
|
|
|
|
FROM alpine:latest AS build_stage_1
|
|
ARG NGINX_VERSION LIBRESSL_VERSION=4.1.0
|
|
ENV NGINX_VERSION=${NGINX_VERSION}
|
|
RUN --mount=type=cache,target=/var/cache/apk apk update
|
|
RUN --mount=type=cache,target=/var/cache/apk apk add \
|
|
autoconf \
|
|
automake \
|
|
bind-tools \
|
|
binutils \
|
|
build-base \
|
|
ca-certificates \
|
|
cmake \
|
|
curl \
|
|
gcc \
|
|
gd-dev \
|
|
geoip-dev \
|
|
git \
|
|
gnupg \
|
|
go \
|
|
libc-dev \
|
|
libgcc \
|
|
libstdc++ \
|
|
libtool \
|
|
libxslt-dev \
|
|
linux-headers \
|
|
make \
|
|
ninja \
|
|
pcre \
|
|
pcre-dev \
|
|
perl-dev \
|
|
su-exec \
|
|
tar \
|
|
tzdata \
|
|
zlib \
|
|
zlib-dev \
|
|
mercurial
|
|
RUN adduser -D luser
|
|
USER luser
|
|
WORKDIR /home/luser
|
|
|
|
#RUN git clone --depth 1 --branch v4.0.0 https://github.com/libressl/portable.git libressl
|
|
#RUN git clone --depth 1 --branch v4.0.0 https://github.com/libressl/portable.git libressl
|
|
#ADD --chown=luser:luser git@github.com:libressl/portable.git#v${LIBRESSL_VERSION} libressl
|
|
ADD --chown=luser:luser https://cdn.openbsd.org/pub/OpenBSD/LibreSSL/libressl-${LIBRESSL_VERSION}.tar.gz libressl.tgz
|
|
RUN tar -xzf libressl.tgz && mv libressl-${LIBRESSL_VERSION} libressl && rm libressl.tgz
|
|
RUN mkdir -p libressl/build
|
|
RUN cmake -G Ninja -B libressl/build -S libressl \
|
|
-DCMAKE_BUILD_TYPE=Release \
|
|
-DLIBRESSL_APPS=OFF \
|
|
-DLIBRESSL_SKIP_INSTALL=ON \
|
|
-DENABLE_ASM=OFF \
|
|
-DENABLE_NC=OFF \
|
|
-DLIBRESSL_TESTS=OFF \
|
|
-DBUILD_SHARED_LIBS=OFF
|
|
RUN cmake --build libressl/build
|
|
|
|
FROM build_stage_1 AS build_stage_2_vanilla
|
|
ARG NGINX_VERSION
|
|
ADD --chown=luser:luser https://github.com/nginx/nginx.git#release-${NGINX_VERSION} /nginx
|
|
|
|
FROM build_stage_1 AS build_stage_2_woggioni
|
|
ARG NGINX_VERSION
|
|
ADD --chown=luser:luser git@github.com:woggioni/nginx.git#release-${NGINX_VERSION} /nginx
|
|
|
|
FROM build_stage_2_${NGINX_BRANCH} AS build
|
|
ADD --chown=luser:luser https://github.com/openresty/headers-more-nginx-module.git /ngx_headers_more
|
|
ADD --chown=luser:luser https://github.com/google/ngx_brotli.git /ngx_brotli
|
|
USER root
|
|
WORKDIR /
|
|
RUN hg clone http://hg.nginx.org/njs /njs
|
|
RUN chown luser:luser -R /njs
|
|
USER luser
|
|
WORKDIR /home/luser
|
|
ADD --chown=luser:luser --chmod=755 ./build.sh ./build.sh
|
|
RUN ./build.sh
|
|
|
|
|
|
FROM base AS release
|
|
ARG VERSION
|
|
ENV NGINX_VERSION=${VERSION}
|
|
|
|
RUN addgroup -S nginx
|
|
RUN adduser -D -S -h /var/cache/nginx -s /sbin/nologin -G nginx nginx
|
|
|
|
RUN --mount=type=cache,target=/var/cache/apk apk add --virtual .install_deps make perl-dev gettext binutils
|
|
RUN --mount=type=cache,target=/var/cache/apk \
|
|
--mount=type=bind,from=build,source=/nginx,target=/nginx \
|
|
--mount=type=bind,from=build,source=/ngx_headers_more,target=/ngx_headers_more \
|
|
--mount=type=bind,from=build,source=/ngx_brotli,target=/ngx_brotli \
|
|
--mount=type=bind,from=build,source=/njs,target=/njs \
|
|
--mount=type=bind,source=install.sh,target=/install.sh \
|
|
(cd nginx && sh /install.sh)
|
|
RUN --mount=type=cache,target=/var/cache/apk apk del .install_deps
|
|
|
|
COPY --from=build /home/luser/libressl/openssl.cnf /etc/ssl/openssl.cnf
|
|
COPY conf/nginx.conf /etc/nginx/nginx.conf
|
|
COPY conf/nginx.vh.no-default.conf /etc/nginx/conf.d/default.conf
|
|
|
|
LABEL description="NGINX Docker built top of LibreSSL" \
|
|
maintainer="Walter Oggioni <oggioni.walter@gmail.com>" \
|
|
openssl="LibreSSL" \
|
|
nginx="nginx ${NGINX_VERSION}"
|
|
|
|
EXPOSE 80 443 443/udp
|
|
|
|
STOPSIGNAL SIGTERM
|
|
|
|
CMD ["nginx", "-g", "daemon off;"]
|