Skip to content

Commit f953517

Browse files
yechsyechs
authored
Init version (#1)
Init version
2 parents 9798c84 + 0de4be0 commit f953517

File tree

4 files changed

+270
-0
lines changed

4 files changed

+270
-0
lines changed

Dockerfile

+158
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,158 @@
1+
FROM alpine:3.9
2+
3+
LABEL maintainer="NGINX Docker Maintainers <docker-maint@nginx.com>"
4+
5+
ENV NGINX_VERSION 1.15.12
6+
7+
RUN GPG_KEYS=B0F4253373F8F6F510D42178520A9993A1C052F8 \
8+
&& CONFIG="\
9+
--add-module=../ngx_brotli \
10+
--with-openssl=../openssl-1.1.1b \
11+
--prefix=/etc/nginx \
12+
--sbin-path=/usr/sbin/nginx \
13+
--modules-path=/usr/lib/nginx/modules \
14+
--conf-path=/etc/nginx/nginx.conf \
15+
--error-log-path=/var/log/nginx/error.log \
16+
--http-log-path=/var/log/nginx/access.log \
17+
--pid-path=/var/run/nginx.pid \
18+
--lock-path=/var/run/nginx.lock \
19+
--http-client-body-temp-path=/var/cache/nginx/client_temp \
20+
--http-proxy-temp-path=/var/cache/nginx/proxy_temp \
21+
--http-fastcgi-temp-path=/var/cache/nginx/fastcgi_temp \
22+
--http-uwsgi-temp-path=/var/cache/nginx/uwsgi_temp \
23+
--http-scgi-temp-path=/var/cache/nginx/scgi_temp \
24+
--user=nginx \
25+
--group=nginx \
26+
--with-http_ssl_module \
27+
--with-http_realip_module \
28+
--with-http_addition_module \
29+
--with-http_sub_module \
30+
--with-http_dav_module \
31+
--with-http_flv_module \
32+
--with-http_mp4_module \
33+
--with-http_gunzip_module \
34+
--with-http_gzip_static_module \
35+
--with-http_random_index_module \
36+
--with-http_secure_link_module \
37+
--with-http_stub_status_module \
38+
--with-http_auth_request_module \
39+
--with-http_xslt_module=dynamic \
40+
--with-http_image_filter_module=dynamic \
41+
--with-http_geoip_module=dynamic \
42+
--with-threads \
43+
--with-stream \
44+
--with-stream_ssl_module \
45+
--with-stream_ssl_preread_module \
46+
--with-stream_realip_module \
47+
--with-stream_geoip_module=dynamic \
48+
--with-http_slice_module \
49+
--with-mail \
50+
--with-mail_ssl_module \
51+
--with-compat \
52+
--with-file-aio \
53+
--with-http_v2_module \
54+
" \
55+
&& addgroup -S nginx \
56+
&& adduser -D -S -h /var/cache/nginx -s /sbin/nologin -G nginx nginx \
57+
&& apk add --no-cache --virtual .build-deps \
58+
gcc \
59+
libc-dev \
60+
make \
61+
openssl-dev \
62+
pcre-dev \
63+
zlib-dev \
64+
linux-headers \
65+
curl \
66+
gnupg1 \
67+
libxslt-dev \
68+
gd-dev \
69+
geoip-dev \
70+
git \
71+
&& curl -fSL https://nginx.org/download/nginx-$NGINX_VERSION.tar.gz -o nginx.tar.gz \
72+
&& curl -fSL https://nginx.org/download/nginx-$NGINX_VERSION.tar.gz.asc -o nginx.tar.gz.asc \
73+
&& curl -fSL https://www.openssl.org/source/openssl-1.1.1b.tar.gz -o openssl-1.1.1b.tar.gz \
74+
&& export GNUPGHOME="$(mktemp -d)" \
75+
&& found=''; \
76+
for server in \
77+
ha.pool.sks-keyservers.net \
78+
hkp://keyserver.ubuntu.com:80 \
79+
hkp://p80.pool.sks-keyservers.net:80 \
80+
pgp.mit.edu \
81+
; do \
82+
echo "Fetching GPG key $GPG_KEYS from $server"; \
83+
gpg --keyserver "$server" --keyserver-options timeout=10 --recv-keys "$GPG_KEYS" && found=yes && break; \
84+
done; \
85+
test -z "$found" && echo >&2 "error: failed to fetch GPG key $GPG_KEYS" && exit 1; \
86+
gpg --batch --verify nginx.tar.gz.asc nginx.tar.gz \
87+
&& rm -rf "$GNUPGHOME" nginx.tar.gz.asc \
88+
&& mkdir -p /usr/src \
89+
&& tar -zxC /usr/src -f nginx.tar.gz \
90+
&& tar -zxC /usr/src -f openssl-1.1.1b.tar.gz \
91+
&& rm -f nginx.tar.gz \
92+
&& rm -f openssl-1.1.1b.tar.gz \
93+
&& cd /usr/src \
94+
&& git clone https://github.com/google/ngx_brotli.git \
95+
&& cd ngx_brotli \
96+
&& git submodule update --init \
97+
&& cd /usr/src/nginx-$NGINX_VERSION \
98+
&& ./configure $CONFIG --with-debug \
99+
&& make -j$(getconf _NPROCESSORS_ONLN) \
100+
&& mv objs/nginx objs/nginx-debug \
101+
&& mv objs/ngx_http_xslt_filter_module.so objs/ngx_http_xslt_filter_module-debug.so \
102+
&& mv objs/ngx_http_image_filter_module.so objs/ngx_http_image_filter_module-debug.so \
103+
&& mv objs/ngx_http_geoip_module.so objs/ngx_http_geoip_module-debug.so \
104+
&& mv objs/ngx_stream_geoip_module.so objs/ngx_stream_geoip_module-debug.so \
105+
&& ./configure $CONFIG \
106+
&& make -j$(getconf _NPROCESSORS_ONLN) \
107+
&& make install \
108+
&& rm -rf /etc/nginx/html/ \
109+
&& mkdir /etc/nginx/conf.d/ \
110+
&& mkdir -p /usr/share/nginx/html/ \
111+
&& install -m644 html/index.html /usr/share/nginx/html/ \
112+
&& install -m644 html/50x.html /usr/share/nginx/html/ \
113+
&& install -m755 objs/nginx-debug /usr/sbin/nginx-debug \
114+
&& install -m755 objs/ngx_http_xslt_filter_module-debug.so /usr/lib/nginx/modules/ngx_http_xslt_filter_module-debug.so \
115+
&& install -m755 objs/ngx_http_image_filter_module-debug.so /usr/lib/nginx/modules/ngx_http_image_filter_module-debug.so \
116+
&& install -m755 objs/ngx_http_geoip_module-debug.so /usr/lib/nginx/modules/ngx_http_geoip_module-debug.so \
117+
&& install -m755 objs/ngx_stream_geoip_module-debug.so /usr/lib/nginx/modules/ngx_stream_geoip_module-debug.so \
118+
&& ln -s ../../usr/lib/nginx/modules /etc/nginx/modules \
119+
&& strip /usr/sbin/nginx* \
120+
&& strip /usr/lib/nginx/modules/*.so \
121+
&& rm -rf /usr/src/nginx-$NGINX_VERSION \
122+
&& rm -rf /usr/src/openssl-1.1.1b \
123+
&& rm -rf /usr/src/ngx_brotli \
124+
\
125+
# Bring in gettext so we can get `envsubst`, then throw
126+
# the rest away. To do this, we need to install `gettext`
127+
# then move `envsubst` out of the way so `gettext` can
128+
# be deleted completely, then move `envsubst` back.
129+
&& apk add --no-cache --virtual .gettext gettext \
130+
&& mv /usr/bin/envsubst /tmp/ \
131+
\
132+
&& runDeps="$( \
133+
scanelf --needed --nobanner --format '%n#p' /usr/sbin/nginx /usr/lib/nginx/modules/*.so /tmp/envsubst \
134+
| tr ',' '\n' \
135+
| sort -u \
136+
| awk 'system("[ -e /usr/local/lib/" $1 " ]") == 0 { next } { print "so:" $1 }' \
137+
)" \
138+
&& apk add --no-cache --virtual .nginx-rundeps $runDeps \
139+
&& apk del .build-deps \
140+
&& apk del .gettext \
141+
&& mv /tmp/envsubst /usr/local/bin/ \
142+
\
143+
# Bring in tzdata so users could set the timezones through the environment
144+
# variables
145+
&& apk add --no-cache tzdata \
146+
\
147+
# forward request and error logs to docker log collector
148+
&& ln -sf /dev/stdout /var/log/nginx/access.log \
149+
&& ln -sf /dev/stderr /var/log/nginx/error.log
150+
151+
COPY nginx.conf /etc/nginx/nginx.conf
152+
COPY nginx.vh.default.conf /etc/nginx/conf.d/default.conf
153+
154+
EXPOSE 80
155+
156+
STOPSIGNAL SIGTERM
157+
158+
CMD ["nginx", "-g", "daemon off;"]

README.md

+37
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,37 @@
1+
# Docker Nginx
2+
3+
Dockerized Nginx with TLS 1.3 and Brotli support.
4+
5+
Based on [nginxinc/docker-nginx](https://github.com/nginxinc/docker-nginx).
6+
7+
## Config
8+
9+
To enable TLS 1.3, use:
10+
11+
```nginx
12+
ssl_protocols TLSv1.2 TLSv1.3;
13+
ssl_ciphers [TLS13+AESGCM+AES128|TLS13+AESGCM+AES256|TLS13+CHACHA20]:[EECDH+ECDSA+AESGCM+AES128|EECDH+ECDSA+CHACHA20]:EECDH+ECDSA+AESGCM+AES256:EECDH+ECDSA+AES128+SHA:EECDH+ECDSA+AES256+SHA:[EECDH+aRSA+AESGCM+AES128|EECDH+aRSA+CHACHA20]:EECDH+aRSA+AESGCM+AES256:EECDH+aRSA+AES128+SHA:EECDH+aRSA+AES256+SHA:RSA+AES128+SHA:RSA+AES256+SHA:RSA+3DES;
14+
```
15+
To enable Brotli, use this in `http` block:
16+
17+
```nginx
18+
brotli on;
19+
brotli_comp_level 6;
20+
brotli_buffers 16 8k;
21+
brotli_min_length 20;
22+
brotli_types *;
23+
```
24+
25+
## Modification Details
26+
27+
Compiled with OpenSSL 1.1.1b, which supports TLS 1.3.
28+
29+
Module [ngx_brotli](https://github.com/google/ngx_brotli) has been added for Brotli support.
30+
31+
## Build
32+
33+
```bash
34+
git clone git://github.com/hackinit/docker-nginx.git
35+
cd docker-nginx
36+
docker build -t nginx:1.15.12-modified .
37+
```

nginx.conf

+31
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,31 @@
1+
user nginx;
2+
worker_processes 1;
3+
4+
error_log /var/log/nginx/error.log warn;
5+
pid /var/run/nginx.pid;
6+
7+
8+
events {
9+
worker_connections 1024;
10+
}
11+
12+
13+
http {
14+
include /etc/nginx/mime.types;
15+
default_type application/octet-stream;
16+
17+
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
18+
'$status $body_bytes_sent "$http_referer" '
19+
'"$http_user_agent" "$http_x_forwarded_for"';
20+
21+
access_log /var/log/nginx/access.log main;
22+
23+
sendfile on;
24+
#tcp_nopush on;
25+
26+
keepalive_timeout 65;
27+
28+
#gzip on;
29+
30+
include /etc/nginx/conf.d/*.conf;
31+
}

nginx.vh.default.conf

+44
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,44 @@
1+
server {
2+
listen 80;
3+
server_name localhost;
4+
5+
#charset koi8-r;
6+
#access_log /var/log/nginx/host.access.log main;
7+
8+
location / {
9+
root /usr/share/nginx/html;
10+
index index.html index.htm;
11+
}
12+
13+
#error_page 404 /404.html;
14+
15+
# redirect server error pages to the static page /50x.html
16+
#
17+
error_page 500 502 503 504 /50x.html;
18+
location = /50x.html {
19+
root /usr/share/nginx/html;
20+
}
21+
22+
# proxy the PHP scripts to Apache listening on 127.0.0.1:80
23+
#
24+
#location ~ \.php$ {
25+
# proxy_pass http://127.0.0.1;
26+
#}
27+
28+
# pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
29+
#
30+
#location ~ \.php$ {
31+
# root html;
32+
# fastcgi_pass 127.0.0.1:9000;
33+
# fastcgi_index index.php;
34+
# fastcgi_param SCRIPT_FILENAME /scripts$fastcgi_script_name;
35+
# include fastcgi_params;
36+
#}
37+
38+
# deny access to .htaccess files, if Apache's document root
39+
# concurs with nginx's one
40+
#
41+
#location ~ /\.ht {
42+
# deny all;
43+
#}
44+
}

0 commit comments

Comments
 (0)