be140b42f3
The currently installed Brotli is downloaded directly from GitHub; however, the deps directory included within it is empty. This means that additional steps are required to download the necessary dependencies separately. If these dependencies are not acquired, you will encounter an error stating "brotli is missing" during the image packaging process.
214 lines
8.5 KiB
Docker
214 lines
8.5 KiB
Docker
# Dockerfile - alpine
|
|
# https://github.com/openresty/docker-openresty
|
|
|
|
ARG RESTY_IMAGE_BASE="alpine"
|
|
ARG RESTY_IMAGE_TAG="3.13"
|
|
|
|
FROM ${RESTY_IMAGE_BASE}:${RESTY_IMAGE_TAG}
|
|
|
|
LABEL maintainer="Evan Wies <evan@neomantra.net>"
|
|
|
|
# Docker Build Arguments
|
|
ARG RESTY_IMAGE_BASE="alpine"
|
|
ARG RESTY_IMAGE_TAG="3.13"
|
|
ARG RESTY_VERSION="1.19.3.2"
|
|
ARG RESTY_OPENSSL_VERSION="1.1.1k"
|
|
ARG RESTY_OPENSSL_PATCH_VERSION="1.1.1f"
|
|
ARG RESTY_OPENSSL_URL_BASE="https://www.openssl.org/source"
|
|
ARG RESTY_PCRE_VERSION="8.44"
|
|
ARG RESTY_J="1"
|
|
ARG RESTY_CONFIG_OPTIONS="\
|
|
--with-compat \
|
|
--with-file-aio \
|
|
--with-http_addition_module \
|
|
--with-http_auth_request_module \
|
|
--with-http_dav_module \
|
|
--with-http_flv_module \
|
|
--with-http_geoip_module=dynamic \
|
|
--with-http_gunzip_module \
|
|
--with-http_gzip_static_module \
|
|
--with-http_image_filter_module=dynamic \
|
|
--with-http_mp4_module \
|
|
--with-http_random_index_module \
|
|
--with-http_realip_module \
|
|
--with-http_secure_link_module \
|
|
--with-http_slice_module \
|
|
--with-http_ssl_module \
|
|
--with-http_stub_status_module \
|
|
--with-http_sub_module \
|
|
--with-http_v2_module \
|
|
--with-http_xslt_module=dynamic \
|
|
--with-ipv6 \
|
|
--with-mail \
|
|
--with-mail_ssl_module \
|
|
--with-md5-asm \
|
|
--with-pcre-jit \
|
|
--with-sha1-asm \
|
|
--with-stream \
|
|
--with-stream_ssl_module \
|
|
--with-threads \
|
|
"
|
|
ARG RESTY_CONFIG_OPTIONS_MORE="\
|
|
--conf-path=/etc/nginx/nginx.conf \
|
|
--error-log-path=/var/log/nginx/error.log \
|
|
--http-log-path=/var/log/nginx/access.log \
|
|
--pid-path=/var/run/nginx.pid \
|
|
--user=www-data \
|
|
--group=www-data \
|
|
--with-http_iconv_module \
|
|
--add-module=/tmp/nginx-ct-master \
|
|
--add-module=/tmp/nginx-dav-ext-module-master \
|
|
--add-module=/tmp/ngx_brotli-master \
|
|
--add-module=/tmp/ngx_cache_purge-master \
|
|
--add-module=/tmp/ngx_http_substitutions_filter_module-master \
|
|
"
|
|
ARG RESTY_LUAJIT_OPTIONS="--with-luajit-xcflags='-DLUAJIT_NUMMODE=2 -DLUAJIT_ENABLE_LUA52COMPAT'"
|
|
|
|
ARG RESTY_ADD_PACKAGE_BUILDDEPS=""
|
|
ARG RESTY_ADD_PACKAGE_RUNDEPS=""
|
|
ARG RESTY_EVAL_PRE_CONFIGURE=""
|
|
ARG RESTY_EVAL_POST_MAKE=""
|
|
|
|
# These are not intended to be user-specified
|
|
ARG _RESTY_CONFIG_DEPS="--with-pcre \
|
|
--with-cc-opt='-DNGX_LUA_ABORT_AT_PANIC -I/usr/local/openresty/pcre/include -I/usr/local/openresty/openssl/include' \
|
|
--with-ld-opt='-L/usr/local/openresty/pcre/lib -L/usr/local/openresty/openssl/lib -Wl,-rpath,/usr/local/openresty/pcre/lib:/usr/local/openresty/openssl/lib' \
|
|
"
|
|
|
|
LABEL resty_image_base="${RESTY_IMAGE_BASE}"
|
|
LABEL resty_image_tag="${RESTY_IMAGE_TAG}"
|
|
LABEL resty_version="${RESTY_VERSION}"
|
|
LABEL resty_openssl_version="${RESTY_OPENSSL_VERSION}"
|
|
LABEL resty_openssl_patch_version="${RESTY_OPENSSL_PATCH_VERSION}"
|
|
LABEL resty_openssl_url_base="${RESTY_OPENSSL_URL_BASE}"
|
|
LABEL resty_pcre_version="${RESTY_PCRE_VERSION}"
|
|
LABEL resty_config_options="${RESTY_CONFIG_OPTIONS}"
|
|
LABEL resty_config_options_more="${RESTY_CONFIG_OPTIONS_MORE}"
|
|
LABEL resty_config_deps="${_RESTY_CONFIG_DEPS}"
|
|
LABEL resty_add_package_builddeps="${RESTY_ADD_PACKAGE_BUILDDEPS}"
|
|
LABEL resty_add_package_rundeps="${RESTY_ADD_PACKAGE_RUNDEPS}"
|
|
LABEL resty_eval_pre_configure="${RESTY_EVAL_PRE_CONFIGURE}"
|
|
LABEL resty_eval_post_make="${RESTY_EVAL_POST_MAKE}"
|
|
|
|
ARG CHANGE_SOURCE=false
|
|
RUN if [ ${CHANGE_SOURCE} = true ]; then \
|
|
# Change application source from dl-cdn.alpinelinux.org to aliyun source
|
|
sed -i 's/dl-cdn.alpinelinux.org/mirrors.aliyun.com/' /etc/apk/repositories \
|
|
;fi
|
|
|
|
RUN set -x ; \
|
|
addgroup -g 82 -S www-data ; \
|
|
adduser -u 82 -D -S -G www-data www-data && exit 0 ; exit 1
|
|
|
|
|
|
RUN apk add --no-cache --virtual .build-deps \
|
|
build-base \
|
|
coreutils \
|
|
curl \
|
|
gd-dev \
|
|
geoip-dev \
|
|
libxslt-dev \
|
|
linux-headers \
|
|
make \
|
|
perl-dev \
|
|
readline-dev \
|
|
zlib-dev \
|
|
${RESTY_ADD_PACKAGE_BUILDDEPS} \
|
|
&& apk add --no-cache \
|
|
gd \
|
|
geoip \
|
|
libgcc \
|
|
libxslt \
|
|
zlib \
|
|
bash \
|
|
logrotate \
|
|
openssl \
|
|
${RESTY_ADD_PACKAGE_RUNDEPS} \
|
|
&& cd /tmp \
|
|
&& if [ -n "${RESTY_EVAL_PRE_CONFIGURE}" ]; then eval $(echo ${RESTY_EVAL_PRE_CONFIGURE}); fi \
|
|
&& cd /tmp \
|
|
&& curl -fSL "${RESTY_OPENSSL_URL_BASE}/openssl-${RESTY_OPENSSL_VERSION}.tar.gz" -o openssl-${RESTY_OPENSSL_VERSION}.tar.gz \
|
|
&& tar xzf openssl-${RESTY_OPENSSL_VERSION}.tar.gz \
|
|
&& cd openssl-${RESTY_OPENSSL_VERSION} \
|
|
&& if [ $(echo ${RESTY_OPENSSL_VERSION} | cut -c 1-5) = "1.1.1" ] ; then \
|
|
echo 'patching OpenSSL 1.1.1 for OpenResty' \
|
|
&& curl -s https://raw.githubusercontent.com/openresty/openresty/master/patches/openssl-${RESTY_OPENSSL_PATCH_VERSION}-sess_set_get_cb_yield.patch | patch -p1 ; \
|
|
fi \
|
|
&& if [ $(echo ${RESTY_OPENSSL_VERSION} | cut -c 1-5) = "1.1.0" ] ; then \
|
|
echo 'patching OpenSSL 1.1.0 for OpenResty' \
|
|
&& curl -s https://raw.githubusercontent.com/openresty/openresty/ed328977028c3ec3033bc25873ee360056e247cd/patches/openssl-1.1.0j-parallel_build_fix.patch | patch -p1 \
|
|
&& curl -s https://raw.githubusercontent.com/openresty/openresty/master/patches/openssl-${RESTY_OPENSSL_PATCH_VERSION}-sess_set_get_cb_yield.patch | patch -p1 ; \
|
|
fi \
|
|
&& ./config \
|
|
no-threads shared zlib -g \
|
|
enable-ssl3 enable-ssl3-method \
|
|
--prefix=/usr/local/openresty/openssl \
|
|
--libdir=lib \
|
|
-Wl,-rpath,/usr/local/openresty/openssl/lib \
|
|
&& make -j${RESTY_J} \
|
|
&& make -j${RESTY_J} install_sw \
|
|
&& cd /tmp \
|
|
&& curl -fSL https://downloads.sourceforge.net/project/pcre/pcre/${RESTY_PCRE_VERSION}/pcre-${RESTY_PCRE_VERSION}.tar.gz -o pcre-${RESTY_PCRE_VERSION}.tar.gz \
|
|
&& tar xzf pcre-${RESTY_PCRE_VERSION}.tar.gz \
|
|
&& cd /tmp/pcre-${RESTY_PCRE_VERSION} \
|
|
&& ./configure \
|
|
--prefix=/usr/local/openresty/pcre \
|
|
--disable-cpp \
|
|
--enable-jit \
|
|
--enable-utf \
|
|
--enable-unicode-properties \
|
|
&& make -j${RESTY_J} \
|
|
&& make -j${RESTY_J} install \
|
|
&& cd /tmp \
|
|
&& curl -fSL https://openresty.org/download/openresty-${RESTY_VERSION}.tar.gz -o openresty-${RESTY_VERSION}.tar.gz \
|
|
&& tar xzf openresty-${RESTY_VERSION}.tar.gz \
|
|
&& curl -fSL https://github.com/grahamedgecombe/nginx-ct/archive/master.tar.gz -o nginx-ct.tar.gz \
|
|
&& tar xzf nginx-ct.tar.gz \
|
|
&& curl -fSL https://github.com/arut/nginx-dav-ext-module/archive/master.tar.gz -o nginx-dav-ext-module.tar.gz \
|
|
&& tar xzf nginx-dav-ext-module.tar.gz \
|
|
&& curl -fSL https://github.com/google/ngx_brotli/archive/master.tar.gz -o ngx_brotli.tar.gz \
|
|
&& tar xzf ngx_brotli.tar.gz \
|
|
&& curl -fSL https://github.com/google/brotli/archive/refs/tags/v1.1.0.tar.gz -o ngx_brotli_deps.tar.gz \
|
|
&& tar xzf ngx_brotli_deps.tar.gz -C ngx_brotli-master/deps/brotli --strip-components=1 \
|
|
&& curl -fSL https://github.com/yaoweibin/ngx_http_substitutions_filter_module/archive/master.tar.gz -o ngx_http_substitutions_filter_module.tar.gz \
|
|
&& tar xzf ngx_http_substitutions_filter_module.tar.gz \
|
|
&& curl -fSL https://github.com/FRiCKLE/ngx_cache_purge/archive/master.tar.gz -o ngx_cache_purge.tar.gz \
|
|
&& tar xzf ngx_cache_purge.tar.gz \
|
|
&& cd /tmp/openresty-${RESTY_VERSION} \
|
|
&& eval ./configure -j${RESTY_J} ${_RESTY_CONFIG_DEPS} ${RESTY_CONFIG_OPTIONS} ${RESTY_CONFIG_OPTIONS_MORE} ${RESTY_LUAJIT_OPTIONS} \
|
|
&& make -j${RESTY_J} \
|
|
&& make -j${RESTY_J} install \
|
|
&& cd /tmp \
|
|
&& if [ -n "${RESTY_EVAL_POST_MAKE}" ]; then eval $(echo ${RESTY_EVAL_POST_MAKE}); fi \
|
|
&& rm -rf \
|
|
openssl-${RESTY_OPENSSL_VERSION}.tar.gz openssl-${RESTY_OPENSSL_VERSION} \
|
|
pcre-${RESTY_PCRE_VERSION}.tar.gz pcre-${RESTY_PCRE_VERSION} \
|
|
openresty-${RESTY_VERSION}.tar.gz openresty-${RESTY_VERSION} \
|
|
&& apk del .build-deps \
|
|
&& mkdir -p /etc/nginx/conf.d/ /var/run/openresty/
|
|
|
|
# Add additional binaries into PATH for convenience
|
|
ENV PATH=$PATH:/usr/local/openresty/luajit/bin:/usr/local/openresty/nginx/sbin:/usr/local/openresty/bin
|
|
|
|
|
|
ARG PHP_UPSTREAM_CONTAINER=php-fpm
|
|
ARG PHP_UPSTREAM_PORT=9000
|
|
|
|
# Create 'messages' file used from 'logrotate'
|
|
RUN touch /var/log/messages
|
|
|
|
# Copy 'logrotate' config file
|
|
COPY logrotate/nginx /etc/logrotate.d/
|
|
|
|
# Set upstream conf and remove the default conf
|
|
RUN echo "upstream php-upstream { server ${PHP_UPSTREAM_CONTAINER}:${PHP_UPSTREAM_PORT}; }" > /etc/nginx/conf.d/upstream.conf
|
|
|
|
# Copy nginx configuration files
|
|
COPY nginx.conf /etc/nginx/
|
|
|
|
ADD ./startup.sh /opt/startup.sh
|
|
RUN sed -i 's/\r//g' /opt/startup.sh
|
|
CMD ["/bin/bash", "/opt/startup.sh"]
|
|
|
|
EXPOSE 80 81 443
|