diff --git a/Dockerfile b/Dockerfile new file mode 100644 index 0000000..61d33df --- /dev/null +++ b/Dockerfile @@ -0,0 +1,146 @@ +FROM harbor.ervine.dev/library/x86_64/alpine/alpine-3.12 + +LABEL maintainer="Jonathan Ervine " "Alpine Linux version"="3.11.3" "NGINX version"="1.17.8" date="19022020" + +ENV NGINX_VERSION 1.19.1 + +RUN GPG_KEYS=B0F4253373F8F6F510D42178520A9993A1C052F8 \ + && CONFIG="\ + --prefix=/etc/nginx \ + --sbin-path=/usr/sbin/nginx \ + --modules-path=/usr/lib/nginx/modules \ + --conf-path=/etc/nginx/nginx.conf \ + --error-log-path=/var/log/nginx/error.log \ + --http-log-path=/var/log/nginx/access.log \ + --pid-path=/var/run/nginx.pid \ + --lock-path=/var/run/nginx.lock \ + --http-client-body-temp-path=/var/cache/nginx/client_temp \ + --http-proxy-temp-path=/var/cache/nginx/proxy_temp \ + --http-fastcgi-temp-path=/var/cache/nginx/fastcgi_temp \ + --http-uwsgi-temp-path=/var/cache/nginx/uwsgi_temp \ + --http-scgi-temp-path=/var/cache/nginx/scgi_temp \ + --user=nginx \ + --group=nginx \ + --with-http_ssl_module \ + --with-http_realip_module \ + --with-http_addition_module \ + --with-http_sub_module \ + --with-http_dav_module \ + --with-http_flv_module \ + --with-http_mp4_module \ + --with-http_gunzip_module \ + --with-http_gzip_static_module \ + --with-http_random_index_module \ + --with-http_secure_link_module \ + --with-http_stub_status_module \ + --with-http_auth_request_module \ + --with-http_xslt_module=dynamic \ + --with-http_image_filter_module=dynamic \ + --with-http_geoip_module=dynamic \ + --with-threads \ + --with-stream \ + --with-stream_ssl_module \ + --with-stream_ssl_preread_module \ + --with-stream_realip_module \ + --with-stream_geoip_module=dynamic \ + --with-http_slice_module \ + --with-mail \ + --with-mail_ssl_module \ + --with-compat \ + --with-file-aio \ + --with-http_v2_module \ + " \ + && addgroup -g 82 -S nginx \ + && adduser -u 82 -D -S -h /var/cache/nginx -s /sbin/nologin -G nginx nginx \ + && apk add --no-cache --virtual .build-deps \ + gcc \ + libc-dev \ + make \ + openssl-dev \ + pcre-dev \ + zlib-dev \ + linux-headers \ + curl \ + gnupg \ + libxslt-dev \ + gd-dev \ + geoip-dev \ + && curl -fSL https://nginx.org/download/nginx-$NGINX_VERSION.tar.gz -o nginx.tar.gz \ + && curl -fSL https://nginx.org/download/nginx-$NGINX_VERSION.tar.gz.asc -o nginx.tar.gz.asc \ + && export GNUPGHOME="$(mktemp -d)" \ + && found=''; \ + for server in \ + ha.pool.sks-keyservers.net \ + hkp://keyserver.ubuntu.com:80 \ + hkp://p80.pool.sks-keyservers.net:80 \ + pgp.mit.edu \ + ; do \ + echo "Fetching GPG key $GPG_KEYS from $server"; \ + gpg --keyserver "$server" --keyserver-options timeout=10 --recv-keys "$GPG_KEYS" && found=yes && break; \ + done; \ + test -z "$found" && echo >&2 "error: failed to fetch GPG key $GPG_KEYS" && exit 1; \ + gpg --batch --verify nginx.tar.gz.asc nginx.tar.gz \ + && rm -rf "$GNUPGHOME" nginx.tar.gz.asc \ + && mkdir -p /usr/src \ + && tar -zxC /usr/src -f nginx.tar.gz \ + && rm nginx.tar.gz \ + && cd /usr/src/nginx-$NGINX_VERSION \ + && ./configure $CONFIG --with-debug \ + && make -j$(getconf _NPROCESSORS_ONLN) \ + && mv objs/nginx objs/nginx-debug \ + && mv objs/ngx_http_xslt_filter_module.so objs/ngx_http_xslt_filter_module-debug.so \ + && mv objs/ngx_http_image_filter_module.so objs/ngx_http_image_filter_module-debug.so \ + && mv objs/ngx_http_geoip_module.so objs/ngx_http_geoip_module-debug.so \ + && mv objs/ngx_stream_geoip_module.so objs/ngx_stream_geoip_module-debug.so \ + && ./configure $CONFIG \ + && make -j$(getconf _NPROCESSORS_ONLN) \ + && make install \ + && rm -rf /etc/nginx/html/ \ + && mkdir /etc/nginx/conf.d/ \ + && mkdir -p /usr/share/nginx/html/ \ + && install -m644 html/index.html /usr/share/nginx/html/ \ + && install -m644 html/50x.html /usr/share/nginx/html/ \ + && install -m755 objs/nginx-debug /usr/sbin/nginx-debug \ + && install -m755 objs/ngx_http_xslt_filter_module-debug.so /usr/lib/nginx/modules/ngx_http_xslt_filter_module-debug.so \ + && install -m755 objs/ngx_http_image_filter_module-debug.so /usr/lib/nginx/modules/ngx_http_image_filter_module-debug.so \ + && install -m755 objs/ngx_http_geoip_module-debug.so /usr/lib/nginx/modules/ngx_http_geoip_module-debug.so \ + && install -m755 objs/ngx_stream_geoip_module-debug.so /usr/lib/nginx/modules/ngx_stream_geoip_module-debug.so \ + && ln -s ../../usr/lib/nginx/modules /etc/nginx/modules \ + && strip /usr/sbin/nginx* \ + && strip /usr/lib/nginx/modules/*.so \ + && rm -rf /usr/src/nginx-$NGINX_VERSION \ + \ + # Bring in gettext so we can get `envsubst`, then throw + # the rest away. To do this, we need to install `gettext` + # then move `envsubst` out of the way so `gettext` can + # be deleted completely, then move `envsubst` back. + && apk add --no-cache --virtual .gettext gettext \ + && mv /usr/bin/envsubst /tmp/ \ + \ + && runDeps="$( \ + scanelf --needed --nobanner --format '%n#p' /usr/sbin/nginx /usr/lib/nginx/modules/*.so /tmp/envsubst \ + | tr ',' '\n' \ + | sort -u \ + | awk 'system("[ -e /usr/local/lib/" $1 " ]") == 0 { next } { print "so:" $1 }' \ + )" \ + && apk add --no-cache --virtual .nginx-rundeps $runDeps \ + && apk del .build-deps \ + && apk del .gettext \ + && mv /tmp/envsubst /usr/local/bin/ \ + \ + # Bring in tzdata so users could set the timezones through the environment + # variables + && apk add --no-cache tzdata \ + \ + # forward request and error logs to docker log collector + && ln -sf /dev/stdout /var/log/nginx/access.log \ + && ln -sf /dev/stderr /var/log/nginx/error.log + +COPY nginx.conf /etc/nginx/nginx.conf +COPY nginx.vh.default.conf /etc/nginx/conf.d/default.conf + +EXPOSE 80 + +STOPSIGNAL SIGTERM + +CMD ["nginx", "-g", "daemon off;"] diff --git a/Jenkinsfile b/Jenkinsfile new file mode 100644 index 0000000..76b8611 --- /dev/null +++ b/Jenkinsfile @@ -0,0 +1,35 @@ +podTemplate(yaml: """ +kind: Pod +spec: + containers: + - name: kaniko + image: gcr.io/kaniko-project/executor:debug-539ddefcae3fd6b411a95982a830d987f4214251 + imagePullPolicy: Always + command: + - /busybox/cat + tty: true + volumeMounts: + - name: jenkins-docker-cfg + mountPath: /kaniko/.docker + volumes: + - name: jenkins-docker-cfg + projected: + sources: + - secret: + name: regcred + items: + - key: .dockerconfigjson + path: config.json +""" + ) { + + node(POD_LABEL) { + stage('Build with Kaniko') { + git url: 'ssh://git@git.ervine.org/jonny/x86_64-alpine-nginx.git', credentialsId: 'jenkins-to-git' + container('kaniko') { + sh '/kaniko/executor -f `pwd`/Dockerfile -c `pwd` --cache=true --destination=harbor.ervine.dev/library/x86_64/alpine/nginx:1.19.1' + } + } + } +} + diff --git a/README.md b/README.md index 1381bdc..c5482a6 100644 --- a/README.md +++ b/README.md @@ -1,3 +1,3 @@ # x86_64-alpine-nginx -NGINX running on Alpine Linux container image \ No newline at end of file +Compiled NGINX running on Alpine Linux container image diff --git a/nginx.conf b/nginx.conf new file mode 100644 index 0000000..e4bad8d --- /dev/null +++ b/nginx.conf @@ -0,0 +1,32 @@ + +user nginx; +worker_processes 1; + +error_log /var/log/nginx/error.log warn; +pid /var/run/nginx.pid; + + +events { + worker_connections 1024; +} + + +http { + include /etc/nginx/mime.types; + default_type application/octet-stream; + + log_format main '$remote_addr - $remote_user [$time_local] "$request" ' + '$status $body_bytes_sent "$http_referer" ' + '"$http_user_agent" "$http_x_forwarded_for"'; + + access_log /var/log/nginx/access.log main; + + sendfile on; + #tcp_nopush on; + + keepalive_timeout 65; + + #gzip on; + + include /etc/nginx/conf.d/*.conf; +} diff --git a/nginx.vh.default.conf b/nginx.vh.default.conf new file mode 100644 index 0000000..299c622 --- /dev/null +++ b/nginx.vh.default.conf @@ -0,0 +1,45 @@ +server { + listen 80; + server_name localhost; + + #charset koi8-r; + #access_log /var/log/nginx/host.access.log main; + + location / { + root /usr/share/nginx/html; + index index.html index.htm; + } + + #error_page 404 /404.html; + + # redirect server error pages to the static page /50x.html + # + error_page 500 502 503 504 /50x.html; + location = /50x.html { + root /usr/share/nginx/html; + } + + # proxy the PHP scripts to Apache listening on 127.0.0.1:80 + # + #location ~ \.php$ { + # proxy_pass http://127.0.0.1; + #} + + # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000 + # + #location ~ \.php$ { + # root html; + # fastcgi_pass 127.0.0.1:9000; + # fastcgi_index index.php; + # fastcgi_param SCRIPT_FILENAME /scripts$fastcgi_script_name; + # include fastcgi_params; + #} + + # deny access to .htaccess files, if Apache's document root + # concurs with nginx's one + # + #location ~ /\.ht { + # deny all; + #} +} +