diff --git a/README.md b/README.md index f0d253c2..8a968b37 100644 --- a/README.md +++ b/README.md @@ -1,9 +1,136 @@ # About this Repo -This is the Git repo of the official Docker image for [nginx](https://registry.hub.docker.com/_/nginx/). See the +[![](https://images.microbadger.com/badges/image/nosinovacao/docker-nginx.svg)](https://hub.docker.com/r/nosinovacao/docker-nginx/ "nosinovacao/docker-nginx on docker hub") [![](https://images.microbadger.com/badges/version/nosinovacao/docker-nginx.svg)](https://hub.docker.com/r/nosinovacao/docker-nginx/ "nosinovacao/docker-nginx on docker hub") +# ![NGINX logo](https://raw.github.com/nosinovacao/docker-nginx/master/images/NginxLogo.gif) + +This is a forked repo of the official Docker image for [nginx](https://registry.hub.docker.com/_/nginx/). See the Hub page for the full readme on how to use the Docker image and for information regarding contributing and issues. The full readme is generated over in [docker-library/docs](https://github.com/docker-library/docs), specificially in [docker-library/docs/nginx](https://github.com/docker-library/docs/tree/master/nginx). +## Changes on this repo + +We modified the alpine images (stable & mainline) to include aditional modules: + +- [VST](https://github.com/vozlt/nginx-module-vts) +- [LDAP Auth](https://github.com/kvspb/nginx-auth-ldap) + +**Note that we have not modified the alpine-perl or stretch images.** + +## Usage + +### Static page without authentication + +The following container will provide the NGINX static default page: + + docker run --name nginx -d -p 80:80 nosinovacao/nginx + +To run an instance with your own static page run: + + docker run --name nginx -v /some/content:/usr/local/nginx/html:ro -d -p 80:80 nosinovacao/nginx + +### Setting up an LDAP container + +For the following chapters you can set up a container providing a test LDAP installation. But the intention is of course to connect to an existing user directory like *OpenLDAP* or *Active Directory* at the end. They can be either running as Docker containers or as a dedicated server. Therefore you might want to use an [ambassador container](http://docs.docker.com/articles/ambassador_pattern_linking/). + +Follow these steps to set up an LDAP test container: + +1. Start a Docker container with a running LDAP instance. This can be done e.g. using the [nickstenning/slapd](https://registry.hub.docker.com/u/nickstenning/slapd/) image. The root passwort will be set to *toor*. + + docker run -e LDAP_DOMAIN=example.com -e LDAP_ORGANIZATION="Example Ltd." -e LDAP_ROOTPASS=toor --name ldap -d -p 389:389 nickstenning/slapd + +2. Add some sample groups and users to that LDAP directory. You can find a [sample ldif file](https://github.com/nosinovacao/docker-nginx/blob/master/examples/sample.ldif) in the config folder. + + ldapadd -v -h :389 -c -x -D cn=admin,dc=example,dc=com -W -f config/sample.ldif + +3. Then you can verify that the test user exists: + + ldapsearch -v -h :389 -b 'ou=users,dc=example,dc=com' -D 'cn=admin,dc=example,dc=com' -x -W '(&(objectClass=person)(uid=test))' + +Now the LDAP container is ready to be used. + +### Static page with LDAP authentication + +The following instructions create an NGINX container that provides a static page authenticating against LDAP: + +1. Create an NGINX Docker container with an nginx.conf file that has LDAP authentication enabled. You can find a sample [nginx.conf](https://github.com/nosinovacao/docker-nginx/blob/master/examples/basic/nginx.conf) file in the config folder that provides the static default NGINX welcome page. + + docker run --name nginx --link ldap:ldap -d -v `pwd`/config/nginx.conf:/etc/nginx/nginx.conf:ro -p 80:80 nosinovacao/nginx + +2. When you now access the NGINX server via port 80 you will get an authentication dialog. The user name for the test user is *test* and the password is *t3st*. + +Further information about how to configure NGINX with ldap can be found at the [nginx-auth-ldap module site](https://github.com/kvspb/nginx-auth-ldap). + +### Setting up a Docker registry container + +As the main goal of the NGINX image is to provide LDAP authentication for a private Docker registry in this chapter a Docker registry is prepared. + +Instantiate a Docker registre container. It will use the hosts folder */your/local/registry/path* as a volume where the registry data is locally stored. + + docker run -d --name registry -v /your/local/registry/path:/registry -e SETTINGS_FLAVOR=local -e STORAGE_PATH=/registry registry + +You cannot connect to this instance from outside the Docker host by purpose. Otherwise it would be open without authentication at all. + +### Docker registry proxy configuration + +Now as we have a running registry we can configure our NGINX authentication proxy for it. + +1. Add a valid SSL certificate to a local folder (e.g. /ssl/cert/path) to be mounted as a volume into the proxy server later. It must be a valid one known by a trusted CA! The certificate file itself must be named *docker-registry.crt* and the private key file *docker-registry.key*. + +2. Create a Docker container for the NGINX proxy. The used sample configuration can be found [in the config/proxy folder](https://github.com/nosinovacao/docker-nginx/tree/master/config/proxy). + + docker run --name nginx --link ldap:ldap --link registry:docker-registry -v /ssl/cert/path:/etc/ssl/docker:ro -v `pwd`/config/proxy:/etc/nginx:ro -p 80:80 -p 443:443 -p 5000:5000 -d nosinovacao/nginx + +Theoretically you could also use self-signed certificates. Therefore the Docker daemon need to be started with the *--insecure-registry* command line parameter. But this is not recommended. + +Further information about proxying the Docker registry can be found at the official [Docker registry github page](https://github.com/docker/docker-registry/blob/master/ADVANCED.md). + +## Debugging + +The NGINX web server has been compiled with *debug* support. You can add the following line to your NGINX configuration to get debug output: + + error_log /var/log/nginx/error.log debug; + +Then the debug log can be read with the following command: + + docker exec -i -t nginx less /var/log/nginx/error.log + +You will then see debug output like: + + ... + 2015/02/14 17:57:10 [debug] 5#0: *2 http_auth_ldap: Username is "test" + 2015/02/14 17:57:10 [debug] 5#0: *2 http_auth_ldap: Authentication loop (phase=0, iteration=0) + 2015/02/14 17:57:10 [debug] 5#0: *2 event timer add: 3: 10000:1423936640056 + 2015/02/14 17:57:10 [debug] 5#0: *2 http_auth_ldap: request_timeout=10000 + 2015/02/14 17:57:10 [debug] 5#0: *2 http_auth_ldap: Authentication loop (phase=1, iteration=0) + 2015/02/14 17:57:10 [debug] 5#0: *2 http_auth_ldap: Wants a free connection to "ldapserver" + 2015/02/14 17:57:10 [debug] 5#0: *2 http_auth_ldap: Search filter is "(&(objectClass=person)(uid=test))" + 2015/02/14 17:57:10 [debug] 5#0: *2 http_auth_ldap: ldap_search_ext() -> msgid=4 + 2015/02/14 17:57:10 [debug] 5#0: *2 http_auth_ldap: Waking authentication request "GET / HTTP/1.1" + 2015/02/14 17:57:10 [debug] 5#0: *2 access phase: 6 + 2015/02/14 17:57:10 [debug] 5#0: *2 http_auth_ldap: Authentication loop (phase=1, iteration=1) + 2015/02/14 17:57:10 [debug] 5#0: *2 http_auth_ldap: Authentication loop (phase=2, iteration=1) + 2015/02/14 17:57:10 [debug] 5#0: *2 http_auth_ldap: User DN is "uid=test,ou=users,dc=example,dc=com" + 2015/02/14 17:57:10 [debug] 5#0: *2 http_auth_ldap: Authentication loop (phase=3, iteration=0) + 2015/02/14 17:57:10 [debug] 5#0: *2 http_auth_ldap: Comparing user group with "cn=docker,ou=groups,dc=example,dc=com" + 2015/02/14 17:57:10 [debug] 5#0: *2 http_auth_ldap: ldap_compare_ext() -> msgid=5 + 2015/02/14 17:57:10 [debug] 5#0: *2 http_auth_ldap: Waking authentication request "GET / HTTP/1.1" + 2015/02/14 17:57:10 [debug] 5#0: *2 access phase: 6 + 2015/02/14 17:57:10 [debug] 5#0: *2 http_auth_ldap: Authentication loop (phase=3, iteration=1) + 2015/02/14 17:57:10 [debug] 5#0: *2 http_auth_ldap: Authentication loop (phase=4, iteration=0) + 2015/02/14 17:57:10 [debug] 5#0: *2 http_auth_ldap: ldap_sasl_bind() -> msgid=6 + 2015/02/14 17:57:10 [debug] 5#0: *2 http_auth_ldap: Waking authentication request "GET / HTTP/1.1" + 2015/02/14 17:57:10 [debug] 5#0: *2 access phase: 6 + 2015/02/14 17:57:10 [debug] 5#0: *2 http_auth_ldap: Authentication loop (phase=4, iteration=1) + 2015/02/14 17:57:10 [debug] 5#0: *2 http_auth_ldap: User bind successful + 2015/02/14 17:57:10 [debug] 5#0: *2 http_auth_ldap: Authentication loop (phase=5, iteration=0) + 2015/02/14 17:57:10 [debug] 5#0: *2 http_auth_ldap: Rebinding to binddn + 2015/02/14 17:57:10 [debug] 5#0: *2 http_auth_ldap: ldap_sasl_bind() -> msgid=7 + 2015/02/14 17:57:10 [debug] 5#0: *2 http_auth_ldap: Waking authentication request "GET / HTTP/1.1" + 2015/02/14 17:57:10 [debug] 5#0: *2 access phase: 6 + 2015/02/14 17:57:10 [debug] 5#0: *2 http_auth_ldap: Authentication loop (phase=5, iteration=1) + 2015/02/14 17:57:10 [debug] 5#0: *2 http_auth_ldap: binddn bind successful + 2015/02/14 17:57:10 [debug] 5#0: *2 http_auth_ldap: Authentication loop (phase=6, iteration=1) + ... \ No newline at end of file diff --git a/examples/basic/nginx.conf b/examples/basic/nginx.conf new file mode 100644 index 00000000..96038b32 --- /dev/null +++ b/examples/basic/nginx.conf @@ -0,0 +1,49 @@ +worker_processes 1; + +events { + worker_connections 1024; +} + + +http { + + include mime.types; + default_type application/octet-stream; + sendfile on; + keepalive_timeout 65; + + ldap_server ldapserver { + url ldap://ldap/dc=example,dc=com?uid?sub?(objectClass=person); + binddn "cn=admin,dc=example,dc=com"; + binddn_passwd toor; + group_attribute member; + group_attribute_is_dn on; + require group 'cn=docker,ou=groups,dc=example,dc=com'; + require valid_user; + satisfy all; + } + + server { + + listen 80; + server_name localhost; + + error_log /usr/local/nginx/logs/error.log; + access_log /usr/local/nginx/logs/access.log; + + auth_ldap "Forbidden"; + auth_ldap_servers ldapserver; + + location / { + root html; + index index.html index.htm; + } + + error_page 500 502 503 504 /50x.html; + location = /50x.html { + root html; + } + + } + +} diff --git a/examples/proxy/docker-registry.conf b/examples/proxy/docker-registry.conf new file mode 100644 index 00000000..6173e5ca --- /dev/null +++ b/examples/proxy/docker-registry.conf @@ -0,0 +1,5 @@ +proxy_pass http://docker-registry; +proxy_set_header Host $http_host; # required for docker client's sake +proxy_set_header X-Real-IP $remote_addr; # pass on real client's IP +proxy_set_header Authorization ""; # see https://github.com/dotcloud/docker-registry/issues/170 +proxy_read_timeout 900; diff --git a/examples/proxy/nginx.conf b/examples/proxy/nginx.conf new file mode 100644 index 00000000..d4058fbe --- /dev/null +++ b/examples/proxy/nginx.conf @@ -0,0 +1,82 @@ +worker_processes 1; + +events { + worker_connections 1024; +} + +http { + + upstream docker-registry { + server docker-registry:5000; + } + + ldap_server ldapserver { + url ldap://ldap/dc=example,dc=com?uid?sub?(objectClass=person); + binddn "cn=admin,dc=example,dc=com"; + binddn_passwd toor; + group_attribute member; + group_attribute_is_dn on; + require group 'cn=docker,ou=groups,dc=example,dc=com'; + require valid_user; + satisfy all; + } + + server { + + listen 443; + server_name docker-registry-proxy; + + error_log /var/log/nginx/error.log debug; + access_log /var/log/nginx/access.log; + + ssl on; + ssl_certificate /etc/ssl/docker/docker-registry.crt; + ssl_certificate_key /etc/ssl/docker/docker-registry.key; + + client_max_body_size 0; + + chunked_transfer_encoding on; + + location / { + auth_ldap "Forbidden"; + auth_ldap_servers ldapserver; + include docker-registry.conf; + } + + location ~* /v1/repositories/(?([^/]*))/ { + auth_ldap "Forbidden"; + auth_ldap_servers ldapserver; + set $deny_write_request ""; + if ($request_method = PUT) { + set $deny_write_request "W"; + } + if ($request_method = DELETE) { + set $deny_write_request "W"; + } + if ($remote_user != $namespace) { + set $deny_write_request "${deny_write_request}A"; + } + if ($deny_write_request = 'WA') { + return 401; + } + include docker-registry.conf; + } + + location /_ping { + auth_basic off; + include docker-registry.conf; + } + + location /v1/_ping { + auth_basic off; + include docker-registry.conf; + } + + location /v1/search { + auth_basic off; + include docker-registry.conf; + } + + } + +} diff --git a/examples/sample.ldif b/examples/sample.ldif new file mode 100644 index 00000000..88a88146 --- /dev/null +++ b/examples/sample.ldif @@ -0,0 +1,28 @@ +# The root node (dc=example,dc=com) is automatically created by the Docker container instantiation (nickstenning/slapd). + +# All the users +dn: ou=users,dc=example,dc=com +objectclass: organizationalunit +ou: users + +dn: uid=test,ou=users,dc=example,dc=com +objectclass: inetOrgPerson +objectclass: person +gn: Test +sn: Person +cn: Test Person +uid: test +userPassword: t3st + + +# All the groups +dn: ou=groups,dc=example,dc=com +objectclass: organizationalunit +ou: groups + +dn: cn=docker,ou=groups,dc=example,dc=com +objectclass: groupofnames +cn: docker +description: All the docker users +member: uid=test,ou=users,dc=example,dc=com + diff --git a/generate-stackbrew-library.sh b/generate-stackbrew-library.sh deleted file mode 100755 index 69e7695e..00000000 --- a/generate-stackbrew-library.sh +++ /dev/null @@ -1,103 +0,0 @@ -#!/bin/bash -set -eu - -declare -A aliases -aliases=( - [mainline]='1 1.13 latest' - [stable]='1.12' -) - -self="$(basename "$BASH_SOURCE")" -cd "$(dirname "$(readlink -f "$BASH_SOURCE")")" -base=stretch - -versions=( */ ) -versions=( "${versions[@]%/}" ) - -# get the most recent commit which modified any of "$@" -fileCommit() { - git log -1 --format='format:%H' HEAD -- "$@" -} - -# get the most recent commit which modified "$1/Dockerfile" or any file COPY'd from "$1/Dockerfile" -dirCommit() { - local dir="$1"; shift - ( - cd "$dir" - fileCommit \ - Dockerfile \ - $(git show HEAD:./Dockerfile | awk ' - toupper($1) == "COPY" { - for (i = 2; i < NF; i++) { - print $i - } - } - ') - ) -} - -cat <<-EOH -# this file is generated via https://github.com/nginxinc/docker-nginx/blob/$(fileCommit "$self")/$self - -Maintainers: NGINX Docker Maintainers (@nginxinc) -GitRepo: https://github.com/nginxinc/docker-nginx.git -EOH - -# prints "$2$1$3$1...$N" -join() { - local sep="$1"; shift - local out; printf -v out "${sep//%/%%}%s" "$@" - echo "${out#$sep}" -} - -for version in "${versions[@]}"; do - commit="$(dirCommit "$version/$base")" - - fullVersion="$(git show "$commit":"$version/$base/Dockerfile" | awk '$1 == "ENV" && $2 == "NGINX_VERSION" { print $3; exit }')" - fullVersion="${fullVersion%[.-]*}" - - versionAliases=( $fullVersion ) - if [ "$version" != "$fullVersion" ]; then - versionAliases+=( $version ) - fi - versionAliases+=( ${aliases[$version]:-} ) - - echo - cat <<-EOE - Tags: $(join ', ' "${versionAliases[@]}") - Architectures: amd64, arm32v7, arm64v8, i386, ppc64le, s390x - GitCommit: $commit - Directory: $version/$base - EOE - - for variant in stretch-perl; do - commit="$(dirCommit "$version/$variant")" - - variantAliases=( "${versionAliases[@]/%/-perl}" ) - variantAliases=( "${variantAliases[@]//latest-/}" ) - - echo - cat <<-EOE - Tags: $(join ', ' "${variantAliases[@]}") - Architectures: amd64, arm32v7, arm64v8, i386, ppc64le, s390x - GitCommit: $commit - Directory: $version/$variant - EOE - done - - for variant in alpine alpine-perl; do - commit="$(dirCommit "$version/$variant")" - - variantAliases=( "${versionAliases[@]/%/-$variant}" ) - variantAliases=( "${variantAliases[@]//latest-/}" ) - - echo - cat <<-EOE - Tags: $(join ', ' "${variantAliases[@]}") - Architectures: amd64, arm32v6, arm64v8, i386, ppc64le, s390x - GitCommit: $commit - Directory: $version/$variant - EOE - done - -done diff --git a/images/NginxLogo.gif b/images/NginxLogo.gif new file mode 100644 index 00000000..21bea956 Binary files /dev/null and b/images/NginxLogo.gif differ diff --git a/mainline/alpine-perl/Dockerfile b/mainline/alpine-perl/Dockerfile deleted file mode 100644 index 30ff381f..00000000 --- a/mainline/alpine-perl/Dockerfile +++ /dev/null @@ -1,151 +0,0 @@ -FROM alpine:3.7 - -LABEL maintainer="NGINX Docker Maintainers " - -ENV NGINX_VERSION 1.13.9 - -RUN GPG_KEYS=B0F4253373F8F6F510D42178520A9993A1C052F8 \ - && CONFIG="\ - --prefix=/etc/nginx \ - --sbin-path=/usr/sbin/nginx \ - --modules-path=/usr/lib/nginx/modules \ - --conf-path=/etc/nginx/nginx.conf \ - --error-log-path=/var/log/nginx/error.log \ - --http-log-path=/var/log/nginx/access.log \ - --pid-path=/var/run/nginx.pid \ - --lock-path=/var/run/nginx.lock \ - --http-client-body-temp-path=/var/cache/nginx/client_temp \ - --http-proxy-temp-path=/var/cache/nginx/proxy_temp \ - --http-fastcgi-temp-path=/var/cache/nginx/fastcgi_temp \ - --http-uwsgi-temp-path=/var/cache/nginx/uwsgi_temp \ - --http-scgi-temp-path=/var/cache/nginx/scgi_temp \ - --user=nginx \ - --group=nginx \ - --with-http_ssl_module \ - --with-http_realip_module \ - --with-http_addition_module \ - --with-http_sub_module \ - --with-http_dav_module \ - --with-http_flv_module \ - --with-http_mp4_module \ - --with-http_gunzip_module \ - --with-http_gzip_static_module \ - --with-http_random_index_module \ - --with-http_secure_link_module \ - --with-http_stub_status_module \ - --with-http_auth_request_module \ - --with-http_xslt_module=dynamic \ - --with-http_image_filter_module=dynamic \ - --with-http_geoip_module=dynamic \ - --with-http_perl_module=dynamic \ - --with-threads \ - --with-stream \ - --with-stream_ssl_module \ - --with-stream_ssl_preread_module \ - --with-stream_realip_module \ - --with-stream_geoip_module=dynamic \ - --with-http_slice_module \ - --with-mail \ - --with-mail_ssl_module \ - --with-compat \ - --with-file-aio \ - --with-http_v2_module \ - " \ - && addgroup -S nginx \ - && adduser -D -S -h /var/cache/nginx -s /sbin/nologin -G nginx nginx \ - && apk add --no-cache --virtual .build-deps \ - gcc \ - libc-dev \ - make \ - openssl-dev \ - pcre-dev \ - zlib-dev \ - linux-headers \ - curl \ - gnupg \ - libxslt-dev \ - gd-dev \ - geoip-dev \ - perl-dev \ - && curl -fSL https://nginx.org/download/nginx-$NGINX_VERSION.tar.gz -o nginx.tar.gz \ - && curl -fSL https://nginx.org/download/nginx-$NGINX_VERSION.tar.gz.asc -o nginx.tar.gz.asc \ - && export GNUPGHOME="$(mktemp -d)" \ - && found=''; \ - for server in \ - ha.pool.sks-keyservers.net \ - hkp://keyserver.ubuntu.com:80 \ - hkp://p80.pool.sks-keyservers.net:80 \ - pgp.mit.edu \ - ; do \ - echo "Fetching GPG key $GPG_KEYS from $server"; \ - gpg --keyserver "$server" --keyserver-options timeout=10 --recv-keys "$GPG_KEYS" && found=yes && break; \ - done; \ - test -z "$found" && echo >&2 "error: failed to fetch GPG key $GPG_KEYS" && exit 1; \ - gpg --batch --verify nginx.tar.gz.asc nginx.tar.gz \ - && rm -rf "$GNUPGHOME" nginx.tar.gz.asc \ - && mkdir -p /usr/src \ - && tar -zxC /usr/src -f nginx.tar.gz \ - && rm nginx.tar.gz \ - && cd /usr/src/nginx-$NGINX_VERSION \ - && ./configure $CONFIG --with-debug \ - && make -j$(getconf _NPROCESSORS_ONLN) \ - && mv objs/nginx objs/nginx-debug \ - && mv objs/ngx_http_xslt_filter_module.so objs/ngx_http_xslt_filter_module-debug.so \ - && mv objs/ngx_http_image_filter_module.so objs/ngx_http_image_filter_module-debug.so \ - && mv objs/ngx_http_geoip_module.so objs/ngx_http_geoip_module-debug.so \ - && mv objs/ngx_http_perl_module.so objs/ngx_http_perl_module-debug.so \ - && mv objs/ngx_stream_geoip_module.so objs/ngx_stream_geoip_module-debug.so \ - && ./configure $CONFIG \ - && make -j$(getconf _NPROCESSORS_ONLN) \ - && make install \ - && rm -rf /etc/nginx/html/ \ - && mkdir /etc/nginx/conf.d/ \ - && mkdir -p /usr/share/nginx/html/ \ - && install -m644 html/index.html /usr/share/nginx/html/ \ - && install -m644 html/50x.html /usr/share/nginx/html/ \ - && install -m755 objs/nginx-debug /usr/sbin/nginx-debug \ - && install -m755 objs/ngx_http_xslt_filter_module-debug.so /usr/lib/nginx/modules/ngx_http_xslt_filter_module-debug.so \ - && install -m755 objs/ngx_http_image_filter_module-debug.so /usr/lib/nginx/modules/ngx_http_image_filter_module-debug.so \ - && install -m755 objs/ngx_http_geoip_module-debug.so /usr/lib/nginx/modules/ngx_http_geoip_module-debug.so \ - && install -m755 objs/ngx_http_perl_module-debug.so /usr/lib/nginx/modules/ngx_http_perl_module-debug.so \ - && install -m755 objs/ngx_stream_geoip_module-debug.so /usr/lib/nginx/modules/ngx_stream_geoip_module-debug.so \ - && ln -s ../../usr/lib/nginx/modules /etc/nginx/modules \ - && strip /usr/sbin/nginx* \ - && strip /usr/lib/nginx/modules/*.so \ - && rm -rf /usr/src/nginx-$NGINX_VERSION \ - \ - # Bring in gettext so we can get `envsubst`, then throw - # the rest away. To do this, we need to install `gettext` - # then move `envsubst` out of the way so `gettext` can - # be deleted completely, then move `envsubst` back. - && apk add --no-cache --virtual .gettext gettext \ - && mv /usr/bin/envsubst /tmp/ \ - \ - && runDeps="$( \ - scanelf --needed --nobanner /usr/sbin/nginx /usr/lib/nginx/modules/*.so /tmp/envsubst \ - | awk '{ gsub(/,/, "\nso:", $2); print "so:" $2 }' \ - | sort -u \ - | xargs -r apk info --installed \ - | sort -u \ - )" \ - && apk add --no-cache --virtual .nginx-rundeps $runDeps \ - && apk del .build-deps \ - && apk del .gettext \ - && mv /tmp/envsubst /usr/local/bin/ \ - \ - # Bring in tzdata so users could set the timezones through the environment - # variables - && apk add --no-cache tzdata \ - \ - # forward request and error logs to docker log collector - && ln -sf /dev/stdout /var/log/nginx/access.log \ - && ln -sf /dev/stderr /var/log/nginx/error.log - -COPY nginx.conf /etc/nginx/nginx.conf -COPY nginx.vh.default.conf /etc/nginx/conf.d/default.conf - -EXPOSE 80 - -STOPSIGNAL SIGTERM - -CMD ["nginx", "-g", "daemon off;"] diff --git a/mainline/alpine-perl/nginx.conf b/mainline/alpine-perl/nginx.conf deleted file mode 100644 index e4bad8db..00000000 --- a/mainline/alpine-perl/nginx.conf +++ /dev/null @@ -1,32 +0,0 @@ - -user nginx; -worker_processes 1; - -error_log /var/log/nginx/error.log warn; -pid /var/run/nginx.pid; - - -events { - worker_connections 1024; -} - - -http { - include /etc/nginx/mime.types; - default_type application/octet-stream; - - log_format main '$remote_addr - $remote_user [$time_local] "$request" ' - '$status $body_bytes_sent "$http_referer" ' - '"$http_user_agent" "$http_x_forwarded_for"'; - - access_log /var/log/nginx/access.log main; - - sendfile on; - #tcp_nopush on; - - keepalive_timeout 65; - - #gzip on; - - include /etc/nginx/conf.d/*.conf; -} diff --git a/mainline/alpine-perl/nginx.vh.default.conf b/mainline/alpine-perl/nginx.vh.default.conf deleted file mode 100644 index 299c622a..00000000 --- a/mainline/alpine-perl/nginx.vh.default.conf +++ /dev/null @@ -1,45 +0,0 @@ -server { - listen 80; - server_name localhost; - - #charset koi8-r; - #access_log /var/log/nginx/host.access.log main; - - location / { - root /usr/share/nginx/html; - index index.html index.htm; - } - - #error_page 404 /404.html; - - # redirect server error pages to the static page /50x.html - # - error_page 500 502 503 504 /50x.html; - location = /50x.html { - root /usr/share/nginx/html; - } - - # proxy the PHP scripts to Apache listening on 127.0.0.1:80 - # - #location ~ \.php$ { - # proxy_pass http://127.0.0.1; - #} - - # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000 - # - #location ~ \.php$ { - # root html; - # fastcgi_pass 127.0.0.1:9000; - # fastcgi_index index.php; - # fastcgi_param SCRIPT_FILENAME /scripts$fastcgi_script_name; - # include fastcgi_params; - #} - - # deny access to .htaccess files, if Apache's document root - # concurs with nginx's one - # - #location ~ /\.ht { - # deny all; - #} -} - diff --git a/mainline/alpine/Dockerfile b/mainline/alpine/Dockerfile index 020ff444..8b2c5864 100644 --- a/mainline/alpine/Dockerfile +++ b/mainline/alpine/Dockerfile @@ -1,9 +1,18 @@ FROM alpine:3.7 -LABEL maintainer="NGINX Docker Maintainers " +LABEL maintainer="NOS Inovação " ENV NGINX_VERSION 1.13.9 +# Ensure git +RUN apk update && apk upgrade \ + && apk add --no-cache --virtual .build-deps bash git + +# 3rd party modules +RUN cd ~ \ + && git clone https://github.com/kvspb/nginx-auth-ldap.git \ + && git clone https://github.com/vozlt/nginx-module-vts.git + RUN GPG_KEYS=B0F4253373F8F6F510D42178520A9993A1C052F8 \ && CONFIG="\ --prefix=/etc/nginx \ @@ -49,6 +58,8 @@ RUN GPG_KEYS=B0F4253373F8F6F510D42178520A9993A1C052F8 \ --with-compat \ --with-file-aio \ --with-http_v2_module \ + --add-module=/root/nginx-auth-ldap \ + --add-module=/root/nginx-module-vts \ " \ && addgroup -S nginx \ && adduser -D -S -h /var/cache/nginx -s /sbin/nologin -G nginx nginx \ @@ -56,7 +67,8 @@ RUN GPG_KEYS=B0F4253373F8F6F510D42178520A9993A1C052F8 \ gcc \ libc-dev \ make \ - openssl-dev \ + #openssl-dev \ # used libressl-dev instead (openssl does not work with openldap) + libressl-dev \ pcre-dev \ zlib-dev \ linux-headers \ @@ -65,6 +77,8 @@ RUN GPG_KEYS=B0F4253373F8F6F510D42178520A9993A1C052F8 \ libxslt-dev \ gd-dev \ geoip-dev \ + # openldap-dev is a dependecy for the nginx-auth-ldap module + openldap-dev \ && curl -fSL https://nginx.org/download/nginx-$NGINX_VERSION.tar.gz -o nginx.tar.gz \ && curl -fSL https://nginx.org/download/nginx-$NGINX_VERSION.tar.gz.asc -o nginx.tar.gz.asc \ && export GNUPGHOME="$(mktemp -d)" \ @@ -134,7 +148,14 @@ RUN GPG_KEYS=B0F4253373F8F6F510D42178520A9993A1C052F8 \ \ # forward request and error logs to docker log collector && ln -sf /dev/stdout /var/log/nginx/access.log \ - && ln -sf /dev/stderr /var/log/nginx/error.log + && ln -sf /dev/stderr /var/log/nginx/error.log \ + \ + # NOS Inovação changes + # Bring in bash so users can exec into the container + && apk add --no-cache bash \ + \ + # Cleanup 3rdparty modules + && rm -rf /root/nginx-* COPY nginx.conf /etc/nginx/nginx.conf COPY nginx.vh.default.conf /etc/nginx/conf.d/default.conf diff --git a/mainline/stretch-perl/Dockerfile b/mainline/stretch-perl/Dockerfile deleted file mode 100644 index afb7a65a..00000000 --- a/mainline/stretch-perl/Dockerfile +++ /dev/null @@ -1,100 +0,0 @@ -FROM debian:stretch-slim - -LABEL maintainer="NGINX Docker Maintainers " - -ENV NGINX_VERSION 1.13.9-1~stretch -ENV NJS_VERSION 1.13.9.0.1.15-1~stretch - -RUN set -x \ - && apt-get update \ - && apt-get install --no-install-recommends --no-install-suggests -y gnupg1 apt-transport-https ca-certificates \ - && \ - NGINX_GPGKEY=573BFD6B3D8FBC641079A6ABABF5BD827BD9BF62; \ - found=''; \ - for server in \ - ha.pool.sks-keyservers.net \ - hkp://keyserver.ubuntu.com:80 \ - hkp://p80.pool.sks-keyservers.net:80 \ - pgp.mit.edu \ - ; do \ - echo "Fetching GPG key $NGINX_GPGKEY from $server"; \ - apt-key adv --keyserver "$server" --keyserver-options timeout=10 --recv-keys "$NGINX_GPGKEY" && found=yes && break; \ - done; \ - test -z "$found" && echo >&2 "error: failed to fetch GPG key $NGINX_GPGKEY" && exit 1; \ - apt-get remove --purge --auto-remove -y gnupg1 && rm -rf /var/lib/apt/lists/* \ - && dpkgArch="$(dpkg --print-architecture)" \ - && nginxPackages=" \ - nginx=${NGINX_VERSION} \ - nginx-module-xslt=${NGINX_VERSION} \ - nginx-module-geoip=${NGINX_VERSION} \ - nginx-module-image-filter=${NGINX_VERSION} \ - nginx-module-perl=${NGINX_VERSION} \ - nginx-module-njs=${NJS_VERSION} \ - " \ - && case "$dpkgArch" in \ - amd64|i386) \ -# arches officialy built by upstream - echo "deb https://nginx.org/packages/mainline/debian/ stretch nginx" >> /etc/apt/sources.list.d/nginx.list \ - && apt-get update \ - ;; \ - *) \ -# we're on an architecture upstream doesn't officially build for -# let's build binaries from the published source packages - echo "deb-src https://nginx.org/packages/mainline/debian/ stretch nginx" >> /etc/apt/sources.list.d/nginx.list \ - \ -# new directory for storing sources and .deb files - && tempDir="$(mktemp -d)" \ - && chmod 777 "$tempDir" \ -# (777 to ensure APT's "_apt" user can access it too) - \ -# save list of currently-installed packages so build dependencies can be cleanly removed later - && savedAptMark="$(apt-mark showmanual)" \ - \ -# build .deb files from upstream's source packages (which are verified by apt-get) - && apt-get update \ - && apt-get build-dep -y $nginxPackages \ - && ( \ - cd "$tempDir" \ - && DEB_BUILD_OPTIONS="nocheck parallel=$(nproc)" \ - apt-get source --compile $nginxPackages \ - ) \ -# we don't remove APT lists here because they get re-downloaded and removed later - \ -# reset apt-mark's "manual" list so that "purge --auto-remove" will remove all build dependencies -# (which is done after we install the built packages so we don't have to redownload any overlapping dependencies) - && apt-mark showmanual | xargs apt-mark auto > /dev/null \ - && { [ -z "$savedAptMark" ] || apt-mark manual $savedAptMark; } \ - \ -# create a temporary local APT repo to install from (so that dependency resolution can be handled by APT, as it should be) - && ls -lAFh "$tempDir" \ - && ( cd "$tempDir" && dpkg-scanpackages . > Packages ) \ - && grep '^Package: ' "$tempDir/Packages" \ - && echo "deb [ trusted=yes ] file://$tempDir ./" > /etc/apt/sources.list.d/temp.list \ -# work around the following APT issue by using "Acquire::GzipIndexes=false" (overriding "/etc/apt/apt.conf.d/docker-gzip-indexes") -# Could not open file /var/lib/apt/lists/partial/_tmp_tmp.ODWljpQfkE_._Packages - open (13: Permission denied) -# ... -# E: Failed to fetch store:/var/lib/apt/lists/partial/_tmp_tmp.ODWljpQfkE_._Packages Could not open file /var/lib/apt/lists/partial/_tmp_tmp.ODWljpQfkE_._Packages - open (13: Permission denied) - && apt-get -o Acquire::GzipIndexes=false update \ - ;; \ - esac \ - \ - && apt-get install --no-install-recommends --no-install-suggests -y \ - $nginxPackages \ - gettext-base \ - && apt-get remove --purge --auto-remove -y apt-transport-https ca-certificates && rm -rf /var/lib/apt/lists/* /etc/apt/sources.list.d/nginx.list \ - \ -# if we have leftovers from building, let's purge them (including extra, unnecessary build deps) - && if [ -n "$tempDir" ]; then \ - apt-get purge -y --auto-remove \ - && rm -rf "$tempDir" /etc/apt/sources.list.d/temp.list; \ - fi - -# forward request and error logs to docker log collector -RUN ln -sf /dev/stdout /var/log/nginx/access.log \ - && ln -sf /dev/stderr /var/log/nginx/error.log - -EXPOSE 80 - -STOPSIGNAL SIGTERM - -CMD ["nginx", "-g", "daemon off;"] diff --git a/mainline/stretch/Dockerfile b/mainline/stretch/Dockerfile deleted file mode 100644 index 4bbed710..00000000 --- a/mainline/stretch/Dockerfile +++ /dev/null @@ -1,99 +0,0 @@ -FROM debian:stretch-slim - -LABEL maintainer="NGINX Docker Maintainers " - -ENV NGINX_VERSION 1.13.9-1~stretch -ENV NJS_VERSION 1.13.9.0.1.15-1~stretch - -RUN set -x \ - && apt-get update \ - && apt-get install --no-install-recommends --no-install-suggests -y gnupg1 apt-transport-https ca-certificates \ - && \ - NGINX_GPGKEY=573BFD6B3D8FBC641079A6ABABF5BD827BD9BF62; \ - found=''; \ - for server in \ - ha.pool.sks-keyservers.net \ - hkp://keyserver.ubuntu.com:80 \ - hkp://p80.pool.sks-keyservers.net:80 \ - pgp.mit.edu \ - ; do \ - echo "Fetching GPG key $NGINX_GPGKEY from $server"; \ - apt-key adv --keyserver "$server" --keyserver-options timeout=10 --recv-keys "$NGINX_GPGKEY" && found=yes && break; \ - done; \ - test -z "$found" && echo >&2 "error: failed to fetch GPG key $NGINX_GPGKEY" && exit 1; \ - apt-get remove --purge --auto-remove -y gnupg1 && rm -rf /var/lib/apt/lists/* \ - && dpkgArch="$(dpkg --print-architecture)" \ - && nginxPackages=" \ - nginx=${NGINX_VERSION} \ - nginx-module-xslt=${NGINX_VERSION} \ - nginx-module-geoip=${NGINX_VERSION} \ - nginx-module-image-filter=${NGINX_VERSION} \ - nginx-module-njs=${NJS_VERSION} \ - " \ - && case "$dpkgArch" in \ - amd64|i386) \ -# arches officialy built by upstream - echo "deb https://nginx.org/packages/mainline/debian/ stretch nginx" >> /etc/apt/sources.list.d/nginx.list \ - && apt-get update \ - ;; \ - *) \ -# we're on an architecture upstream doesn't officially build for -# let's build binaries from the published source packages - echo "deb-src https://nginx.org/packages/mainline/debian/ stretch nginx" >> /etc/apt/sources.list.d/nginx.list \ - \ -# new directory for storing sources and .deb files - && tempDir="$(mktemp -d)" \ - && chmod 777 "$tempDir" \ -# (777 to ensure APT's "_apt" user can access it too) - \ -# save list of currently-installed packages so build dependencies can be cleanly removed later - && savedAptMark="$(apt-mark showmanual)" \ - \ -# build .deb files from upstream's source packages (which are verified by apt-get) - && apt-get update \ - && apt-get build-dep -y $nginxPackages \ - && ( \ - cd "$tempDir" \ - && DEB_BUILD_OPTIONS="nocheck parallel=$(nproc)" \ - apt-get source --compile $nginxPackages \ - ) \ -# we don't remove APT lists here because they get re-downloaded and removed later - \ -# reset apt-mark's "manual" list so that "purge --auto-remove" will remove all build dependencies -# (which is done after we install the built packages so we don't have to redownload any overlapping dependencies) - && apt-mark showmanual | xargs apt-mark auto > /dev/null \ - && { [ -z "$savedAptMark" ] || apt-mark manual $savedAptMark; } \ - \ -# create a temporary local APT repo to install from (so that dependency resolution can be handled by APT, as it should be) - && ls -lAFh "$tempDir" \ - && ( cd "$tempDir" && dpkg-scanpackages . > Packages ) \ - && grep '^Package: ' "$tempDir/Packages" \ - && echo "deb [ trusted=yes ] file://$tempDir ./" > /etc/apt/sources.list.d/temp.list \ -# work around the following APT issue by using "Acquire::GzipIndexes=false" (overriding "/etc/apt/apt.conf.d/docker-gzip-indexes") -# Could not open file /var/lib/apt/lists/partial/_tmp_tmp.ODWljpQfkE_._Packages - open (13: Permission denied) -# ... -# E: Failed to fetch store:/var/lib/apt/lists/partial/_tmp_tmp.ODWljpQfkE_._Packages Could not open file /var/lib/apt/lists/partial/_tmp_tmp.ODWljpQfkE_._Packages - open (13: Permission denied) - && apt-get -o Acquire::GzipIndexes=false update \ - ;; \ - esac \ - \ - && apt-get install --no-install-recommends --no-install-suggests -y \ - $nginxPackages \ - gettext-base \ - && apt-get remove --purge --auto-remove -y apt-transport-https ca-certificates && rm -rf /var/lib/apt/lists/* /etc/apt/sources.list.d/nginx.list \ - \ -# if we have leftovers from building, let's purge them (including extra, unnecessary build deps) - && if [ -n "$tempDir" ]; then \ - apt-get purge -y --auto-remove \ - && rm -rf "$tempDir" /etc/apt/sources.list.d/temp.list; \ - fi - -# forward request and error logs to docker log collector -RUN ln -sf /dev/stdout /var/log/nginx/access.log \ - && ln -sf /dev/stderr /var/log/nginx/error.log - -EXPOSE 80 - -STOPSIGNAL SIGTERM - -CMD ["nginx", "-g", "daemon off;"] diff --git a/stable/alpine-perl/Dockerfile b/stable/alpine-perl/Dockerfile deleted file mode 100644 index 33131599..00000000 --- a/stable/alpine-perl/Dockerfile +++ /dev/null @@ -1,151 +0,0 @@ -FROM alpine:3.7 - -LABEL maintainer="NGINX Docker Maintainers " - -ENV NGINX_VERSION 1.12.2 - -RUN GPG_KEYS=B0F4253373F8F6F510D42178520A9993A1C052F8 \ - && CONFIG="\ - --prefix=/etc/nginx \ - --sbin-path=/usr/sbin/nginx \ - --modules-path=/usr/lib/nginx/modules \ - --conf-path=/etc/nginx/nginx.conf \ - --error-log-path=/var/log/nginx/error.log \ - --http-log-path=/var/log/nginx/access.log \ - --pid-path=/var/run/nginx.pid \ - --lock-path=/var/run/nginx.lock \ - --http-client-body-temp-path=/var/cache/nginx/client_temp \ - --http-proxy-temp-path=/var/cache/nginx/proxy_temp \ - --http-fastcgi-temp-path=/var/cache/nginx/fastcgi_temp \ - --http-uwsgi-temp-path=/var/cache/nginx/uwsgi_temp \ - --http-scgi-temp-path=/var/cache/nginx/scgi_temp \ - --user=nginx \ - --group=nginx \ - --with-http_ssl_module \ - --with-http_realip_module \ - --with-http_addition_module \ - --with-http_sub_module \ - --with-http_dav_module \ - --with-http_flv_module \ - --with-http_mp4_module \ - --with-http_gunzip_module \ - --with-http_gzip_static_module \ - --with-http_random_index_module \ - --with-http_secure_link_module \ - --with-http_stub_status_module \ - --with-http_auth_request_module \ - --with-http_xslt_module=dynamic \ - --with-http_image_filter_module=dynamic \ - --with-http_geoip_module=dynamic \ - --with-http_perl_module=dynamic \ - --with-threads \ - --with-stream \ - --with-stream_ssl_module \ - --with-stream_ssl_preread_module \ - --with-stream_realip_module \ - --with-stream_geoip_module=dynamic \ - --with-http_slice_module \ - --with-mail \ - --with-mail_ssl_module \ - --with-compat \ - --with-file-aio \ - --with-http_v2_module \ - " \ - && addgroup -S nginx \ - && adduser -D -S -h /var/cache/nginx -s /sbin/nologin -G nginx nginx \ - && apk add --no-cache --virtual .build-deps \ - gcc \ - libc-dev \ - make \ - openssl-dev \ - pcre-dev \ - zlib-dev \ - linux-headers \ - curl \ - gnupg \ - libxslt-dev \ - gd-dev \ - geoip-dev \ - perl-dev \ - && curl -fSL https://nginx.org/download/nginx-$NGINX_VERSION.tar.gz -o nginx.tar.gz \ - && curl -fSL https://nginx.org/download/nginx-$NGINX_VERSION.tar.gz.asc -o nginx.tar.gz.asc \ - && export GNUPGHOME="$(mktemp -d)" \ - && found=''; \ - for server in \ - ha.pool.sks-keyservers.net \ - hkp://keyserver.ubuntu.com:80 \ - hkp://p80.pool.sks-keyservers.net:80 \ - pgp.mit.edu \ - ; do \ - echo "Fetching GPG key $GPG_KEYS from $server"; \ - gpg --keyserver "$server" --keyserver-options timeout=10 --recv-keys "$GPG_KEYS" && found=yes && break; \ - done; \ - test -z "$found" && echo >&2 "error: failed to fetch GPG key $GPG_KEYS" && exit 1; \ - gpg --batch --verify nginx.tar.gz.asc nginx.tar.gz \ - && rm -rf "$GNUPGHOME" nginx.tar.gz.asc \ - && mkdir -p /usr/src \ - && tar -zxC /usr/src -f nginx.tar.gz \ - && rm nginx.tar.gz \ - && cd /usr/src/nginx-$NGINX_VERSION \ - && ./configure $CONFIG --with-debug \ - && make -j$(getconf _NPROCESSORS_ONLN) \ - && mv objs/nginx objs/nginx-debug \ - && mv objs/ngx_http_xslt_filter_module.so objs/ngx_http_xslt_filter_module-debug.so \ - && mv objs/ngx_http_image_filter_module.so objs/ngx_http_image_filter_module-debug.so \ - && mv objs/ngx_http_geoip_module.so objs/ngx_http_geoip_module-debug.so \ - && mv objs/ngx_http_perl_module.so objs/ngx_http_perl_module-debug.so \ - && mv objs/ngx_stream_geoip_module.so objs/ngx_stream_geoip_module-debug.so \ - && ./configure $CONFIG \ - && make -j$(getconf _NPROCESSORS_ONLN) \ - && make install \ - && rm -rf /etc/nginx/html/ \ - && mkdir /etc/nginx/conf.d/ \ - && mkdir -p /usr/share/nginx/html/ \ - && install -m644 html/index.html /usr/share/nginx/html/ \ - && install -m644 html/50x.html /usr/share/nginx/html/ \ - && install -m755 objs/nginx-debug /usr/sbin/nginx-debug \ - && install -m755 objs/ngx_http_xslt_filter_module-debug.so /usr/lib/nginx/modules/ngx_http_xslt_filter_module-debug.so \ - && install -m755 objs/ngx_http_image_filter_module-debug.so /usr/lib/nginx/modules/ngx_http_image_filter_module-debug.so \ - && install -m755 objs/ngx_http_geoip_module-debug.so /usr/lib/nginx/modules/ngx_http_geoip_module-debug.so \ - && install -m755 objs/ngx_http_perl_module-debug.so /usr/lib/nginx/modules/ngx_http_perl_module-debug.so \ - && install -m755 objs/ngx_stream_geoip_module-debug.so /usr/lib/nginx/modules/ngx_stream_geoip_module-debug.so \ - && ln -s ../../usr/lib/nginx/modules /etc/nginx/modules \ - && strip /usr/sbin/nginx* \ - && strip /usr/lib/nginx/modules/*.so \ - && rm -rf /usr/src/nginx-$NGINX_VERSION \ - \ - # Bring in gettext so we can get `envsubst`, then throw - # the rest away. To do this, we need to install `gettext` - # then move `envsubst` out of the way so `gettext` can - # be deleted completely, then move `envsubst` back. - && apk add --no-cache --virtual .gettext gettext \ - && mv /usr/bin/envsubst /tmp/ \ - \ - && runDeps="$( \ - scanelf --needed --nobanner /usr/sbin/nginx /usr/lib/nginx/modules/*.so /tmp/envsubst \ - | awk '{ gsub(/,/, "\nso:", $2); print "so:" $2 }' \ - | sort -u \ - | xargs -r apk info --installed \ - | sort -u \ - )" \ - && apk add --no-cache --virtual .nginx-rundeps $runDeps \ - && apk del .build-deps \ - && apk del .gettext \ - && mv /tmp/envsubst /usr/local/bin/ \ - \ - # Bring in tzdata so users could set the timezones through the environment - # variables - && apk add --no-cache tzdata \ - \ - # forward request and error logs to docker log collector - && ln -sf /dev/stdout /var/log/nginx/access.log \ - && ln -sf /dev/stderr /var/log/nginx/error.log - -COPY nginx.conf /etc/nginx/nginx.conf -COPY nginx.vh.default.conf /etc/nginx/conf.d/default.conf - -EXPOSE 80 - -STOPSIGNAL SIGTERM - -CMD ["nginx", "-g", "daemon off;"] diff --git a/stable/alpine-perl/nginx.conf b/stable/alpine-perl/nginx.conf deleted file mode 100644 index e4bad8db..00000000 --- a/stable/alpine-perl/nginx.conf +++ /dev/null @@ -1,32 +0,0 @@ - -user nginx; -worker_processes 1; - -error_log /var/log/nginx/error.log warn; -pid /var/run/nginx.pid; - - -events { - worker_connections 1024; -} - - -http { - include /etc/nginx/mime.types; - default_type application/octet-stream; - - log_format main '$remote_addr - $remote_user [$time_local] "$request" ' - '$status $body_bytes_sent "$http_referer" ' - '"$http_user_agent" "$http_x_forwarded_for"'; - - access_log /var/log/nginx/access.log main; - - sendfile on; - #tcp_nopush on; - - keepalive_timeout 65; - - #gzip on; - - include /etc/nginx/conf.d/*.conf; -} diff --git a/stable/alpine-perl/nginx.vh.default.conf b/stable/alpine-perl/nginx.vh.default.conf deleted file mode 100644 index 299c622a..00000000 --- a/stable/alpine-perl/nginx.vh.default.conf +++ /dev/null @@ -1,45 +0,0 @@ -server { - listen 80; - server_name localhost; - - #charset koi8-r; - #access_log /var/log/nginx/host.access.log main; - - location / { - root /usr/share/nginx/html; - index index.html index.htm; - } - - #error_page 404 /404.html; - - # redirect server error pages to the static page /50x.html - # - error_page 500 502 503 504 /50x.html; - location = /50x.html { - root /usr/share/nginx/html; - } - - # proxy the PHP scripts to Apache listening on 127.0.0.1:80 - # - #location ~ \.php$ { - # proxy_pass http://127.0.0.1; - #} - - # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000 - # - #location ~ \.php$ { - # root html; - # fastcgi_pass 127.0.0.1:9000; - # fastcgi_index index.php; - # fastcgi_param SCRIPT_FILENAME /scripts$fastcgi_script_name; - # include fastcgi_params; - #} - - # deny access to .htaccess files, if Apache's document root - # concurs with nginx's one - # - #location ~ /\.ht { - # deny all; - #} -} - diff --git a/stable/alpine/Dockerfile b/stable/alpine/Dockerfile index 781c7ed9..62a1fdd6 100644 --- a/stable/alpine/Dockerfile +++ b/stable/alpine/Dockerfile @@ -1,9 +1,18 @@ FROM alpine:3.7 -LABEL maintainer="NGINX Docker Maintainers " +LABEL maintainer="NOS Inovação " ENV NGINX_VERSION 1.12.2 +# Ensure git +RUN apk update && apk upgrade \ + && apk add --no-cache --virtual .build-deps bash git + +# 3rd party modules +RUN cd ~ \ + && git clone https://github.com/kvspb/nginx-auth-ldap.git \ + && git clone https://github.com/vozlt/nginx-module-vts.git + RUN GPG_KEYS=B0F4253373F8F6F510D42178520A9993A1C052F8 \ && CONFIG="\ --prefix=/etc/nginx \ @@ -49,6 +58,8 @@ RUN GPG_KEYS=B0F4253373F8F6F510D42178520A9993A1C052F8 \ --with-compat \ --with-file-aio \ --with-http_v2_module \ + --add-module=/root/nginx-auth-ldap \ + --add-module=/root/nginx-module-vts \ " \ && addgroup -S nginx \ && adduser -D -S -h /var/cache/nginx -s /sbin/nologin -G nginx nginx \ @@ -56,7 +67,8 @@ RUN GPG_KEYS=B0F4253373F8F6F510D42178520A9993A1C052F8 \ gcc \ libc-dev \ make \ - openssl-dev \ + #openssl-dev \ # used libressl-dev instead (openssl does not work with openldap) + libressl-dev \ pcre-dev \ zlib-dev \ linux-headers \ @@ -65,6 +77,8 @@ RUN GPG_KEYS=B0F4253373F8F6F510D42178520A9993A1C052F8 \ libxslt-dev \ gd-dev \ geoip-dev \ + # openldap-dev is a dependecy for the nginx-auth-ldap module + openldap-dev \ && curl -fSL https://nginx.org/download/nginx-$NGINX_VERSION.tar.gz -o nginx.tar.gz \ && curl -fSL https://nginx.org/download/nginx-$NGINX_VERSION.tar.gz.asc -o nginx.tar.gz.asc \ && export GNUPGHOME="$(mktemp -d)" \ @@ -134,7 +148,14 @@ RUN GPG_KEYS=B0F4253373F8F6F510D42178520A9993A1C052F8 \ \ # forward request and error logs to docker log collector && ln -sf /dev/stdout /var/log/nginx/access.log \ - && ln -sf /dev/stderr /var/log/nginx/error.log + && ln -sf /dev/stderr /var/log/nginx/error.log \ + \ + # NOS Inovação changes + # Bring in bash so users can exec into the container + && apk add --no-cache bash \ + \ + # Cleanup 3rdparty modules + && rm -rf /root/nginx-* COPY nginx.conf /etc/nginx/nginx.conf COPY nginx.vh.default.conf /etc/nginx/conf.d/default.conf diff --git a/stable/stretch-perl/Dockerfile b/stable/stretch-perl/Dockerfile deleted file mode 100644 index 543e4c03..00000000 --- a/stable/stretch-perl/Dockerfile +++ /dev/null @@ -1,100 +0,0 @@ -FROM debian:stretch-slim - -LABEL maintainer="NGINX Docker Maintainers " - -ENV NGINX_VERSION 1.12.2-1~stretch -ENV NJS_VERSION 1.12.2.0.1.14-1~stretch - -RUN set -x \ - && apt-get update \ - && apt-get install --no-install-recommends --no-install-suggests -y gnupg1 apt-transport-https ca-certificates \ - && \ - NGINX_GPGKEY=573BFD6B3D8FBC641079A6ABABF5BD827BD9BF62; \ - found=''; \ - for server in \ - ha.pool.sks-keyservers.net \ - hkp://keyserver.ubuntu.com:80 \ - hkp://p80.pool.sks-keyservers.net:80 \ - pgp.mit.edu \ - ; do \ - echo "Fetching GPG key $NGINX_GPGKEY from $server"; \ - apt-key adv --keyserver "$server" --keyserver-options timeout=10 --recv-keys "$NGINX_GPGKEY" && found=yes && break; \ - done; \ - test -z "$found" && echo >&2 "error: failed to fetch GPG key $NGINX_GPGKEY" && exit 1; \ - apt-get remove --purge --auto-remove -y gnupg1 && rm -rf /var/lib/apt/lists/* \ - && dpkgArch="$(dpkg --print-architecture)" \ - && nginxPackages=" \ - nginx=${NGINX_VERSION} \ - nginx-module-xslt=${NGINX_VERSION} \ - nginx-module-geoip=${NGINX_VERSION} \ - nginx-module-image-filter=${NGINX_VERSION} \ - nginx-module-perl=${NGINX_VERSION} \ - nginx-module-njs=${NJS_VERSION} \ - " \ - && case "$dpkgArch" in \ - amd64|i386) \ -# arches officialy built by upstream - echo "deb https://nginx.org/packages/debian/ stretch nginx" >> /etc/apt/sources.list.d/nginx.list \ - && apt-get update \ - ;; \ - *) \ -# we're on an architecture upstream doesn't officially build for -# let's build binaries from the published source packages - echo "deb-src https://nginx.org/packages/debian/ stretch nginx" >> /etc/apt/sources.list.d/nginx.list \ - \ -# new directory for storing sources and .deb files - && tempDir="$(mktemp -d)" \ - && chmod 777 "$tempDir" \ -# (777 to ensure APT's "_apt" user can access it too) - \ -# save list of currently-installed packages so build dependencies can be cleanly removed later - && savedAptMark="$(apt-mark showmanual)" \ - \ -# build .deb files from upstream's source packages (which are verified by apt-get) - && apt-get update \ - && apt-get build-dep -y $nginxPackages \ - && ( \ - cd "$tempDir" \ - && DEB_BUILD_OPTIONS="nocheck parallel=$(nproc)" \ - apt-get source --compile $nginxPackages \ - ) \ -# we don't remove APT lists here because they get re-downloaded and removed later - \ -# reset apt-mark's "manual" list so that "purge --auto-remove" will remove all build dependencies -# (which is done after we install the built packages so we don't have to redownload any overlapping dependencies) - && apt-mark showmanual | xargs apt-mark auto > /dev/null \ - && { [ -z "$savedAptMark" ] || apt-mark manual $savedAptMark; } \ - \ -# create a temporary local APT repo to install from (so that dependency resolution can be handled by APT, as it should be) - && ls -lAFh "$tempDir" \ - && ( cd "$tempDir" && dpkg-scanpackages . > Packages ) \ - && grep '^Package: ' "$tempDir/Packages" \ - && echo "deb [ trusted=yes ] file://$tempDir ./" > /etc/apt/sources.list.d/temp.list \ -# work around the following APT issue by using "Acquire::GzipIndexes=false" (overriding "/etc/apt/apt.conf.d/docker-gzip-indexes") -# Could not open file /var/lib/apt/lists/partial/_tmp_tmp.ODWljpQfkE_._Packages - open (13: Permission denied) -# ... -# E: Failed to fetch store:/var/lib/apt/lists/partial/_tmp_tmp.ODWljpQfkE_._Packages Could not open file /var/lib/apt/lists/partial/_tmp_tmp.ODWljpQfkE_._Packages - open (13: Permission denied) - && apt-get -o Acquire::GzipIndexes=false update \ - ;; \ - esac \ - \ - && apt-get install --no-install-recommends --no-install-suggests -y \ - $nginxPackages \ - gettext-base \ - && apt-get remove --purge --auto-remove -y apt-transport-https ca-certificates && rm -rf /var/lib/apt/lists/* /etc/apt/sources.list.d/nginx.list \ - \ -# if we have leftovers from building, let's purge them (including extra, unnecessary build deps) - && if [ -n "$tempDir" ]; then \ - apt-get purge -y --auto-remove \ - && rm -rf "$tempDir" /etc/apt/sources.list.d/temp.list; \ - fi - -# forward request and error logs to docker log collector -RUN ln -sf /dev/stdout /var/log/nginx/access.log \ - && ln -sf /dev/stderr /var/log/nginx/error.log - -EXPOSE 80 - -STOPSIGNAL SIGTERM - -CMD ["nginx", "-g", "daemon off;"] diff --git a/stable/stretch/Dockerfile b/stable/stretch/Dockerfile deleted file mode 100644 index a0c490c0..00000000 --- a/stable/stretch/Dockerfile +++ /dev/null @@ -1,99 +0,0 @@ -FROM debian:stretch-slim - -LABEL maintainer="NGINX Docker Maintainers " - -ENV NGINX_VERSION 1.12.2-1~stretch -ENV NJS_VERSION 1.12.2.0.1.14-1~stretch - -RUN set -x \ - && apt-get update \ - && apt-get install --no-install-recommends --no-install-suggests -y gnupg1 apt-transport-https ca-certificates \ - && \ - NGINX_GPGKEY=573BFD6B3D8FBC641079A6ABABF5BD827BD9BF62; \ - found=''; \ - for server in \ - ha.pool.sks-keyservers.net \ - hkp://keyserver.ubuntu.com:80 \ - hkp://p80.pool.sks-keyservers.net:80 \ - pgp.mit.edu \ - ; do \ - echo "Fetching GPG key $NGINX_GPGKEY from $server"; \ - apt-key adv --keyserver "$server" --keyserver-options timeout=10 --recv-keys "$NGINX_GPGKEY" && found=yes && break; \ - done; \ - test -z "$found" && echo >&2 "error: failed to fetch GPG key $NGINX_GPGKEY" && exit 1; \ - apt-get remove --purge --auto-remove -y gnupg1 && rm -rf /var/lib/apt/lists/* \ - && dpkgArch="$(dpkg --print-architecture)" \ - && nginxPackages=" \ - nginx=${NGINX_VERSION} \ - nginx-module-xslt=${NGINX_VERSION} \ - nginx-module-geoip=${NGINX_VERSION} \ - nginx-module-image-filter=${NGINX_VERSION} \ - nginx-module-njs=${NJS_VERSION} \ - " \ - && case "$dpkgArch" in \ - amd64|i386) \ -# arches officialy built by upstream - echo "deb https://nginx.org/packages/debian/ stretch nginx" >> /etc/apt/sources.list.d/nginx.list \ - && apt-get update \ - ;; \ - *) \ -# we're on an architecture upstream doesn't officially build for -# let's build binaries from the published source packages - echo "deb-src https://nginx.org/packages/debian/ stretch nginx" >> /etc/apt/sources.list.d/nginx.list \ - \ -# new directory for storing sources and .deb files - && tempDir="$(mktemp -d)" \ - && chmod 777 "$tempDir" \ -# (777 to ensure APT's "_apt" user can access it too) - \ -# save list of currently-installed packages so build dependencies can be cleanly removed later - && savedAptMark="$(apt-mark showmanual)" \ - \ -# build .deb files from upstream's source packages (which are verified by apt-get) - && apt-get update \ - && apt-get build-dep -y $nginxPackages \ - && ( \ - cd "$tempDir" \ - && DEB_BUILD_OPTIONS="nocheck parallel=$(nproc)" \ - apt-get source --compile $nginxPackages \ - ) \ -# we don't remove APT lists here because they get re-downloaded and removed later - \ -# reset apt-mark's "manual" list so that "purge --auto-remove" will remove all build dependencies -# (which is done after we install the built packages so we don't have to redownload any overlapping dependencies) - && apt-mark showmanual | xargs apt-mark auto > /dev/null \ - && { [ -z "$savedAptMark" ] || apt-mark manual $savedAptMark; } \ - \ -# create a temporary local APT repo to install from (so that dependency resolution can be handled by APT, as it should be) - && ls -lAFh "$tempDir" \ - && ( cd "$tempDir" && dpkg-scanpackages . > Packages ) \ - && grep '^Package: ' "$tempDir/Packages" \ - && echo "deb [ trusted=yes ] file://$tempDir ./" > /etc/apt/sources.list.d/temp.list \ -# work around the following APT issue by using "Acquire::GzipIndexes=false" (overriding "/etc/apt/apt.conf.d/docker-gzip-indexes") -# Could not open file /var/lib/apt/lists/partial/_tmp_tmp.ODWljpQfkE_._Packages - open (13: Permission denied) -# ... -# E: Failed to fetch store:/var/lib/apt/lists/partial/_tmp_tmp.ODWljpQfkE_._Packages Could not open file /var/lib/apt/lists/partial/_tmp_tmp.ODWljpQfkE_._Packages - open (13: Permission denied) - && apt-get -o Acquire::GzipIndexes=false update \ - ;; \ - esac \ - \ - && apt-get install --no-install-recommends --no-install-suggests -y \ - $nginxPackages \ - gettext-base \ - && apt-get remove --purge --auto-remove -y apt-transport-https ca-certificates && rm -rf /var/lib/apt/lists/* /etc/apt/sources.list.d/nginx.list \ - \ -# if we have leftovers from building, let's purge them (including extra, unnecessary build deps) - && if [ -n "$tempDir" ]; then \ - apt-get purge -y --auto-remove \ - && rm -rf "$tempDir" /etc/apt/sources.list.d/temp.list; \ - fi - -# forward request and error logs to docker log collector -RUN ln -sf /dev/stdout /var/log/nginx/access.log \ - && ln -sf /dev/stderr /var/log/nginx/error.log - -EXPOSE 80 - -STOPSIGNAL SIGTERM - -CMD ["nginx", "-g", "daemon off;"]