# syntax=docker/dockerfile:1 ## ## Build ## FROM harbor.repository.lb.home.dc.internal.amuz.es/infrastructure/alpine-base:3.19-latest AS build WORKDIR /usr/local/src ARG VERSION="1.25.4" ### Fetch Build Dependencies COPY patch /usr/local/src/patch RUN set -xeu && \ apk --no-cache add \ autoconf \ automake \ build-base \ libtool \ musl-utils \ util-linux \ util-linux-dev \ tar \ openssl-dev \ pcre2-dev \ linux-headers \ libatomic_ops-dev \ zlib-dev \ libaio-dev \ bash \ alpine-sdk \ cmake \ git \ findutils RUN set -xeu && \ git clone --recurse-submodules -j8 https://github.com/google/ngx_brotli && \ cd ngx_brotli/deps/brotli && \ mkdir out && \ cd out && \ # -DCMAKE_CXX_FLAGS="-O3 -march=native -mtune=native -flto -funroll-loops -ffunction-sections -fdata-sections -Wl,--gc-sections" \ cmake \ -DCMAKE_BUILD_TYPE=Release \ -DBUILD_SHARED_LIBS=OFF \ -DCMAKE_C_FLAGS="-O3 -march=native -mtune=native -flto -funroll-loops -ffunction-sections -fdata-sections -Wl,--gc-sections" \ -DCMAKE_INSTALL_PREFIX=./installed .. \ && \ cmake --build . --config Release --target brotlienc # git clone https://github.com/yaoweibin/nginx_upstream_check_module && \ RUN set -xeu && \ git clone https://github.com/openresty/headers-more-nginx-module RUN set -xeu && \ mkdir -p /usr/local/src/nginx && \ wget -O - "https://nginx.org/download/nginx-${VERSION}.tar.gz" | tar -zxf - --strip-components=1 -C /usr/local/src/nginx && \ cd /usr/local/src/nginx && \ for i in /usr/local/src/patch/*.patch; do \ echo "Applying ${i}..." && \ patch -Np1 -i "$i"; \ done && \ # patch -Np1 -i /usr/local/src/nginx_upstream_check_module/check_1.16.1+.patch # --add-module=/usr/local/src/nginx_http_upstream_check_module \ ./configure \ --build="amazing from here" \ --with-cc-opt="-Wno-error -DTCP_FASTOPEN=23 -O2 -flto -ffat-lto-objects -funsafe-math-optimizations -fstack-protector -fcode-hoisting -funroll-loops -ffunction-sections -fdata-sections -Wl,--gc-sections --param=ssp-buffer-size=4 -Wformat -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2" \ --with-ld-opt='-Wl,-Bsymbolic-functions -flto=auto -Wl,--as-needed -pie -Wl,-z,relro -Wl,-z,now -Wl,-Bsymbolic -Wl,--gc-sections -fPIC -flto=auto -ffat-lto-objects' \ --prefix=/opt/nginx \ --add-module=/usr/local/src/headers-more-nginx-module \ --add-module=/usr/local/src/ngx_brotli \ --conf-path=etc/nginx.conf \ --pid-path=tmp/nginx.pid \ --lock-path=tmp/nginx.lock \ --without-select_module \ --without-poll_module \ --with-threads \ --with-file-aio \ --with-http_ssl_module \ --with-http_v2_module \ --with-http_v3_module \ --with-http_realip_module \ --with-http_gzip_static_module \ --without-http_ssi_module \ --without-http_userid_module \ --without-http_auth_basic_module \ --without-http_fastcgi_module \ --without-http_uwsgi_module \ --without-http_scgi_module \ --without-http_memcached_module \ --without-http_browser_module \ --http-client-body-temp-path=tmp/client_body \ --http-proxy-temp-path=tmp/proxy \ --without-mail_smtp_module \ --without-mail_imap_module \ --without-mail_pop3_module \ --with-stream \ --with-stream_ssl_module \ --with-stream_realip_module \ --with-stream_ssl_preread_module \ --with-pcre \ --with-pcre-jit \ --with-libatomic && \ make -j `nproc` && \ make install && \ ldd /opt/nginx/sbin/nginx && \ find /opt/nginx && \ cat /opt/nginx/etc/nginx.conf && \ rm -r /opt/nginx/html/ && \ mkdir /opt/nginx/etc/conf.d/ && \ mkdir -p /opt/nginx/html/ && \ install -m644 html/index.html /opt/nginx/html/ && \ install -m644 html/50x.html /opt/nginx/html/ && \ ln -sf /dev/stdout /opt/nginx/logs/access.log && \ ln -sf /dev/stderr /opt/nginx/logs/error.log && \ cd /opt/nginx && \ rm \ etc/fastcgi_params \ etc/fastcgi_params.default \ etc/fastcgi.conf \ etc/fastcgi.conf.default \ etc/uwsgi_params \ etc/uwsgi_params.default \ etc/scgi_params \ etc/scgi_params.default && \ ldd sbin/nginx && \ strip -X -x -s -v sbin/nginx ## ## PKG ## FROM harbor.repository.lb.home.dc.internal.amuz.es/infrastructure/alpine-base:3.19-latest AS pkg RUN set -xeu && \ mkdir pkgs output &&\ apk --no-cache \ fetch -R -o pkgs \ openssl \ pcre2 \ zlib \ musl-utils \ && \ rm -f \ pkgs/busybox-*.apk \ pkgs/ca-certificates-*.apk \ pkgs/libcrypto3-*.apk \ pkgs/libssl3-*.apk \ pkgs/ssl_client-*.apk && \ find pkgs -type f -name '*.apk' -print0 |awk -F'\0' '{printf("echo \"extracting %s\";tar -zxf \"%s\" -C output || exit 1\n",$0,$0)}' |sh && \ find output -type f -name '.*' -delete ## ## Deploy ## FROM harbor.repository.lb.home.dc.internal.amuz.es/infrastructure/minimal-toolbox:3.19-latest COPY --from=build /opt/nginx /opt/nginx COPY --from=pkg output /pkg RUN set -xeu && \ cp -af /pkg/* / && \ rm -rf /pkg RUN set -xeu && \ mkdir /docker-entrypoint.d COPY nginx.conf /opt/nginx/etc/nginx.conf COPY nginx.vh.no-default.conf /opt/nginx/etc/conf.d/default.conf COPY docker-entrypoint.sh / COPY /docker-entrypoint.d /docker-entrypoint.d RUN set -xeu && \ mkdir -p /usr/local/sbin && \ ln -sf /opt/nginx/sbin/nginx /usr/local/sbin/nginx && \ mkdir -p /opt/nginx/etc/templates \ /opt/nginx/etc/stream-conf.d \ /opt/nginx/etc/conf.d \ /opt/nginx/tmp \ /opt/nginx/logs && \ chown -R 1000:1000 \ /opt/nginx/etc \ /opt/nginx/tmp \ /opt/nginx/logs WORKDIR /opt/nginx LABEL org.opencontainers.image.authors="Sangbum Kim " EXPOSE 8080 8443 8443/udp STOPSIGNAL SIGQUIT ENTRYPOINT [ "/sbin/tini", "-s", "--", "/docker-entrypoint.sh"] USER 1000:1000 VOLUME ["/opt/nginx/etc/conf.d", "/opt/nginx/html", "/opt/nginx/tmp", "/opt/nginx/logs"] ENV PATH="/opt/nginx/sbin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin" CMD ["nginx", "-g", "daemon off;"]ca