-
Notifications
You must be signed in to change notification settings - Fork 18
/
Copy pathDockerfile
187 lines (182 loc) · 8.81 KB
/
Dockerfile
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
FROM registry.access.redhat.com/ubi7/ubi:latest
LABEL maintainer="[email protected]"
# Define NGINX versions for NGINX Plus and NGINX Plus modules
# Uncomment this block and the versioned nginxPackages in the main RUN
# instruction to install a specific release
ENV NGINX_VERSION 23
# https://nginx.org/en/docs/njs/changes.html
ENV NJS_VERSION 0.5.2
# https://plus-pkgs.nginx.com
ENV PKG_RELEASE 1.el7.ngx
## Install Nginx Plus
# Download certificate and key from the customer portal https://account.f5.com/myf5
# and copy to the build context and set correct permissions
RUN mkdir -p /etc/ssl/nginx
COPY etc/ssl/nginx/nginx-repo.crt /etc/ssl/nginx/nginx-repo.crt
COPY etc/ssl/nginx/nginx-repo.key /etc/ssl/nginx/nginx-repo.key
RUN set -x \
&& chmod 644 /etc/ssl/nginx/* \
# Create nginx user/group first, to be consistent throughout Docker variants
&& yum install -y --disableplugin=subscription-manager --setopt=tsflags=nodocs shadow-utils.x86_64 \
&& groupadd --system --gid 101 nginx \
&& adduser -g nginx --system --no-create-home --home /nonexistent --shell /bin/false --uid 101 nginx \
&& usermod -s /sbin/nologin nginx \
&& usermod -L nginx \
# Install prerequisite packages (ca-certificates epel-release) and tools for editing/troubleshooting:
&& yum install -y --setopt=tsflags=nodocs wget ca-certificates bind-utils wget bind-utils vim-minimal \
# Prepare repo config and install NGINX Plus https://docs.nginx.com/nginx/admin-guide/installing-nginx/installing-nginx-plus/
&& wget -P /etc/yum.repos.d https://cs.nginx.com/static/files/nginx-plus-7.4.repo \
#
## Install the latest release of NGINX App Protect and/or NGINX Plus modules
## Optionally use versioned packages over defaults to specify a release
# List available versions:
&& yum --showduplicates list nginx-plus \
&& yum --showduplicates list nginx-plus-module-njs \
## Uncomment one:
# && yum install -y --disableplugin=subscription-manager --setopt=tsflags=nodocs nginx-plus \
&& yum install -y --disableplugin=subscription-manager --setopt=tsflags=nodocs nginx-plus-${NGINX_VERSION}-${PKG_RELEASE} \
#
## Optional: Install NGINX Plus Dynamic Modules (3rd-party) from repo
## See https://www.nginx.com/products/nginx/modules
## Some modules include debug binaries, install module ending with "-dbg"
## Uncomment one (run "yum --showduplicates list nginx-plus-module-njs" to see all versions):
## njs dynamic modules
#nginx-plus-module-njs \
#nginx-plus-module-dbg \
# nginx-plus-module-njs=${NGINX_VERSION}+${NJS_VERSION}-${PKG_RELEASE} \
#nginx-plus-module-njs-dbg=${NGINX_VERSION}+${NJS_VERSION}-${PKG_RELEASE} \
## NGINX high Availablity keepalived
#nginx-ha-keepalived \
## NGINX agent for New Relic \
#nginx-nr-agent \
## SPNEGO for Kerberos authentication
#nginx-plus-module-auth-spnego
#nginx-plus-module-auth-spnego-dbg
#nginx-plus-module-auth-spnego=${NGINX_VERSION}+${NJS_VERSION}-${PKG_RELEASE}
#nginx-plus-module-auth-spnego-dbg=${NGINX_VERSION}+${NJS_VERSION}-${PKG_RELEASE}
## brotli compression dynamic modules
#nginx-plus-module-brotli \
#nginx-plus-module-brotli-dbg \
#nginx-plus-module-brotli=${NGINX_VERSION}-${PKG_RELEASE} \
#nginx-plus-module-brotli-dbg=${NGINX_VERSION}-${PKG_RELEASE} \
## cookie flag dynamic module
#nginx-plus-module-cookie-flag \
#nginx-plus-module-cookie-flag-dbg
#nginx-plus-module-cookie-flag=${NGINX_VERSION}-${PKG_RELEASE} \
#nginx-plus-module-cookie-flag-dbg=${NGINX_VERSION}-${PKG_RELEASE} \
## Encrypted-Session dynamic module
#nginx-plus-module-encrypted-session \
#nginx-plus-module-encrypted-session=${NGINX_VERSION}-${PKG_RELEASE} \
#nginx-plus-module-encrypted-session-dbg \
#nginx-plus-module-encrypted-session-dbg=${NGINX_VERSION}-${PKG_RELEASE} \
## FIPS Check
#nginx-plus-module-fips-check \
#nginx-plus-module-fips-check-dbg \
#nginx-plus-module-fips-check=${NGINX_VERSION}-${PKG_RELEASE} \
#nginx-plus-module-fips-check-dbg=${NGINX_VERSION}-${PKG_RELEASE} \
## GeoIP dynamic modules
#nginx-plus-module-geoip \
#nginx-plus-module-geoip-dbg \
#nginx-plus-module-geoip=${NGINX_VERSION}-${PKG_RELEASE} \
#nginx-plus-module-geoip-dbg=${NGINX_VERSION}-${PKG_RELEASE} \
## GeoIP2 dynamic modules
#nginx-plus-module-geoip2 \
#nginx-plus-module-geoip2-dbg \
#nginx-plus-module-geoip2=${NGINX_VERSION}-${PKG_RELEASE} \
#nginx-plus-module-geoip2-dbg=${NGINX_VERSION}-${PKG_RELEASE} \
## headers-more dynamic module
#nginx-plus-module-headers-more \
#nginx-plus-module-headers-more-dbg \
#nginx-plus-module-headers-more=${NGINX_VERSION}-${PKG_RELEASE} \
#nginx-plus-module-headers-more-dbg=${NGINX_VERSION}-${PKG_RELEASE} \
## image filter dynamic module
#nginx-plus-module-image-filter \
#nginx-plus-module-image-filter-dbg \
#nginx-plus-module-image-filter=${NGINX_VERSION}-${PKG_RELEASE} \
#nginx-plus-module-image-filter-dbg=${NGINX_VERSION}-${PKG_RELEASE} \
## Lua dynamic module
#nginx-plus-module-lua \
#nginx-plus-module-lua-dbg \
#nginx-plus-module-lua=${NGINX_VERSION}-${PKG_RELEASE} \
#nginx-plus-module-lua-dbg=${NGINX_VERSION}-${PKG_RELEASE} \
## ModSecurity dynamic module
#nginx-plus-module-modsecurity \
#nginx-plus-module-modsecurity-dbg \
#nginx-plus-module-modsecurity=${NGINX_VERSION}-${PKG_RELEASE} \
#nginx-plus-module-modsecurity-dbg=${NGINX_VERSION}-${PKG_RELEASE} \
## Nginx Development Kit dynamic module
#nginx-plus-module-ndk \
#nginx-plus-module-ndk-dbg \
#nginx-plus-module-ndk=${NGINX_VERSION}-${PKG_RELEASE} \
#nginx-plus-module-ndk-dbg=${NGINX_VERSION}-${PKG_RELEASE} \
## OpenTracing dynamic module
#nginx-plus-module-opentracing \
#nginx-plus-module-opentracing-dbg \
#nginx-plus-module-opentracing=${NGINX_VERSION}-${PKG_RELEASE} \
#nginx-plus-module-opentracing-dbg=${NGINX_VERSION}-${PKG_RELEASE} \
## Phusion Passenger Open Source dynamic module
#nginx-plus-module-passenger \
#nginx-plus-module-passenger-dbg \
#nginx-plus-module-passenger=${NGINX_VERSION}-${PKG_RELEASE} \
#nginx-plus-module-passenger-dbg=${NGINX_VERSION}-${PKG_RELEASE} \
## Perl dynamic module
#nginx-plus-module-perl \
#nginx-plus-module-perl-dbg \
#nginx-plus-module-perl=${NGINX_VERSION}-${PKG_RELEASE} \
#nginx-plus-module-perl-dbg=${NGINX_VERSION}-${PKG_RELEASE} \
## Prometheus exporter NJS module
#nginx-plus-module-prometheus \
#nginx-plus-module-prometheus=${NGINX_VERSION}-${PKG_RELEASE} \
## RTMP dynamic module
#nginx-plus-module-rtmp \
#nginx-plus-module-rtmp-dbg \
#nginx-plus-module-rtmp=${NGINX_VERSION}-${PKG_RELEASE} \
#nginx-plus-module-rtmp-dbg=${NGINX_VERSION}-${PKG_RELEASE} \
## set-misc dynamic module
#nginx-plus-module-set-misc \
#nginx-plus-module-set-misc-dbg \
#nginx-plus-module-set-misc=${NGINX_VERSION}-${PKG_RELEASE} \
#nginx-plus-module-set-misc-dbg=${NGINX_VERSION}-${PKG_RELEASE} \
## HTTP Substitutions Filter dynamic module
#nginx-plus-module-subs-filter \
#nginx-plus-module-subs-filter-dbg \
#nginx-plus-module-subs-filter=${NGINX_VERSION}-${PKG_RELEASE} \
#nginx-plus-module-subs-filter-dbg=${NGINX_VERSION}-${PKG_RELEASE} \
## xslt dynamic module
#nginx-plus-module-xslt \
#nginx-plus-module-xslt-dbg \
#nginx-plus-module-xslt=${NGINX_VERSION}-${PKG_RELEASE} \
#nginx-plus-module-xslt-dbg=${NGINX_VERSION}-${PKG_RELEASE} \
## NGINX Sync Script nginx-sync.sh
#nginx-sync \
# Remove default nginx config
&& rm /etc/nginx/conf.d/default.conf \
# Optional: Create cache folder and set permissions for proxy caching
&& mkdir -p /var/cache/nginx \
&& chown -R nginx /var/cache/nginx \
# Optional: Create State file folder and set permissions
&& mkdir -p /var/lib/nginx/state \
&& chown -R nginx /var/lib/nginx/state \
# Set permissions
&& chown -R nginx:nginx /etc/nginx \
# Forward request and error logs to docker log collector
&& ln -sf /dev/stdout /var/log/nginx/access.log \
&& ln -sf /dev/stderr /var/log/nginx/error.log \
# Raise the limits to successfully run benchmarks
&& ulimit -c -m -s -t unlimited \
# Cleanup
&& yum clean all \
&& rm -rf /var/cache/yum \
&& rm -rf /etc/yum.repos.d/* \
# Remove the cert/keys from the image
&& rm /etc/ssl/nginx/nginx-repo.crt /etc/ssl/nginx/nginx-repo.key
# Optional: COPY over any of your SSL certs for HTTPS servers
# e.g.
#COPY etc/ssl/www.example.com.crt /etc/ssl/www.example.com.crt
#COPY etc/ssl/www.example.com.key /etc/ssl/www.example.com.key
# COPY /etc/nginx (Nginx configuration) directory
COPY etc/nginx /etc/nginx
# EXPOSE ports, HTTP 80, HTTPS 443 and, Nginx status page 8080
EXPOSE 80 443 8080
STOPSIGNAL SIGTERM
CMD ["nginx", "-g", "daemon off;"]