FROM debian:bullseye-slim # Set environment variables ENV NGINX_VERSION=1.22.1 ENV OPENSSL_VERSION=1.1.1q ENV PCRE_VERSION=8.45 ENV ZLIB_VERSION=1.2.13 ENV LUAJIT_VERSION=2.1-20230410 ENV NGINX_DEVEL_KIT_VERSION=0.3.2 ENV LUA_NGINX_MODULE_VERSION=0.10.24 ENV NGINX_HTTP_S3_MODULE_VERSION=0.5.2 # Install dependencies RUN apt-get update && apt-get install -y \ build-essential \ ca-certificates \ curl \ git \ libssl-dev \ libpcre3-dev \ libxml2-dev \ libxslt1-dev \ wget \ zlib1g-dev \ unzip \ apt-transport-https \ lsb-release \ gnupg \ python3-certbot \ python3-certbot-nginx # Arguments for PHP installation ARG ENABLE_PHP=1 ARG PHP_VERSION=8.3 # Conditionally install PHP based on ENABLE_PHP argument RUN if [ "$ENABLE_PHP" = "1" ]; then \ curl -sSLo /usr/share/keyrings/deb.sury.org-php.gpg https://packages.sury.org/php/apt.gpg && \ sh -c 'echo "deb [signed-by=/usr/share/keyrings/deb.sury.org-php.gpg] https://packages.sury.org/php/ $(lsb_release -sc) main" > /etc/apt/sources.list.d/php.list' && \ apt-get update && \ DEBIAN_FRONTEND=noninteractive apt-get install -y \ php${PHP_VERSION}-fpm \ php${PHP_VERSION}-cli \ php${PHP_VERSION}-common \ php${PHP_VERSION}-mysql \ php${PHP_VERSION}-curl \ php${PHP_VERSION}-gd \ php${PHP_VERSION}-mbstring \ php${PHP_VERSION}-xml \ php${PHP_VERSION}-zip \ php${PHP_VERSION}-bcmath \ php${PHP_VERSION}-intl; \ fi # Create build directory WORKDIR /build # Download and extract sources RUN wget -O nginx-${NGINX_VERSION}.tar.gz https://nginx.org/download/nginx-${NGINX_VERSION}.tar.gz && \ wget -O pcre-${PCRE_VERSION}.tar.gz https://ftp.exim.org/pub/pcre/pcre-${PCRE_VERSION}.tar.gz && \ wget -O zlib-${ZLIB_VERSION}.tar.gz https://github.com/madler/zlib/archive/refs/tags/v${ZLIB_VERSION}.tar.gz && \ wget -O openssl-${OPENSSL_VERSION}.tar.gz https://www.openssl.org/source/openssl-${OPENSSL_VERSION}.tar.gz RUN tar -xzvf nginx-${NGINX_VERSION}.tar.gz && \ tar -xzvf pcre-${PCRE_VERSION}.tar.gz && \ tar -xzvf zlib-${ZLIB_VERSION}.tar.gz && \ mv zlib-${ZLIB_VERSION} zlib-${ZLIB_VERSION}-extract && \ mv zlib-${ZLIB_VERSION}-extract zlib-${ZLIB_VERSION} && \ tar -xzvf openssl-${OPENSSL_VERSION}.tar.gz # Download LuaJIT, Nginx Devel Kit and Lua Nginx Module RUN git clone https://github.com/openresty/luajit2.git luajit2-${LUAJIT_VERSION} && \ git clone https://github.com/vision5/ngx_devel_kit.git ngx_devel_kit-${NGINX_DEVEL_KIT_VERSION} && \ git clone https://github.com/openresty/lua-nginx-module.git lua-nginx-module-${LUA_NGINX_MODULE_VERSION} && \ git clone https://github.com/anomalizer/ngx_aws_auth.git nginx-http-auth-request-${NGINX_HTTP_S3_MODULE_VERSION} && \ git clone https://github.com/openresty/lua-resty-core.git # Build and install LuaJIT WORKDIR /build/luajit2-${LUAJIT_VERSION} RUN make && make install # Set environment variables for LuaJIT ENV LUAJIT_LIB=/usr/local/lib ENV LUAJIT_INC=/usr/local/include/luajit-2.1 # Install lua-resty-core WORKDIR /build RUN mkdir -p /usr/local/share/lua/5.1/ && \ cd lua-resty-core && \ cp -r lib/resty /usr/local/share/lua/5.1/ && \ cd .. && \ git clone https://github.com/openresty/lua-resty-lrucache.git && \ cd lua-resty-lrucache && \ cp -r lib/resty /usr/local/share/lua/5.1/ # Build Nginx with all modules WORKDIR /build/nginx-${NGINX_VERSION} RUN ./configure \ --prefix=/usr/share/nginx \ --sbin-path=/usr/sbin/nginx \ --modules-path=/usr/lib/nginx/modules \ --conf-path=/etc/nginx/nginx.conf \ --error-log-path=/var/log/nginx/error.log \ --http-log-path=/var/log/nginx/access.log \ --pid-path=/var/run/nginx.pid \ --lock-path=/var/run/nginx.lock \ --http-client-body-temp-path=/var/cache/nginx/client_temp \ --http-proxy-temp-path=/var/cache/nginx/proxy_temp \ --http-fastcgi-temp-path=/var/cache/nginx/fastcgi_temp \ --http-uwsgi-temp-path=/var/cache/nginx/uwsgi_temp \ --http-scgi-temp-path=/var/cache/nginx/scgi_temp \ --with-pcre=/build/pcre-${PCRE_VERSION} \ --with-pcre-jit \ --with-zlib=/build/zlib-${ZLIB_VERSION} \ --with-openssl=/build/openssl-${OPENSSL_VERSION} \ --with-http_ssl_module \ --with-http_realip_module \ --with-http_addition_module \ --with-http_sub_module \ --with-http_dav_module \ --with-http_flv_module \ --with-http_mp4_module \ --with-http_gunzip_module \ --with-http_gzip_static_module \ --with-http_random_index_module \ --with-http_secure_link_module \ --with-http_stub_status_module \ --with-http_auth_request_module \ --with-file-aio \ --with-threads \ --with-stream \ --with-stream_ssl_module \ --with-http_v2_module \ --add-module=/build/ngx_devel_kit-${NGINX_DEVEL_KIT_VERSION} \ --add-module=/build/lua-nginx-module-${LUA_NGINX_MODULE_VERSION} \ --add-module=/build/nginx-http-auth-request-${NGINX_HTTP_S3_MODULE_VERSION} \ && make && make install # Create required directories RUN mkdir -p /var/cache/nginx/client_temp && \ mkdir -p /etc/nginx/conf.d && \ mkdir -p /etc/nginx/sites-available && \ mkdir -p /etc/nginx/sites-enabled && \ mkdir -p /usr/share/nginx/html && \ mkdir -p /etc/letsencrypt && \ mkdir -p /etc/nginx/ssl && \ mkdir -p /etc/nginx/lua # Forward request logs to Docker log collector RUN ln -sf /dev/stdout /var/log/nginx/access.log && \ ln -sf /dev/stderr /var/log/nginx/error.log # Clean up RUN apt-get remove --purge -y build-essential curl git wget && \ apt-get autoremove -y && \ apt-get clean && \ rm -rf /var/lib/apt/lists/* /build # Create directory for PHP-FPM socket if PHP is enabled RUN if [ "$ENABLE_PHP" = "1" ]; then \ mkdir -p /run/php; \ fi # Copy scripts COPY scripts/link_sites.sh /usr/local/bin/ COPY scripts/generate_self_signed_ssl.sh /usr/local/bin/ COPY scripts/generate_letsencrypt.sh /usr/local/bin/ COPY scripts/update_configs.sh /usr/local/bin/ # Make scripts executable RUN chmod +x /usr/local/bin/link_sites.sh && \ chmod +x /usr/local/bin/generate_self_signed_ssl.sh && \ chmod +x /usr/local/bin/generate_letsencrypt.sh && \ chmod +x /usr/local/bin/update_configs.sh # Copy entrypoint script COPY entrypoint.sh /entrypoint.sh RUN chmod +x /entrypoint.sh # Expose ports EXPOSE 80 443 # Start Nginx and PHP-FPM CMD ["/entrypoint.sh"]