184 lines
6.3 KiB
Docker
184 lines
6.3 KiB
Docker
FROM debian:bullseye-slim
|
|
|
|
# Set environment variables
|
|
ENV NGINX_VERSION=1.22.1
|
|
ENV OPENSSL_VERSION=1.1.1q
|
|
ENV PCRE_VERSION=8.45
|
|
ENV ZLIB_VERSION=1.2.13
|
|
ENV LUAJIT_VERSION=2.1-20230410
|
|
ENV NGINX_DEVEL_KIT_VERSION=0.3.2
|
|
ENV LUA_NGINX_MODULE_VERSION=0.10.24
|
|
ENV NGINX_HTTP_S3_MODULE_VERSION=0.5.2
|
|
|
|
# Install dependencies
|
|
RUN apt-get update && apt-get install -y \
|
|
build-essential \
|
|
ca-certificates \
|
|
curl \
|
|
git \
|
|
libssl-dev \
|
|
libpcre3-dev \
|
|
libxml2-dev \
|
|
libxslt1-dev \
|
|
wget \
|
|
zlib1g-dev \
|
|
unzip \
|
|
apt-transport-https \
|
|
lsb-release \
|
|
gnupg \
|
|
python3-certbot \
|
|
python3-certbot-nginx
|
|
|
|
# Arguments for PHP installation
|
|
ARG ENABLE_PHP=1
|
|
ARG PHP_VERSION=8.3
|
|
|
|
# Conditionally install PHP based on ENABLE_PHP argument
|
|
RUN if [ "$ENABLE_PHP" = "1" ]; then \
|
|
curl -sSLo /usr/share/keyrings/deb.sury.org-php.gpg https://packages.sury.org/php/apt.gpg && \
|
|
sh -c 'echo "deb [signed-by=/usr/share/keyrings/deb.sury.org-php.gpg] https://packages.sury.org/php/ $(lsb_release -sc) main" > /etc/apt/sources.list.d/php.list' && \
|
|
apt-get update && \
|
|
DEBIAN_FRONTEND=noninteractive apt-get install -y \
|
|
php${PHP_VERSION}-fpm \
|
|
php${PHP_VERSION}-cli \
|
|
php${PHP_VERSION}-common \
|
|
php${PHP_VERSION}-mysql \
|
|
php${PHP_VERSION}-curl \
|
|
php${PHP_VERSION}-gd \
|
|
php${PHP_VERSION}-mbstring \
|
|
php${PHP_VERSION}-xml \
|
|
php${PHP_VERSION}-zip \
|
|
php${PHP_VERSION}-bcmath \
|
|
php${PHP_VERSION}-intl; \
|
|
fi
|
|
|
|
# Create build directory
|
|
WORKDIR /build
|
|
|
|
# Download and extract sources
|
|
RUN wget -O nginx-${NGINX_VERSION}.tar.gz https://nginx.org/download/nginx-${NGINX_VERSION}.tar.gz && \
|
|
wget -O pcre-${PCRE_VERSION}.tar.gz https://ftp.exim.org/pub/pcre/pcre-${PCRE_VERSION}.tar.gz && \
|
|
wget -O zlib-${ZLIB_VERSION}.tar.gz https://github.com/madler/zlib/archive/refs/tags/v${ZLIB_VERSION}.tar.gz && \
|
|
wget -O openssl-${OPENSSL_VERSION}.tar.gz https://www.openssl.org/source/openssl-${OPENSSL_VERSION}.tar.gz
|
|
|
|
RUN tar -xzvf nginx-${NGINX_VERSION}.tar.gz && \
|
|
tar -xzvf pcre-${PCRE_VERSION}.tar.gz && \
|
|
tar -xzvf zlib-${ZLIB_VERSION}.tar.gz && \
|
|
mv zlib-${ZLIB_VERSION} zlib-${ZLIB_VERSION}-extract && \
|
|
mv zlib-${ZLIB_VERSION}-extract zlib-${ZLIB_VERSION} && \
|
|
tar -xzvf openssl-${OPENSSL_VERSION}.tar.gz
|
|
|
|
# Download LuaJIT, Nginx Devel Kit and Lua Nginx Module
|
|
RUN git clone https://github.com/openresty/luajit2.git luajit2-${LUAJIT_VERSION} && \
|
|
git clone https://github.com/vision5/ngx_devel_kit.git ngx_devel_kit-${NGINX_DEVEL_KIT_VERSION} && \
|
|
git clone https://github.com/openresty/lua-nginx-module.git lua-nginx-module-${LUA_NGINX_MODULE_VERSION} && \
|
|
git clone https://github.com/anomalizer/ngx_aws_auth.git nginx-http-auth-request-${NGINX_HTTP_S3_MODULE_VERSION} && \
|
|
git clone https://github.com/openresty/lua-resty-core.git
|
|
|
|
# Build and install LuaJIT
|
|
WORKDIR /build/luajit2-${LUAJIT_VERSION}
|
|
RUN make && make install
|
|
|
|
# Set environment variables for LuaJIT
|
|
ENV LUAJIT_LIB=/usr/local/lib
|
|
ENV LUAJIT_INC=/usr/local/include/luajit-2.1
|
|
|
|
# Install lua-resty-core
|
|
WORKDIR /build
|
|
RUN mkdir -p /usr/local/share/lua/5.1/ && \
|
|
cd lua-resty-core && \
|
|
cp -r lib/resty /usr/local/share/lua/5.1/ && \
|
|
cd .. && \
|
|
git clone https://github.com/openresty/lua-resty-lrucache.git && \
|
|
cd lua-resty-lrucache && \
|
|
cp -r lib/resty /usr/local/share/lua/5.1/
|
|
|
|
# Build Nginx with all modules
|
|
WORKDIR /build/nginx-${NGINX_VERSION}
|
|
RUN ./configure \
|
|
--prefix=/usr/share/nginx \
|
|
--sbin-path=/usr/sbin/nginx \
|
|
--modules-path=/usr/lib/nginx/modules \
|
|
--conf-path=/etc/nginx/nginx.conf \
|
|
--error-log-path=/var/log/nginx/error.log \
|
|
--http-log-path=/var/log/nginx/access.log \
|
|
--pid-path=/var/run/nginx.pid \
|
|
--lock-path=/var/run/nginx.lock \
|
|
--http-client-body-temp-path=/var/cache/nginx/client_temp \
|
|
--http-proxy-temp-path=/var/cache/nginx/proxy_temp \
|
|
--http-fastcgi-temp-path=/var/cache/nginx/fastcgi_temp \
|
|
--http-uwsgi-temp-path=/var/cache/nginx/uwsgi_temp \
|
|
--http-scgi-temp-path=/var/cache/nginx/scgi_temp \
|
|
--with-pcre=/build/pcre-${PCRE_VERSION} \
|
|
--with-pcre-jit \
|
|
--with-zlib=/build/zlib-${ZLIB_VERSION} \
|
|
--with-openssl=/build/openssl-${OPENSSL_VERSION} \
|
|
--with-http_ssl_module \
|
|
--with-http_realip_module \
|
|
--with-http_addition_module \
|
|
--with-http_sub_module \
|
|
--with-http_dav_module \
|
|
--with-http_flv_module \
|
|
--with-http_mp4_module \
|
|
--with-http_gunzip_module \
|
|
--with-http_gzip_static_module \
|
|
--with-http_random_index_module \
|
|
--with-http_secure_link_module \
|
|
--with-http_stub_status_module \
|
|
--with-http_auth_request_module \
|
|
--with-file-aio \
|
|
--with-threads \
|
|
--with-stream \
|
|
--with-stream_ssl_module \
|
|
--with-http_v2_module \
|
|
--add-module=/build/ngx_devel_kit-${NGINX_DEVEL_KIT_VERSION} \
|
|
--add-module=/build/lua-nginx-module-${LUA_NGINX_MODULE_VERSION} \
|
|
--add-module=/build/nginx-http-auth-request-${NGINX_HTTP_S3_MODULE_VERSION} \
|
|
&& make && make install
|
|
|
|
# Create required directories
|
|
RUN mkdir -p /var/cache/nginx/client_temp && \
|
|
mkdir -p /etc/nginx/conf.d && \
|
|
mkdir -p /etc/nginx/sites-available && \
|
|
mkdir -p /etc/nginx/sites-enabled && \
|
|
mkdir -p /usr/share/nginx/html && \
|
|
mkdir -p /etc/letsencrypt && \
|
|
mkdir -p /etc/nginx/ssl && \
|
|
mkdir -p /etc/nginx/lua
|
|
|
|
# Forward request logs to Docker log collector
|
|
RUN ln -sf /dev/stdout /var/log/nginx/access.log && \
|
|
ln -sf /dev/stderr /var/log/nginx/error.log
|
|
|
|
# Clean up
|
|
RUN apt-get remove --purge -y build-essential curl git wget && \
|
|
apt-get autoremove -y && \
|
|
apt-get clean && \
|
|
rm -rf /var/lib/apt/lists/* /build
|
|
|
|
# Create directory for PHP-FPM socket if PHP is enabled
|
|
RUN if [ "$ENABLE_PHP" = "1" ]; then \
|
|
mkdir -p /run/php; \
|
|
fi
|
|
|
|
# Copy scripts
|
|
COPY scripts/link_sites.sh /usr/local/bin/
|
|
COPY scripts/generate_self_signed_ssl.sh /usr/local/bin/
|
|
COPY scripts/generate_letsencrypt.sh /usr/local/bin/
|
|
COPY scripts/update_configs.sh /usr/local/bin/
|
|
|
|
# Make scripts executable
|
|
RUN chmod +x /usr/local/bin/link_sites.sh && \
|
|
chmod +x /usr/local/bin/generate_self_signed_ssl.sh && \
|
|
chmod +x /usr/local/bin/generate_letsencrypt.sh && \
|
|
chmod +x /usr/local/bin/update_configs.sh
|
|
|
|
# Copy entrypoint script
|
|
COPY entrypoint.sh /entrypoint.sh
|
|
RUN chmod +x /entrypoint.sh
|
|
|
|
# Expose ports
|
|
EXPOSE 80 443
|
|
|
|
# Start Nginx and PHP-FPM
|
|
CMD ["/entrypoint.sh"] |