Created
September 21, 2019 08:48
-
-
Save 7680x4320/82b30f4ef0dc72c942093397411d4fab to your computer and use it in GitHub Desktop.
NGINX with LDAP
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
FROM alpine:3.9 | |
ARG NGINX_VERSION="1.17.3" | |
ARG NGINX_LDAP_COMMIT="e208153" | |
RUN GPG_KEYS=B0F4253373F8F6F510D42178520A9993A1C052F8 \ | |
&& CONFIG="\ | |
--prefix=/etc/nginx \ | |
--sbin-path=/usr/sbin/nginx \ | |
--modules-path=/usr/lib/nginx/modules \ | |
--conf-path=/etc/nginx/nginx.conf \ | |
--error-log-path=/var/log/nginx/error.log \ | |
--http-log-path=/var/log/nginx/access.log \ | |
--pid-path=/var/run/nginx.pid \ | |
--lock-path=/var/run/nginx.lock \ | |
--http-client-body-temp-path=/var/cache/nginx/client_temp \ | |
--http-proxy-temp-path=/var/cache/nginx/proxy_temp \ | |
--http-fastcgi-temp-path=/var/cache/nginx/fastcgi_temp \ | |
--http-uwsgi-temp-path=/var/cache/nginx/uwsgi_temp \ | |
--http-scgi-temp-path=/var/cache/nginx/scgi_temp \ | |
--user=nginx \ | |
--group=nginx \ | |
--with-http_ssl_module \ | |
--with-http_realip_module \ | |
--with-http_addition_module \ | |
--with-http_sub_module \ | |
--with-http_dav_module \ | |
--with-http_gunzip_module \ | |
--with-http_gzip_static_module \ | |
--with-http_random_index_module \ | |
--with-http_secure_link_module \ | |
--with-http_stub_status_module \ | |
--with-http_auth_request_module \ | |
--with-http_xslt_module=dynamic \ | |
--with-http_image_filter_module=dynamic \ | |
--with-http_geoip_module=dynamic \ | |
--with-threads \ | |
--with-stream \ | |
--with-stream_ssl_module \ | |
--with-stream_ssl_preread_module \ | |
--with-stream_realip_module \ | |
--with-stream_geoip_module=dynamic \ | |
--with-http_slice_module \ | |
--with-mail \ | |
--with-mail_ssl_module \ | |
--with-compat \ | |
--with-file-aio \ | |
--with-http_v2_module \ | |
--add-module=/usr/src/nginx-auth-ldap \ | |
" \ | |
&& addgroup -S nginx \ | |
&& adduser -D -S -h /var/cache/nginx -s /sbin/nologin -G nginx nginx \ | |
&& apk add --no-cache --virtual .build-deps \ | |
gcc \ | |
libc-dev \ | |
make \ | |
openssl-dev \ | |
pcre-dev \ | |
zlib-dev \ | |
linux-headers \ | |
curl \ | |
gnupg1 \ | |
libxslt-dev \ | |
gd-dev \ | |
geoip-dev \ | |
git \ | |
openldap-dev \ | |
&& curl -fSL https://nginx.org/download/nginx-$NGINX_VERSION.tar.gz -o nginx.tar.gz \ | |
&& curl -fSL https://nginx.org/download/nginx-$NGINX_VERSION.tar.gz.asc -o nginx.tar.gz.asc \ | |
&& export GNUPGHOME="$(mktemp -d)" \ | |
&& found=''; \ | |
for server in \ | |
ha.pool.sks-keyservers.net \ | |
hkp://keyserver.ubuntu.com:80 \ | |
hkp://p80.pool.sks-keyservers.net:80 \ | |
pgp.mit.edu \ | |
; do \ | |
echo "Fetching GPG key $GPG_KEYS from $server"; \ | |
gpg --keyserver "$server" --keyserver-options timeout=10 --recv-keys "$GPG_KEYS" && found=yes && break; \ | |
done; \ | |
test -z "$found" && echo >&2 "error: failed to fetch GPG key $GPG_KEYS" && exit 1; \ | |
gpg --batch --verify nginx.tar.gz.asc nginx.tar.gz \ | |
&& rm -rf "$GNUPGHOME" nginx.tar.gz.asc \ | |
&& mkdir -p /usr/src \ | |
&& tar -zxC /usr/src -f nginx.tar.gz \ | |
&& rm nginx.tar.gz \ | |
&& git clone https://github.com/kvspb/nginx-auth-ldap /usr/src/nginx-auth-ldap \ | |
&& cd /usr/src/nginx-auth-ldap \ | |
&& git checkout $NGINX_LDAP_COMMIT \ | |
&& cd /usr/src/nginx-$NGINX_VERSION \ | |
&& ./configure $CONFIG \ | |
&& make -j$(getconf _NPROCESSORS_ONLN) \ | |
&& make install \ | |
&& rm -rf /etc/nginx/html/ \ | |
&& mkdir /etc/nginx/conf.d/ \ | |
&& mkdir -p /usr/share/nginx/html/ \ | |
&& install -m644 html/index.html /usr/share/nginx/html/ \ | |
&& install -m644 html/50x.html /usr/share/nginx/html/ \ | |
&& ln -s ../../usr/lib/nginx/modules /etc/nginx/modules \ | |
&& strip /usr/sbin/nginx* \ | |
&& strip /usr/lib/nginx/modules/*.so \ | |
&& rm -rf /usr/src/nginx-$NGINX_VERSION \ | |
\ | |
# Bring in gettext so we can get `envsubst`, then throw | |
# the rest away. To do this, we need to install `gettext` | |
# then move `envsubst` out of the way so `gettext` can | |
# be deleted completely, then move `envsubst` back. | |
&& apk add --no-cache --virtual .gettext gettext \ | |
&& mv /usr/bin/envsubst /tmp/ \ | |
\ | |
&& runDeps="$( \ | |
scanelf --needed --nobanner --format '%n#p' /usr/sbin/nginx /usr/lib/nginx/modules/*.so /tmp/envsubst \ | |
| tr ',' '\n' \ | |
| sort -u \ | |
| awk 'system("[ -e /usr/local/lib/" $1 " ]") == 0 { next } { print "so:" $1 }' \ | |
)" \ | |
&& apk add --no-cache --virtual .nginx-rundeps $runDeps \ | |
&& apk del .build-deps \ | |
&& apk del .gettext \ | |
&& mv /tmp/envsubst /usr/local/bin/ \ | |
\ | |
# Bring in tzdata so users could set the timezones through the environment | |
# variables | |
&& apk add --no-cache tzdata \ | |
\ | |
# forward request and error logs to docker log collector | |
&& ln -sf /dev/stdout /var/log/nginx/access.log \ | |
&& ln -sf /dev/stderr /var/log/nginx/error.log | |
COPY nginx.conf /etc/nginx/nginx.conf | |
COPY nginx.default.conf /etc/nginx/conf.d/default.conf | |
EXPOSE 80 | |
STOPSIGNAL SIGTERM | |
CMD ["nginx", "-g", "daemon off;"] |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment