Last active
February 15, 2020 19:27
-
-
Save anguiao/7d8ccf649936f373b00339360321a828 to your computer and use it in GitHub Desktop.
nginx-brotli-alpine
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
FROM alpine:3.9 | |
ENV TZ=Asia/Shanghai | |
ENV NGINX_VERSION 1.15.8 | |
RUN NGINX_GPG_KEYS=B0F4253373F8F6F510D42178520A9993A1C052F8 \ | |
&& CONFIG="\ | |
--prefix=/etc/nginx \ | |
--sbin-path=/usr/sbin/nginx \ | |
--modules-path=/usr/lib/nginx/modules \ | |
--conf-path=/etc/nginx/nginx.conf \ | |
--error-log-path=/var/log/nginx/error.log \ | |
--http-log-path=/var/log/nginx/access.log \ | |
--pid-path=/var/run/nginx.pid \ | |
--lock-path=/var/run/nginx.lock \ | |
--http-client-body-temp-path=/var/cache/nginx/client_temp \ | |
--http-proxy-temp-path=/var/cache/nginx/proxy_temp \ | |
--http-fastcgi-temp-path=/var/cache/nginx/fastcgi_temp \ | |
--http-uwsgi-temp-path=/var/cache/nginx/uwsgi_temp \ | |
--http-scgi-temp-path=/var/cache/nginx/scgi_temp \ | |
--user=www-data \ | |
--group=www-data \ | |
--with-http_ssl_module \ | |
--with-http_realip_module \ | |
--with-http_addition_module \ | |
--with-http_sub_module \ | |
--with-http_dav_module \ | |
--with-http_flv_module \ | |
--with-http_mp4_module \ | |
--with-http_gunzip_module \ | |
--with-http_gzip_static_module \ | |
--with-http_random_index_module \ | |
--with-http_secure_link_module \ | |
--with-http_stub_status_module \ | |
--with-http_auth_request_module \ | |
--with-http_xslt_module=dynamic \ | |
--with-http_image_filter_module=dynamic \ | |
--with-http_geoip_module=dynamic \ | |
--with-threads \ | |
--with-stream \ | |
--with-stream_ssl_module \ | |
--with-stream_ssl_preread_module \ | |
--with-stream_realip_module \ | |
--with-stream_geoip_module=dynamic \ | |
--with-http_slice_module \ | |
--with-mail \ | |
--with-mail_ssl_module \ | |
--with-compat \ | |
--with-file-aio \ | |
--with-http_v2_module \ | |
--add-module=/usr/src/ngx_brotli \ | |
" \ | |
&& addgroup -g 82 -S www-data \ | |
&& adduser -u 82 -D -S -h /var/cache/nginx -s /sbin/nologin -G www-data www-data \ | |
\ | |
&& apk update \ | |
\ | |
&& apk add --virtual .build-deps \ | |
gcc \ | |
libc-dev \ | |
make \ | |
openssl-dev \ | |
pcre-dev \ | |
zlib-dev \ | |
linux-headers \ | |
curl \ | |
gnupg1 \ | |
libxslt-dev \ | |
gd-dev \ | |
geoip-dev \ | |
git \ | |
&& curl -fSL https://nginx.org/download/nginx-$NGINX_VERSION.tar.gz -o nginx.tar.gz \ | |
&& curl -fSL https://nginx.org/download/nginx-$NGINX_VERSION.tar.gz.asc -o nginx.tar.gz.asc \ | |
&& export GNUPGHOME="$(mktemp -d)" \ | |
&& gpg --keyserver ha.pool.sks-keyservers.net --recv-keys "$NGINX_GPG_KEYS" \ | |
&& gpg --batch --verify nginx.tar.gz.asc nginx.tar.gz \ | |
&& rm -rf "$GNUPGHOME" nginx.tar.gz.asc \ | |
&& mkdir -p /usr/src \ | |
&& tar -zxC /usr/src -f nginx.tar.gz \ | |
&& rm nginx.tar.gz \ | |
&& git clone https://github.com/google/ngx_brotli.git /usr/src/ngx_brotli \ | |
&& cd /usr/src/ngx_brotli \ | |
&& git submodule update --init \ | |
&& cd /usr/src/nginx-$NGINX_VERSION \ | |
&& ./configure $CONFIG --with-debug \ | |
&& make -j$(getconf _NPROCESSORS_ONLN) \ | |
&& mv objs/nginx objs/nginx-debug \ | |
&& mv objs/ngx_http_xslt_filter_module.so objs/ngx_http_xslt_filter_module-debug.so \ | |
&& mv objs/ngx_http_image_filter_module.so objs/ngx_http_image_filter_module-debug.so \ | |
&& mv objs/ngx_http_geoip_module.so objs/ngx_http_geoip_module-debug.so \ | |
&& mv objs/ngx_stream_geoip_module.so objs/ngx_stream_geoip_module-debug.so \ | |
&& ./configure $CONFIG \ | |
&& make -j$(getconf _NPROCESSORS_ONLN) \ | |
&& make install \ | |
&& rm -rf /etc/nginx/html/ \ | |
&& mkdir /etc/nginx/conf.d/ \ | |
&& mkdir -p /usr/share/nginx/html/ \ | |
&& install -m644 html/index.html /usr/share/nginx/html/ \ | |
&& install -m644 html/50x.html /usr/share/nginx/html/ \ | |
&& install -m755 objs/nginx-debug /usr/sbin/nginx-debug \ | |
&& install -m755 objs/ngx_http_xslt_filter_module-debug.so /usr/lib/nginx/modules/ngx_http_xslt_filter_module-debug.so \ | |
&& install -m755 objs/ngx_http_image_filter_module-debug.so /usr/lib/nginx/modules/ngx_http_image_filter_module-debug.so \ | |
&& install -m755 objs/ngx_http_geoip_module-debug.so /usr/lib/nginx/modules/ngx_http_geoip_module-debug.so \ | |
&& install -m755 objs/ngx_stream_geoip_module-debug.so /usr/lib/nginx/modules/ngx_stream_geoip_module-debug.so \ | |
&& ln -s ../../usr/lib/nginx/modules /etc/nginx/modules \ | |
&& strip /usr/sbin/nginx* \ | |
&& strip /usr/lib/nginx/modules/*.so \ | |
&& rm -rf /usr/src/nginx-$NGINX_VERSION /usr/src/ngx_brotli \ | |
\ | |
# Bring in gettext so we can get `envsubst`, then throw | |
# the rest away. To do this, we need to install `gettext` | |
# then move `envsubst` out of the way so `gettext` can | |
# be deleted completely, then move `envsubst` back. | |
&& apk add --virtual .gettext gettext \ | |
&& mv /usr/bin/envsubst /tmp/ \ | |
\ | |
&& runDeps="$( \ | |
scanelf --needed --nobanner --format '%n#p' /usr/sbin/nginx /usr/lib/nginx/modules/*.so /tmp/envsubst \ | |
| tr ',' '\n' \ | |
| sort -u \ | |
| awk 'system("[ -e /usr/local/lib/" $1 " ]") == 0 { next } { print "so:" $1 }' \ | |
)" \ | |
&& apk add --virtual .nginx-rundeps $runDeps \ | |
&& apk del .build-deps \ | |
&& apk del .gettext \ | |
&& mv /tmp/envsubst /usr/local/bin/ \ | |
\ | |
# Bring in tzdata so users could set the timezones through the environment | |
# variables | |
&& apk add tzdata \ | |
&& echo "${TZ}" > /etc/timezone \ | |
&& ln -sf /usr/share/zoneinfo/${TZ} /etc/localtime \ | |
\ | |
# forward request and error logs to docker log collector | |
&& ln -sf /dev/stdout /var/log/nginx/access.log \ | |
&& ln -sf /dev/stderr /var/log/nginx/error.log \ | |
\ | |
&& rm /var/cache/apk/* | |
COPY nginx.conf /etc/nginx/nginx.conf | |
COPY nginx.vh.default.conf /etc/nginx/conf.d/default.conf | |
EXPOSE 80 443 | |
STOPSIGNAL SIGTERM | |
CMD ["nginx", "-g", "daemon off;"] |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment