Created
December 27, 2019 12:10
-
-
Save maitrungduc1410/7487cf5eff7a2595921aca2c4b240267 to your computer and use it in GitHub Desktop.
Docker nginx
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
FROM debian:buster-slim | |
LABEL maintainer="NGINX Docker Maintainers <docker-maint@nginx.com>" | |
ENV NGINX_VERSION 1.17.6 | |
ENV NJS_VERSION 0.3.7 | |
ENV PKG_RELEASE 1~buster | |
RUN set -x \ | |
# create nginx user/group first, to be consistent throughout docker variants | |
&& addgroup --system --gid 101 nginx \ | |
&& adduser --system --disabled-login --ingroup nginx --no-create-home --home /nonexistent --gecos "nginx user" --shell /bin/false --uid 101 nginx \ | |
&& apt-get update \ | |
&& apt-get install --no-install-recommends --no-install-suggests -y gnupg1 ca-certificates \ | |
&& \ | |
NGINX_GPGKEY=573BFD6B3D8FBC641079A6ABABF5BD827BD9BF62; \ | |
found=''; \ | |
for server in \ | |
ha.pool.sks-keyservers.net \ | |
hkp://keyserver.ubuntu.com:80 \ | |
hkp://p80.pool.sks-keyservers.net:80 \ | |
pgp.mit.edu \ | |
; do \ | |
echo "Fetching GPG key $NGINX_GPGKEY from $server"; \ | |
apt-key adv --keyserver "$server" --keyserver-options timeout=10 --recv-keys "$NGINX_GPGKEY" && found=yes && break; \ | |
done; \ | |
test -z "$found" && echo >&2 "error: failed to fetch GPG key $NGINX_GPGKEY" && exit 1; \ | |
apt-get remove --purge --auto-remove -y gnupg1 && rm -rf /var/lib/apt/lists/* \ | |
&& dpkgArch="$(dpkg --print-architecture)" \ | |
&& nginxPackages=" \ | |
nginx=${NGINX_VERSION}-${PKG_RELEASE} \ | |
nginx-module-xslt=${NGINX_VERSION}-${PKG_RELEASE} \ | |
nginx-module-geoip=${NGINX_VERSION}-${PKG_RELEASE} \ | |
nginx-module-image-filter=${NGINX_VERSION}-${PKG_RELEASE} \ | |
nginx-module-njs=${NGINX_VERSION}.${NJS_VERSION}-${PKG_RELEASE} \ | |
" \ | |
&& case "$dpkgArch" in \ | |
amd64|i386) \ | |
# arches officialy built by upstream | |
echo "deb https://nginx.org/packages/mainline/debian/ buster nginx" >> /etc/apt/sources.list.d/nginx.list \ | |
&& apt-get update \ | |
;; \ | |
*) \ | |
# we're on an architecture upstream doesn't officially build for | |
# let's build binaries from the published source packages | |
echo "deb-src https://nginx.org/packages/mainline/debian/ buster nginx" >> /etc/apt/sources.list.d/nginx.list \ | |
\ | |
# new directory for storing sources and .deb files | |
&& tempDir="$(mktemp -d)" \ | |
&& chmod 777 "$tempDir" \ | |
# (777 to ensure APT's "_apt" user can access it too) | |
\ | |
# save list of currently-installed packages so build dependencies can be cleanly removed later | |
&& savedAptMark="$(apt-mark showmanual)" \ | |
\ | |
# build .deb files from upstream's source packages (which are verified by apt-get) | |
&& apt-get update \ | |
&& apt-get build-dep -y $nginxPackages \ | |
&& ( \ | |
cd "$tempDir" \ | |
&& DEB_BUILD_OPTIONS="nocheck parallel=$(nproc)" \ | |
apt-get source --compile $nginxPackages \ | |
) \ | |
# we don't remove APT lists here because they get re-downloaded and removed later | |
\ | |
# reset apt-mark's "manual" list so that "purge --auto-remove" will remove all build dependencies | |
# (which is done after we install the built packages so we don't have to redownload any overlapping dependencies) | |
&& apt-mark showmanual | xargs apt-mark auto > /dev/null \ | |
&& { [ -z "$savedAptMark" ] || apt-mark manual $savedAptMark; } \ | |
\ | |
# create a temporary local APT repo to install from (so that dependency resolution can be handled by APT, as it should be) | |
&& ls -lAFh "$tempDir" \ | |
&& ( cd "$tempDir" && dpkg-scanpackages . > Packages ) \ | |
&& grep '^Package: ' "$tempDir/Packages" \ | |
&& echo "deb [ trusted=yes ] file://$tempDir ./" > /etc/apt/sources.list.d/temp.list \ | |
# work around the following APT issue by using "Acquire::GzipIndexes=false" (overriding "/etc/apt/apt.conf.d/docker-gzip-indexes") | |
# Could not open file /var/lib/apt/lists/partial/_tmp_tmp.ODWljpQfkE_._Packages - open (13: Permission denied) | |
# ... | |
# E: Failed to fetch store:/var/lib/apt/lists/partial/_tmp_tmp.ODWljpQfkE_._Packages Could not open file /var/lib/apt/lists/partial/_tmp_tmp.ODWljpQfkE_._Packages - open (13: Permission denied) | |
&& apt-get -o Acquire::GzipIndexes=false update \ | |
;; \ | |
esac \ | |
\ | |
&& apt-get install --no-install-recommends --no-install-suggests -y \ | |
$nginxPackages \ | |
gettext-base \ | |
&& apt-get remove --purge --auto-remove -y ca-certificates && rm -rf /var/lib/apt/lists/* /etc/apt/sources.list.d/nginx.list \ | |
\ | |
# if we have leftovers from building, let's purge them (including extra, unnecessary build deps) | |
&& if [ -n "$tempDir" ]; then \ | |
apt-get purge -y --auto-remove \ | |
&& rm -rf "$tempDir" /etc/apt/sources.list.d/temp.list; \ | |
fi | |
# forward request and error logs to docker log collector | |
RUN ln -sf /dev/stdout /var/log/nginx/access.log \ | |
&& ln -sf /dev/stderr /var/log/nginx/error.log | |
# EXPOSE 80 | |
# STOPSIGNAL SIGTERM | |
CMD ["nginx", "-g", "daemon off;"] |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment