Skip to content

Instantly share code, notes, and snippets.

@passbyval
Created August 21, 2024 03:11
Show Gist options
  • Save passbyval/3b298b0aaec20ddfc89b37c6562dcc26 to your computer and use it in GitHub Desktop.
Save passbyval/3b298b0aaec20ddfc89b37c6562dcc26 to your computer and use it in GitHub Desktop.
Docker: Build NGINX from Source
ARG ALPINE_VERSION=3.18
ARG NGINX_VERSION=1.25.1
ARG HEADERS_MORE_VERSION=0.37
ARG NJS_VERSION=0.8.5
FROM alpine:${ALPINE_VERSION}
ARG NGINX_DIR=nginx
ARG WORKSPACE_DIR=workspace
ARG MODULES_DIR=modules
ARG HEADERS_MORE_DIR=headers-more
ARG PID_PATH=/var/local/nginx.pid
ARG CACHE_PATH=/var/cache/nginx
ARG LOG_PATH=/var/log/nginx
ARG CONF_PATH=/etc/nginx/nginx.conf
ARG MODULES_PATH=/usr/lib/nginx/modules
ARG HEADERS_MORE_VERSION
ARG NGINX_VERSION
ARG NJS_VERSION
WORKDIR /
RUN apk update && \
apk upgrade --no-cache && \
mkdir -p /${WORKSPACE_DIR} && \
cd /${WORKSPACE_DIR} && \
apk add --no-cache --virtual .shared-deps curl openssl ca-certificates && \
echo "Adding NGINX repository..." && \
printf "%s%s%s\n" "http://nginx.org/packages/alpine/v" `egrep -o '^[0-9]+\.[0-9]+' /etc/alpine-release` "/main" | tee -a /etc/apk/repositories && \
curl --verbose -o /tmp/nginx_signing.rsa.pub https://nginx.org/keys/nginx_signing.rsa.pub && \
openssl rsa -pubin -in /tmp/nginx_signing.rsa.pub -text -noout && \
mv /tmp/nginx_signing.rsa.pub /etc/apk/keys/ && \
apk update && \
# Download headers-more: https://github.com/openresty/headers-more-nginx-module
HEADERS_MORE_TAR=${HEADERS_MORE_DIR}.tar.gz && \
mkdir -p ${NGINX_DIR}/${MODULES_DIR}/${HEADERS_MORE_DIR} && \
HEADERS_MORE_DIR=headers-more && \
HEADERS_MORE_TAR=$HEADERS_MORE_DIR.tar.gz && \
wget https://github.com/openresty/headers-more-nginx-module/archive/refs/tags/v${HEADERS_MORE_VERSION}.tar.gz -O $HEADERS_MORE_DIR.tar.gz && \
mkdir -p ${MODULES_DIR}/$HEADERS_MORE_DIR && \
tar -xzvf $HEADERS_MORE_TAR -C ${MODULES_DIR}/$HEADERS_MORE_DIR --strip-components=1 && \
rm $HEADERS_MORE_TAR && \
# Download nginx-module-njs: https://github.com/nginx/njs
NJS_DIR=nginx-njs && \
NJS_TAR=$NJS_DIR.tar.gz && \
wget https://github.com/nginx/njs/archive/refs/tags/${NJS_VERSION}.tar.gz -O $NJS_DIR.tar.gz && \
mkdir -p ${MODULES_DIR}/$NJS_DIR && \
tar -xzvf $NJS_TAR -C ${MODULES_DIR}/$NJS_DIR --strip-components=1 && \
rm $NJS_TAR && \
# Download NGINX from source
NGINX_TAR=${NGINX_DIR}.tar.gz && \
mkdir -p ${NGINX_DIR} && \
NGINX_TAR=${NGINX_DIR}.tar.gz && \
wget http://nginx.org/download/nginx-${NGINX_VERSION}.tar.gz -O $NGINX_TAR && \
tar -xzvf $NGINX_TAR -C ${NGINX_DIR} --strip-components=1 && \
rm $NGINX_TAR && \
# Install build dependencies
apk add --no-cache --virtual .nginx-required-build-deps \
libgcc \
pcre2 \
gd \
libressl \
geoip \
libxext \
perl \
zlib \
libxslt && \
apk add --no-cache --virtual .nginx-opt-build-deps \
linux-headers \
build-base \
libxslt-dev \
libressl-dev \
gd-dev \
pcre2-dev \
geoip-dev \
zlib-dev \
make \
perl-dev && \
echo "Building NGINX from source..." && \
cd ${NGINX_DIR} && \
./configure \
--prefix=/etc/nginx \
--add-dynamic-module=../${MODULES_DIR}/headers-more \
--add-dynamic-module=../${MODULES_DIR}/nginx-njs/nginx \
--sbin-path=/usr/sbin/nginx \
--modules-path=${MODULES_PATH} \
--conf-path=${CONF_PATH} \
--error-log-path=${LOG_PATH}/error.log \
--http-log-path=${LOG_PATH}/access.log \
--pid-path=${PID_PATH} \
--lock-path=/var/run/nginx.lock \
--http-client-body-temp-path=${CACHE_PATH}/client_temp \
--http-proxy-temp-path=${CACHE_PATH}/proxy_temp \
--http-fastcgi-temp-path=${CACHE_PATH}/fastcgi_temp \
--http-uwsgi-temp-path=${CACHE_PATH}/uwsgi_temp \
--http-scgi-temp-path=${CACHE_PATH}/scgi_temp \
--with-perl_modules_path=/usr/lib/perl5/vendor_perl \
--user=nginx \
--group=nginx \
--with-compat \
--with-debug \
--with-file-aio \
--with-threads \
--with-http_addition_module \
--with-http_auth_request_module \
--with-http_dav_module \
--with-http_flv_module \
--with-http_image_filter_module \
--with-http_geoip_module \
--with-http_gunzip_module \
--with-http_gzip_static_module \
--with-http_mp4_module \
--with-http_random_index_module \
--with-http_realip_module \
--with-http_secure_link_module \
--with-http_slice_module \
--with-http_ssl_module \
--with-http_stub_status_module \
--with-http_sub_module \
--with-http_v2_module \
--with-http_v3_module \
--with-mail \
--with-mail_ssl_module \
--with-stream \
--with-stream_realip_module \
--with-stream_ssl_module \
--with-stream_ssl_preread_module \
--with-http_xslt_module \
--with-cc-opt='-Os -fomit-frame-pointer -g' \
--with-ld-opt=-Wl,--as-needed,-O1,--sort-common && \
# Compile
make && \
make install && \
# Install NGINX sigsci module
wget -q https://apk.signalsciences.net/sigsci_apk.pub ; mv sigsci_apk.pub /etc/apk/keys && \
echo https://apk.signalsciences.net/$(grep -oE '[0-9]+\.[0-9]{2}' /etc/alpine-release)/main | tee -a /etc/apk/repositories && apk update && \
echo "Verifying certificate authenticity..." && \
openssl rsa -pubin -in /etc/apk/keys/sigsci_apk.pub -text -noout && \
apk add --no-cache nginx-module-sigsci-nxo-${NGINX_VERSION} && \
# Cleanup
apk del --purge \
.nginx-opt-build-deps \
.shared-deps && \
apk cache clean
COPY ./nginx.base.conf ${CONF_PATH}
RUN addgroup -S nginx && \
adduser -S nginx -G nginx && \
mkdir -p ${CACHE_PATH} && \
mkdir -p /usr/share/nginx/html && \
touch ${PID_PATH} && \
chown -R nginx:nginx ${CACHE_PATH} ${PID_PATH} /usr/share/nginx/html ${CONF_PATH} && \
ln -s ${MODULES_PATH} /etc/nginx/modules && \
nginx -c ${CONF_PATH} -t
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment