Created
August 21, 2024 03:11
-
-
Save passbyval/3b298b0aaec20ddfc89b37c6562dcc26 to your computer and use it in GitHub Desktop.
Docker: Build NGINX from Source
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
ARG ALPINE_VERSION=3.18 | |
ARG NGINX_VERSION=1.25.1 | |
ARG HEADERS_MORE_VERSION=0.37 | |
ARG NJS_VERSION=0.8.5 | |
FROM alpine:${ALPINE_VERSION} | |
ARG NGINX_DIR=nginx | |
ARG WORKSPACE_DIR=workspace | |
ARG MODULES_DIR=modules | |
ARG HEADERS_MORE_DIR=headers-more | |
ARG PID_PATH=/var/local/nginx.pid | |
ARG CACHE_PATH=/var/cache/nginx | |
ARG LOG_PATH=/var/log/nginx | |
ARG CONF_PATH=/etc/nginx/nginx.conf | |
ARG MODULES_PATH=/usr/lib/nginx/modules | |
ARG HEADERS_MORE_VERSION | |
ARG NGINX_VERSION | |
ARG NJS_VERSION | |
WORKDIR / | |
RUN apk update && \ | |
apk upgrade --no-cache && \ | |
mkdir -p /${WORKSPACE_DIR} && \ | |
cd /${WORKSPACE_DIR} && \ | |
apk add --no-cache --virtual .shared-deps curl openssl ca-certificates && \ | |
echo "Adding NGINX repository..." && \ | |
printf "%s%s%s\n" "http://nginx.org/packages/alpine/v" `egrep -o '^[0-9]+\.[0-9]+' /etc/alpine-release` "/main" | tee -a /etc/apk/repositories && \ | |
curl --verbose -o /tmp/nginx_signing.rsa.pub https://nginx.org/keys/nginx_signing.rsa.pub && \ | |
openssl rsa -pubin -in /tmp/nginx_signing.rsa.pub -text -noout && \ | |
mv /tmp/nginx_signing.rsa.pub /etc/apk/keys/ && \ | |
apk update && \ | |
# Download headers-more: https://github.com/openresty/headers-more-nginx-module | |
HEADERS_MORE_TAR=${HEADERS_MORE_DIR}.tar.gz && \ | |
mkdir -p ${NGINX_DIR}/${MODULES_DIR}/${HEADERS_MORE_DIR} && \ | |
HEADERS_MORE_DIR=headers-more && \ | |
HEADERS_MORE_TAR=$HEADERS_MORE_DIR.tar.gz && \ | |
wget https://github.com/openresty/headers-more-nginx-module/archive/refs/tags/v${HEADERS_MORE_VERSION}.tar.gz -O $HEADERS_MORE_DIR.tar.gz && \ | |
mkdir -p ${MODULES_DIR}/$HEADERS_MORE_DIR && \ | |
tar -xzvf $HEADERS_MORE_TAR -C ${MODULES_DIR}/$HEADERS_MORE_DIR --strip-components=1 && \ | |
rm $HEADERS_MORE_TAR && \ | |
# Download nginx-module-njs: https://github.com/nginx/njs | |
NJS_DIR=nginx-njs && \ | |
NJS_TAR=$NJS_DIR.tar.gz && \ | |
wget https://github.com/nginx/njs/archive/refs/tags/${NJS_VERSION}.tar.gz -O $NJS_DIR.tar.gz && \ | |
mkdir -p ${MODULES_DIR}/$NJS_DIR && \ | |
tar -xzvf $NJS_TAR -C ${MODULES_DIR}/$NJS_DIR --strip-components=1 && \ | |
rm $NJS_TAR && \ | |
# Download NGINX from source | |
NGINX_TAR=${NGINX_DIR}.tar.gz && \ | |
mkdir -p ${NGINX_DIR} && \ | |
NGINX_TAR=${NGINX_DIR}.tar.gz && \ | |
wget http://nginx.org/download/nginx-${NGINX_VERSION}.tar.gz -O $NGINX_TAR && \ | |
tar -xzvf $NGINX_TAR -C ${NGINX_DIR} --strip-components=1 && \ | |
rm $NGINX_TAR && \ | |
# Install build dependencies | |
apk add --no-cache --virtual .nginx-required-build-deps \ | |
libgcc \ | |
pcre2 \ | |
gd \ | |
libressl \ | |
geoip \ | |
libxext \ | |
perl \ | |
zlib \ | |
libxslt && \ | |
apk add --no-cache --virtual .nginx-opt-build-deps \ | |
linux-headers \ | |
build-base \ | |
libxslt-dev \ | |
libressl-dev \ | |
gd-dev \ | |
pcre2-dev \ | |
geoip-dev \ | |
zlib-dev \ | |
make \ | |
perl-dev && \ | |
echo "Building NGINX from source..." && \ | |
cd ${NGINX_DIR} && \ | |
./configure \ | |
--prefix=/etc/nginx \ | |
--add-dynamic-module=../${MODULES_DIR}/headers-more \ | |
--add-dynamic-module=../${MODULES_DIR}/nginx-njs/nginx \ | |
--sbin-path=/usr/sbin/nginx \ | |
--modules-path=${MODULES_PATH} \ | |
--conf-path=${CONF_PATH} \ | |
--error-log-path=${LOG_PATH}/error.log \ | |
--http-log-path=${LOG_PATH}/access.log \ | |
--pid-path=${PID_PATH} \ | |
--lock-path=/var/run/nginx.lock \ | |
--http-client-body-temp-path=${CACHE_PATH}/client_temp \ | |
--http-proxy-temp-path=${CACHE_PATH}/proxy_temp \ | |
--http-fastcgi-temp-path=${CACHE_PATH}/fastcgi_temp \ | |
--http-uwsgi-temp-path=${CACHE_PATH}/uwsgi_temp \ | |
--http-scgi-temp-path=${CACHE_PATH}/scgi_temp \ | |
--with-perl_modules_path=/usr/lib/perl5/vendor_perl \ | |
--user=nginx \ | |
--group=nginx \ | |
--with-compat \ | |
--with-debug \ | |
--with-file-aio \ | |
--with-threads \ | |
--with-http_addition_module \ | |
--with-http_auth_request_module \ | |
--with-http_dav_module \ | |
--with-http_flv_module \ | |
--with-http_image_filter_module \ | |
--with-http_geoip_module \ | |
--with-http_gunzip_module \ | |
--with-http_gzip_static_module \ | |
--with-http_mp4_module \ | |
--with-http_random_index_module \ | |
--with-http_realip_module \ | |
--with-http_secure_link_module \ | |
--with-http_slice_module \ | |
--with-http_ssl_module \ | |
--with-http_stub_status_module \ | |
--with-http_sub_module \ | |
--with-http_v2_module \ | |
--with-http_v3_module \ | |
--with-mail \ | |
--with-mail_ssl_module \ | |
--with-stream \ | |
--with-stream_realip_module \ | |
--with-stream_ssl_module \ | |
--with-stream_ssl_preread_module \ | |
--with-http_xslt_module \ | |
--with-cc-opt='-Os -fomit-frame-pointer -g' \ | |
--with-ld-opt=-Wl,--as-needed,-O1,--sort-common && \ | |
# Compile | |
make && \ | |
make install && \ | |
# Install NGINX sigsci module | |
wget -q https://apk.signalsciences.net/sigsci_apk.pub ; mv sigsci_apk.pub /etc/apk/keys && \ | |
echo https://apk.signalsciences.net/$(grep -oE '[0-9]+\.[0-9]{2}' /etc/alpine-release)/main | tee -a /etc/apk/repositories && apk update && \ | |
echo "Verifying certificate authenticity..." && \ | |
openssl rsa -pubin -in /etc/apk/keys/sigsci_apk.pub -text -noout && \ | |
apk add --no-cache nginx-module-sigsci-nxo-${NGINX_VERSION} && \ | |
# Cleanup | |
apk del --purge \ | |
.nginx-opt-build-deps \ | |
.shared-deps && \ | |
apk cache clean | |
COPY ./nginx.base.conf ${CONF_PATH} | |
RUN addgroup -S nginx && \ | |
adduser -S nginx -G nginx && \ | |
mkdir -p ${CACHE_PATH} && \ | |
mkdir -p /usr/share/nginx/html && \ | |
touch ${PID_PATH} && \ | |
chown -R nginx:nginx ${CACHE_PATH} ${PID_PATH} /usr/share/nginx/html ${CONF_PATH} && \ | |
ln -s ${MODULES_PATH} /etc/nginx/modules && \ | |
nginx -c ${CONF_PATH} -t | |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment