Created
July 7, 2017 13:16
-
-
Save tzumby/91aab91c56d23778d8574e5150700bea to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Dockerfile - Ubuntu Xenial | |
| # https://github.com/openresty/docker-openresty | |
| FROM ubuntu:xenial | |
| MAINTAINER Evan Wies <evan@neomantra.net> | |
| # Docker Build Arguments | |
| ARG RESTY_VERSION="1.11.2.3" | |
| ARG RESTY_LUAROCKS_VERSION="2.3.0" | |
| ARG RESTY_OPENSSL_VERSION="1.0.2k" | |
| ARG RESTY_PCRE_VERSION="8.39" | |
| ARG RESTY_J="1" | |
| ARG RESTY_CONFIG_OPTIONS="\ | |
| --prefix=/etc/nginx \ | |
| --sbin-path=/usr/sbin/nginx \ | |
| --modules-path=/usr/lib/nginx/modules \ | |
| --conf-path=/etc/nginx/nginx.conf \ | |
| --error-log-path=/var/log/nginx/error.log \ | |
| --http-log-path=/var/log/nginx/access.log \ | |
| --pid-path=/var/run/nginx.pid \ | |
| --lock-path=/var/run/nginx.lock \ | |
| --user=nginx \ | |
| --group=nginx \ | |
| --with-file-aio \ | |
| --with-http_addition_module \ | |
| --with-http_auth_request_module \ | |
| --with-http_dav_module \ | |
| --with-http_flv_module \ | |
| --with-http_geoip_module \ | |
| --with-http_gunzip_module \ | |
| --with-http_gzip_static_module \ | |
| --with-http_image_filter_module=dynamic \ | |
| --with-http_mp4_module \ | |
| --with-http_random_index_module \ | |
| --with-http_realip_module \ | |
| --with-http_secure_link_module \ | |
| --with-http_slice_module \ | |
| --with-http_ssl_module \ | |
| --with-http_stub_status_module \ | |
| --with-http_sub_module \ | |
| --with-http_v2_module \ | |
| --with-http_xslt_module=dynamic \ | |
| --with-ipv6 \ | |
| --with-mail \ | |
| --with-mail_ssl_module \ | |
| --with-md5-asm \ | |
| --with-pcre-jit \ | |
| --with-sha1-asm \ | |
| --with-stream \ | |
| --with-stream_ssl_module \ | |
| --with-threads \ | |
| " | |
| # These are not intended to be user-specified | |
| ARG _RESTY_CONFIG_DEPS="--with-openssl=/tmp/openssl-${RESTY_OPENSSL_VERSION} --with-pcre=/tmp/pcre-${RESTY_PCRE_VERSION}" | |
| # 1) Install apt dependencies | |
| # 2) Download and untar OpenSSL, PCRE, and OpenResty | |
| # 3) Build OpenResty | |
| # 4) Cleanup | |
| RUN useradd -ms /bin/false nginx | |
| RUN \ | |
| DEBIAN_FRONTEND=noninteractive apt-get update \ | |
| && DEBIAN_FRONTEND=noninteractive apt-get install -y --no-install-recommends \ | |
| build-essential \ | |
| ca-certificates \ | |
| curl \ | |
| libgd-dev \ | |
| libgeoip-dev \ | |
| libncurses5-dev \ | |
| libperl-dev \ | |
| libreadline-dev \ | |
| libxslt1-dev \ | |
| make \ | |
| perl \ | |
| unzip \ | |
| zlib1g-dev \ | |
| git \ | |
| python \ | |
| liblua5.1-0-dev \ | |
| && cd /usr/local \ | |
| && git clone https://github.com/SpiderLabs/owasp-modsecurity-crs \ | |
| && cd /tmp \ | |
| && curl -fSL https://www.openssl.org/source/openssl-${RESTY_OPENSSL_VERSION}.tar.gz -o openssl-${RESTY_OPENSSL_VERSION}.tar.gz \ | |
| && tar xzf openssl-${RESTY_OPENSSL_VERSION}.tar.gz \ | |
| && curl -fSL https://ftp.pcre.org/pub/pcre/pcre-${RESTY_PCRE_VERSION}.tar.gz -o pcre-${RESTY_PCRE_VERSION}.tar.gz \ | |
| && tar xzf pcre-${RESTY_PCRE_VERSION}.tar.gz \ | |
| && curl -fSL https://openresty.org/download/openresty-${RESTY_VERSION}.tar.gz -o openresty-${RESTY_VERSION}.tar.gz \ | |
| && tar xzf openresty-${RESTY_VERSION}.tar.gz \ | |
| && git clone --recursive https://github.com/p0pr0ck5/lua-resty-waf \ | |
| && cd /tmp/openresty-${RESTY_VERSION} \ | |
| && ./configure -j${RESTY_J} ${_RESTY_CONFIG_DEPS} ${RESTY_CONFIG_OPTIONS} \ | |
| && make -j${RESTY_J} \ | |
| && make -j${RESTY_J} install \ | |
| && cd /tmp/pcre-${RESTY_PCRE_VERSION} \ | |
| && ./configure && make && make install \ | |
| && cd /tmp \ | |
| && rm -rf \ | |
| openssl-${RESTY_OPENSSL_VERSION} \ | |
| openssl-${RESTY_OPENSSL_VERSION}.tar.gz \ | |
| openresty-${RESTY_VERSION}.tar.gz openresty-${RESTY_VERSION} \ | |
| pcre-${RESTY_PCRE_VERSION}.tar.gz pcre-${RESTY_PCRE_VERSION} \ | |
| && curl -fSL http://luarocks.org/releases/luarocks-${RESTY_LUAROCKS_VERSION}.tar.gz -o luarocks-${RESTY_LUAROCKS_VERSION}.tar.gz \ | |
| && tar xzf luarocks-${RESTY_LUAROCKS_VERSION}.tar.gz \ | |
| && cd luarocks-${RESTY_LUAROCKS_VERSION} \ | |
| && ./configure \ | |
| --prefix=/etc/nginx/luajit \ | |
| --with-lua=/etc/nginx/luajit \ | |
| --lua-suffix=jit-2.1.0-beta2 \ | |
| --with-lua-include=/etc/nginx/luajit/include/luajit-2.1 \ | |
| && make build \ | |
| && make install \ | |
| && cd /tmp/lua-resty-waf \ | |
| && export PATH=$PATH:/etc/nginx/luajit/bin:/etc/nginx/bin \ | |
| && make OPENRESTY_PREFIX=/etc/nginx && make install OPENRESTY_PREFIX=/etc/nginx \ | |
| && cd /tmp \ | |
| && rm -rf luarocks-${RESTY_LUAROCKS_VERSION} luarocks-${RESTY_LUAROCKS_VERSION}.tar.gz \ | |
| && DEBIAN_FRONTEND=noninteractive apt-get autoremove -y \ | |
| && ln -sf /dev/stdout /var/log/nginx/access.log \ | |
| && ln -sf /dev/stderr /var/log/nginx/error.log | |
| # Download of GeoIP databases | |
| RUN curl -sSL -o /etc/nginx/GeoIP.dat.gz http://geolite.maxmind.com/download/geoip/database/GeoLiteCountry/GeoIP.dat.gz \ | |
| && curl -sSL -o /etc/nginx/GeoLiteCity.dat.gz http://geolite.maxmind.com/download/geoip/database/GeoLiteCity.dat.gz \ | |
| && gunzip /etc/nginx/GeoIP.dat.gz \ | |
| && gunzip /etc/nginx/GeoLiteCity.dat.gz | |
| # Add additional binaries into PATH for convenience | |
| ENV PATH=$PATH:/etc/nginx/luajit/bin/:/etc/nginx/bin/ | |
| # TODO: remove any other apt packages? | |
| ENTRYPOINT ["/usr/sbin/nginx", "-g", "daemon off;"] |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment