diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml index f860b10a..fdbd27d4 100644 --- a/.github/workflows/main.yml +++ b/.github/workflows/main.yml @@ -28,6 +28,9 @@ jobs: continue-on-error: true run: rm -rf docs/metadata/* + - name: Configure docker buildx + run: docker buildx create --driver-opt image=moby/buildkit:master --use + - name: Build images run: make build-${{ matrix.distro }} env: diff --git a/Dockerfile b/Dockerfile index f693a213..4650e6fe 100644 --- a/Dockerfile +++ b/Dockerfile @@ -115,7 +115,7 @@ ENV VER_OPENRESTY_WEBSOCKET=$VER_OPENRESTY_WEBSOCKET # lua-rocks # https://luarocks.github.io/luarocks/releases/ -ARG VER_LUAROCKS=3.7.0 +ARG VER_LUAROCKS=3.8.0 ENV VER_LUAROCKS=$VER_LUAROCKS # lua-upstream-nginx-module diff --git a/Dockerfile-compat b/Dockerfile-compat new file mode 100644 index 00000000..e3f5be05 --- /dev/null +++ b/Dockerfile-compat @@ -0,0 +1,369 @@ +# __ __ +# .-----.-----.|__|.-----.--.--.______| |.--.--.---.-. +# | | _ || || |_ _|______| || | | _ | +# |__|__|___ ||__||__|__|__.__| |__||_____|___._| +# |_____| +# +# Copyright (c) 2020 Fabio Cicerchia. https://fabiocicerchia.it. MIT License +# Repo: https://github.com/fabiocicerchia/nginx-lua + +############################# +# Settings Common Variables # +############################# +FROM alpine:3.15.0 AS base + +ARG DOCKER_IMAGE=fabiocicerchia/nginx-lua +ENV DOCKER_IMAGE=$DOCKER_IMAGE +ARG DOCKER_IMAGE_OS=alpine +ENV DOCKER_IMAGE_OS=$DOCKER_IMAGE_OS +ARG DOCKER_IMAGE_TAG=3.15.0 +ENV DOCKER_IMAGE_TAG=$DOCKER_IMAGE_TAG + +ARG BUILD_DATE +ENV BUILD_DATE=$BUILD_DATE +ARG VCS_REF +ENV VCS_REF=$VCS_REF + +ARG EXTENDED_IMAGE=1 +ENV EXTENDED_IMAGE=$EXTENDED_IMAGE + +# lua +ARG VER_LUA=5.4.3 +ENV VER_LUA=$VER_LUA + +# ngx_devel_kit +# https://github.com/vision5/ngx_devel_kit/releases +# The NDK is now considered to be stable. +ARG VER_NGX_DEVEL_KIT=0.3.1 +ENV VER_NGX_DEVEL_KIT=$VER_NGX_DEVEL_KIT + +# luajit2 +# https://github.com/openresty/luajit2/releases +ARG VER_LUAJIT=2.1-20210510 +ENV VER_LUAJIT=$VER_LUAJIT +ARG LUAJIT_LIB=/usr/local/lib +ENV LUAJIT_LIB=$LUAJIT_LIB +ARG LUAJIT_INC=/usr/local/include/luajit-2.1 +ENV LUAJIT_INC=$LUAJIT_INC +ENV LUA_INCDIR=$LUAJIT_INC +ARG LD_LIBRARY_PATH=/usr/local/lib/:$LD_LIBRARY_PATH +ENV LD_LIBRARY_PATH=$LD_LIBRARY_PATH + +# lua-nginx-module +# https://github.com/openresty/lua-nginx-module/releases +# Production ready. +ARG VER_LUA_NGINX_MODULE=0.10.20 +ENV VER_LUA_NGINX_MODULE=$VER_LUA_NGINX_MODULE + +# lua-resty-core +# https://github.com/openresty/lua-resty-core/releases +# This library is production ready. +ARG VER_LUA_RESTY_CORE=0.1.22 +ENV VER_LUA_RESTY_CORE=$VER_LUA_RESTY_CORE +ARG LUA_LIB_DIR=/usr/local/share/lua/5.1 +ENV LUA_LIB_DIR=$LUA_LIB_DIR + +# lua-resty-lrucache +# https://github.com/openresty/lua-resty-lrucache/releases +# This library is considered production ready. +ARG VER_LUA_RESTY_LRUCACHE=0.11 +ENV VER_LUA_RESTY_LRUCACHE=$VER_LUA_RESTY_LRUCACHE + +# headers-more-nginx-module +# https://github.com/openresty/headers-more-nginx-module/commits/master +ARG VER_OPENRESTY_HEADERS=d6d7ebab3c0c5b32ab421ba186783d3e5d2c6a17 +ENV VER_OPENRESTY_HEADERS=$VER_OPENRESTY_HEADERS + +# lua-resty-cookie +# https://github.com/cloudflare/lua-resty-cookie/commits/master +ARG VER_CLOUDFLARE_COOKIE=303e32e512defced053a6484bc0745cf9dc0d39e +ENV VER_CLOUDFLARE_COOKIE=$VER_CLOUDFLARE_COOKIE + +# lua-resty-dns +# https://github.com/openresty/lua-resty-dns/releases +ARG VER_OPENRESTY_DNS=0.22 +ENV VER_OPENRESTY_DNS=$VER_OPENRESTY_DNS + +# lua-resty-memcached +# https://github.com/openresty/lua-resty-memcached/releases +ARG VER_OPENRESTY_MEMCACHED=0.16 +ENV VER_OPENRESTY_MEMCACHED=$VER_OPENRESTY_MEMCACHED + +# lua-resty-mysql +# https://github.com/openresty/lua-resty-mysql/releases +ARG VER_OPENRESTY_MYSQL=0.24 +ENV VER_OPENRESTY_MYSQL=$VER_OPENRESTY_MYSQL + +# lua-resty-redis +# https://github.com/openresty/lua-resty-redis/releases +ARG VER_OPENRESTY_REDIS=0.29 +ENV VER_OPENRESTY_REDIS=$VER_OPENRESTY_REDIS + +# lua-resty-shell +# https://github.com/openresty/lua-resty-shell/releases +ARG VER_OPENRESTY_SHELL=0.03 +ENV VER_OPENRESTY_SHELL=$VER_OPENRESTY_SHELL + +# lua-resty-upstream-healthcheck +# https://github.com/openresty/lua-resty-upstream-healthcheck/releases +ARG VER_OPENRESTY_HEALTHCHECK=0.06 +ENV VER_OPENRESTY_HEALTHCHECK=$VER_OPENRESTY_HEALTHCHECK + +# lua-resty-websocket +# https://github.com/openresty/lua-resty-websocket/releases +ARG VER_OPENRESTY_WEBSOCKET=0.08 +ENV VER_OPENRESTY_WEBSOCKET=$VER_OPENRESTY_WEBSOCKET + +# lua-rocks +# https://luarocks.github.io/luarocks/releases/ +ARG VER_LUAROCKS=3.8.0 +ENV VER_LUAROCKS=$VER_LUAROCKS + +# lua-upstream-nginx-module +# https://github.com/openresty/lua-upstream-nginx-module/releases +ARG VER_LUA_UPSTREAM=0.07 +ENV VER_LUA_UPSTREAM=$VER_LUA_UPSTREAM + +# nginx-lua-prometheus +# https://github.com/knyar/nginx-lua-prometheus/releases +ARG VER_PROMETHEUS=0.20210206 +ENV VER_PROMETHEUS=$VER_PROMETHEUS + +# stream-lua-nginx-module +# https://github.com/openresty/stream-lua-nginx-module/releases +ARG VER_OPENRESTY_STREAMLUA=0.0.10 +ENV VER_OPENRESTY_STREAMLUA=$VER_OPENRESTY_STREAMLUA + +# https://github.com/nginx/nginx/releases +ARG VER_NGINX=1.21.4 +ENV VER_NGINX=$VER_NGINX +ARG NGX_CFLAGS="-g -O2 -fstack-protector-strong -Wformat -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -fPIC" +ENV NGX_CFLAGS=$NGX_CFLAGS +ARG NGX_LDOPT="-Wl,-rpath,/usr/local/lib -Wl,-z,relro -Wl,-z,now -Wl,--as-needed -pie" +ENV NGX_LDOPT=$NGX_LDOPT +ARG NGINX_BUILD_CONFIG="\ + --prefix=/etc/nginx \ + --sbin-path=/usr/sbin/nginx \ + --modules-path=/usr/lib/nginx/modules \ + --conf-path=/etc/nginx/nginx.conf \ + --error-log-path=/var/log/nginx/error.log \ + --http-log-path=/var/log/nginx/access.log \ + --pid-path=/var/run/nginx.pid \ + --lock-path=/var/run/nginx.lock \ + --http-client-body-temp-path=/var/cache/nginx/client_temp \ + --http-proxy-temp-path=/var/cache/nginx/proxy_temp \ + --http-fastcgi-temp-path=/var/cache/nginx/fastcgi_temp \ + --http-uwsgi-temp-path=/var/cache/nginx/uwsgi_temp \ + --http-scgi-temp-path=/var/cache/nginx/scgi_temp \ + --with-perl_modules_path=/usr/lib/perl5/vendor_perl \ + --user=nginx \ + --group=nginx \ + --with-compat \ + --with-file-aio \ + --with-threads \ + --with-http_addition_module \ + --with-http_auth_request_module \ + --with-http_dav_module \ + --with-http_flv_module \ + --with-http_gunzip_module \ + --with-http_gzip_static_module \ + --with-http_mp4_module \ + --with-http_random_index_module \ + --with-http_realip_module \ + --with-http_secure_link_module \ + --with-http_slice_module \ + --with-http_ssl_module \ + --with-http_stub_status_module \ + --with-http_sub_module \ + --with-http_v2_module \ + --with-mail \ + --with-mail_ssl_module \ + --with-stream \ + --with-stream_realip_module \ + --with-stream_ssl_module \ + --with-stream_ssl_preread_module \ + --add-module=/lua-nginx-module-${VER_LUA_NGINX_MODULE} \ + --add-module=/ngx_devel_kit-${VER_NGX_DEVEL_KIT} \ + --add-module=/lua-upstream-nginx-module-${VER_LUA_UPSTREAM} \ +" +ENV NGINX_BUILD_CONFIG=$NGINX_BUILD_CONFIG + +ARG BUILD_DEPS="\ + curl \ + g++ \ + geoip-dev \ + gzip \ + make \ + openssl-dev \ + pcre-dev \ + tar \ + zlib-dev \ +" +ENV BUILD_DEPS=$BUILD_DEPS + +ARG NGINX_BUILD_DEPS="\ +# NGINX + alpine-sdk \ + bash \ + findutils \ + gcc \ + gd-dev \ + geoip-dev \ + libc-dev \ + libedit-dev \ + libxslt-dev \ + linux-headers \ + make \ + openssl-dev \ + pcre-dev \ + perl-dev \ + zlib-dev \ +" +ENV NGINX_BUILD_DEPS=$NGINX_BUILD_DEPS + +#################################### +# Build Nginx with support for LUA # +#################################### +FROM base AS builder + +COPY tpl/Makefile Makefile + +# TODO: NGINX_BUILD_CONFIG not updated +# hadolint ignore=SC2086 +RUN set -eux \ + && apk update \ + && apk add --no-cache \ + $BUILD_DEPS \ + $NGINX_BUILD_DEPS \ + && [ $EXTENDED_IMAGE -eq 1 ] && \ + NGINX_BUILD_CONFIG="${NGINX_BUILD_CONFIG} \ + --add-module=/headers-more-nginx-module-${VER_OPENRESTY_HEADERS} \ + --add-module=/stream-lua-nginx-module-${VER_OPENRESTY_STREAMLUA} \ + " \ + && make -j "$(nproc)" lua-src \ + && make -j "$(nproc)" deps \ + && make -j "$(nproc)" core \ + && make -j "$(nproc)" luarocks + +########################################## +# Combine everything with minimal layers # +########################################## +FROM base + +# http://label-schema.org/rc1/ +LABEL maintainer="Fabio Cicerchia " \ + org.label-schema.build-date=$BUILD_DATE \ + org.label-schema.description="Nginx $VER_NGINX with Lua support based on $DOCKER_IMAGE_OS $DOCKER_IMAGE_TAG." \ + org.label-schema.docker.cmd="docker run -p 80:80 -d $DOCKER_IMAGE:$VER_NGINX-$DOCKER_IMAGE_OS$DOCKER_IMAGE_TAG" \ + org.label-schema.name="$DOCKER_IMAGE" \ + org.label-schema.schema-version="1.0" \ + org.label-schema.url="https://github.com/$DOCKER_IMAGE" \ + org.label-schema.vcs-ref=$VCS_REF \ + org.label-schema.vcs-url="https://github.com/$DOCKER_IMAGE" \ + org.label-schema.version="$VER_NGINX-$DOCKER_IMAGE_OS$DOCKER_IMAGE_TAG" \ + versions.extended=${EXTENDED_IMAGE} \ + versions.headers-more-nginx-module=${VER_OPENRESTY_HEADERS} \ + versions.lua=${VER_LUA} \ + versions.luarocks=${VER_LUAROCKS} \ + versions.lua-nginx-module=${VER_LUA_NGINX_MODULE} \ + versions.lua-resty-cookie=${VER_CLOUDFLARE_COOKIE} \ + versions.lua-resty-core=${VER_LUA_RESTY_CORE} \ + versions.lua-resty-dns=${VER_OPENRESTY_DNS} \ + versions.lua-resty-lrucache=${VER_LUA_RESTY_LRUCACHE} \ + versions.lua-resty-memcached=${VER_OPENRESTY_MEMCACHED} \ + versions.lua-resty-mysql=${VER_OPENRESTY_MYSQL} \ + versions.lua-resty-redis=${VER_OPENRESTY_REDIS} \ + versions.lua-resty-shell=${VER_OPENRESTY_SHELL} \ + versions.lua-resty-upstream-healthcheck=${VER_OPENRESTY_HEALTHCHECK} \ + versions.lua-resty-websocket=${VER_OPENRESTY_WEBSOCKET} \ + versions.lua-upstream=${VER_LUA_UPSTREAM} \ + versions.luajit2=${VER_LUAJIT} \ + versions.nginx-lua-prometheus=${VER_PROMETHEUS} \ + versions.nginx=${VER_NGINX} \ + versions.ngx_devel_kit=${VER_NGX_DEVEL_KIT} \ + versions.os=${DOCKER_IMAGE_TAG} \ + versions.stream-lua-nginx-module=${VER_OPENRESTY_STREAMLUA} + +ARG PKG_DEPS="\ + geoip-dev \ + openssl-dev \ + pcre-dev \ + unzip \ + zlib-dev \ +" +ENV PKG_DEPS=$PKG_DEPS + +COPY --from=builder /etc/nginx /etc/nginx +COPY --from=builder /usr/local/lib /usr/local/lib +COPY --from=builder /usr/local/share/lua /usr/local/share/lua +COPY --from=builder /usr/sbin/nginx /usr/sbin/nginx +COPY --from=builder /usr/sbin/nginx-debug /usr/sbin/nginx-debug +COPY --from=builder /var/cache/nginx /var/cache/nginx +COPY --from=builder /usr/local/bin/lua /usr/local/bin/lua +COPY --from=builder /usr/local/bin/luajit /usr/local/bin/luajit +COPY --from=builder /usr/local/bin/luarocks /usr/local/bin/luarocks +COPY --from=builder /usr/local/etc/luarocks /usr/local/etc/luarocks +COPY --from=builder $LUAJIT_INC $LUAJIT_INC + +SHELL ["/bin/ash", "-eo", "pipefail", "-c"] + +# hadolint ignore=SC2086 +RUN set -eux \ + && apk update \ + && apk add --no-cache --virtual .pkg_deps \ + $PKG_DEPS \ +# Bring in gettext so we can get `envsubst`, then throw +# the rest away. To do this, we need to install `gettext` +# then move `envsubst` out of the way so `gettext` can +# be deleted completely, then move `envsubst` back. + && apk add --no-cache --virtual .gettext gettext \ + && mv /usr/bin/envsubst /tmp/ \ + && runDeps="$( \ + scanelf --needed --nobanner /tmp/envsubst \ + | awk '{ gsub(/,/, "\nso:", $2); print "so:" $2 }' \ + | sort -u \ + | xargs -r apk info --installed \ + | sort -u \ + )" \ + && apk add --no-cache --virtual .run_deps $runDeps \ + && apk del .gettext \ + && mv /tmp/envsubst /usr/local/bin/ \ +# Bring in tzdata so users could set the timezones through the environment +# variables + && apk add --no-cache --virtual pkg_tz tzdata \ +# Bring in curl and ca-certificates to make registering on DNS SD easier + && apk add --no-cache --virtual pkg_dns curl ca-certificates \ +# forward request and error logs to docker log collector + && mkdir -p /var/log/nginx \ + && ln -sf /dev/stdout /var/log/nginx/access.log \ + && ln -sf /dev/stderr /var/log/nginx/error.log \ +# create nginx user/group first, to be consistent throughout docker variants + && addgroup -g 101 -S nginx \ + && adduser -S -D -H -u 101 -h /var/cache/nginx -s /sbin/nologin -G nginx -g nginx nginx \ + && mkdir /docker-entrypoint.d + +COPY tpl/support.sh / +COPY tpl/docker-entrypoint.sh / +COPY tpl/10-listen-on-ipv6-by-default.sh /docker-entrypoint.d/ +COPY tpl/20-envsubst-on-templates.sh /docker-entrypoint.d/ +COPY tpl/nginx.conf /etc/nginx/nginx.conf +COPY tpl/default.conf /etc/nginx/conf.d/default.conf + +# smoke test +# ############################################################################## +RUN envsubst -V \ + && nginx -V \ + && nginx -t \ + && lua -v \ + && luarocks --version + +EXPOSE 80 443 + +HEALTHCHECK --interval=30s --timeout=3s CMD curl --fail http://localhost/ || exit 1 + +# Override stop signal to stop process gracefully +STOPSIGNAL SIGQUIT + +ENTRYPOINT ["/docker-entrypoint.sh"] + +CMD ["nginx", "-g", "daemon off;"] diff --git a/README.md b/README.md index 8a42bdd3..cc602a65 100644 --- a/README.md +++ b/README.md @@ -309,58 +309,58 @@ http { ## Specs -- [nginx](https://nginx.org/en/download.html) -- Supported OS - - [Alpine Linux](https://hub.docker.com/_/alpine) (~50MB) - - [Amazon Linux](https://hub.docker.com/_/amazonlinux) (~225MB) - - [Debian](https://hub.docker.com/_/debian) (~200MB) - - [Fedora](https://hub.docker.com/_/fedora) (~375MB) - - [Ubuntu](https://hub.docker.com/_/ubuntu) (~215MB) -- [OpenResty's Branch of LuaJIT 2](https://github.com/openresty/luajit2) -- [Embed the Power of Lua into NGINX HTTP servers](https://github.com/openresty/lua-nginx-module) -- [New FFI-based API for lua-nginx-module](https://github.com/openresty/lua-resty-core) -- [Lua-land LRU Cache based on LuaJIT FFI](https://github.com/openresty/lua-resty-lrucache) -- [Nginx Development Kit](https://github.com/vision5/ngx_devel_kit) -- [LuaRocks](https://luarocks.org/) --
Additional Modules - - - [ngx_http_addition_module](http://nginx.org/en/docs/http/ngx_http_addition_module.html) - - [ngx_http_auth_request_module](http://nginx.org/en/docs/http/ngx_http_auth_request_module.html) - - [ngx_http_dav_module](http://nginx.org/en/docs/http/ngx_http_dav_module.html) - - [ngx_http_flv_module](http://nginx.org/en/docs/http/ngx_http_flv_module.html) - - [ngx_http_geoip_module](http://nginx.org/en/docs/http/ngx_http_geoip_module.html) - - [ngx_http_gunzip_module](http://nginx.org/en/docs/http/ngx_http_gunzip_module.html) - - [ngx_http_gzip_static_module](http://nginx.org/en/docs/http/ngx_http_gzip_static_module.html) - - [ngx_http_mp4_module](http://nginx.org/en/docs/http/ngx_http_mp4_module.html) - - [ngx_http_random_index_module](http://nginx.org/en/docs/http/ngx_http_random_index_module.html) - - [ngx_http_realip_module](http://nginx.org/en/docs/http/ngx_http_realip_module.html) - - [ngx_http_secure_link_module](http://nginx.org/en/docs/http/ngx_http_secure_link_module.html) - - [ngx_http_slice_module](http://nginx.org/en/docs/http/ngx_http_slice_module.html) - - [ngx_http_ssl_module](http://nginx.org/en/docs/http/ngx_http_ssl_module.html) - - [ngx_http_stub_status_module](http://nginx.org/en/docs/http/ngx_http_stub_status_module.html) - - [ngx_http_sub_module](http://nginx.org/en/docs/http/ngx_http_sub_module.html) - - [ngx_http_v2_module](http://nginx.org/en/docs/http/ngx_http_v2_module.html) - - [ngx_mail_ssl_module](http://nginx.org/en/docs/mail/ngx_mail_ssl_module.html) - - [ngx_stream_realip_module](http://nginx.org/en/docs/stream/ngx_stream_realip_module.html) - - [ngx_stream_ssl_module](http://nginx.org/en/docs/stream/ngx_stream_ssl_module.html) - - [ngx_stream_ssl_preread_module](http://nginx.org/en/docs/stream/ngx_stream_ssl_preread_module.html) - - [headers-more-nginx-module](https://github.com/openresty/headers-more-nginx-module) - - [lua-resty-cookie](https://github.com/cloudflare/lua-resty-cookie) - - [lua-resty-dns](https://github.com/openresty/lua-resty-dns) - - [lua-resty-memcached](https://github.com/openresty/lua-resty-memcached) - - [lua-resty-mysql](https://github.com/openresty/lua-resty-mysql) - - [lua-resty-redis](https://github.com/openresty/lua-resty-redis) - - [lua-resty-shell](https://github.com/openresty/lua-resty-shell) - - [lua-resty-upstream-healthcheck](https://github.com/openresty/lua-resty-upstream-healthcheck) - - [lua-resty-websocket](https://github.com/openresty/lua-resty-websocket) - - [nginx-lua-prometheus](https://github.com/knyar/nginx-lua-prometheus) - - [stream-lua-nginx-module](https://github.com/openresty/stream-lua-nginx-module) + - [nginx](https://nginx.org/en/download.html) + - Supported OS + - [Alpine Linux](https://hub.docker.com/_/alpine) (~55MB) + - [Amazon Linux](https://hub.docker.com/_/amazonlinux) (~230MB) + - [Debian](https://hub.docker.com/_/debian) (~260MB) + - [Fedora](https://hub.docker.com/_/fedora) (~375MB) + - [Ubuntu](https://hub.docker.com/_/ubuntu) (~220MB) + - [OpenResty's Branch of LuaJIT 2](https://github.com/openresty/luajit2) + - [Embed the Power of Lua into NGINX HTTP servers](https://github.com/openresty/lua-nginx-module) + - [New FFI-based API for lua-nginx-module](https://github.com/openresty/lua-resty-core) + - [Lua-land LRU Cache based on LuaJIT FFI](https://github.com/openresty/lua-resty-lrucache) + - [Nginx Development Kit](https://github.com/vision5/ngx_devel_kit) + - [LuaRocks](https://luarocks.org/) + -
Additional Modules + + - [ngx_http_addition_module](http://nginx.org/en/docs/http/ngx_http_addition_module.html) + - [ngx_http_auth_request_module](http://nginx.org/en/docs/http/ngx_http_auth_request_module.html) + - [ngx_http_dav_module](http://nginx.org/en/docs/http/ngx_http_dav_module.html) + - [ngx_http_flv_module](http://nginx.org/en/docs/http/ngx_http_flv_module.html) + - [ngx_http_geoip_module](http://nginx.org/en/docs/http/ngx_http_geoip_module.html) + - [ngx_http_gunzip_module](http://nginx.org/en/docs/http/ngx_http_gunzip_module.html) + - [ngx_http_gzip_static_module](http://nginx.org/en/docs/http/ngx_http_gzip_static_module.html) + - [ngx_http_mp4_module](http://nginx.org/en/docs/http/ngx_http_mp4_module.html) + - [ngx_http_random_index_module](http://nginx.org/en/docs/http/ngx_http_random_index_module.html) + - [ngx_http_realip_module](http://nginx.org/en/docs/http/ngx_http_realip_module.html) + - [ngx_http_secure_link_module](http://nginx.org/en/docs/http/ngx_http_secure_link_module.html) + - [ngx_http_slice_module](http://nginx.org/en/docs/http/ngx_http_slice_module.html) + - [ngx_http_ssl_module](http://nginx.org/en/docs/http/ngx_http_ssl_module.html) + - [ngx_http_stub_status_module](http://nginx.org/en/docs/http/ngx_http_stub_status_module.html) + - [ngx_http_sub_module](http://nginx.org/en/docs/http/ngx_http_sub_module.html) + - [ngx_http_v2_module](http://nginx.org/en/docs/http/ngx_http_v2_module.html) + - [ngx_mail_ssl_module](http://nginx.org/en/docs/mail/ngx_mail_ssl_module.html) + - [ngx_stream_realip_module](http://nginx.org/en/docs/stream/ngx_stream_realip_module.html) + - [ngx_stream_ssl_module](http://nginx.org/en/docs/stream/ngx_stream_ssl_module.html) + - [ngx_stream_ssl_preread_module](http://nginx.org/en/docs/stream/ngx_stream_ssl_preread_module.html) + - [headers-more-nginx-module](https://github.com/openresty/headers-more-nginx-module) + - [lua-resty-cookie](https://github.com/cloudflare/lua-resty-cookie) + - [lua-resty-dns](https://github.com/openresty/lua-resty-dns) + - [lua-resty-memcached](https://github.com/openresty/lua-resty-memcached) + - [lua-resty-mysql](https://github.com/openresty/lua-resty-mysql) + - [lua-resty-redis](https://github.com/openresty/lua-resty-redis) + - [lua-resty-shell](https://github.com/openresty/lua-resty-shell) + - [lua-resty-upstream-healthcheck](https://github.com/openresty/lua-resty-upstream-healthcheck) + - [lua-resty-websocket](https://github.com/openresty/lua-resty-websocket) + - [nginx-lua-prometheus](https://github.com/knyar/nginx-lua-prometheus) + - [stream-lua-nginx-module](https://github.com/openresty/stream-lua-nginx-module)
### Compiled Version Details ```console -configure arguments: --prefix=/etc/nginx --sbin-path=/usr/sbin/nginx --modules-path=/usr/lib/nginx/modules --conf-path=/etc/nginx/nginx.conf --error-log-path=/var/log/nginx/error.log --http-log-path=/var/log/nginx/access.log --pid-path=/var/run/nginx.pid --lock-path=/var/run/nginx.lock --http-client-body-temp-path=/var/cache/nginx/client_temp --http-proxy-temp-path=/var/cache/nginx/proxy_temp --http-fastcgi-temp-path=/var/cache/nginx/fastcgi_temp --http-uwsgi-temp-path=/var/cache/nginx/uwsgi_temp --http-scgi-temp-path=/var/cache/nginx/scgi_temp --with-perl_modules_path=/usr/lib/perl5/vendor_perl --user=nginx --group=nginx --with-compat --with-file-aio --with-threads --with-http_addition_module --with-http_auth_request_module --with-http_dav_module --with-http_flv_module --with-http_gunzip_module --with-http_gzip_static_module --with-http_mp4_module --with-http_random_index_module --with-http_realip_module --with-http_secure_link_module --with-http_slice_module --with-http_ssl_module --with-http_stub_status_module --with-http_sub_module --with-http_v2_module --with-mail --with-mail_ssl_module --with-stream --with-stream_realip_module --with-stream_ssl_module --with-stream_ssl_preread_module --add-module=/lua-nginx-module-0.10.17 --add-module=/ngx_devel_kit-0.3.1 --add-module=/lua-upstream-nginx-module-0.07 --add-module=/headers-more-nginx-module-d6d7ebab3c0c5b32ab421ba186783d3e5d2c6a17 --add-module=/stream-lua-nginx-module-0.0.8 --with-cc-opt='-g -O2 -fstack-protector-strong -Wformat -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -fPIC' --with-ld-opt='-Wl,-rpath,/usr/local/lib -Wl,-z,relro -Wl,-z,now -Wl,--as-needed -pie' +configure arguments: --prefix=/etc/nginx --sbin-path=/usr/sbin/nginx --modules-path=/usr/lib/nginx/modules --conf-path=/etc/nginx/nginx.conf --error-log-path=/var/log/nginx/error.log --http-log-path=/var/log/nginx/access.log --pid-path=/var/run/nginx.pid --lock-path=/var/run/nginx.lock --http-client-body-temp-path=/var/cache/nginx/client_temp --http-proxy-temp-path=/var/cache/nginx/proxy_temp --http-fastcgi-temp-path=/var/cache/nginx/fastcgi_temp --http-uwsgi-temp-path=/var/cache/nginx/uwsgi_temp --http-scgi-temp-path=/var/cache/nginx/scgi_temp --with-perl_modules_path=/usr/lib/perl5/vendor_perl --user=nginx --group=nginx --with-compat --with-file-aio --with-threads --with-http_addition_module --with-http_auth_request_module --with-http_dav_module --with-http_flv_module --with-http_gunzip_module --with-http_gzip_static_module --with-http_mp4_module --with-http_random_index_module --with-http_realip_module --with-http_secure_link_module --with-http_slice_module --with-http_ssl_module --with-http_stub_status_module --with-http_sub_module --with-http_v2_module --with-mail --with-mail_ssl_module --with-stream --with-stream_realip_module --with-stream_ssl_module --with-stream_ssl_preread_module --add-module=/lua-nginx-module-0.10.20 --add-module=/ngx_devel_kit-0.3.1 --add-module=/lua-upstream-nginx-module-0.07 --add-module=/headers-more-nginx-module-d6d7ebab3c0c5b32ab421ba186783d3e5d2c6a17 --add-module=/stream-lua-nginx-module-0.0.10 --with-cc-opt='-g -O2 -fstack-protector-strong -Wformat -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -fPIC' --with-ld-opt='-Wl,-rpath,/usr/local/lib -Wl,-z,relro -Wl,-z,now -Wl,--as-needed -pie' ``` The following are the available build-time options. They can be set using the `--build-arg` CLI argument. @@ -369,7 +369,7 @@ The following are the available build-time options. They can be set using the `- :---------------------------- | :----------------------------------------: |:----------- | | `DOCKER_IMAGE` | `fabiocicerchia/nginx-lua` | The image name. | | `DOCKER_IMAGE_OS` | `alpine` | The Docker base image to build `FROM`. | -| `DOCKER_IMAGE_TAG` | `3.14.0` | The Docker image tag to build `FROM`. | +| `DOCKER_IMAGE_TAG` | `3.15.0` | The Docker image tag to build `FROM`. | | `BUILD_DATE` | | This label contains the Date/Time the image was built. | | `VCS_REF` | | Identifier for the version of the source code from which this image was built. | | `EXTENDED_IMAGE` | `1` | Flag to identify if extended image (which contains extra modules). See [Minimal Image](#minimal-image). | @@ -379,7 +379,7 @@ The following are the available build-time options. They can be set using the `- | `LUAJIT_INC` | `/usr/local/include/luajit-2.1` | Tell nginx's build system where to find LuaJIT 2.0 | | `LD_LIBRARY_PATH` | `/usr/local/lib/:$LD_LIBRARY_PATH` | Search path environment variable for the linux shared library. | | `VER_LUA` | `5.4` | The version of [Lua](https://www.lua.org/) to use. | -| `VER_LUAROCKS` | `3.7.0` | The version of [LuaRocks](https://luarocks.org/) to use. | +| `VER_LUAROCKS` | `3.8.0` | The version of [LuaRocks](https://luarocks.org/) to use. | | `VER_LUA_NGINX_MODULE` | `0.10.20` | The version of [ngx_http_lua_module](https://github.com/openresty/lua-nginx-module) to use. | | `VER_LUA_RESTY_CORE` | `0.1.22` | The version of [lua-resty-core](https://github.com/openresty/lua-resty-core) to use. | | `LUA_LIB_DIR` | `/usr/local/share/lua/5.1` | Path to Lua library directory. | @@ -396,10 +396,10 @@ The following are the available build-time options. They can be set using the `- | `VER_LUA_UPSTREAM` | `0.07` | The version of [lua-upstream-nginx-module](https://github.com/openresty/lua-upstream-nginx-module) to use. | | `VER_PROMETHEUS` | `0.20210206` | The version of [nginx-lua-prometheus](https://github.com/knyar/nginx-lua-prometheus) to use. | | `VER_OPENRESTY_STREAMLUA` | `0.0.10` | The version of [stream-lua-nginx-module](https://github.com/openresty/stream-lua-nginx-module) to use. | -| `VER_NGINX` | `1.21.0` | The version of nginx to use. | +| `VER_NGINX` | `1.21.4` | The version of nginx to use. | | `NGX_CFLAGS` | `-g -O2 -fstack-protector-strong -Wformat -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -fPIC` | Sets additional parameters that will be added to the CFLAGS variable. | | `NGX_LDOPT` | `-Wl,-rpath,/usr/local/lib -Wl,-z,relro -Wl,-z,now -Wl,--as-needed -pie` | Sets additional parameters that will be used during linking. | -| `NGINX_BUILD_CONFIG` | `--prefix=/etc/nginx --sbin-path=/usr/sbin/nginx --modules-path=/usr/lib/nginx/modules --conf-path=/etc/nginx/nginx.conf --error-log-path=/var/log/nginx/error.log --http-log-path=/var/log/nginx/access.log --pid-path=/var/run/nginx.pid --lock-path=/var/run/nginx.lock --http-client-body-temp-path=/var/cache/nginx/client_temp --http-fastcgi-temp-path=/var/cache/nginx/fastcgi_temp --http-proxy-temp-path=/var/cache/nginx/proxy_temp --http-scgi-temp-path=/var/cache/nginx/scgi_temp --http-uwsgi-temp-path=/var/cache/nginx/uwsgi_temp --user=nginx --group=nginx --add-module=/lua-nginx-module-${VER_LUA_NGINX_MODULE} --add-module=/ngx_devel_kit-${VER_NGX_DEVEL_KIT} --with-compat --with-file-aio --with-http_addition_module --with-http_auth_request_module --with-http_dav_module --with-http_dav_module --with-http_flv_module --with-http_geoip_module --with-http_gunzip_module --with-http_gzip_static_module --with-http_mp4_module --with-http_random_index_module --with-http_realip_module --with-http_secure_link_module --with-http_slice_module --with-http_ssl_module --with-http_stub_status_module --with-http_sub_module --with-http_v2_module --with-mail --with-mail_ssl_module --with-stream --with-stream_realip_module --with-stream_ssl_module --with-stream_ssl_preread_module --with-threads` | Options to pass to nginx's `./configure` script. | +| `NGINX_BUILD_CONFIG` | `--prefix=/etc/nginx --sbin-path=/usr/sbin/nginx --modules-path=/usr/lib/nginx/modules --conf-path=/etc/nginx/nginx.conf --error-log-path=/var/log/nginx/error.log --http-log-path=/var/log/nginx/access.log --pid-path=/var/run/nginx.pid --lock-path=/var/run/nginx.lock --http-client-body-temp-path=/var/cache/nginx/client_temp --http-proxy-temp-path=/var/cache/nginx/proxy_temp --http-fastcgi-temp-path=/var/cache/nginx/fastcgi_temp --http-uwsgi-temp-path=/var/cache/nginx/uwsgi_temp --http-scgi-temp-path=/var/cache/nginx/scgi_temp --with-perl_modules_path=/usr/lib/perl5/vendor_perl --user=nginx --group=nginx --with-compat --with-file-aio --with-threads --with-http_addition_module --with-http_auth_request_module --with-http_dav_module --with-http_flv_module --with-http_gunzip_module --with-http_gzip_static_module --with-http_mp4_module --with-http_random_index_module --with-http_realip_module --with-http_secure_link_module --with-http_slice_module --with-http_ssl_module --with-http_stub_status_module --with-http_sub_module --with-http_v2_module --with-mail --with-mail_ssl_module --with-stream --with-stream_realip_module --with-stream_ssl_module --with-stream_ssl_preread_module --add-module=/lua-nginx-module-0.10.20 --add-module=/ngx_devel_kit-0.3.1 --add-module=/lua-upstream-nginx-module-0.07 ` | Options to pass to nginx's `./configure` script. | | `BUILD_DEPS` | Differs based on the distro | List of needed packages to build properly the software. | | `NGINX_BUILD_DEPS` | Differs based on the distro | List of needed packages to build properly nginx. | | `PKG_DEPS` | Differs based on the distro | List of needed packages to run properly the software. | @@ -458,6 +458,21 @@ Provides Nginx + Lua + extra lua modules. Uses Alpine, Amazon Linux, Debian, Fed Provides Nginx + Lua + extra lua modules. Uses pinned version for Alpine, Amazon Linux, Debian, Fedora, Ubuntu for base image. +### `fabiocicerchia/nginx-lua:-compat` + +The default Nginx + Lua + extra lua modules image. Uses Alpine for base image. Enables LUA 5.1 Compatibility. +**WARNING:** This version has a compiled version of LUA and not using the version distributed by the OS's packet manager. + +### `fabiocicerchia/nginx-lua:--compat` + +Provides Nginx + Lua + extra lua modules. Uses Alpine, Amazon Linux, Debian, Fedora, Ubuntu for base image. Enables LUA 5.1 Compatibility. +**WARNING:** This version has a compiled version of LUA and not using the version distributed by the OS's packet manager. + +### `fabiocicerchia/nginx-lua:--compat` + +Provides Nginx + Lua + extra lua modules. Uses pinned version for Alpine, Amazon Linux, Debian, Fedora, Ubuntu for base image. Enables LUA 5.1 Compatibility. +**WARNING:** This version has a compiled version of LUA and not using the version distributed by the OS's packet manager. + ### `fabiocicerchia/nginx-lua:-minimal` Provides Nginx + Lua image. Uses Alpine for base image. @@ -491,7 +506,7 @@ If you need to extend the functionality of the existing image, you could build y For the list of values do refer to the [relative section](#compiled-version-details). ```console -$ docker build +$ docker build \ --build-arg NGINX_BUILD_CONFIG=... \ # nginx build flags --build-arg BUILD_DEPS=... \ # packages needed for building phase --build-arg NGINX_BUILD_DEPS=... \ # packages needed for building phase by nginx @@ -509,14 +524,14 @@ $ docker inspect fabiocicerchia/nginx-lua:1-alpine | jq '.[].Config.Labels' { "maintainer": "Fabio Cicerchia ", "org.label-schema.build-date": "1970-01-01T00:00:00Z", - "org.label-schema.description": "Nginx 1.21.0 with Lua support based on alpine 3.14.0.", - "org.label-schema.docker.cmd": "docker run -p 80:80 -d fabiocicerchia/nginx-lua:1.21.0-alpine3.14.0", + "org.label-schema.description": "Nginx 1.21.4 with Lua support based on alpine 3.15.0.", + "org.label-schema.docker.cmd": "docker run -p 80:80 -d fabiocicerchia/nginx-lua:1.21.4-alpine3.15.0", "org.label-schema.name": "fabiocicerchia/nginx-lua", "org.label-schema.schema-version": "1.0", "org.label-schema.url": "https://github.com/fabiocicerchia/nginx-lua", - "org.label-schema.vcs-ref": "0585e8c", + "org.label-schema.vcs-ref": "36db2a3", "org.label-schema.vcs-url": "https://github.com/fabiocicerchia/nginx-lua", - "org.label-schema.version": "1.21.0-alpine3.14.0", + "org.label-schema.version": "1.21.4-alpine3.15.0", "versions.extended": "1", "versions.headers-more-nginx-module": "d6d7ebab3c0c5b32ab421ba186783d3e5d2c6a17", "versions.lua": "5.4", @@ -534,10 +549,10 @@ $ docker inspect fabiocicerchia/nginx-lua:1-alpine | jq '.[].Config.Labels' "versions.lua-upstream": "0.07", "versions.luajit2": "2.1-20210510", "versions.luarocks": "3.7.0", - "versions.nginx": "1.21.0", + "versions.nginx": "1.21.4", "versions.nginx-lua-prometheus": "0.20210206", "versions.ngx_devel_kit": "0.3.1", - "versions.os": "3.14.0", + "versions.os": "3.15.0", "versions.stream-lua-nginx-module": "0.0.10" } ``` diff --git a/bin/docker-build.sh b/bin/docker-build.sh index 9913f3ac..330f63a0 100755 --- a/bin/docker-build.sh +++ b/bin/docker-build.sh @@ -4,25 +4,7 @@ source ./bin/_common.sh source supported_versions -function build() { - DOCKERFILE_PATH="nginx/$NGINX_VER/$OS/$OS_VER" - DOCKERFILE="$DOCKERFILE_PATH/Dockerfile" - - MAJOR=$(echo "$NGINX_VER" | cut -d '.' -f 1) - MINOR="$MAJOR".$(echo "$NGINX_VER" | cut -d '.' -f 2) - PATCH="$NGINX_VER" - - if [ "$FORCE" == "0" ]; then - if [ "$(docker_tag_exists fabiocicerchia/nginx-lua "$PATCH-$OS$OS_VER")" == "0" ]; then - return - fi - fi - - SUFFIX="" - if [ "$EXTENDED_IMAGE" -eq "0" ]; then - SUFFIX="${SUFFIX}-minimal" - fi - +function get_tags() { TAGS="" if [ "$LAST_VER_NGINX$LAST_VER_OS$DEFAULT_IMAGE" == "111" ]; then TAGS="$TAGS -t fabiocicerchia/nginx-lua:$MAJOR$SUFFIX" @@ -46,9 +28,69 @@ function build() { TAGS="$TAGS -t fabiocicerchia/nginx-lua:$MINOR-$OS$OS_VER$SUFFIX" TAGS="$TAGS -t fabiocicerchia/nginx-lua:$MAJOR-$OS$OS_VER$SUFFIX" + echo $TAGS +} + +function build() { + DOCKERFILE_PATH="nginx/$NGINX_VER/$OS/$OS_VER" + DOCKERFILE="$DOCKERFILE_PATH/Dockerfile" + + MAJOR=$(echo "$NGINX_VER" | cut -d '.' -f 1) + MINOR="$MAJOR".$(echo "$NGINX_VER" | cut -d '.' -f 2) + PATCH="$NGINX_VER" + + SUFFIX="" + if [ "$EXTENDED_IMAGE" -eq "0" ]; then + SUFFIX="${SUFFIX}-minimal" + fi + + if [ "$FORCE" == "0" ]; then + if [ "$(docker_tag_exists fabiocicerchia/nginx-lua "$PATCH-$OS$OS_VER$SUFFIX")" == "0" ]; then + return + fi + fi + + TAGS=$(get_tags) + + BUILD_DATE=$(date -u +"%Y-%m-%dT%H:%M:%SZ") + VCS_REF=$(git rev-parse --short HEAD) + + # REF: https://pascalroeleven.nl/2021/09/09/ubuntu-21-10-and-fedora-35-in-docker/ + # https://github.com/docker/buildx/issues/99 + time docker buildx build \ + --progress=plain \ + --build-arg EXTENDED_IMAGE="$EXTENDED_IMAGE" \ + --build-arg BUILD_DATE="$BUILD_DATE" \ + --build-arg VCS_REF="$VCS_REF" \ + $TAGS \ + -f "$DOCKERFILE" . +} + +function build_compat() { + DOCKERFILE_PATH="nginx/$NGINX_VER/$OS/$OS_VER" + DOCKERFILE="$DOCKERFILE_PATH/Dockerfile-compat" + + MAJOR=$(echo "$NGINX_VER" | cut -d '.' -f 1) + MINOR="$MAJOR".$(echo "$NGINX_VER" | cut -d '.' -f 2) + PATCH="$NGINX_VER" + + SUFFIX="-compat" + if [ "$EXTENDED_IMAGE" -eq "0" ]; then + SUFFIX="${SUFFIX}-minimal" + fi + + if [ "$FORCE" == "0" ]; then + if [ "$(docker_tag_exists fabiocicerchia/nginx-lua "$PATCH-$OS$OS_VER$SUFFIX")" == "0" ]; then + return + fi + fi + + TAGS=$(get_tags) + BUILD_DATE=$(date -u +"%Y-%m-%dT%H:%M:%SZ") VCS_REF=$(git rev-parse --short HEAD) - time docker build \ + time docker buildx build \ + --progress=plain \ --build-arg EXTENDED_IMAGE="$EXTENDED_IMAGE" \ --build-arg BUILD_DATE="$BUILD_DATE" \ --build-arg VCS_REF="$VCS_REF" \ @@ -70,5 +112,6 @@ fi VERSIONS=($(get_versions "$OS")) loop_over_nginx_with_os "$OS" "build" +loop_over_nginx_with_os "$OS" "build_compat" docker images diff --git a/bin/docker-push.sh b/bin/docker-push.sh index 2108f326..774000fd 100755 --- a/bin/docker-push.sh +++ b/bin/docker-push.sh @@ -15,40 +15,58 @@ function docker_push() { fi } -function push() { - MAJOR=$(echo "$NGINX_VER" | cut -d '.' -f 1) - MINOR="$MAJOR".$(echo "$NGINX_VER" | cut -d '.' -f 2) - PATCH="$NGINX_VER" +function push_images() { + SUFFIX=$1 if [ "$FORCE" == "0" ]; then - if [ "$(docker_tag_exists fabiocicerchia/nginx-lua "$PATCH-$OS$OS_VER")" == "0" ]; then + if [ "$(docker_tag_exists fabiocicerchia/nginx-lua "$PATCH-$OS$OS_VER$SUFFIX")" == "0" ]; then return fi fi - [[ $(docker image ls -q fabiocicerchia/nginx-lua:"$MAJOR-$OS$OS_VER" | wc -l) -ne 0 ]] && docker_push "$MAJOR-$OS$OS_VER" - [[ $(docker image ls -q fabiocicerchia/nginx-lua:"$MINOR-$OS$OS_VER" | wc -l) -ne 0 ]] && docker_push "$MINOR-$OS$OS_VER" - [[ $(docker image ls -q fabiocicerchia/nginx-lua:"$PATCH-$OS$OS_VER" | wc -l) -ne 0 ]] && docker_push "$PATCH-$OS$OS_VER" + [[ $(docker image ls -q fabiocicerchia/nginx-lua:"$MAJOR-$OS$OS_VER$SUFFIX" | wc -l) -ne 0 ]] && docker_push "$MAJOR-$OS$OS_VER$SUFFIX" + [[ $(docker image ls -q fabiocicerchia/nginx-lua:"$MINOR-$OS$OS_VER$SUFFIX" | wc -l) -ne 0 ]] && docker_push "$MINOR-$OS$OS_VER$SUFFIX" + [[ $(docker image ls -q fabiocicerchia/nginx-lua:"$PATCH-$OS$OS_VER$SUFFIX" | wc -l) -ne 0 ]] && docker_push "$PATCH-$OS$OS_VER$SUFFIX" if [ "$LAST_VER_NGINX$LAST_VER_OS$DEFAULT_IMAGE" == "111" ]; then - [[ $(docker image ls -q fabiocicerchia/nginx-lua:"$MAJOR" | wc -l) -ne 0 ]] && docker_push "$MAJOR" - [[ $(docker image ls -q fabiocicerchia/nginx-lua:"$MINOR" | wc -l) -ne 0 ]] && docker_push "$MINOR" - [[ $(docker image ls -q fabiocicerchia/nginx-lua:"$PATCH" | wc -l) -ne 0 ]] && docker_push "$PATCH" - [[ $(docker image ls -q fabiocicerchia/nginx-lua:latest | wc -l) -ne 0 ]] && docker push fabiocicerchia/nginx-lua:latest + [[ $(docker image ls -q fabiocicerchia/nginx-lua:"$MAJOR$SUFFIX" | wc -l) -ne 0 ]] && docker_push "$MAJOR$SUFFIX" + [[ $(docker image ls -q fabiocicerchia/nginx-lua:"$MINOR$SUFFIX" | wc -l) -ne 0 ]] && docker_push "$MINOR$SUFFIX" + [[ $(docker image ls -q fabiocicerchia/nginx-lua:"$PATCH$SUFFIX" | wc -l) -ne 0 ]] && docker_push "$PATCH$SUFFIX" + [[ $(docker image ls -q "fabiocicerchia/nginx-lua:latest$SUFFIX" | wc -l) -ne 0 ]] && docker push "fabiocicerchia/nginx-lua:latest$SUFFIX" fi if [ "$LAST_VER_NGINX$LAST_VER_OS" == "11" ]; then - [[ $(docker image ls -q fabiocicerchia/nginx-lua:"$OS" | wc -l) -ne 0 ]] && docker_push "$OS" - [[ $(docker image ls -q fabiocicerchia/nginx-lua:"$MAJOR-$OS" | wc -l) -ne 0 ]] && docker_push "$MAJOR-$OS" - [[ $(docker image ls -q fabiocicerchia/nginx-lua:"$MAJOR-$OS$OS_VER" | wc -l) -ne 0 ]] && docker_push "$MAJOR-$OS$OS_VER" + [[ $(docker image ls -q fabiocicerchia/nginx-lua:"$OS$SUFFIX" | wc -l) -ne 0 ]] && docker_push "$OS$SUFFIX" + [[ $(docker image ls -q fabiocicerchia/nginx-lua:"$MAJOR-$OS$SUFFIX" | wc -l) -ne 0 ]] && docker_push "$MAJOR-$OS$SUFFIX" + [[ $(docker image ls -q fabiocicerchia/nginx-lua:"$MAJOR-$OS$OS_VER$SUFFIX" | wc -l) -ne 0 ]] && docker_push "$MAJOR-$OS$OS_VER$SUFFIX" fi if [ "$LAST_VER_OS" == "1" ]; then - [[ $(docker image ls -q fabiocicerchia/nginx-lua:"$MINOR-$OS" | wc -l) -ne 0 ]] && docker_push "$MINOR-$OS" - [[ $(docker image ls -q fabiocicerchia/nginx-lua:"$PATCH-$OS" | wc -l) -ne 0 ]] && docker_push "$PATCH-$OS" + [[ $(docker image ls -q fabiocicerchia/nginx-lua:"$MINOR-$OS$SUFFIX" | wc -l) -ne 0 ]] && docker_push "$MINOR-$OS$SUFFIX" + [[ $(docker image ls -q fabiocicerchia/nginx-lua:"$PATCH-$OS$SUFFIX" | wc -l) -ne 0 ]] && docker_push "$PATCH-$OS$SUFFIX" fi } +function push() { + MAJOR=$(echo "$NGINX_VER" | cut -d '.' -f 1) + MINOR="$MAJOR".$(echo "$NGINX_VER" | cut -d '.' -f 2) + PATCH="$NGINX_VER" + + SUFFIX="" + + push_images "$SUFFIX" +} + +function push_compat() { + MAJOR=$(echo "$NGINX_VER" | cut -d '.' -f 1) + MINOR="$MAJOR".$(echo "$NGINX_VER" | cut -d '.' -f 2) + PATCH="$NGINX_VER" + + SUFFIX="-compat" + + push_images "$SUFFIX" +} + set -eux OS=$1 @@ -59,3 +77,4 @@ fi VERSIONS=($(get_versions "$OS")) loop_over_nginx_with_os "$OS" "push" +loop_over_nginx_with_os "$OS" "push-compat" diff --git a/bin/generate-dockerfiles.sh b/bin/generate-dockerfiles.sh index d05378cb..d4a53fe8 100755 --- a/bin/generate-dockerfiles.sh +++ b/bin/generate-dockerfiles.sh @@ -4,12 +4,8 @@ source ./bin/_common.sh source supported_versions -function init_dockerfile() { - DOCKERFILE_PATH="nginx/$NGINX_VER/$OS/$OS_VER" - DOCKERFILE="$DOCKERFILE_PATH/Dockerfile" - - mkdir -p "$DOCKERFILE_PATH" 2>/dev/null - cp "tpl/Dockerfile.$OS" "$DOCKERFILE" +function patch_dockerfile() { + DOCKERFILE=$1 if [ "$(uname)" == "Darwin" ]; then sed -i "" "s/{{DOCKER_IMAGE}}/fabiocicerchia\/nginx-lua/" "$DOCKERFILE" @@ -24,10 +20,31 @@ function init_dockerfile() { fi } +function init_dockerfile() { + DOCKERFILE_PATH="nginx/$NGINX_VER/$OS/$OS_VER" + DOCKERFILE="$DOCKERFILE_PATH/Dockerfile" + + mkdir -p "$DOCKERFILE_PATH" 2>/dev/null + cp "tpl/Dockerfile.$OS" "$DOCKERFILE" + + patch_dockerfile "$DOCKERFILE" +} + +function init_dockerfile_compat() { + DOCKERFILE_PATH="nginx/$NGINX_VER/$OS/$OS_VER" + DOCKERFILE="$DOCKERFILE_PATH/Dockerfile-compat" + + mkdir -p "$DOCKERFILE_PATH" 2>/dev/null + cp "tpl/Dockerfile.$OS-compat" "$DOCKERFILE" + + patch_dockerfile "$DOCKERFILE" +} + set -eux loop_over_nginx "init_dockerfile" +loop_over_nginx "init_dockerfile_compat" rm ./Dockerfile -DOCKEFILE=$(find nginx/*/alpine/*/Dockerfile -type f | sort -r | head -n1) -cp "$DOCKEFILE" ./Dockerfile +DOCKERFILE=$(find nginx/*/alpine/*/Dockerfile -type f | sort -r | head -n1) +cp "$DOCKERFILE" ./Dockerfile diff --git a/bin/test.sh b/bin/test.sh index c5158cdb..866400a1 100755 --- a/bin/test.sh +++ b/bin/test.sh @@ -12,6 +12,8 @@ function test() { FOUND=$(docker image ls -q fabiocicerchia/nginx-lua:"$DOCKER_TAG" | wc -l) if [ "$FOUND" -ne "0" ]; then docker run -d --name nginx_lua_test -p 8080:80 -v "$PWD"/test/nginx-lua.conf:/etc/nginx/nginx.conf fabiocicerchia/nginx-lua:"$DOCKER_TAG" + # TODO: THIS WORKS ONLY FOR ALPINE!! + docker exec -it nginx_lua_test "apk add gcc musl-dev coreutils && luarocks install lua-cjson" COUNT=0 until [ $COUNT -eq 20 ] || [ "$( curl --output /dev/null --silent --head --fail http://localhost:8080 @@ -23,6 +25,17 @@ function test() { done curl -v http://localhost:8080 | grep "Welcome to nginx" || exit 1 curl -v http://localhost:8080/lua_content | grep "Hello world" || exit 1 + #curl -v --fail http://localhost:8080/status + #curl -v --fail http://localhost:8080/socket + #curl -v --fail http://localhost:8080/shell + #curl -v --fail http://localhost:8080/dns + #curl -v --fail http://localhost:8080/cookie + #curl -v --fail http://localhost:8080/bar + #curl -v --fail http://localhost:8080/type + #curl -v --fail http://localhost:8080/foo + # TODO: NEED TO TEST THIS ONLY ON COMPAT + #curl -v --fail http://localhost:8080/cjson + docker rm -f nginx_lua_test fi } diff --git a/nginx/1.21.4/alpine/3.15.0/Dockerfile b/nginx/1.21.4/alpine/3.15.0/Dockerfile index f693a213..4650e6fe 100644 --- a/nginx/1.21.4/alpine/3.15.0/Dockerfile +++ b/nginx/1.21.4/alpine/3.15.0/Dockerfile @@ -115,7 +115,7 @@ ENV VER_OPENRESTY_WEBSOCKET=$VER_OPENRESTY_WEBSOCKET # lua-rocks # https://luarocks.github.io/luarocks/releases/ -ARG VER_LUAROCKS=3.7.0 +ARG VER_LUAROCKS=3.8.0 ENV VER_LUAROCKS=$VER_LUAROCKS # lua-upstream-nginx-module diff --git a/nginx/1.21.4/alpine/3.15.0/Dockerfile-compat b/nginx/1.21.4/alpine/3.15.0/Dockerfile-compat new file mode 100644 index 00000000..e3f5be05 --- /dev/null +++ b/nginx/1.21.4/alpine/3.15.0/Dockerfile-compat @@ -0,0 +1,369 @@ +# __ __ +# .-----.-----.|__|.-----.--.--.______| |.--.--.---.-. +# | | _ || || |_ _|______| || | | _ | +# |__|__|___ ||__||__|__|__.__| |__||_____|___._| +# |_____| +# +# Copyright (c) 2020 Fabio Cicerchia. https://fabiocicerchia.it. MIT License +# Repo: https://github.com/fabiocicerchia/nginx-lua + +############################# +# Settings Common Variables # +############################# +FROM alpine:3.15.0 AS base + +ARG DOCKER_IMAGE=fabiocicerchia/nginx-lua +ENV DOCKER_IMAGE=$DOCKER_IMAGE +ARG DOCKER_IMAGE_OS=alpine +ENV DOCKER_IMAGE_OS=$DOCKER_IMAGE_OS +ARG DOCKER_IMAGE_TAG=3.15.0 +ENV DOCKER_IMAGE_TAG=$DOCKER_IMAGE_TAG + +ARG BUILD_DATE +ENV BUILD_DATE=$BUILD_DATE +ARG VCS_REF +ENV VCS_REF=$VCS_REF + +ARG EXTENDED_IMAGE=1 +ENV EXTENDED_IMAGE=$EXTENDED_IMAGE + +# lua +ARG VER_LUA=5.4.3 +ENV VER_LUA=$VER_LUA + +# ngx_devel_kit +# https://github.com/vision5/ngx_devel_kit/releases +# The NDK is now considered to be stable. +ARG VER_NGX_DEVEL_KIT=0.3.1 +ENV VER_NGX_DEVEL_KIT=$VER_NGX_DEVEL_KIT + +# luajit2 +# https://github.com/openresty/luajit2/releases +ARG VER_LUAJIT=2.1-20210510 +ENV VER_LUAJIT=$VER_LUAJIT +ARG LUAJIT_LIB=/usr/local/lib +ENV LUAJIT_LIB=$LUAJIT_LIB +ARG LUAJIT_INC=/usr/local/include/luajit-2.1 +ENV LUAJIT_INC=$LUAJIT_INC +ENV LUA_INCDIR=$LUAJIT_INC +ARG LD_LIBRARY_PATH=/usr/local/lib/:$LD_LIBRARY_PATH +ENV LD_LIBRARY_PATH=$LD_LIBRARY_PATH + +# lua-nginx-module +# https://github.com/openresty/lua-nginx-module/releases +# Production ready. +ARG VER_LUA_NGINX_MODULE=0.10.20 +ENV VER_LUA_NGINX_MODULE=$VER_LUA_NGINX_MODULE + +# lua-resty-core +# https://github.com/openresty/lua-resty-core/releases +# This library is production ready. +ARG VER_LUA_RESTY_CORE=0.1.22 +ENV VER_LUA_RESTY_CORE=$VER_LUA_RESTY_CORE +ARG LUA_LIB_DIR=/usr/local/share/lua/5.1 +ENV LUA_LIB_DIR=$LUA_LIB_DIR + +# lua-resty-lrucache +# https://github.com/openresty/lua-resty-lrucache/releases +# This library is considered production ready. +ARG VER_LUA_RESTY_LRUCACHE=0.11 +ENV VER_LUA_RESTY_LRUCACHE=$VER_LUA_RESTY_LRUCACHE + +# headers-more-nginx-module +# https://github.com/openresty/headers-more-nginx-module/commits/master +ARG VER_OPENRESTY_HEADERS=d6d7ebab3c0c5b32ab421ba186783d3e5d2c6a17 +ENV VER_OPENRESTY_HEADERS=$VER_OPENRESTY_HEADERS + +# lua-resty-cookie +# https://github.com/cloudflare/lua-resty-cookie/commits/master +ARG VER_CLOUDFLARE_COOKIE=303e32e512defced053a6484bc0745cf9dc0d39e +ENV VER_CLOUDFLARE_COOKIE=$VER_CLOUDFLARE_COOKIE + +# lua-resty-dns +# https://github.com/openresty/lua-resty-dns/releases +ARG VER_OPENRESTY_DNS=0.22 +ENV VER_OPENRESTY_DNS=$VER_OPENRESTY_DNS + +# lua-resty-memcached +# https://github.com/openresty/lua-resty-memcached/releases +ARG VER_OPENRESTY_MEMCACHED=0.16 +ENV VER_OPENRESTY_MEMCACHED=$VER_OPENRESTY_MEMCACHED + +# lua-resty-mysql +# https://github.com/openresty/lua-resty-mysql/releases +ARG VER_OPENRESTY_MYSQL=0.24 +ENV VER_OPENRESTY_MYSQL=$VER_OPENRESTY_MYSQL + +# lua-resty-redis +# https://github.com/openresty/lua-resty-redis/releases +ARG VER_OPENRESTY_REDIS=0.29 +ENV VER_OPENRESTY_REDIS=$VER_OPENRESTY_REDIS + +# lua-resty-shell +# https://github.com/openresty/lua-resty-shell/releases +ARG VER_OPENRESTY_SHELL=0.03 +ENV VER_OPENRESTY_SHELL=$VER_OPENRESTY_SHELL + +# lua-resty-upstream-healthcheck +# https://github.com/openresty/lua-resty-upstream-healthcheck/releases +ARG VER_OPENRESTY_HEALTHCHECK=0.06 +ENV VER_OPENRESTY_HEALTHCHECK=$VER_OPENRESTY_HEALTHCHECK + +# lua-resty-websocket +# https://github.com/openresty/lua-resty-websocket/releases +ARG VER_OPENRESTY_WEBSOCKET=0.08 +ENV VER_OPENRESTY_WEBSOCKET=$VER_OPENRESTY_WEBSOCKET + +# lua-rocks +# https://luarocks.github.io/luarocks/releases/ +ARG VER_LUAROCKS=3.8.0 +ENV VER_LUAROCKS=$VER_LUAROCKS + +# lua-upstream-nginx-module +# https://github.com/openresty/lua-upstream-nginx-module/releases +ARG VER_LUA_UPSTREAM=0.07 +ENV VER_LUA_UPSTREAM=$VER_LUA_UPSTREAM + +# nginx-lua-prometheus +# https://github.com/knyar/nginx-lua-prometheus/releases +ARG VER_PROMETHEUS=0.20210206 +ENV VER_PROMETHEUS=$VER_PROMETHEUS + +# stream-lua-nginx-module +# https://github.com/openresty/stream-lua-nginx-module/releases +ARG VER_OPENRESTY_STREAMLUA=0.0.10 +ENV VER_OPENRESTY_STREAMLUA=$VER_OPENRESTY_STREAMLUA + +# https://github.com/nginx/nginx/releases +ARG VER_NGINX=1.21.4 +ENV VER_NGINX=$VER_NGINX +ARG NGX_CFLAGS="-g -O2 -fstack-protector-strong -Wformat -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -fPIC" +ENV NGX_CFLAGS=$NGX_CFLAGS +ARG NGX_LDOPT="-Wl,-rpath,/usr/local/lib -Wl,-z,relro -Wl,-z,now -Wl,--as-needed -pie" +ENV NGX_LDOPT=$NGX_LDOPT +ARG NGINX_BUILD_CONFIG="\ + --prefix=/etc/nginx \ + --sbin-path=/usr/sbin/nginx \ + --modules-path=/usr/lib/nginx/modules \ + --conf-path=/etc/nginx/nginx.conf \ + --error-log-path=/var/log/nginx/error.log \ + --http-log-path=/var/log/nginx/access.log \ + --pid-path=/var/run/nginx.pid \ + --lock-path=/var/run/nginx.lock \ + --http-client-body-temp-path=/var/cache/nginx/client_temp \ + --http-proxy-temp-path=/var/cache/nginx/proxy_temp \ + --http-fastcgi-temp-path=/var/cache/nginx/fastcgi_temp \ + --http-uwsgi-temp-path=/var/cache/nginx/uwsgi_temp \ + --http-scgi-temp-path=/var/cache/nginx/scgi_temp \ + --with-perl_modules_path=/usr/lib/perl5/vendor_perl \ + --user=nginx \ + --group=nginx \ + --with-compat \ + --with-file-aio \ + --with-threads \ + --with-http_addition_module \ + --with-http_auth_request_module \ + --with-http_dav_module \ + --with-http_flv_module \ + --with-http_gunzip_module \ + --with-http_gzip_static_module \ + --with-http_mp4_module \ + --with-http_random_index_module \ + --with-http_realip_module \ + --with-http_secure_link_module \ + --with-http_slice_module \ + --with-http_ssl_module \ + --with-http_stub_status_module \ + --with-http_sub_module \ + --with-http_v2_module \ + --with-mail \ + --with-mail_ssl_module \ + --with-stream \ + --with-stream_realip_module \ + --with-stream_ssl_module \ + --with-stream_ssl_preread_module \ + --add-module=/lua-nginx-module-${VER_LUA_NGINX_MODULE} \ + --add-module=/ngx_devel_kit-${VER_NGX_DEVEL_KIT} \ + --add-module=/lua-upstream-nginx-module-${VER_LUA_UPSTREAM} \ +" +ENV NGINX_BUILD_CONFIG=$NGINX_BUILD_CONFIG + +ARG BUILD_DEPS="\ + curl \ + g++ \ + geoip-dev \ + gzip \ + make \ + openssl-dev \ + pcre-dev \ + tar \ + zlib-dev \ +" +ENV BUILD_DEPS=$BUILD_DEPS + +ARG NGINX_BUILD_DEPS="\ +# NGINX + alpine-sdk \ + bash \ + findutils \ + gcc \ + gd-dev \ + geoip-dev \ + libc-dev \ + libedit-dev \ + libxslt-dev \ + linux-headers \ + make \ + openssl-dev \ + pcre-dev \ + perl-dev \ + zlib-dev \ +" +ENV NGINX_BUILD_DEPS=$NGINX_BUILD_DEPS + +#################################### +# Build Nginx with support for LUA # +#################################### +FROM base AS builder + +COPY tpl/Makefile Makefile + +# TODO: NGINX_BUILD_CONFIG not updated +# hadolint ignore=SC2086 +RUN set -eux \ + && apk update \ + && apk add --no-cache \ + $BUILD_DEPS \ + $NGINX_BUILD_DEPS \ + && [ $EXTENDED_IMAGE -eq 1 ] && \ + NGINX_BUILD_CONFIG="${NGINX_BUILD_CONFIG} \ + --add-module=/headers-more-nginx-module-${VER_OPENRESTY_HEADERS} \ + --add-module=/stream-lua-nginx-module-${VER_OPENRESTY_STREAMLUA} \ + " \ + && make -j "$(nproc)" lua-src \ + && make -j "$(nproc)" deps \ + && make -j "$(nproc)" core \ + && make -j "$(nproc)" luarocks + +########################################## +# Combine everything with minimal layers # +########################################## +FROM base + +# http://label-schema.org/rc1/ +LABEL maintainer="Fabio Cicerchia " \ + org.label-schema.build-date=$BUILD_DATE \ + org.label-schema.description="Nginx $VER_NGINX with Lua support based on $DOCKER_IMAGE_OS $DOCKER_IMAGE_TAG." \ + org.label-schema.docker.cmd="docker run -p 80:80 -d $DOCKER_IMAGE:$VER_NGINX-$DOCKER_IMAGE_OS$DOCKER_IMAGE_TAG" \ + org.label-schema.name="$DOCKER_IMAGE" \ + org.label-schema.schema-version="1.0" \ + org.label-schema.url="https://github.com/$DOCKER_IMAGE" \ + org.label-schema.vcs-ref=$VCS_REF \ + org.label-schema.vcs-url="https://github.com/$DOCKER_IMAGE" \ + org.label-schema.version="$VER_NGINX-$DOCKER_IMAGE_OS$DOCKER_IMAGE_TAG" \ + versions.extended=${EXTENDED_IMAGE} \ + versions.headers-more-nginx-module=${VER_OPENRESTY_HEADERS} \ + versions.lua=${VER_LUA} \ + versions.luarocks=${VER_LUAROCKS} \ + versions.lua-nginx-module=${VER_LUA_NGINX_MODULE} \ + versions.lua-resty-cookie=${VER_CLOUDFLARE_COOKIE} \ + versions.lua-resty-core=${VER_LUA_RESTY_CORE} \ + versions.lua-resty-dns=${VER_OPENRESTY_DNS} \ + versions.lua-resty-lrucache=${VER_LUA_RESTY_LRUCACHE} \ + versions.lua-resty-memcached=${VER_OPENRESTY_MEMCACHED} \ + versions.lua-resty-mysql=${VER_OPENRESTY_MYSQL} \ + versions.lua-resty-redis=${VER_OPENRESTY_REDIS} \ + versions.lua-resty-shell=${VER_OPENRESTY_SHELL} \ + versions.lua-resty-upstream-healthcheck=${VER_OPENRESTY_HEALTHCHECK} \ + versions.lua-resty-websocket=${VER_OPENRESTY_WEBSOCKET} \ + versions.lua-upstream=${VER_LUA_UPSTREAM} \ + versions.luajit2=${VER_LUAJIT} \ + versions.nginx-lua-prometheus=${VER_PROMETHEUS} \ + versions.nginx=${VER_NGINX} \ + versions.ngx_devel_kit=${VER_NGX_DEVEL_KIT} \ + versions.os=${DOCKER_IMAGE_TAG} \ + versions.stream-lua-nginx-module=${VER_OPENRESTY_STREAMLUA} + +ARG PKG_DEPS="\ + geoip-dev \ + openssl-dev \ + pcre-dev \ + unzip \ + zlib-dev \ +" +ENV PKG_DEPS=$PKG_DEPS + +COPY --from=builder /etc/nginx /etc/nginx +COPY --from=builder /usr/local/lib /usr/local/lib +COPY --from=builder /usr/local/share/lua /usr/local/share/lua +COPY --from=builder /usr/sbin/nginx /usr/sbin/nginx +COPY --from=builder /usr/sbin/nginx-debug /usr/sbin/nginx-debug +COPY --from=builder /var/cache/nginx /var/cache/nginx +COPY --from=builder /usr/local/bin/lua /usr/local/bin/lua +COPY --from=builder /usr/local/bin/luajit /usr/local/bin/luajit +COPY --from=builder /usr/local/bin/luarocks /usr/local/bin/luarocks +COPY --from=builder /usr/local/etc/luarocks /usr/local/etc/luarocks +COPY --from=builder $LUAJIT_INC $LUAJIT_INC + +SHELL ["/bin/ash", "-eo", "pipefail", "-c"] + +# hadolint ignore=SC2086 +RUN set -eux \ + && apk update \ + && apk add --no-cache --virtual .pkg_deps \ + $PKG_DEPS \ +# Bring in gettext so we can get `envsubst`, then throw +# the rest away. To do this, we need to install `gettext` +# then move `envsubst` out of the way so `gettext` can +# be deleted completely, then move `envsubst` back. + && apk add --no-cache --virtual .gettext gettext \ + && mv /usr/bin/envsubst /tmp/ \ + && runDeps="$( \ + scanelf --needed --nobanner /tmp/envsubst \ + | awk '{ gsub(/,/, "\nso:", $2); print "so:" $2 }' \ + | sort -u \ + | xargs -r apk info --installed \ + | sort -u \ + )" \ + && apk add --no-cache --virtual .run_deps $runDeps \ + && apk del .gettext \ + && mv /tmp/envsubst /usr/local/bin/ \ +# Bring in tzdata so users could set the timezones through the environment +# variables + && apk add --no-cache --virtual pkg_tz tzdata \ +# Bring in curl and ca-certificates to make registering on DNS SD easier + && apk add --no-cache --virtual pkg_dns curl ca-certificates \ +# forward request and error logs to docker log collector + && mkdir -p /var/log/nginx \ + && ln -sf /dev/stdout /var/log/nginx/access.log \ + && ln -sf /dev/stderr /var/log/nginx/error.log \ +# create nginx user/group first, to be consistent throughout docker variants + && addgroup -g 101 -S nginx \ + && adduser -S -D -H -u 101 -h /var/cache/nginx -s /sbin/nologin -G nginx -g nginx nginx \ + && mkdir /docker-entrypoint.d + +COPY tpl/support.sh / +COPY tpl/docker-entrypoint.sh / +COPY tpl/10-listen-on-ipv6-by-default.sh /docker-entrypoint.d/ +COPY tpl/20-envsubst-on-templates.sh /docker-entrypoint.d/ +COPY tpl/nginx.conf /etc/nginx/nginx.conf +COPY tpl/default.conf /etc/nginx/conf.d/default.conf + +# smoke test +# ############################################################################## +RUN envsubst -V \ + && nginx -V \ + && nginx -t \ + && lua -v \ + && luarocks --version + +EXPOSE 80 443 + +HEALTHCHECK --interval=30s --timeout=3s CMD curl --fail http://localhost/ || exit 1 + +# Override stop signal to stop process gracefully +STOPSIGNAL SIGQUIT + +ENTRYPOINT ["/docker-entrypoint.sh"] + +CMD ["nginx", "-g", "daemon off;"] diff --git a/nginx/1.21.4/amazonlinux/2.0.20211201.0/Dockerfile b/nginx/1.21.4/amazonlinux/2.0.20211201.0/Dockerfile index bdf3ec8e..1b78bf8e 100644 --- a/nginx/1.21.4/amazonlinux/2.0.20211201.0/Dockerfile +++ b/nginx/1.21.4/amazonlinux/2.0.20211201.0/Dockerfile @@ -115,7 +115,7 @@ ENV VER_OPENRESTY_WEBSOCKET=$VER_OPENRESTY_WEBSOCKET # lua-rocks # https://luarocks.github.io/luarocks/releases/ -ARG VER_LUAROCKS=3.7.0 +ARG VER_LUAROCKS=3.8.0 ENV VER_LUAROCKS=$VER_LUAROCKS # lua-upstream-nginx-module @@ -227,7 +227,7 @@ RUN set -eux \ " \ && make -j "$(nproc)" deps \ && make -j "$(nproc)" core \ - && make luarocks \ + && make -j "$(nproc)" luarocks \ && yum clean all \ && rm -rf /var/cache/yum diff --git a/nginx/1.21.4/amazonlinux/2.0.20211201.0/Dockerfile-compat b/nginx/1.21.4/amazonlinux/2.0.20211201.0/Dockerfile-compat new file mode 100644 index 00000000..2f40b7f1 --- /dev/null +++ b/nginx/1.21.4/amazonlinux/2.0.20211201.0/Dockerfile-compat @@ -0,0 +1,357 @@ +# __ __ +# .-----.-----.|__|.-----.--.--.______| |.--.--.---.-. +# | | _ || || |_ _|______| || | | _ | +# |__|__|___ ||__||__|__|__.__| |__||_____|___._| +# |_____| +# +# Copyright (c) 2020 Fabio Cicerchia. https://fabiocicerchia.it. MIT License +# Repo: https://github.com/fabiocicerchia/nginx-lua + +############################# +# Settings Common Variables # +############################# +FROM amazonlinux:2.0.20211201.0 AS base + +ARG DOCKER_IMAGE=fabiocicerchia/nginx-lua +ENV DOCKER_IMAGE=$DOCKER_IMAGE +ARG DOCKER_IMAGE_OS=amazonlinux +ENV DOCKER_IMAGE_OS=$DOCKER_IMAGE_OS +ARG DOCKER_IMAGE_TAG=2.0.20211201.0 +ENV DOCKER_IMAGE_TAG=$DOCKER_IMAGE_TAG + +ARG BUILD_DATE +ENV BUILD_DATE=$BUILD_DATE +ARG VCS_REF +ENV VCS_REF=$VCS_REF + +ARG EXTENDED_IMAGE=1 +ENV EXTENDED_IMAGE=$EXTENDED_IMAGE + +# lua +ARG VER_LUA=5.4.3 +ENV VER_LUA=$VER_LUA + +# ngx_devel_kit +# https://github.com/vision5/ngx_devel_kit/releases +# The NDK is now considered to be stable. +ARG VER_NGX_DEVEL_KIT=0.3.1 +ENV VER_NGX_DEVEL_KIT=$VER_NGX_DEVEL_KIT + +# luajit2 +# https://github.com/openresty/luajit2/releases +ARG VER_LUAJIT=2.1-20210510 +ENV VER_LUAJIT=$VER_LUAJIT +ARG LUAJIT_LIB=/usr/local/lib +ENV LUAJIT_LIB=$LUAJIT_LIB +ARG LUAJIT_INC=/usr/local/include/luajit-2.1 +ENV LUAJIT_INC=$LUAJIT_INC +ENV LUA_INCDIR=$LUAJIT_INC +ARG LD_LIBRARY_PATH=/usr/local/lib/:$LD_LIBRARY_PATH +ENV LD_LIBRARY_PATH=$LD_LIBRARY_PATH + +# lua-nginx-module +# https://github.com/openresty/lua-nginx-module/releases +# Production ready. +ARG VER_LUA_NGINX_MODULE=0.10.20 +ENV VER_LUA_NGINX_MODULE=$VER_LUA_NGINX_MODULE + +# lua-resty-core +# https://github.com/openresty/lua-resty-core/releases +# This library is production ready. +ARG VER_LUA_RESTY_CORE=0.1.22 +ENV VER_LUA_RESTY_CORE=$VER_LUA_RESTY_CORE +ARG LUA_LIB_DIR=/usr/local/share/lua/5.1 +ENV LUA_LIB_DIR=$LUA_LIB_DIR + +# lua-resty-lrucache +# https://github.com/openresty/lua-resty-lrucache/releases +# This library is considered production ready. +ARG VER_LUA_RESTY_LRUCACHE=0.11 +ENV VER_LUA_RESTY_LRUCACHE=$VER_LUA_RESTY_LRUCACHE + +# headers-more-nginx-module +# https://github.com/openresty/headers-more-nginx-module/commits/master +ARG VER_OPENRESTY_HEADERS=d6d7ebab3c0c5b32ab421ba186783d3e5d2c6a17 +ENV VER_OPENRESTY_HEADERS=$VER_OPENRESTY_HEADERS + +# lua-resty-cookie +# https://github.com/cloudflare/lua-resty-cookie/commits/master +ARG VER_CLOUDFLARE_COOKIE=303e32e512defced053a6484bc0745cf9dc0d39e +ENV VER_CLOUDFLARE_COOKIE=$VER_CLOUDFLARE_COOKIE + +# lua-resty-dns +# https://github.com/openresty/lua-resty-dns/releases +ARG VER_OPENRESTY_DNS=0.22 +ENV VER_OPENRESTY_DNS=$VER_OPENRESTY_DNS + +# lua-resty-memcached +# https://github.com/openresty/lua-resty-memcached/releases +ARG VER_OPENRESTY_MEMCACHED=0.16 +ENV VER_OPENRESTY_MEMCACHED=$VER_OPENRESTY_MEMCACHED + +# lua-resty-mysql +# https://github.com/openresty/lua-resty-mysql/releases +ARG VER_OPENRESTY_MYSQL=0.24 +ENV VER_OPENRESTY_MYSQL=$VER_OPENRESTY_MYSQL + +# lua-resty-redis +# https://github.com/openresty/lua-resty-redis/releases +ARG VER_OPENRESTY_REDIS=0.29 +ENV VER_OPENRESTY_REDIS=$VER_OPENRESTY_REDIS + +# lua-resty-shell +# https://github.com/openresty/lua-resty-shell/releases +ARG VER_OPENRESTY_SHELL=0.03 +ENV VER_OPENRESTY_SHELL=$VER_OPENRESTY_SHELL + +# lua-resty-upstream-healthcheck +# https://github.com/openresty/lua-resty-upstream-healthcheck/releases +ARG VER_OPENRESTY_HEALTHCHECK=0.06 +ENV VER_OPENRESTY_HEALTHCHECK=$VER_OPENRESTY_HEALTHCHECK + +# lua-resty-websocket +# https://github.com/openresty/lua-resty-websocket/releases +ARG VER_OPENRESTY_WEBSOCKET=0.08 +ENV VER_OPENRESTY_WEBSOCKET=$VER_OPENRESTY_WEBSOCKET + +# lua-rocks +# https://luarocks.github.io/luarocks/releases/ +ARG VER_LUAROCKS=3.8.0 +ENV VER_LUAROCKS=$VER_LUAROCKS + +# lua-upstream-nginx-module +# https://github.com/openresty/lua-upstream-nginx-module/releases +ARG VER_LUA_UPSTREAM=0.07 +ENV VER_LUA_UPSTREAM=$VER_LUA_UPSTREAM + +# nginx-lua-prometheus +# https://github.com/knyar/nginx-lua-prometheus/releases +ARG VER_PROMETHEUS=0.20210206 +ENV VER_PROMETHEUS=$VER_PROMETHEUS + +# stream-lua-nginx-module +# https://github.com/openresty/stream-lua-nginx-module/releases +ARG VER_OPENRESTY_STREAMLUA=0.0.10 +ENV VER_OPENRESTY_STREAMLUA=$VER_OPENRESTY_STREAMLUA + +# https://github.com/nginx/nginx/releases +ARG VER_NGINX=1.21.4 +ENV VER_NGINX=$VER_NGINX +ARG NGX_CFLAGS="-g -O2 -fstack-protector-strong -Wformat -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -fPIC" +ENV NGX_CFLAGS=$NGX_CFLAGS +ARG NGX_LDOPT="-Wl,-rpath,/usr/local/lib -Wl,-z,relro -Wl,-z,now -Wl,--as-needed -pie" +ENV NGX_LDOPT=$NGX_LDOPT +ARG NGINX_BUILD_CONFIG="\ + --prefix=/etc/nginx \ + --sbin-path=/usr/sbin/nginx \ + --modules-path=/usr/lib/nginx/modules \ + --conf-path=/etc/nginx/nginx.conf \ + --error-log-path=/var/log/nginx/error.log \ + --http-log-path=/var/log/nginx/access.log \ + --pid-path=/var/run/nginx.pid \ + --lock-path=/var/run/nginx.lock \ + --http-client-body-temp-path=/var/cache/nginx/client_temp \ + --http-proxy-temp-path=/var/cache/nginx/proxy_temp \ + --http-fastcgi-temp-path=/var/cache/nginx/fastcgi_temp \ + --http-uwsgi-temp-path=/var/cache/nginx/uwsgi_temp \ + --http-scgi-temp-path=/var/cache/nginx/scgi_temp \ + --with-perl_modules_path=/usr/lib/perl5/vendor_perl \ + --user=nginx \ + --group=nginx \ + --with-compat \ + --with-file-aio \ + --with-threads \ + --with-http_addition_module \ + --with-http_auth_request_module \ + --with-http_dav_module \ + --with-http_flv_module \ + --with-http_gunzip_module \ + --with-http_gzip_static_module \ + --with-http_mp4_module \ + --with-http_random_index_module \ + --with-http_realip_module \ + --with-http_secure_link_module \ + --with-http_slice_module \ + --with-http_ssl_module \ + --with-http_stub_status_module \ + --with-http_sub_module \ + --with-http_v2_module \ + --with-mail \ + --with-mail_ssl_module \ + --with-stream \ + --with-stream_realip_module \ + --with-stream_ssl_module \ + --with-stream_ssl_preread_module \ + --add-module=/lua-nginx-module-${VER_LUA_NGINX_MODULE} \ + --add-module=/ngx_devel_kit-${VER_NGX_DEVEL_KIT} \ + --add-module=/lua-upstream-nginx-module-${VER_LUA_UPSTREAM} \ +" +ENV NGINX_BUILD_CONFIG=$NGINX_BUILD_CONFIG + +ARG BUILD_DEPS="\ + GeoIP-devel \ + ca-certificates \ + gcc-c++ \ + gzip \ + make \ + openssl-devel \ + pcre-devel \ + tar \ + unzip \ + zlib-devel \ +" +ENV BUILD_DEPS=$BUILD_DEPS + +ARG NGINX_BUILD_DEPS="" +ENV NGINX_BUILD_DEPS=$NGINX_BUILD_DEPS + +#################################### +# Build Nginx with support for LUA # +#################################### +FROM base AS builder + +COPY tpl/Makefile Makefile + +# TODO: NGINX_BUILD_CONFIG not updated +# hadolint ignore=SC2086 +RUN set -eux \ + && yum makecache \ + && yum install -y \ + $BUILD_DEPS \ + $NGINX_BUILD_DEPS \ + && [ $EXTENDED_IMAGE -eq 1 ] && \ + NGINX_BUILD_CONFIG="${NGINX_BUILD_CONFIG} \ + --add-module=/headers-more-nginx-module-${VER_OPENRESTY_HEADERS} \ + --add-module=/stream-lua-nginx-module-${VER_OPENRESTY_STREAMLUA} \ + " \ + && make -j "$(nproc)" lua-src \ + && make -j "$(nproc)" deps \ + && make -j "$(nproc)" core \ + && make -j "$(nproc)" luarocks \ + && yum clean all \ + && rm -rf /var/cache/yum + +RUN set -eux \ +# envsubst +# ############################################################################## + && yum makecache \ + && yum install -y \ + gettext \ + && yum clean all \ + && rm -rf /var/cache/yum + +########################################## +# Combine everything with minimal layers # +########################################## +FROM base + +# http://label-schema.org/rc1/ +LABEL maintainer="Fabio Cicerchia " \ + org.label-schema.build-date=$BUILD_DATE \ + org.label-schema.description="Nginx $VER_NGINX with Lua support based on $DOCKER_IMAGE_OS $DOCKER_IMAGE_TAG." \ + org.label-schema.docker.cmd="docker run -p 80:80 -d $DOCKER_IMAGE:$VER_NGINX-$DOCKER_IMAGE_OS$DOCKER_IMAGE_TAG" \ + org.label-schema.name="$DOCKER_IMAGE" \ + org.label-schema.schema-version="1.0" \ + org.label-schema.url="https://github.com/$DOCKER_IMAGE" \ + org.label-schema.vcs-ref=$VCS_REF \ + org.label-schema.vcs-url="https://github.com/$DOCKER_IMAGE" \ + org.label-schema.version="$VER_NGINX-$DOCKER_IMAGE_OS$DOCKER_IMAGE_TAG" \ + versions.extended=${EXTENDED_IMAGE} \ + versions.headers-more-nginx-module=${VER_OPENRESTY_HEADERS} \ + versions.lua=${VER_LUA} \ + versions.luarocks=${VER_LUAROCKS} \ + versions.lua-nginx-module=${VER_LUA_NGINX_MODULE} \ + versions.lua-resty-cookie=${VER_CLOUDFLARE_COOKIE} \ + versions.lua-resty-core=${VER_LUA_RESTY_CORE} \ + versions.lua-resty-dns=${VER_OPENRESTY_DNS} \ + versions.lua-resty-lrucache=${VER_LUA_RESTY_LRUCACHE} \ + versions.lua-resty-memcached=${VER_OPENRESTY_MEMCACHED} \ + versions.lua-resty-mysql=${VER_OPENRESTY_MYSQL} \ + versions.lua-resty-redis=${VER_OPENRESTY_REDIS} \ + versions.lua-resty-shell=${VER_OPENRESTY_SHELL} \ + versions.lua-resty-upstream-healthcheck=${VER_OPENRESTY_HEALTHCHECK} \ + versions.lua-resty-websocket=${VER_OPENRESTY_WEBSOCKET} \ + versions.lua-upstream=${VER_LUA_UPSTREAM} \ + versions.luajit2=${VER_LUAJIT} \ + versions.nginx-lua-prometheus=${VER_PROMETHEUS} \ + versions.nginx=${VER_NGINX} \ + versions.ngx_devel_kit=${VER_NGX_DEVEL_KIT} \ + versions.os=${DOCKER_IMAGE_TAG} \ + versions.stream-lua-nginx-module=${VER_OPENRESTY_STREAMLUA} + +ARG PKG_DEPS="\ + GeoIP-devel \ + ca-certificates \ + openssl-devel \ + pcre-devel \ + unzip \ + zlib-devel \ +" +ENV PKG_DEPS=$PKG_DEPS + +COPY --from=builder /etc/nginx /etc/nginx +COPY --from=builder /usr/local/lib /usr/local/lib +COPY --from=builder /usr/local/share/lua /usr/local/share/lua +COPY --from=builder /usr/sbin/nginx /usr/sbin/nginx +COPY --from=builder /usr/sbin/nginx-debug /usr/sbin/nginx-debug +COPY --from=builder /var/cache/nginx /var/cache/nginx +COPY --from=builder /usr/bin/envsubst /usr/local/bin/envsubst +COPY --from=builder /usr/local/bin/lua /usr/local/bin/lua +COPY --from=builder /usr/local/bin/luajit /usr/local/bin/luajit +COPY --from=builder /usr/local/bin/luarocks /usr/local/bin/luarocks +COPY --from=builder /usr/local/etc/luarocks /usr/local/etc/luarocks +COPY --from=builder $LUAJIT_INC $LUAJIT_INC + +SHELL ["/bin/sh", "-o", "pipefail", "-c"] + +# hadolint ignore=SC2086 +RUN set -eux \ + && yum makecache \ + && yum install -y \ + $PKG_DEPS \ + shadow-utils \ +# Bring in tzdata so users could set the timezones through the environment +# variables + && yum install -y tzdata \ +# Bring in curl and ca-certificates to make registering on DNS SD easier + && yum install -y curl ca-certificates \ +# forward request and error logs to docker log collector + && mkdir -p /var/log/nginx \ + && ln -sf /dev/stdout /var/log/nginx/access.log \ + && ln -sf /dev/stderr /var/log/nginx/error.log \ +# create nginx user/group first, to be consistent throughout docker variants + && groupadd --system --gid 101 nginx \ + && useradd --system --gid nginx --no-create-home --home /nonexistent --comment "nginx user" --shell /bin/false --uid 101 nginx \ + && mkdir /docker-entrypoint.d \ +# Cleanup +# ############################################################################## + && yum remove -y \ + shadow-utils \ + && yum clean all \ + && rm -rf /var/cache/yum + +COPY tpl/support.sh / +COPY tpl/docker-entrypoint.sh / +COPY tpl/10-listen-on-ipv6-by-default.sh /docker-entrypoint.d/ +COPY tpl/20-envsubst-on-templates.sh /docker-entrypoint.d/ +COPY tpl/nginx.conf /etc/nginx/nginx.conf +COPY tpl/default.conf /etc/nginx/conf.d/default.conf + +# smoke test +# ############################################################################## +RUN envsubst -V \ + && nginx -V \ + && nginx -t \ + && lua -v \ + && luarocks --version + +EXPOSE 80 443 + +HEALTHCHECK --interval=30s --timeout=3s CMD curl --fail http://localhost/ || exit 1 + +# Override stop signal to stop process gracefully +STOPSIGNAL SIGQUIT + +ENTRYPOINT ["/docker-entrypoint.sh"] + +CMD ["nginx", "-g", "daemon off;"] diff --git a/nginx/1.21.4/debian/11.1/Dockerfile b/nginx/1.21.4/debian/11.1/Dockerfile index fa0492d6..9a93e13d 100644 --- a/nginx/1.21.4/debian/11.1/Dockerfile +++ b/nginx/1.21.4/debian/11.1/Dockerfile @@ -115,7 +115,7 @@ ENV VER_OPENRESTY_WEBSOCKET=$VER_OPENRESTY_WEBSOCKET # lua-rocks # https://luarocks.github.io/luarocks/releases/ -ARG VER_LUAROCKS=3.7.0 +ARG VER_LUAROCKS=3.8.0 ENV VER_LUAROCKS=$VER_LUAROCKS # lua-upstream-nginx-module diff --git a/nginx/1.21.4/debian/11.1/Dockerfile-compat b/nginx/1.21.4/debian/11.1/Dockerfile-compat new file mode 100644 index 00000000..18b84576 --- /dev/null +++ b/nginx/1.21.4/debian/11.1/Dockerfile-compat @@ -0,0 +1,355 @@ +# __ __ +# .-----.-----.|__|.-----.--.--.______| |.--.--.---.-. +# | | _ || || |_ _|______| || | | _ | +# |__|__|___ ||__||__|__|__.__| |__||_____|___._| +# |_____| +# +# Copyright (c) 2020 Fabio Cicerchia. https://fabiocicerchia.it. MIT License +# Repo: https://github.com/fabiocicerchia/nginx-lua + +############################# +# Settings Common Variables # +############################# +FROM debian:11.1 AS base + +ARG DOCKER_IMAGE=fabiocicerchia/nginx-lua +ENV DOCKER_IMAGE=$DOCKER_IMAGE +ARG DOCKER_IMAGE_OS=debian +ENV DOCKER_IMAGE_OS=$DOCKER_IMAGE_OS +ARG DOCKER_IMAGE_TAG=11.1 +ENV DOCKER_IMAGE_TAG=$DOCKER_IMAGE_TAG + +ARG BUILD_DATE +ENV BUILD_DATE=$BUILD_DATE +ARG VCS_REF +ENV VCS_REF=$VCS_REF + +ARG EXTENDED_IMAGE=1 +ENV EXTENDED_IMAGE=$EXTENDED_IMAGE + +# lua +ARG VER_LUA=5.4.3 +ENV VER_LUA=$VER_LUA + +# ngx_devel_kit +# https://github.com/vision5/ngx_devel_kit/releases +# The NDK is now considered to be stable. +ARG VER_NGX_DEVEL_KIT=0.3.1 +ENV VER_NGX_DEVEL_KIT=$VER_NGX_DEVEL_KIT + +# luajit2 +# https://github.com/openresty/luajit2/releases +ARG VER_LUAJIT=2.1-20210510 +ENV VER_LUAJIT=$VER_LUAJIT +ARG LUAJIT_LIB=/usr/local/lib +ENV LUAJIT_LIB=$LUAJIT_LIB +ARG LUAJIT_INC=/usr/local/include/luajit-2.1 +ENV LUAJIT_INC=$LUAJIT_INC +ENV LUA_INCDIR=$LUAJIT_INC +ARG LD_LIBRARY_PATH=/usr/local/lib/:$LD_LIBRARY_PATH +ENV LD_LIBRARY_PATH=$LD_LIBRARY_PATH + +# lua-nginx-module +# https://github.com/openresty/lua-nginx-module/releases +# Production ready. +ARG VER_LUA_NGINX_MODULE=0.10.20 +ENV VER_LUA_NGINX_MODULE=$VER_LUA_NGINX_MODULE + +# lua-resty-core +# https://github.com/openresty/lua-resty-core/releases +# This library is production ready. +ARG VER_LUA_RESTY_CORE=0.1.22 +ENV VER_LUA_RESTY_CORE=$VER_LUA_RESTY_CORE +ARG LUA_LIB_DIR=/usr/local/share/lua/5.1 +ENV LUA_LIB_DIR=$LUA_LIB_DIR + +# lua-resty-lrucache +# https://github.com/openresty/lua-resty-lrucache/releases +# This library is considered production ready. +ARG VER_LUA_RESTY_LRUCACHE=0.11 +ENV VER_LUA_RESTY_LRUCACHE=$VER_LUA_RESTY_LRUCACHE + +# headers-more-nginx-module +# https://github.com/openresty/headers-more-nginx-module/commits/master +ARG VER_OPENRESTY_HEADERS=d6d7ebab3c0c5b32ab421ba186783d3e5d2c6a17 +ENV VER_OPENRESTY_HEADERS=$VER_OPENRESTY_HEADERS + +# lua-resty-cookie +# https://github.com/cloudflare/lua-resty-cookie/commits/master +ARG VER_CLOUDFLARE_COOKIE=303e32e512defced053a6484bc0745cf9dc0d39e +ENV VER_CLOUDFLARE_COOKIE=$VER_CLOUDFLARE_COOKIE + +# lua-resty-dns +# https://github.com/openresty/lua-resty-dns/releases +ARG VER_OPENRESTY_DNS=0.22 +ENV VER_OPENRESTY_DNS=$VER_OPENRESTY_DNS + +# lua-resty-memcached +# https://github.com/openresty/lua-resty-memcached/releases +ARG VER_OPENRESTY_MEMCACHED=0.16 +ENV VER_OPENRESTY_MEMCACHED=$VER_OPENRESTY_MEMCACHED + +# lua-resty-mysql +# https://github.com/openresty/lua-resty-mysql/releases +ARG VER_OPENRESTY_MYSQL=0.24 +ENV VER_OPENRESTY_MYSQL=$VER_OPENRESTY_MYSQL + +# lua-resty-redis +# https://github.com/openresty/lua-resty-redis/releases +ARG VER_OPENRESTY_REDIS=0.29 +ENV VER_OPENRESTY_REDIS=$VER_OPENRESTY_REDIS + +# lua-resty-shell +# https://github.com/openresty/lua-resty-shell/releases +ARG VER_OPENRESTY_SHELL=0.03 +ENV VER_OPENRESTY_SHELL=$VER_OPENRESTY_SHELL + +# lua-resty-upstream-healthcheck +# https://github.com/openresty/lua-resty-upstream-healthcheck/releases +ARG VER_OPENRESTY_HEALTHCHECK=0.06 +ENV VER_OPENRESTY_HEALTHCHECK=$VER_OPENRESTY_HEALTHCHECK + +# lua-resty-websocket +# https://github.com/openresty/lua-resty-websocket/releases +ARG VER_OPENRESTY_WEBSOCKET=0.08 +ENV VER_OPENRESTY_WEBSOCKET=$VER_OPENRESTY_WEBSOCKET + +# lua-rocks +# https://luarocks.github.io/luarocks/releases/ +ARG VER_LUAROCKS=3.8.0 +ENV VER_LUAROCKS=$VER_LUAROCKS + +# lua-upstream-nginx-module +# https://github.com/openresty/lua-upstream-nginx-module/releases +ARG VER_LUA_UPSTREAM=0.07 +ENV VER_LUA_UPSTREAM=$VER_LUA_UPSTREAM + +# nginx-lua-prometheus +# https://github.com/knyar/nginx-lua-prometheus/releases +ARG VER_PROMETHEUS=0.20210206 +ENV VER_PROMETHEUS=$VER_PROMETHEUS + +# stream-lua-nginx-module +# https://github.com/openresty/stream-lua-nginx-module/releases +ARG VER_OPENRESTY_STREAMLUA=0.0.10 +ENV VER_OPENRESTY_STREAMLUA=$VER_OPENRESTY_STREAMLUA + +# https://github.com/nginx/nginx/releases +ARG VER_NGINX=1.21.4 +ENV VER_NGINX=$VER_NGINX +ARG NGX_CFLAGS="-g -O2 -fstack-protector-strong -Wformat -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -fPIC" +ENV NGX_CFLAGS=$NGX_CFLAGS +ARG NGX_LDOPT="-Wl,-rpath,/usr/local/lib -Wl,-z,relro -Wl,-z,now -Wl,--as-needed -pie" +ENV NGX_LDOPT=$NGX_LDOPT +ARG NGINX_BUILD_CONFIG="\ + --prefix=/etc/nginx \ + --sbin-path=/usr/sbin/nginx \ + --modules-path=/usr/lib/nginx/modules \ + --conf-path=/etc/nginx/nginx.conf \ + --error-log-path=/var/log/nginx/error.log \ + --http-log-path=/var/log/nginx/access.log \ + --pid-path=/var/run/nginx.pid \ + --lock-path=/var/run/nginx.lock \ + --http-client-body-temp-path=/var/cache/nginx/client_temp \ + --http-proxy-temp-path=/var/cache/nginx/proxy_temp \ + --http-fastcgi-temp-path=/var/cache/nginx/fastcgi_temp \ + --http-uwsgi-temp-path=/var/cache/nginx/uwsgi_temp \ + --http-scgi-temp-path=/var/cache/nginx/scgi_temp \ + --with-perl_modules_path=/usr/lib/perl5/vendor_perl \ + --user=nginx \ + --group=nginx \ + --with-compat \ + --with-file-aio \ + --with-threads \ + --with-http_addition_module \ + --with-http_auth_request_module \ + --with-http_dav_module \ + --with-http_flv_module \ + --with-http_gunzip_module \ + --with-http_gzip_static_module \ + --with-http_mp4_module \ + --with-http_random_index_module \ + --with-http_realip_module \ + --with-http_secure_link_module \ + --with-http_slice_module \ + --with-http_ssl_module \ + --with-http_stub_status_module \ + --with-http_sub_module \ + --with-http_v2_module \ + --with-mail \ + --with-mail_ssl_module \ + --with-stream \ + --with-stream_realip_module \ + --with-stream_ssl_module \ + --with-stream_ssl_preread_module \ + --add-module=/lua-nginx-module-${VER_LUA_NGINX_MODULE} \ + --add-module=/ngx_devel_kit-${VER_NGX_DEVEL_KIT} \ + --add-module=/lua-upstream-nginx-module-${VER_LUA_UPSTREAM} \ +" +ENV NGINX_BUILD_CONFIG=$NGINX_BUILD_CONFIG + +ENV DEBIAN_FRONTEND noninteractive + +ARG BUILD_DEPS="\ + ca-certificates \ + curl \ + g++ \ + libgeoip-dev \ + libpcre3-dev \ + libssl-dev \ + make \ + unzip \ + zlib1g-dev \ +" +ENV BUILD_DEPS=$BUILD_DEPS + +ARG NGINX_BUILD_DEPS="" +ENV NGINX_BUILD_DEPS=$NGINX_BUILD_DEPS + +#################################### +# Build Nginx with support for LUA # +#################################### +FROM base AS builder + +COPY tpl/Makefile Makefile + +# TODO: NGINX_BUILD_CONFIG not updated +# hadolint ignore=SC2086 +RUN set -eux \ + && apt-get update \ + && apt-get install -y --no-install-recommends --no-install-suggests \ + apt-utils \ + && apt-get install -y --no-install-recommends --no-install-suggests \ + $BUILD_DEPS \ + $NGINX_BUILD_DEPS \ + && [ $EXTENDED_IMAGE -eq 1 ] && \ + NGINX_BUILD_CONFIG="${NGINX_BUILD_CONFIG} \ + --add-module=/headers-more-nginx-module-${VER_OPENRESTY_HEADERS} \ + --add-module=/stream-lua-nginx-module-${VER_OPENRESTY_STREAMLUA} \ + " \ + && make -j "$(nproc)" lua-src \ + && make -j "$(nproc)" deps \ + && make -j "$(nproc)" core \ + && make -j "$(nproc)" luarocks \ + && rm -rf /var/lib/apt/lists/* + +RUN set -eux \ +# envsubst +# ############################################################################## + && apt-get update \ + && apt-get install -y --no-install-recommends --no-install-suggests \ + gettext-base \ + && rm -rf /var/lib/apt/lists/* + +########################################## +# Combine everything with minimal layers # +########################################## +FROM base + +# http://label-schema.org/rc1/ +LABEL maintainer="Fabio Cicerchia " \ + org.label-schema.build-date=$BUILD_DATE \ + org.label-schema.description="Nginx $VER_NGINX with Lua support based on $DOCKER_IMAGE_OS $DOCKER_IMAGE_TAG." \ + org.label-schema.docker.cmd="docker run -p 80:80 -d $DOCKER_IMAGE:$VER_NGINX-$DOCKER_IMAGE_OS$DOCKER_IMAGE_TAG" \ + org.label-schema.name="$DOCKER_IMAGE" \ + org.label-schema.schema-version="1.0" \ + org.label-schema.url="https://github.com/$DOCKER_IMAGE" \ + org.label-schema.vcs-ref=$VCS_REF \ + org.label-schema.vcs-url="https://github.com/$DOCKER_IMAGE" \ + org.label-schema.version="$VER_NGINX-$DOCKER_IMAGE_OS$DOCKER_IMAGE_TAG" \ + versions.extended=${EXTENDED_IMAGE} \ + versions.headers-more-nginx-module=${VER_OPENRESTY_HEADERS} \ + versions.lua=${VER_LUA} \ + versions.luarocks=${VER_LUAROCKS} \ + versions.lua-nginx-module=${VER_LUA_NGINX_MODULE} \ + versions.lua-resty-cookie=${VER_CLOUDFLARE_COOKIE} \ + versions.lua-resty-core=${VER_LUA_RESTY_CORE} \ + versions.lua-resty-dns=${VER_OPENRESTY_DNS} \ + versions.lua-resty-lrucache=${VER_LUA_RESTY_LRUCACHE} \ + versions.lua-resty-memcached=${VER_OPENRESTY_MEMCACHED} \ + versions.lua-resty-mysql=${VER_OPENRESTY_MYSQL} \ + versions.lua-resty-redis=${VER_OPENRESTY_REDIS} \ + versions.lua-resty-shell=${VER_OPENRESTY_SHELL} \ + versions.lua-resty-upstream-healthcheck=${VER_OPENRESTY_HEALTHCHECK} \ + versions.lua-resty-websocket=${VER_OPENRESTY_WEBSOCKET} \ + versions.lua-upstream=${VER_LUA_UPSTREAM} \ + versions.luajit2=${VER_LUAJIT} \ + versions.nginx-lua-prometheus=${VER_PROMETHEUS} \ + versions.nginx=${VER_NGINX} \ + versions.ngx_devel_kit=${VER_NGX_DEVEL_KIT} \ + versions.os=${DOCKER_IMAGE_TAG} \ + versions.stream-lua-nginx-module=${VER_OPENRESTY_STREAMLUA} + +ARG PKG_DEPS="\ + ca-certificates \ + libgeoip-dev \ + libpcre3-dev \ + libssl-dev \ + unzip \ + zlib1g-dev \ +" +ENV PKG_DEPS=$PKG_DEPS + +COPY --from=builder /etc/nginx /etc/nginx +COPY --from=builder /usr/local/lib /usr/local/lib +COPY --from=builder /usr/local/share/lua /usr/local/share/lua +COPY --from=builder /usr/sbin/nginx /usr/sbin/nginx +COPY --from=builder /usr/sbin/nginx-debug /usr/sbin/nginx-debug +COPY --from=builder /var/cache/nginx /var/cache/nginx +COPY --from=builder /usr/bin/envsubst /usr/local/bin/envsubst +COPY --from=builder /usr/local/bin/lua /usr/local/bin/lua +COPY --from=builder /usr/local/bin/luajit /usr/local/bin/luajit +COPY --from=builder /usr/local/bin/luarocks /usr/local/bin/luarocks +COPY --from=builder /usr/local/etc/luarocks /usr/local/etc/luarocks +COPY --from=builder $LUAJIT_INC $LUAJIT_INC + +SHELL ["/bin/bash", "-o", "pipefail", "-c"] + +# hadolint ignore=SC2086 +RUN set -eux \ + && apt-get update \ + && apt-get install -y --no-install-recommends --no-install-suggests \ + $PKG_DEPS \ +# Bring in tzdata so users could set the timezones through the environment +# variables + && apt-get install -y --no-install-recommends --no-install-suggests tzdata \ +# Bring in curl and ca-certificates to make registering on DNS SD easier + && apt-get install -y --no-install-recommends --no-install-suggests curl ca-certificates \ +# forward request and error logs to docker log collector + && mkdir -p /var/log/nginx \ + && ln -sf /dev/stdout /var/log/nginx/access.log \ + && ln -sf /dev/stderr /var/log/nginx/error.log \ +# create nginx user/group first, to be consistent throughout docker variants + && addgroup --system --gid 101 nginx \ + && adduser --system --disabled-login --ingroup nginx --no-create-home --home /nonexistent --gecos "nginx user" --shell /bin/false --uid 101 nginx \ + && mkdir /docker-entrypoint.d \ +# Cleanup +# ############################################################################## + && apt-get autoremove -y \ + && rm -rf /var/lib/apt/lists/* + +COPY tpl/support.sh / +COPY tpl/docker-entrypoint.sh / +COPY tpl/10-listen-on-ipv6-by-default.sh /docker-entrypoint.d/ +COPY tpl/20-envsubst-on-templates.sh /docker-entrypoint.d/ +COPY tpl/nginx.conf /etc/nginx/nginx.conf +COPY tpl/default.conf /etc/nginx/conf.d/default.conf + +# smoke test +# ############################################################################## +RUN envsubst -V \ + && nginx -V \ + && nginx -t \ + && lua -v \ + && luarocks --version + +EXPOSE 80 443 + +HEALTHCHECK --interval=30s --timeout=3s CMD curl --fail http://localhost/ || exit 1 + +# Override stop signal to stop process gracefully +STOPSIGNAL SIGQUIT + +ENTRYPOINT ["/docker-entrypoint.sh"] + +CMD ["nginx", "-g", "daemon off;"] diff --git a/nginx/1.21.4/fedora/35/Dockerfile b/nginx/1.21.4/fedora/35/Dockerfile index 8281dd08..fa7804d5 100644 --- a/nginx/1.21.4/fedora/35/Dockerfile +++ b/nginx/1.21.4/fedora/35/Dockerfile @@ -115,7 +115,7 @@ ENV VER_OPENRESTY_WEBSOCKET=$VER_OPENRESTY_WEBSOCKET # lua-rocks # https://luarocks.github.io/luarocks/releases/ -ARG VER_LUAROCKS=3.7.0 +ARG VER_LUAROCKS=3.8.0 ENV VER_LUAROCKS=$VER_LUAROCKS # lua-upstream-nginx-module @@ -216,7 +216,7 @@ COPY tpl/Makefile Makefile # TODO: NGINX_BUILD_CONFIG not updated # hadolint ignore=SC2086 RUN set -eux \ - && rpm --import https://src.fedoraproject.org/rpms/fedora-repos/raw/rawhide/f/RPM-GPG-KEY-fedora-33-primary \ + && rpm --import https://src.fedoraproject.org/rpms/fedora-repos/raw/rawhide/f/RPM-GPG-KEY-fedora-35-primary \ && dnf makecache \ && dnf install -y \ $BUILD_DEPS \ @@ -227,7 +227,8 @@ RUN set -eux \ --add-module=/stream-lua-nginx-module-${VER_OPENRESTY_STREAMLUA} \ " \ && make -j "$(nproc)" deps \ - && make -j "$(nproc)" core + && make -j "$(nproc)" core \ + && make -j "$(nproc)" luarocks RUN set -eux \ # envsubst @@ -296,12 +297,14 @@ COPY --from=builder /usr/sbin/nginx /usr/sbin/nginx COPY --from=builder /usr/sbin/nginx-debug /usr/sbin/nginx-debug COPY --from=builder /var/cache/nginx /var/cache/nginx COPY --from=builder /usr/bin/envsubst /usr/local/bin/envsubst +COPY --from=builder /usr/local/bin/luarocks /usr/local/bin/luarocks +COPY --from=builder /usr/local/etc/luarocks /usr/local/etc/luarocks SHELL ["/bin/sh", "-o", "pipefail", "-c"] # hadolint ignore=SC2086 RUN set -eux \ - && rpm --import https://src.fedoraproject.org/rpms/fedora-repos/raw/rawhide/f/RPM-GPG-KEY-fedora-33-primary \ + && rpm --import https://src.fedoraproject.org/rpms/fedora-repos/raw/rawhide/f/RPM-GPG-KEY-fedora-35-primary \ && dnf makecache \ && dnf install -y \ $PKG_DEPS \ diff --git a/nginx/1.21.4/fedora/35/Dockerfile-compat b/nginx/1.21.4/fedora/35/Dockerfile-compat new file mode 100644 index 00000000..9c41a16f --- /dev/null +++ b/nginx/1.21.4/fedora/35/Dockerfile-compat @@ -0,0 +1,353 @@ +# __ __ +# .-----.-----.|__|.-----.--.--.______| |.--.--.---.-. +# | | _ || || |_ _|______| || | | _ | +# |__|__|___ ||__||__|__|__.__| |__||_____|___._| +# |_____| +# +# Copyright (c) 2020 Fabio Cicerchia. https://fabiocicerchia.it. MIT License +# Repo: https://github.com/fabiocicerchia/nginx-lua + +############################# +# Settings Common Variables # +############################# +FROM fedora:35 AS base + +ARG DOCKER_IMAGE=fabiocicerchia/nginx-lua +ENV DOCKER_IMAGE=$DOCKER_IMAGE +ARG DOCKER_IMAGE_OS=fedora +ENV DOCKER_IMAGE_OS=$DOCKER_IMAGE_OS +ARG DOCKER_IMAGE_TAG=35 +ENV DOCKER_IMAGE_TAG=$DOCKER_IMAGE_TAG + +ARG BUILD_DATE +ENV BUILD_DATE=$BUILD_DATE +ARG VCS_REF +ENV VCS_REF=$VCS_REF + +ARG EXTENDED_IMAGE=1 +ENV EXTENDED_IMAGE=$EXTENDED_IMAGE + +# lua +ARG VER_LUA=5.4.3 +ENV VER_LUA=$VER_LUA + +# ngx_devel_kit +# https://github.com/vision5/ngx_devel_kit/releases +# The NDK is now considered to be stable. +ARG VER_NGX_DEVEL_KIT=0.3.1 +ENV VER_NGX_DEVEL_KIT=$VER_NGX_DEVEL_KIT + +# luajit2 +# https://github.com/openresty/luajit2/releases +ARG VER_LUAJIT=2.1-20210510 +ENV VER_LUAJIT=$VER_LUAJIT +ARG LUAJIT_LIB=/usr/local/lib +ENV LUAJIT_LIB=$LUAJIT_LIB +ARG LUAJIT_INC=/usr/local/include/luajit-2.1 +ENV LUAJIT_INC=$LUAJIT_INC +ENV LUA_INCDIR=$LUAJIT_INC +ARG LD_LIBRARY_PATH=/usr/local/lib/:$LD_LIBRARY_PATH +ENV LD_LIBRARY_PATH=$LD_LIBRARY_PATH + +# lua-nginx-module +# https://github.com/openresty/lua-nginx-module/releases +# Production ready. +ARG VER_LUA_NGINX_MODULE=0.10.20 +ENV VER_LUA_NGINX_MODULE=$VER_LUA_NGINX_MODULE + +# lua-resty-core +# https://github.com/openresty/lua-resty-core/releases +# This library is production ready. +ARG VER_LUA_RESTY_CORE=0.1.22 +ENV VER_LUA_RESTY_CORE=$VER_LUA_RESTY_CORE +ARG LUA_LIB_DIR=/usr/local/share/lua/5.1 +ENV LUA_LIB_DIR=$LUA_LIB_DIR + +# lua-resty-lrucache +# https://github.com/openresty/lua-resty-lrucache/releases +# This library is considered production ready. +ARG VER_LUA_RESTY_LRUCACHE=0.11 +ENV VER_LUA_RESTY_LRUCACHE=$VER_LUA_RESTY_LRUCACHE + +# headers-more-nginx-module +# https://github.com/openresty/headers-more-nginx-module/commits/master +ARG VER_OPENRESTY_HEADERS=d6d7ebab3c0c5b32ab421ba186783d3e5d2c6a17 +ENV VER_OPENRESTY_HEADERS=$VER_OPENRESTY_HEADERS + +# lua-resty-cookie +# https://github.com/cloudflare/lua-resty-cookie/commits/master +ARG VER_CLOUDFLARE_COOKIE=303e32e512defced053a6484bc0745cf9dc0d39e +ENV VER_CLOUDFLARE_COOKIE=$VER_CLOUDFLARE_COOKIE + +# lua-resty-dns +# https://github.com/openresty/lua-resty-dns/releases +ARG VER_OPENRESTY_DNS=0.22 +ENV VER_OPENRESTY_DNS=$VER_OPENRESTY_DNS + +# lua-resty-memcached +# https://github.com/openresty/lua-resty-memcached/releases +ARG VER_OPENRESTY_MEMCACHED=0.16 +ENV VER_OPENRESTY_MEMCACHED=$VER_OPENRESTY_MEMCACHED + +# lua-resty-mysql +# https://github.com/openresty/lua-resty-mysql/releases +ARG VER_OPENRESTY_MYSQL=0.24 +ENV VER_OPENRESTY_MYSQL=$VER_OPENRESTY_MYSQL + +# lua-resty-redis +# https://github.com/openresty/lua-resty-redis/releases +ARG VER_OPENRESTY_REDIS=0.29 +ENV VER_OPENRESTY_REDIS=$VER_OPENRESTY_REDIS + +# lua-resty-shell +# https://github.com/openresty/lua-resty-shell/releases +ARG VER_OPENRESTY_SHELL=0.03 +ENV VER_OPENRESTY_SHELL=$VER_OPENRESTY_SHELL + +# lua-resty-upstream-healthcheck +# https://github.com/openresty/lua-resty-upstream-healthcheck/releases +ARG VER_OPENRESTY_HEALTHCHECK=0.06 +ENV VER_OPENRESTY_HEALTHCHECK=$VER_OPENRESTY_HEALTHCHECK + +# lua-resty-websocket +# https://github.com/openresty/lua-resty-websocket/releases +ARG VER_OPENRESTY_WEBSOCKET=0.08 +ENV VER_OPENRESTY_WEBSOCKET=$VER_OPENRESTY_WEBSOCKET + +# lua-rocks +# https://luarocks.github.io/luarocks/releases/ +ARG VER_LUAROCKS=3.8.0 +ENV VER_LUAROCKS=$VER_LUAROCKS + +# lua-upstream-nginx-module +# https://github.com/openresty/lua-upstream-nginx-module/releases +ARG VER_LUA_UPSTREAM=0.07 +ENV VER_LUA_UPSTREAM=$VER_LUA_UPSTREAM + +# nginx-lua-prometheus +# https://github.com/knyar/nginx-lua-prometheus/releases +ARG VER_PROMETHEUS=0.20210206 +ENV VER_PROMETHEUS=$VER_PROMETHEUS + +# stream-lua-nginx-module +# https://github.com/openresty/stream-lua-nginx-module/releases +ARG VER_OPENRESTY_STREAMLUA=0.0.10 +ENV VER_OPENRESTY_STREAMLUA=$VER_OPENRESTY_STREAMLUA + +# https://github.com/nginx/nginx/releases +ARG VER_NGINX=1.21.4 +ENV VER_NGINX=$VER_NGINX +ARG NGX_CFLAGS="-g -O2 -fstack-protector-strong -Wformat -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -fPIC" +ENV NGX_CFLAGS=$NGX_CFLAGS +ARG NGX_LDOPT="-Wl,-rpath,/usr/local/lib -Wl,-z,relro -Wl,-z,now -Wl,--as-needed -pie" +ENV NGX_LDOPT=$NGX_LDOPT +ARG NGINX_BUILD_CONFIG="\ + --prefix=/etc/nginx \ + --sbin-path=/usr/sbin/nginx \ + --modules-path=/usr/lib/nginx/modules \ + --conf-path=/etc/nginx/nginx.conf \ + --error-log-path=/var/log/nginx/error.log \ + --http-log-path=/var/log/nginx/access.log \ + --pid-path=/var/run/nginx.pid \ + --lock-path=/var/run/nginx.lock \ + --http-client-body-temp-path=/var/cache/nginx/client_temp \ + --http-proxy-temp-path=/var/cache/nginx/proxy_temp \ + --http-fastcgi-temp-path=/var/cache/nginx/fastcgi_temp \ + --http-uwsgi-temp-path=/var/cache/nginx/uwsgi_temp \ + --http-scgi-temp-path=/var/cache/nginx/scgi_temp \ + --with-perl_modules_path=/usr/lib/perl5/vendor_perl \ + --user=nginx \ + --group=nginx \ + --with-compat \ + --with-file-aio \ + --with-threads \ + --with-http_addition_module \ + --with-http_auth_request_module \ + --with-http_dav_module \ + --with-http_flv_module \ + --with-http_gunzip_module \ + --with-http_gzip_static_module \ + --with-http_mp4_module \ + --with-http_random_index_module \ + --with-http_realip_module \ + --with-http_secure_link_module \ + --with-http_slice_module \ + --with-http_ssl_module \ + --with-http_stub_status_module \ + --with-http_sub_module \ + --with-http_v2_module \ + --with-mail \ + --with-mail_ssl_module \ + --with-stream \ + --with-stream_realip_module \ + --with-stream_ssl_module \ + --with-stream_ssl_preread_module \ + --add-module=/lua-nginx-module-${VER_LUA_NGINX_MODULE} \ + --add-module=/ngx_devel_kit-${VER_NGX_DEVEL_KIT} \ + --add-module=/lua-upstream-nginx-module-${VER_LUA_UPSTREAM} \ +" +ENV NGINX_BUILD_CONFIG=$NGINX_BUILD_CONFIG + +ARG BUILD_DEPS="\ + GeoIP-devel \ + ca-certificates \ + gcc-c++ \ + gzip \ + make \ + openssl-devel \ + pcre-devel \ + tar \ + unzip \ + zlib-devel \ +" +ENV BUILD_DEPS=$BUILD_DEPS + +ARG NGINX_BUILD_DEPS="" +ENV NGINX_BUILD_DEPS=$NGINX_BUILD_DEPS + +#################################### +# Build Nginx with support for LUA # +#################################### +FROM base AS builder + +COPY tpl/Makefile Makefile + +# TODO: NGINX_BUILD_CONFIG not updated +# hadolint ignore=SC2086 +RUN set -eux \ + && rpm --import https://src.fedoraproject.org/rpms/fedora-repos/raw/rawhide/f/RPM-GPG-KEY-fedora-35-primary \ + && dnf makecache \ + && dnf install -y \ + $BUILD_DEPS \ + $NGINX_BUILD_DEPS \ + && [ $EXTENDED_IMAGE -eq 1 ] && \ + NGINX_BUILD_CONFIG="${NGINX_BUILD_CONFIG} \ + --add-module=/headers-more-nginx-module-${VER_OPENRESTY_HEADERS} \ + --add-module=/stream-lua-nginx-module-${VER_OPENRESTY_STREAMLUA} \ + " \ + && make -j "$(nproc)" lua-src \ + && make -j "$(nproc)" deps \ + && make -j "$(nproc)" core \ + && make -j "$(nproc)" luarocks + +RUN set -eux \ +# envsubst +# ############################################################################## + && dnf makecache \ + && dnf install -y \ + gettext + +########################################## +# Combine everything with minimal layers # +########################################## +FROM base + +# http://label-schema.org/rc1/ +LABEL maintainer="Fabio Cicerchia " \ + org.label-schema.build-date=$BUILD_DATE \ + org.label-schema.description="Nginx $VER_NGINX with Lua support based on $DOCKER_IMAGE_OS $DOCKER_IMAGE_TAG." \ + org.label-schema.docker.cmd="docker run -p 80:80 -d $DOCKER_IMAGE:$VER_NGINX-$DOCKER_IMAGE_OS$DOCKER_IMAGE_TAG" \ + org.label-schema.name="$DOCKER_IMAGE" \ + org.label-schema.schema-version="1.0" \ + org.label-schema.url="https://github.com/$DOCKER_IMAGE" \ + org.label-schema.vcs-ref=$VCS_REF \ + org.label-schema.vcs-url="https://github.com/$DOCKER_IMAGE" \ + org.label-schema.version="$VER_NGINX-$DOCKER_IMAGE_OS$DOCKER_IMAGE_TAG" \ + versions.extended=${EXTENDED_IMAGE} \ + versions.headers-more-nginx-module=${VER_OPENRESTY_HEADERS} \ + versions.lua=${VER_LUA} \ + versions.luarocks=${VER_LUAROCKS} \ + versions.lua-nginx-module=${VER_LUA_NGINX_MODULE} \ + versions.lua-resty-cookie=${VER_CLOUDFLARE_COOKIE} \ + versions.lua-resty-core=${VER_LUA_RESTY_CORE} \ + versions.lua-resty-dns=${VER_OPENRESTY_DNS} \ + versions.lua-resty-lrucache=${VER_LUA_RESTY_LRUCACHE} \ + versions.lua-resty-memcached=${VER_OPENRESTY_MEMCACHED} \ + versions.lua-resty-mysql=${VER_OPENRESTY_MYSQL} \ + versions.lua-resty-redis=${VER_OPENRESTY_REDIS} \ + versions.lua-resty-shell=${VER_OPENRESTY_SHELL} \ + versions.lua-resty-upstream-healthcheck=${VER_OPENRESTY_HEALTHCHECK} \ + versions.lua-resty-websocket=${VER_OPENRESTY_WEBSOCKET} \ + versions.lua-upstream=${VER_LUA_UPSTREAM} \ + versions.luajit2=${VER_LUAJIT} \ + versions.nginx-lua-prometheus=${VER_PROMETHEUS} \ + versions.nginx=${VER_NGINX} \ + versions.ngx_devel_kit=${VER_NGX_DEVEL_KIT} \ + versions.os=${DOCKER_IMAGE_TAG} \ + versions.stream-lua-nginx-module=${VER_OPENRESTY_STREAMLUA} + +ARG PKG_DEPS="\ + GeoIP-devel \ + ca-certificates \ + gcc-c++ \ + openssl-devel \ + pcre-devel \ + unzip \ + zlib-devel \ +" +ENV PKG_DEPS=$PKG_DEPS + +COPY --from=builder /etc/nginx /etc/nginx +COPY --from=builder /usr/local/lib /usr/local/lib +COPY --from=builder /usr/local/share/lua /usr/local/share/lua +COPY --from=builder /usr/sbin/nginx /usr/sbin/nginx +COPY --from=builder /usr/sbin/nginx-debug /usr/sbin/nginx-debug +COPY --from=builder /var/cache/nginx /var/cache/nginx +COPY --from=builder /usr/bin/envsubst /usr/local/bin/envsubst +COPY --from=builder /usr/local/bin/lua /usr/local/bin/lua +COPY --from=builder /usr/local/bin/luajit /usr/local/bin/luajit +COPY --from=builder /usr/local/bin/luarocks /usr/local/bin/luarocks +COPY --from=builder /usr/local/etc/luarocks /usr/local/etc/luarocks +COPY --from=builder $LUAJIT_INC $LUAJIT_INC + +SHELL ["/bin/sh", "-o", "pipefail", "-c"] + +# hadolint ignore=SC2086 +RUN set -eux \ + && rpm --import https://src.fedoraproject.org/rpms/fedora-repos/raw/rawhide/f/RPM-GPG-KEY-fedora-35-primary \ + && dnf makecache \ + && dnf install -y \ + $PKG_DEPS \ +# Bring in tzdata so users could set the timezones through the environment +# variables + && dnf install -y tzdata \ +# Bring in curl and ca-certificates to make registering on DNS SD easier + && dnf install -y curl ca-certificates \ +# forward request and error logs to docker log collector + && mkdir -p /var/log/nginx \ + && ln -sf /dev/stdout /var/log/nginx/access.log \ + && ln -sf /dev/stderr /var/log/nginx/error.log \ +# create nginx user/group first, to be consistent throughout docker variants + && groupadd --system --gid 101 nginx \ + && useradd --system --gid nginx --no-create-home --home /nonexistent --comment "nginx user" --shell /bin/false --uid 101 nginx \ + && mkdir /docker-entrypoint.d \ +# Cleanup +# ############################################################################## + && dnf clean all \ + && rm -rf /var/cache/dnf + +COPY tpl/support.sh / +COPY tpl/docker-entrypoint.sh / +COPY tpl/10-listen-on-ipv6-by-default.sh /docker-entrypoint.d/ +COPY tpl/20-envsubst-on-templates.sh /docker-entrypoint.d/ +COPY tpl/nginx.conf /etc/nginx/nginx.conf +COPY tpl/default.conf /etc/nginx/conf.d/default.conf + +# smoke test +# ############################################################################## +RUN envsubst -V \ + && nginx -V \ + && nginx -t \ + && lua -v \ + && luarocks --version + +EXPOSE 80 443 + +HEALTHCHECK --interval=30s --timeout=3s CMD curl --fail http://localhost/ || exit 1 + +# Override stop signal to stop process gracefully +STOPSIGNAL SIGQUIT + +ENTRYPOINT ["/docker-entrypoint.sh"] + +CMD ["nginx", "-g", "daemon off;"] diff --git a/nginx/1.21.4/ubuntu/20.04/Dockerfile b/nginx/1.21.4/ubuntu/20.04/Dockerfile index 30b75df0..e774d381 100644 --- a/nginx/1.21.4/ubuntu/20.04/Dockerfile +++ b/nginx/1.21.4/ubuntu/20.04/Dockerfile @@ -115,7 +115,7 @@ ENV VER_OPENRESTY_WEBSOCKET=$VER_OPENRESTY_WEBSOCKET # lua-rocks # https://luarocks.github.io/luarocks/releases/ -ARG VER_LUAROCKS=3.7.0 +ARG VER_LUAROCKS=3.8.0 ENV VER_LUAROCKS=$VER_LUAROCKS # lua-upstream-nginx-module diff --git a/nginx/1.21.4/ubuntu/20.04/Dockerfile-compat b/nginx/1.21.4/ubuntu/20.04/Dockerfile-compat new file mode 100644 index 00000000..eed163d9 --- /dev/null +++ b/nginx/1.21.4/ubuntu/20.04/Dockerfile-compat @@ -0,0 +1,357 @@ +# __ __ +# .-----.-----.|__|.-----.--.--.______| |.--.--.---.-. +# | | _ || || |_ _|______| || | | _ | +# |__|__|___ ||__||__|__|__.__| |__||_____|___._| +# |_____| +# +# Copyright (c) 2020 Fabio Cicerchia. https://fabiocicerchia.it. MIT License +# Repo: https://github.com/fabiocicerchia/nginx-lua + +############################# +# Settings Common Variables # +############################# +FROM ubuntu:20.04 AS base + +ARG DOCKER_IMAGE=fabiocicerchia/nginx-lua +ENV DOCKER_IMAGE=$DOCKER_IMAGE +ARG DOCKER_IMAGE_OS=ubuntu +ENV DOCKER_IMAGE_OS=$DOCKER_IMAGE_OS +ARG DOCKER_IMAGE_TAG=20.04 +ENV DOCKER_IMAGE_TAG=$DOCKER_IMAGE_TAG + +ARG BUILD_DATE +ENV BUILD_DATE=$BUILD_DATE +ARG VCS_REF +ENV VCS_REF=$VCS_REF + +ARG EXTENDED_IMAGE=1 +ENV EXTENDED_IMAGE=$EXTENDED_IMAGE + +# lua +ARG VER_LUA=5.4.3 +ENV VER_LUA=$VER_LUA + +# ngx_devel_kit +# https://github.com/vision5/ngx_devel_kit/releases +# The NDK is now considered to be stable. +ARG VER_NGX_DEVEL_KIT=0.3.1 +ENV VER_NGX_DEVEL_KIT=$VER_NGX_DEVEL_KIT + +# luajit2 +# https://github.com/openresty/luajit2/releases +ARG VER_LUAJIT=2.1-20210510 +ENV VER_LUAJIT=$VER_LUAJIT +ARG LUAJIT_LIB=/usr/local/lib +ENV LUAJIT_LIB=$LUAJIT_LIB +ARG LUAJIT_INC=/usr/local/include/luajit-2.1 +ENV LUAJIT_INC=$LUAJIT_INC +ENV LUA_INCDIR=$LUAJIT_INC +ARG LD_LIBRARY_PATH=/usr/local/lib/:$LD_LIBRARY_PATH +ENV LD_LIBRARY_PATH=$LD_LIBRARY_PATH + +# lua-nginx-module +# https://github.com/openresty/lua-nginx-module/releases +# Production ready. +ARG VER_LUA_NGINX_MODULE=0.10.20 +ENV VER_LUA_NGINX_MODULE=$VER_LUA_NGINX_MODULE + +# lua-resty-core +# https://github.com/openresty/lua-resty-core/releases +# This library is production ready. +ARG VER_LUA_RESTY_CORE=0.1.22 +ENV VER_LUA_RESTY_CORE=$VER_LUA_RESTY_CORE +ARG LUA_LIB_DIR=/usr/local/share/lua/5.1 +ENV LUA_LIB_DIR=$LUA_LIB_DIR + +# lua-resty-lrucache +# https://github.com/openresty/lua-resty-lrucache/releases +# This library is considered production ready. +ARG VER_LUA_RESTY_LRUCACHE=0.11 +ENV VER_LUA_RESTY_LRUCACHE=$VER_LUA_RESTY_LRUCACHE + +# headers-more-nginx-module +# https://github.com/openresty/headers-more-nginx-module/commits/master +ARG VER_OPENRESTY_HEADERS=d6d7ebab3c0c5b32ab421ba186783d3e5d2c6a17 +ENV VER_OPENRESTY_HEADERS=$VER_OPENRESTY_HEADERS + +# lua-resty-cookie +# https://github.com/cloudflare/lua-resty-cookie/commits/master +ARG VER_CLOUDFLARE_COOKIE=303e32e512defced053a6484bc0745cf9dc0d39e +ENV VER_CLOUDFLARE_COOKIE=$VER_CLOUDFLARE_COOKIE + +# lua-resty-dns +# https://github.com/openresty/lua-resty-dns/releases +ARG VER_OPENRESTY_DNS=0.22 +ENV VER_OPENRESTY_DNS=$VER_OPENRESTY_DNS + +# lua-resty-memcached +# https://github.com/openresty/lua-resty-memcached/releases +ARG VER_OPENRESTY_MEMCACHED=0.16 +ENV VER_OPENRESTY_MEMCACHED=$VER_OPENRESTY_MEMCACHED + +# lua-resty-mysql +# https://github.com/openresty/lua-resty-mysql/releases +ARG VER_OPENRESTY_MYSQL=0.24 +ENV VER_OPENRESTY_MYSQL=$VER_OPENRESTY_MYSQL + +# lua-resty-redis +# https://github.com/openresty/lua-resty-redis/releases +ARG VER_OPENRESTY_REDIS=0.29 +ENV VER_OPENRESTY_REDIS=$VER_OPENRESTY_REDIS + +# lua-resty-shell +# https://github.com/openresty/lua-resty-shell/releases +ARG VER_OPENRESTY_SHELL=0.03 +ENV VER_OPENRESTY_SHELL=$VER_OPENRESTY_SHELL + +# lua-resty-upstream-healthcheck +# https://github.com/openresty/lua-resty-upstream-healthcheck/releases +ARG VER_OPENRESTY_HEALTHCHECK=0.06 +ENV VER_OPENRESTY_HEALTHCHECK=$VER_OPENRESTY_HEALTHCHECK + +# lua-resty-websocket +# https://github.com/openresty/lua-resty-websocket/releases +ARG VER_OPENRESTY_WEBSOCKET=0.08 +ENV VER_OPENRESTY_WEBSOCKET=$VER_OPENRESTY_WEBSOCKET + +# lua-rocks +# https://luarocks.github.io/luarocks/releases/ +ARG VER_LUAROCKS=3.8.0 +ENV VER_LUAROCKS=$VER_LUAROCKS + +# lua-upstream-nginx-module +# https://github.com/openresty/lua-upstream-nginx-module/releases +ARG VER_LUA_UPSTREAM=0.07 +ENV VER_LUA_UPSTREAM=$VER_LUA_UPSTREAM + +# nginx-lua-prometheus +# https://github.com/knyar/nginx-lua-prometheus/releases +ARG VER_PROMETHEUS=0.20210206 +ENV VER_PROMETHEUS=$VER_PROMETHEUS + +# stream-lua-nginx-module +# https://github.com/openresty/stream-lua-nginx-module/releases +ARG VER_OPENRESTY_STREAMLUA=0.0.10 +ENV VER_OPENRESTY_STREAMLUA=$VER_OPENRESTY_STREAMLUA + +# https://github.com/nginx/nginx/releases +ARG VER_NGINX=1.21.4 +ENV VER_NGINX=$VER_NGINX +ARG NGX_CFLAGS="-g -O2 -fstack-protector-strong -Wformat -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -fPIC" +ENV NGX_CFLAGS=$NGX_CFLAGS +ARG NGX_LDOPT="-Wl,-rpath,/usr/local/lib -Wl,-z,relro -Wl,-z,now -Wl,--as-needed -pie" +ENV NGX_LDOPT=$NGX_LDOPT +ARG NGINX_BUILD_CONFIG="\ + --prefix=/etc/nginx \ + --sbin-path=/usr/sbin/nginx \ + --modules-path=/usr/lib/nginx/modules \ + --conf-path=/etc/nginx/nginx.conf \ + --error-log-path=/var/log/nginx/error.log \ + --http-log-path=/var/log/nginx/access.log \ + --pid-path=/var/run/nginx.pid \ + --lock-path=/var/run/nginx.lock \ + --http-client-body-temp-path=/var/cache/nginx/client_temp \ + --http-proxy-temp-path=/var/cache/nginx/proxy_temp \ + --http-fastcgi-temp-path=/var/cache/nginx/fastcgi_temp \ + --http-uwsgi-temp-path=/var/cache/nginx/uwsgi_temp \ + --http-scgi-temp-path=/var/cache/nginx/scgi_temp \ + --with-perl_modules_path=/usr/lib/perl5/vendor_perl \ + --user=nginx \ + --group=nginx \ + --with-compat \ + --with-file-aio \ + --with-threads \ + --with-http_addition_module \ + --with-http_auth_request_module \ + --with-http_dav_module \ + --with-http_flv_module \ + --with-http_gunzip_module \ + --with-http_gzip_static_module \ + --with-http_mp4_module \ + --with-http_random_index_module \ + --with-http_realip_module \ + --with-http_secure_link_module \ + --with-http_slice_module \ + --with-http_ssl_module \ + --with-http_stub_status_module \ + --with-http_sub_module \ + --with-http_v2_module \ + --with-mail \ + --with-mail_ssl_module \ + --with-stream \ + --with-stream_realip_module \ + --with-stream_ssl_module \ + --with-stream_ssl_preread_module \ + --add-module=/lua-nginx-module-${VER_LUA_NGINX_MODULE} \ + --add-module=/ngx_devel_kit-${VER_NGX_DEVEL_KIT} \ + --add-module=/lua-upstream-nginx-module-${VER_LUA_UPSTREAM} \ +" +ENV NGINX_BUILD_CONFIG=$NGINX_BUILD_CONFIG + +ARG BUILD_DEPS="\ + ca-certificates \ + curl \ + g++ \ + libgeoip-dev \ + libpcre3-dev \ + libssl-dev \ + make \ + unzip \ + zlib1g-dev \ +" +ENV BUILD_DEPS=$BUILD_DEPS + +ARG NGINX_BUILD_DEPS="" +ENV NGINX_BUILD_DEPS=$NGINX_BUILD_DEPS + +ENV DEBIAN_FRONTEND noninteractive + +#################################### +# Build Nginx with support for LUA # +#################################### +FROM base AS builder + +COPY tpl/Makefile Makefile + +# TODO: NGINX_BUILD_CONFIG not updated +# hadolint ignore=SC2086 +RUN set -eux \ + && apt-get update \ + && apt-get install -y --no-install-recommends --no-install-suggests \ + apt-utils \ + && apt-get install -y --no-install-recommends --no-install-suggests \ + $BUILD_DEPS \ + $NGINX_BUILD_DEPS \ + && [ $EXTENDED_IMAGE -eq 1 ] && \ + NGINX_BUILD_CONFIG="${NGINX_BUILD_CONFIG} \ + --add-module=/headers-more-nginx-module-${VER_OPENRESTY_HEADERS} \ + --add-module=/stream-lua-nginx-module-${VER_OPENRESTY_STREAMLUA} \ + " \ + && make -j "$(nproc)" lua-src \ + && make -j "$(nproc)" deps \ + && make -j "$(nproc)" core \ + && make -j "$(nproc)" luarocks \ + && rm -rf /var/lib/apt/lists/* + +RUN set -eux \ +# envsubst +# ############################################################################## + && apt-get update \ + && apt-get install -y --no-install-recommends --no-install-suggests \ + gettext-base \ + && rm -rf /var/lib/apt/lists/* + +########################################## +# Combine everything with minimal layers # +########################################## +FROM base + +# http://label-schema.org/rc1/ +LABEL maintainer="Fabio Cicerchia " \ + org.label-schema.build-date=$BUILD_DATE \ + org.label-schema.description="Nginx $VER_NGINX with Lua support based on $DOCKER_IMAGE_OS $DOCKER_IMAGE_TAG." \ + org.label-schema.docker.cmd="docker run -p 80:80 -d $DOCKER_IMAGE:$VER_NGINX-$DOCKER_IMAGE_OS$DOCKER_IMAGE_TAG" \ + org.label-schema.name="$DOCKER_IMAGE" \ + org.label-schema.schema-version="1.0" \ + org.label-schema.url="https://github.com/$DOCKER_IMAGE" \ + org.label-schema.vcs-ref=$VCS_REF \ + org.label-schema.vcs-url="https://github.com/$DOCKER_IMAGE" \ + org.label-schema.version="$VER_NGINX-$DOCKER_IMAGE_OS$DOCKER_IMAGE_TAG" \ + versions.extended=${EXTENDED_IMAGE} \ + versions.headers-more-nginx-module=${VER_OPENRESTY_HEADERS} \ + versions.lua=${VER_LUA} \ + versions.luarocks=${VER_LUAROCKS} \ + versions.lua-nginx-module=${VER_LUA_NGINX_MODULE} \ + versions.lua-resty-cookie=${VER_CLOUDFLARE_COOKIE} \ + versions.lua-resty-core=${VER_LUA_RESTY_CORE} \ + versions.lua-resty-dns=${VER_OPENRESTY_DNS} \ + versions.lua-resty-lrucache=${VER_LUA_RESTY_LRUCACHE} \ + versions.lua-resty-memcached=${VER_OPENRESTY_MEMCACHED} \ + versions.lua-resty-mysql=${VER_OPENRESTY_MYSQL} \ + versions.lua-resty-redis=${VER_OPENRESTY_REDIS} \ + versions.lua-resty-shell=${VER_OPENRESTY_SHELL} \ + versions.lua-resty-upstream-healthcheck=${VER_OPENRESTY_HEALTHCHECK} \ + versions.lua-resty-websocket=${VER_OPENRESTY_WEBSOCKET} \ + versions.lua-upstream=${VER_LUA_UPSTREAM} \ + versions.luajit2=${VER_LUAJIT} \ + versions.nginx-lua-prometheus=${VER_PROMETHEUS} \ + versions.nginx=${VER_NGINX} \ + versions.ngx_devel_kit=${VER_NGX_DEVEL_KIT} \ + versions.os=${DOCKER_IMAGE_TAG} \ + versions.stream-lua-nginx-module=${VER_OPENRESTY_STREAMLUA} + +ARG PKG_DEPS="\ + ca-certificates \ + libgeoip-dev \ + libpcre3-dev \ + libssl-dev \ + unzip \ + zlib1g-dev \ +" +ENV PKG_DEPS=$PKG_DEPS + +COPY --from=builder /etc/nginx /etc/nginx +COPY --from=builder /usr/local/lib /usr/local/lib +COPY --from=builder /usr/local/share/lua /usr/local/share/lua +COPY --from=builder /usr/sbin/nginx /usr/sbin/nginx +COPY --from=builder /usr/sbin/nginx-debug /usr/sbin/nginx-debug +COPY --from=builder /var/cache/nginx /var/cache/nginx +COPY --from=builder /usr/bin/envsubst /usr/local/bin/envsubst +COPY --from=builder /usr/local/bin/lua /usr/local/bin/lua +COPY --from=builder /usr/local/bin/luajit /usr/local/bin/luajit +COPY --from=builder /usr/local/bin/luarocks /usr/local/bin/luarocks +COPY --from=builder /usr/local/etc/luarocks /usr/local/etc/luarocks +COPY --from=builder $LUAJIT_INC $LUAJIT_INC + +SHELL ["/bin/bash", "-o", "pipefail", "-c"] + +ENV DEBIAN_FRONTEND noninteractive + +# hadolint ignore=SC2086 +RUN set -eux \ + && apt-get update \ + && apt-get install -y --no-install-recommends --no-install-suggests \ + $PKG_DEPS \ +# Bring in tzdata so users could set the timezones through the environment +# variables + && apt-get install -y --no-install-recommends --no-install-suggests tzdata \ +# Bring in curl and ca-certificates to make registering on DNS SD easier + && apt-get install -y --no-install-recommends --no-install-suggests curl ca-certificates \ +# forward request and error logs to docker log collector + && mkdir -p /var/log/nginx \ + && ln -sf /dev/stdout /var/log/nginx/access.log \ + && ln -sf /dev/stderr /var/log/nginx/error.log \ +# create nginx user/group first, to be consistent throughout docker variants + && addgroup --system --gid 101 nginx \ + && adduser --system --disabled-login --ingroup nginx --no-create-home --home /nonexistent --gecos "nginx user" --shell /bin/false --uid 101 nginx \ + && mkdir /docker-entrypoint.d \ +# Cleanup +# ############################################################################## + && apt-get autoremove -y \ + && rm -rf /var/lib/apt/lists/* + +COPY tpl/support.sh / +COPY tpl/docker-entrypoint.sh / +COPY tpl/10-listen-on-ipv6-by-default.sh /docker-entrypoint.d/ +COPY tpl/20-envsubst-on-templates.sh /docker-entrypoint.d/ +COPY tpl/nginx.conf /etc/nginx/nginx.conf +COPY tpl/default.conf /etc/nginx/conf.d/default.conf + +# smoke test +# ############################################################################## +RUN envsubst -V \ + && nginx -V \ + && nginx -t \ + && lua -v \ + && luarocks --version + +EXPOSE 80 443 + +HEALTHCHECK --interval=30s --timeout=3s CMD curl --fail http://localhost/ || exit 1 + +# Override stop signal to stop process gracefully +STOPSIGNAL SIGQUIT + +ENTRYPOINT ["/docker-entrypoint.sh"] + +CMD ["nginx", "-g", "daemon off;"] diff --git a/test/nginx-lua.conf b/test/nginx-lua.conf index fdf785bd..71ef651a 100644 --- a/test/nginx-lua.conf +++ b/test/nginx-lua.conf @@ -53,6 +53,7 @@ http { end } + lua_package_cpath '/usr/local/lib/lua/5.4/?.so;;'; server { listen 80; server_name localhost; @@ -180,7 +181,7 @@ http { } } # REF: https://github.com/cloudflare/lua-resty-cookie - location /test { + location /cookie { content_by_lua ' local ck = require "resty.cookie" local cookie, err = ck:new() @@ -239,6 +240,14 @@ http { more_set_input_headers -t 'text/plain' 'X-Foo: bah'; } more_set_input_headers -r 'X-Foo: howdy'; + + # REF: https://github.com/openresty/lua-cjson + location /cjson { + content_by_lua ' + local cjson = require "cjson" + ngx.say("read: ", cjson.encode({0, 1})) + '; + } } # TODO: Add https://github.com/openresty/lua-resty-lrucache diff --git a/tpl/Dockerfile.alpine b/tpl/Dockerfile.alpine index a1b1e979..2b186836 100644 --- a/tpl/Dockerfile.alpine +++ b/tpl/Dockerfile.alpine @@ -115,7 +115,7 @@ ENV VER_OPENRESTY_WEBSOCKET=$VER_OPENRESTY_WEBSOCKET # lua-rocks # https://luarocks.github.io/luarocks/releases/ -ARG VER_LUAROCKS=3.7.0 +ARG VER_LUAROCKS=3.8.0 ENV VER_LUAROCKS=$VER_LUAROCKS # lua-upstream-nginx-module diff --git a/tpl/Dockerfile.alpine-compat b/tpl/Dockerfile.alpine-compat new file mode 100644 index 00000000..79907833 --- /dev/null +++ b/tpl/Dockerfile.alpine-compat @@ -0,0 +1,369 @@ +# __ __ +# .-----.-----.|__|.-----.--.--.______| |.--.--.---.-. +# | | _ || || |_ _|______| || | | _ | +# |__|__|___ ||__||__|__|__.__| |__||_____|___._| +# |_____| +# +# Copyright (c) 2020 Fabio Cicerchia. https://fabiocicerchia.it. MIT License +# Repo: https://github.com/fabiocicerchia/nginx-lua + +############################# +# Settings Common Variables # +############################# +FROM {{DOCKER_IMAGE_OS}}:{{DOCKER_IMAGE_TAG}} AS base + +ARG DOCKER_IMAGE={{DOCKER_IMAGE}} +ENV DOCKER_IMAGE=$DOCKER_IMAGE +ARG DOCKER_IMAGE_OS={{DOCKER_IMAGE_OS}} +ENV DOCKER_IMAGE_OS=$DOCKER_IMAGE_OS +ARG DOCKER_IMAGE_TAG={{DOCKER_IMAGE_TAG}} +ENV DOCKER_IMAGE_TAG=$DOCKER_IMAGE_TAG + +ARG BUILD_DATE +ENV BUILD_DATE=$BUILD_DATE +ARG VCS_REF +ENV VCS_REF=$VCS_REF + +ARG EXTENDED_IMAGE=1 +ENV EXTENDED_IMAGE=$EXTENDED_IMAGE + +# lua +ARG VER_LUA=5.4.3 +ENV VER_LUA=$VER_LUA + +# ngx_devel_kit +# https://github.com/vision5/ngx_devel_kit/releases +# The NDK is now considered to be stable. +ARG VER_NGX_DEVEL_KIT=0.3.1 +ENV VER_NGX_DEVEL_KIT=$VER_NGX_DEVEL_KIT + +# luajit2 +# https://github.com/openresty/luajit2/releases +ARG VER_LUAJIT=2.1-20210510 +ENV VER_LUAJIT=$VER_LUAJIT +ARG LUAJIT_LIB=/usr/local/lib +ENV LUAJIT_LIB=$LUAJIT_LIB +ARG LUAJIT_INC=/usr/local/include/luajit-2.1 +ENV LUAJIT_INC=$LUAJIT_INC +ENV LUA_INCDIR=$LUAJIT_INC +ARG LD_LIBRARY_PATH=/usr/local/lib/:$LD_LIBRARY_PATH +ENV LD_LIBRARY_PATH=$LD_LIBRARY_PATH + +# lua-nginx-module +# https://github.com/openresty/lua-nginx-module/releases +# Production ready. +ARG VER_LUA_NGINX_MODULE=0.10.20 +ENV VER_LUA_NGINX_MODULE=$VER_LUA_NGINX_MODULE + +# lua-resty-core +# https://github.com/openresty/lua-resty-core/releases +# This library is production ready. +ARG VER_LUA_RESTY_CORE=0.1.22 +ENV VER_LUA_RESTY_CORE=$VER_LUA_RESTY_CORE +ARG LUA_LIB_DIR=/usr/local/share/lua/5.1 +ENV LUA_LIB_DIR=$LUA_LIB_DIR + +# lua-resty-lrucache +# https://github.com/openresty/lua-resty-lrucache/releases +# This library is considered production ready. +ARG VER_LUA_RESTY_LRUCACHE=0.11 +ENV VER_LUA_RESTY_LRUCACHE=$VER_LUA_RESTY_LRUCACHE + +# headers-more-nginx-module +# https://github.com/openresty/headers-more-nginx-module/commits/master +ARG VER_OPENRESTY_HEADERS=d6d7ebab3c0c5b32ab421ba186783d3e5d2c6a17 +ENV VER_OPENRESTY_HEADERS=$VER_OPENRESTY_HEADERS + +# lua-resty-cookie +# https://github.com/cloudflare/lua-resty-cookie/commits/master +ARG VER_CLOUDFLARE_COOKIE=303e32e512defced053a6484bc0745cf9dc0d39e +ENV VER_CLOUDFLARE_COOKIE=$VER_CLOUDFLARE_COOKIE + +# lua-resty-dns +# https://github.com/openresty/lua-resty-dns/releases +ARG VER_OPENRESTY_DNS=0.22 +ENV VER_OPENRESTY_DNS=$VER_OPENRESTY_DNS + +# lua-resty-memcached +# https://github.com/openresty/lua-resty-memcached/releases +ARG VER_OPENRESTY_MEMCACHED=0.16 +ENV VER_OPENRESTY_MEMCACHED=$VER_OPENRESTY_MEMCACHED + +# lua-resty-mysql +# https://github.com/openresty/lua-resty-mysql/releases +ARG VER_OPENRESTY_MYSQL=0.24 +ENV VER_OPENRESTY_MYSQL=$VER_OPENRESTY_MYSQL + +# lua-resty-redis +# https://github.com/openresty/lua-resty-redis/releases +ARG VER_OPENRESTY_REDIS=0.29 +ENV VER_OPENRESTY_REDIS=$VER_OPENRESTY_REDIS + +# lua-resty-shell +# https://github.com/openresty/lua-resty-shell/releases +ARG VER_OPENRESTY_SHELL=0.03 +ENV VER_OPENRESTY_SHELL=$VER_OPENRESTY_SHELL + +# lua-resty-upstream-healthcheck +# https://github.com/openresty/lua-resty-upstream-healthcheck/releases +ARG VER_OPENRESTY_HEALTHCHECK=0.06 +ENV VER_OPENRESTY_HEALTHCHECK=$VER_OPENRESTY_HEALTHCHECK + +# lua-resty-websocket +# https://github.com/openresty/lua-resty-websocket/releases +ARG VER_OPENRESTY_WEBSOCKET=0.08 +ENV VER_OPENRESTY_WEBSOCKET=$VER_OPENRESTY_WEBSOCKET + +# lua-rocks +# https://luarocks.github.io/luarocks/releases/ +ARG VER_LUAROCKS=3.8.0 +ENV VER_LUAROCKS=$VER_LUAROCKS + +# lua-upstream-nginx-module +# https://github.com/openresty/lua-upstream-nginx-module/releases +ARG VER_LUA_UPSTREAM=0.07 +ENV VER_LUA_UPSTREAM=$VER_LUA_UPSTREAM + +# nginx-lua-prometheus +# https://github.com/knyar/nginx-lua-prometheus/releases +ARG VER_PROMETHEUS=0.20210206 +ENV VER_PROMETHEUS=$VER_PROMETHEUS + +# stream-lua-nginx-module +# https://github.com/openresty/stream-lua-nginx-module/releases +ARG VER_OPENRESTY_STREAMLUA=0.0.10 +ENV VER_OPENRESTY_STREAMLUA=$VER_OPENRESTY_STREAMLUA + +# https://github.com/nginx/nginx/releases +ARG VER_NGINX={{VER_NGINX}} +ENV VER_NGINX=$VER_NGINX +ARG NGX_CFLAGS="-g -O2 -fstack-protector-strong -Wformat -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -fPIC" +ENV NGX_CFLAGS=$NGX_CFLAGS +ARG NGX_LDOPT="-Wl,-rpath,/usr/local/lib -Wl,-z,relro -Wl,-z,now -Wl,--as-needed -pie" +ENV NGX_LDOPT=$NGX_LDOPT +ARG NGINX_BUILD_CONFIG="\ + --prefix=/etc/nginx \ + --sbin-path=/usr/sbin/nginx \ + --modules-path=/usr/lib/nginx/modules \ + --conf-path=/etc/nginx/nginx.conf \ + --error-log-path=/var/log/nginx/error.log \ + --http-log-path=/var/log/nginx/access.log \ + --pid-path=/var/run/nginx.pid \ + --lock-path=/var/run/nginx.lock \ + --http-client-body-temp-path=/var/cache/nginx/client_temp \ + --http-proxy-temp-path=/var/cache/nginx/proxy_temp \ + --http-fastcgi-temp-path=/var/cache/nginx/fastcgi_temp \ + --http-uwsgi-temp-path=/var/cache/nginx/uwsgi_temp \ + --http-scgi-temp-path=/var/cache/nginx/scgi_temp \ + --with-perl_modules_path=/usr/lib/perl5/vendor_perl \ + --user=nginx \ + --group=nginx \ + --with-compat \ + --with-file-aio \ + --with-threads \ + --with-http_addition_module \ + --with-http_auth_request_module \ + --with-http_dav_module \ + --with-http_flv_module \ + --with-http_gunzip_module \ + --with-http_gzip_static_module \ + --with-http_mp4_module \ + --with-http_random_index_module \ + --with-http_realip_module \ + --with-http_secure_link_module \ + --with-http_slice_module \ + --with-http_ssl_module \ + --with-http_stub_status_module \ + --with-http_sub_module \ + --with-http_v2_module \ + --with-mail \ + --with-mail_ssl_module \ + --with-stream \ + --with-stream_realip_module \ + --with-stream_ssl_module \ + --with-stream_ssl_preread_module \ + --add-module=/lua-nginx-module-${VER_LUA_NGINX_MODULE} \ + --add-module=/ngx_devel_kit-${VER_NGX_DEVEL_KIT} \ + --add-module=/lua-upstream-nginx-module-${VER_LUA_UPSTREAM} \ +" +ENV NGINX_BUILD_CONFIG=$NGINX_BUILD_CONFIG + +ARG BUILD_DEPS="\ + curl \ + g++ \ + geoip-dev \ + gzip \ + make \ + openssl-dev \ + pcre-dev \ + tar \ + zlib-dev \ +" +ENV BUILD_DEPS=$BUILD_DEPS + +ARG NGINX_BUILD_DEPS="\ +# NGINX + alpine-sdk \ + bash \ + findutils \ + gcc \ + gd-dev \ + geoip-dev \ + libc-dev \ + libedit-dev \ + libxslt-dev \ + linux-headers \ + make \ + openssl-dev \ + pcre-dev \ + perl-dev \ + zlib-dev \ +" +ENV NGINX_BUILD_DEPS=$NGINX_BUILD_DEPS + +#################################### +# Build Nginx with support for LUA # +#################################### +FROM base AS builder + +COPY tpl/Makefile Makefile + +# TODO: NGINX_BUILD_CONFIG not updated +# hadolint ignore=SC2086 +RUN set -eux \ + && apk update \ + && apk add --no-cache \ + $BUILD_DEPS \ + $NGINX_BUILD_DEPS \ + && [ $EXTENDED_IMAGE -eq 1 ] && \ + NGINX_BUILD_CONFIG="${NGINX_BUILD_CONFIG} \ + --add-module=/headers-more-nginx-module-${VER_OPENRESTY_HEADERS} \ + --add-module=/stream-lua-nginx-module-${VER_OPENRESTY_STREAMLUA} \ + " \ + && make -j "$(nproc)" lua-src \ + && make -j "$(nproc)" deps \ + && make -j "$(nproc)" core \ + && make -j "$(nproc)" luarocks + +########################################## +# Combine everything with minimal layers # +########################################## +FROM base + +# http://label-schema.org/rc1/ +LABEL maintainer="Fabio Cicerchia " \ + org.label-schema.build-date=$BUILD_DATE \ + org.label-schema.description="Nginx $VER_NGINX with Lua support based on $DOCKER_IMAGE_OS $DOCKER_IMAGE_TAG." \ + org.label-schema.docker.cmd="docker run -p 80:80 -d $DOCKER_IMAGE:$VER_NGINX-$DOCKER_IMAGE_OS$DOCKER_IMAGE_TAG" \ + org.label-schema.name="$DOCKER_IMAGE" \ + org.label-schema.schema-version="1.0" \ + org.label-schema.url="https://github.com/$DOCKER_IMAGE" \ + org.label-schema.vcs-ref=$VCS_REF \ + org.label-schema.vcs-url="https://github.com/$DOCKER_IMAGE" \ + org.label-schema.version="$VER_NGINX-$DOCKER_IMAGE_OS$DOCKER_IMAGE_TAG" \ + versions.extended=${EXTENDED_IMAGE} \ + versions.headers-more-nginx-module=${VER_OPENRESTY_HEADERS} \ + versions.lua=${VER_LUA} \ + versions.luarocks=${VER_LUAROCKS} \ + versions.lua-nginx-module=${VER_LUA_NGINX_MODULE} \ + versions.lua-resty-cookie=${VER_CLOUDFLARE_COOKIE} \ + versions.lua-resty-core=${VER_LUA_RESTY_CORE} \ + versions.lua-resty-dns=${VER_OPENRESTY_DNS} \ + versions.lua-resty-lrucache=${VER_LUA_RESTY_LRUCACHE} \ + versions.lua-resty-memcached=${VER_OPENRESTY_MEMCACHED} \ + versions.lua-resty-mysql=${VER_OPENRESTY_MYSQL} \ + versions.lua-resty-redis=${VER_OPENRESTY_REDIS} \ + versions.lua-resty-shell=${VER_OPENRESTY_SHELL} \ + versions.lua-resty-upstream-healthcheck=${VER_OPENRESTY_HEALTHCHECK} \ + versions.lua-resty-websocket=${VER_OPENRESTY_WEBSOCKET} \ + versions.lua-upstream=${VER_LUA_UPSTREAM} \ + versions.luajit2=${VER_LUAJIT} \ + versions.nginx-lua-prometheus=${VER_PROMETHEUS} \ + versions.nginx=${VER_NGINX} \ + versions.ngx_devel_kit=${VER_NGX_DEVEL_KIT} \ + versions.os=${DOCKER_IMAGE_TAG} \ + versions.stream-lua-nginx-module=${VER_OPENRESTY_STREAMLUA} + +ARG PKG_DEPS="\ + geoip-dev \ + openssl-dev \ + pcre-dev \ + unzip \ + zlib-dev \ +" +ENV PKG_DEPS=$PKG_DEPS + +COPY --from=builder /etc/nginx /etc/nginx +COPY --from=builder /usr/local/lib /usr/local/lib +COPY --from=builder /usr/local/share/lua /usr/local/share/lua +COPY --from=builder /usr/sbin/nginx /usr/sbin/nginx +COPY --from=builder /usr/sbin/nginx-debug /usr/sbin/nginx-debug +COPY --from=builder /var/cache/nginx /var/cache/nginx +COPY --from=builder /usr/local/bin/lua /usr/local/bin/lua +COPY --from=builder /usr/local/bin/luajit /usr/local/bin/luajit +COPY --from=builder /usr/local/bin/luarocks /usr/local/bin/luarocks +COPY --from=builder /usr/local/etc/luarocks /usr/local/etc/luarocks +COPY --from=builder $LUAJIT_INC $LUAJIT_INC + +SHELL ["/bin/ash", "-eo", "pipefail", "-c"] + +# hadolint ignore=SC2086 +RUN set -eux \ + && apk update \ + && apk add --no-cache --virtual .pkg_deps \ + $PKG_DEPS \ +# Bring in gettext so we can get `envsubst`, then throw +# the rest away. To do this, we need to install `gettext` +# then move `envsubst` out of the way so `gettext` can +# be deleted completely, then move `envsubst` back. + && apk add --no-cache --virtual .gettext gettext \ + && mv /usr/bin/envsubst /tmp/ \ + && runDeps="$( \ + scanelf --needed --nobanner /tmp/envsubst \ + | awk '{ gsub(/,/, "\nso:", $2); print "so:" $2 }' \ + | sort -u \ + | xargs -r apk info --installed \ + | sort -u \ + )" \ + && apk add --no-cache --virtual .run_deps $runDeps \ + && apk del .gettext \ + && mv /tmp/envsubst /usr/local/bin/ \ +# Bring in tzdata so users could set the timezones through the environment +# variables + && apk add --no-cache --virtual pkg_tz tzdata \ +# Bring in curl and ca-certificates to make registering on DNS SD easier + && apk add --no-cache --virtual pkg_dns curl ca-certificates \ +# forward request and error logs to docker log collector + && mkdir -p /var/log/nginx \ + && ln -sf /dev/stdout /var/log/nginx/access.log \ + && ln -sf /dev/stderr /var/log/nginx/error.log \ +# create nginx user/group first, to be consistent throughout docker variants + && addgroup -g 101 -S nginx \ + && adduser -S -D -H -u 101 -h /var/cache/nginx -s /sbin/nologin -G nginx -g nginx nginx \ + && mkdir /docker-entrypoint.d + +COPY tpl/support.sh / +COPY tpl/docker-entrypoint.sh / +COPY tpl/10-listen-on-ipv6-by-default.sh /docker-entrypoint.d/ +COPY tpl/20-envsubst-on-templates.sh /docker-entrypoint.d/ +COPY tpl/nginx.conf /etc/nginx/nginx.conf +COPY tpl/default.conf /etc/nginx/conf.d/default.conf + +# smoke test +# ############################################################################## +RUN envsubst -V \ + && nginx -V \ + && nginx -t \ + && lua -v \ + && luarocks --version + +EXPOSE 80 443 + +HEALTHCHECK --interval=30s --timeout=3s CMD curl --fail http://localhost/ || exit 1 + +# Override stop signal to stop process gracefully +STOPSIGNAL SIGQUIT + +ENTRYPOINT ["/docker-entrypoint.sh"] + +CMD ["nginx", "-g", "daemon off;"] diff --git a/tpl/Dockerfile.amazonlinux b/tpl/Dockerfile.amazonlinux index e70bb4af..84853f4b 100644 --- a/tpl/Dockerfile.amazonlinux +++ b/tpl/Dockerfile.amazonlinux @@ -115,7 +115,7 @@ ENV VER_OPENRESTY_WEBSOCKET=$VER_OPENRESTY_WEBSOCKET # lua-rocks # https://luarocks.github.io/luarocks/releases/ -ARG VER_LUAROCKS=3.7.0 +ARG VER_LUAROCKS=3.8.0 ENV VER_LUAROCKS=$VER_LUAROCKS # lua-upstream-nginx-module @@ -227,7 +227,7 @@ RUN set -eux \ " \ && make -j "$(nproc)" deps \ && make -j "$(nproc)" core \ - && make luarocks \ + && make -j "$(nproc)" luarocks \ && yum clean all \ && rm -rf /var/cache/yum diff --git a/tpl/Dockerfile.amazonlinux-compat b/tpl/Dockerfile.amazonlinux-compat new file mode 100644 index 00000000..0daa6822 --- /dev/null +++ b/tpl/Dockerfile.amazonlinux-compat @@ -0,0 +1,357 @@ +# __ __ +# .-----.-----.|__|.-----.--.--.______| |.--.--.---.-. +# | | _ || || |_ _|______| || | | _ | +# |__|__|___ ||__||__|__|__.__| |__||_____|___._| +# |_____| +# +# Copyright (c) 2020 Fabio Cicerchia. https://fabiocicerchia.it. MIT License +# Repo: https://github.com/fabiocicerchia/nginx-lua + +############################# +# Settings Common Variables # +############################# +FROM {{DOCKER_IMAGE_OS}}:{{DOCKER_IMAGE_TAG}} AS base + +ARG DOCKER_IMAGE={{DOCKER_IMAGE}} +ENV DOCKER_IMAGE=$DOCKER_IMAGE +ARG DOCKER_IMAGE_OS={{DOCKER_IMAGE_OS}} +ENV DOCKER_IMAGE_OS=$DOCKER_IMAGE_OS +ARG DOCKER_IMAGE_TAG={{DOCKER_IMAGE_TAG}} +ENV DOCKER_IMAGE_TAG=$DOCKER_IMAGE_TAG + +ARG BUILD_DATE +ENV BUILD_DATE=$BUILD_DATE +ARG VCS_REF +ENV VCS_REF=$VCS_REF + +ARG EXTENDED_IMAGE=1 +ENV EXTENDED_IMAGE=$EXTENDED_IMAGE + +# lua +ARG VER_LUA=5.4.3 +ENV VER_LUA=$VER_LUA + +# ngx_devel_kit +# https://github.com/vision5/ngx_devel_kit/releases +# The NDK is now considered to be stable. +ARG VER_NGX_DEVEL_KIT=0.3.1 +ENV VER_NGX_DEVEL_KIT=$VER_NGX_DEVEL_KIT + +# luajit2 +# https://github.com/openresty/luajit2/releases +ARG VER_LUAJIT=2.1-20210510 +ENV VER_LUAJIT=$VER_LUAJIT +ARG LUAJIT_LIB=/usr/local/lib +ENV LUAJIT_LIB=$LUAJIT_LIB +ARG LUAJIT_INC=/usr/local/include/luajit-2.1 +ENV LUAJIT_INC=$LUAJIT_INC +ENV LUA_INCDIR=$LUAJIT_INC +ARG LD_LIBRARY_PATH=/usr/local/lib/:$LD_LIBRARY_PATH +ENV LD_LIBRARY_PATH=$LD_LIBRARY_PATH + +# lua-nginx-module +# https://github.com/openresty/lua-nginx-module/releases +# Production ready. +ARG VER_LUA_NGINX_MODULE=0.10.20 +ENV VER_LUA_NGINX_MODULE=$VER_LUA_NGINX_MODULE + +# lua-resty-core +# https://github.com/openresty/lua-resty-core/releases +# This library is production ready. +ARG VER_LUA_RESTY_CORE=0.1.22 +ENV VER_LUA_RESTY_CORE=$VER_LUA_RESTY_CORE +ARG LUA_LIB_DIR=/usr/local/share/lua/5.1 +ENV LUA_LIB_DIR=$LUA_LIB_DIR + +# lua-resty-lrucache +# https://github.com/openresty/lua-resty-lrucache/releases +# This library is considered production ready. +ARG VER_LUA_RESTY_LRUCACHE=0.11 +ENV VER_LUA_RESTY_LRUCACHE=$VER_LUA_RESTY_LRUCACHE + +# headers-more-nginx-module +# https://github.com/openresty/headers-more-nginx-module/commits/master +ARG VER_OPENRESTY_HEADERS=d6d7ebab3c0c5b32ab421ba186783d3e5d2c6a17 +ENV VER_OPENRESTY_HEADERS=$VER_OPENRESTY_HEADERS + +# lua-resty-cookie +# https://github.com/cloudflare/lua-resty-cookie/commits/master +ARG VER_CLOUDFLARE_COOKIE=303e32e512defced053a6484bc0745cf9dc0d39e +ENV VER_CLOUDFLARE_COOKIE=$VER_CLOUDFLARE_COOKIE + +# lua-resty-dns +# https://github.com/openresty/lua-resty-dns/releases +ARG VER_OPENRESTY_DNS=0.22 +ENV VER_OPENRESTY_DNS=$VER_OPENRESTY_DNS + +# lua-resty-memcached +# https://github.com/openresty/lua-resty-memcached/releases +ARG VER_OPENRESTY_MEMCACHED=0.16 +ENV VER_OPENRESTY_MEMCACHED=$VER_OPENRESTY_MEMCACHED + +# lua-resty-mysql +# https://github.com/openresty/lua-resty-mysql/releases +ARG VER_OPENRESTY_MYSQL=0.24 +ENV VER_OPENRESTY_MYSQL=$VER_OPENRESTY_MYSQL + +# lua-resty-redis +# https://github.com/openresty/lua-resty-redis/releases +ARG VER_OPENRESTY_REDIS=0.29 +ENV VER_OPENRESTY_REDIS=$VER_OPENRESTY_REDIS + +# lua-resty-shell +# https://github.com/openresty/lua-resty-shell/releases +ARG VER_OPENRESTY_SHELL=0.03 +ENV VER_OPENRESTY_SHELL=$VER_OPENRESTY_SHELL + +# lua-resty-upstream-healthcheck +# https://github.com/openresty/lua-resty-upstream-healthcheck/releases +ARG VER_OPENRESTY_HEALTHCHECK=0.06 +ENV VER_OPENRESTY_HEALTHCHECK=$VER_OPENRESTY_HEALTHCHECK + +# lua-resty-websocket +# https://github.com/openresty/lua-resty-websocket/releases +ARG VER_OPENRESTY_WEBSOCKET=0.08 +ENV VER_OPENRESTY_WEBSOCKET=$VER_OPENRESTY_WEBSOCKET + +# lua-rocks +# https://luarocks.github.io/luarocks/releases/ +ARG VER_LUAROCKS=3.8.0 +ENV VER_LUAROCKS=$VER_LUAROCKS + +# lua-upstream-nginx-module +# https://github.com/openresty/lua-upstream-nginx-module/releases +ARG VER_LUA_UPSTREAM=0.07 +ENV VER_LUA_UPSTREAM=$VER_LUA_UPSTREAM + +# nginx-lua-prometheus +# https://github.com/knyar/nginx-lua-prometheus/releases +ARG VER_PROMETHEUS=0.20210206 +ENV VER_PROMETHEUS=$VER_PROMETHEUS + +# stream-lua-nginx-module +# https://github.com/openresty/stream-lua-nginx-module/releases +ARG VER_OPENRESTY_STREAMLUA=0.0.10 +ENV VER_OPENRESTY_STREAMLUA=$VER_OPENRESTY_STREAMLUA + +# https://github.com/nginx/nginx/releases +ARG VER_NGINX={{VER_NGINX}} +ENV VER_NGINX=$VER_NGINX +ARG NGX_CFLAGS="-g -O2 -fstack-protector-strong -Wformat -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -fPIC" +ENV NGX_CFLAGS=$NGX_CFLAGS +ARG NGX_LDOPT="-Wl,-rpath,/usr/local/lib -Wl,-z,relro -Wl,-z,now -Wl,--as-needed -pie" +ENV NGX_LDOPT=$NGX_LDOPT +ARG NGINX_BUILD_CONFIG="\ + --prefix=/etc/nginx \ + --sbin-path=/usr/sbin/nginx \ + --modules-path=/usr/lib/nginx/modules \ + --conf-path=/etc/nginx/nginx.conf \ + --error-log-path=/var/log/nginx/error.log \ + --http-log-path=/var/log/nginx/access.log \ + --pid-path=/var/run/nginx.pid \ + --lock-path=/var/run/nginx.lock \ + --http-client-body-temp-path=/var/cache/nginx/client_temp \ + --http-proxy-temp-path=/var/cache/nginx/proxy_temp \ + --http-fastcgi-temp-path=/var/cache/nginx/fastcgi_temp \ + --http-uwsgi-temp-path=/var/cache/nginx/uwsgi_temp \ + --http-scgi-temp-path=/var/cache/nginx/scgi_temp \ + --with-perl_modules_path=/usr/lib/perl5/vendor_perl \ + --user=nginx \ + --group=nginx \ + --with-compat \ + --with-file-aio \ + --with-threads \ + --with-http_addition_module \ + --with-http_auth_request_module \ + --with-http_dav_module \ + --with-http_flv_module \ + --with-http_gunzip_module \ + --with-http_gzip_static_module \ + --with-http_mp4_module \ + --with-http_random_index_module \ + --with-http_realip_module \ + --with-http_secure_link_module \ + --with-http_slice_module \ + --with-http_ssl_module \ + --with-http_stub_status_module \ + --with-http_sub_module \ + --with-http_v2_module \ + --with-mail \ + --with-mail_ssl_module \ + --with-stream \ + --with-stream_realip_module \ + --with-stream_ssl_module \ + --with-stream_ssl_preread_module \ + --add-module=/lua-nginx-module-${VER_LUA_NGINX_MODULE} \ + --add-module=/ngx_devel_kit-${VER_NGX_DEVEL_KIT} \ + --add-module=/lua-upstream-nginx-module-${VER_LUA_UPSTREAM} \ +" +ENV NGINX_BUILD_CONFIG=$NGINX_BUILD_CONFIG + +ARG BUILD_DEPS="\ + GeoIP-devel \ + ca-certificates \ + gcc-c++ \ + gzip \ + make \ + openssl-devel \ + pcre-devel \ + tar \ + unzip \ + zlib-devel \ +" +ENV BUILD_DEPS=$BUILD_DEPS + +ARG NGINX_BUILD_DEPS="" +ENV NGINX_BUILD_DEPS=$NGINX_BUILD_DEPS + +#################################### +# Build Nginx with support for LUA # +#################################### +FROM base AS builder + +COPY tpl/Makefile Makefile + +# TODO: NGINX_BUILD_CONFIG not updated +# hadolint ignore=SC2086 +RUN set -eux \ + && yum makecache \ + && yum install -y \ + $BUILD_DEPS \ + $NGINX_BUILD_DEPS \ + && [ $EXTENDED_IMAGE -eq 1 ] && \ + NGINX_BUILD_CONFIG="${NGINX_BUILD_CONFIG} \ + --add-module=/headers-more-nginx-module-${VER_OPENRESTY_HEADERS} \ + --add-module=/stream-lua-nginx-module-${VER_OPENRESTY_STREAMLUA} \ + " \ + && make -j "$(nproc)" lua-src \ + && make -j "$(nproc)" deps \ + && make -j "$(nproc)" core \ + && make -j "$(nproc)" luarocks \ + && yum clean all \ + && rm -rf /var/cache/yum + +RUN set -eux \ +# envsubst +# ############################################################################## + && yum makecache \ + && yum install -y \ + gettext \ + && yum clean all \ + && rm -rf /var/cache/yum + +########################################## +# Combine everything with minimal layers # +########################################## +FROM base + +# http://label-schema.org/rc1/ +LABEL maintainer="Fabio Cicerchia " \ + org.label-schema.build-date=$BUILD_DATE \ + org.label-schema.description="Nginx $VER_NGINX with Lua support based on $DOCKER_IMAGE_OS $DOCKER_IMAGE_TAG." \ + org.label-schema.docker.cmd="docker run -p 80:80 -d $DOCKER_IMAGE:$VER_NGINX-$DOCKER_IMAGE_OS$DOCKER_IMAGE_TAG" \ + org.label-schema.name="$DOCKER_IMAGE" \ + org.label-schema.schema-version="1.0" \ + org.label-schema.url="https://github.com/$DOCKER_IMAGE" \ + org.label-schema.vcs-ref=$VCS_REF \ + org.label-schema.vcs-url="https://github.com/$DOCKER_IMAGE" \ + org.label-schema.version="$VER_NGINX-$DOCKER_IMAGE_OS$DOCKER_IMAGE_TAG" \ + versions.extended=${EXTENDED_IMAGE} \ + versions.headers-more-nginx-module=${VER_OPENRESTY_HEADERS} \ + versions.lua=${VER_LUA} \ + versions.luarocks=${VER_LUAROCKS} \ + versions.lua-nginx-module=${VER_LUA_NGINX_MODULE} \ + versions.lua-resty-cookie=${VER_CLOUDFLARE_COOKIE} \ + versions.lua-resty-core=${VER_LUA_RESTY_CORE} \ + versions.lua-resty-dns=${VER_OPENRESTY_DNS} \ + versions.lua-resty-lrucache=${VER_LUA_RESTY_LRUCACHE} \ + versions.lua-resty-memcached=${VER_OPENRESTY_MEMCACHED} \ + versions.lua-resty-mysql=${VER_OPENRESTY_MYSQL} \ + versions.lua-resty-redis=${VER_OPENRESTY_REDIS} \ + versions.lua-resty-shell=${VER_OPENRESTY_SHELL} \ + versions.lua-resty-upstream-healthcheck=${VER_OPENRESTY_HEALTHCHECK} \ + versions.lua-resty-websocket=${VER_OPENRESTY_WEBSOCKET} \ + versions.lua-upstream=${VER_LUA_UPSTREAM} \ + versions.luajit2=${VER_LUAJIT} \ + versions.nginx-lua-prometheus=${VER_PROMETHEUS} \ + versions.nginx=${VER_NGINX} \ + versions.ngx_devel_kit=${VER_NGX_DEVEL_KIT} \ + versions.os=${DOCKER_IMAGE_TAG} \ + versions.stream-lua-nginx-module=${VER_OPENRESTY_STREAMLUA} + +ARG PKG_DEPS="\ + GeoIP-devel \ + ca-certificates \ + openssl-devel \ + pcre-devel \ + unzip \ + zlib-devel \ +" +ENV PKG_DEPS=$PKG_DEPS + +COPY --from=builder /etc/nginx /etc/nginx +COPY --from=builder /usr/local/lib /usr/local/lib +COPY --from=builder /usr/local/share/lua /usr/local/share/lua +COPY --from=builder /usr/sbin/nginx /usr/sbin/nginx +COPY --from=builder /usr/sbin/nginx-debug /usr/sbin/nginx-debug +COPY --from=builder /var/cache/nginx /var/cache/nginx +COPY --from=builder /usr/bin/envsubst /usr/local/bin/envsubst +COPY --from=builder /usr/local/bin/lua /usr/local/bin/lua +COPY --from=builder /usr/local/bin/luajit /usr/local/bin/luajit +COPY --from=builder /usr/local/bin/luarocks /usr/local/bin/luarocks +COPY --from=builder /usr/local/etc/luarocks /usr/local/etc/luarocks +COPY --from=builder $LUAJIT_INC $LUAJIT_INC + +SHELL ["/bin/sh", "-o", "pipefail", "-c"] + +# hadolint ignore=SC2086 +RUN set -eux \ + && yum makecache \ + && yum install -y \ + $PKG_DEPS \ + shadow-utils \ +# Bring in tzdata so users could set the timezones through the environment +# variables + && yum install -y tzdata \ +# Bring in curl and ca-certificates to make registering on DNS SD easier + && yum install -y curl ca-certificates \ +# forward request and error logs to docker log collector + && mkdir -p /var/log/nginx \ + && ln -sf /dev/stdout /var/log/nginx/access.log \ + && ln -sf /dev/stderr /var/log/nginx/error.log \ +# create nginx user/group first, to be consistent throughout docker variants + && groupadd --system --gid 101 nginx \ + && useradd --system --gid nginx --no-create-home --home /nonexistent --comment "nginx user" --shell /bin/false --uid 101 nginx \ + && mkdir /docker-entrypoint.d \ +# Cleanup +# ############################################################################## + && yum remove -y \ + shadow-utils \ + && yum clean all \ + && rm -rf /var/cache/yum + +COPY tpl/support.sh / +COPY tpl/docker-entrypoint.sh / +COPY tpl/10-listen-on-ipv6-by-default.sh /docker-entrypoint.d/ +COPY tpl/20-envsubst-on-templates.sh /docker-entrypoint.d/ +COPY tpl/nginx.conf /etc/nginx/nginx.conf +COPY tpl/default.conf /etc/nginx/conf.d/default.conf + +# smoke test +# ############################################################################## +RUN envsubst -V \ + && nginx -V \ + && nginx -t \ + && lua -v \ + && luarocks --version + +EXPOSE 80 443 + +HEALTHCHECK --interval=30s --timeout=3s CMD curl --fail http://localhost/ || exit 1 + +# Override stop signal to stop process gracefully +STOPSIGNAL SIGQUIT + +ENTRYPOINT ["/docker-entrypoint.sh"] + +CMD ["nginx", "-g", "daemon off;"] diff --git a/tpl/Dockerfile.debian b/tpl/Dockerfile.debian index 33c14247..78e6629d 100644 --- a/tpl/Dockerfile.debian +++ b/tpl/Dockerfile.debian @@ -115,7 +115,7 @@ ENV VER_OPENRESTY_WEBSOCKET=$VER_OPENRESTY_WEBSOCKET # lua-rocks # https://luarocks.github.io/luarocks/releases/ -ARG VER_LUAROCKS=3.7.0 +ARG VER_LUAROCKS=3.8.0 ENV VER_LUAROCKS=$VER_LUAROCKS # lua-upstream-nginx-module diff --git a/tpl/Dockerfile.debian-compat b/tpl/Dockerfile.debian-compat new file mode 100644 index 00000000..5166cffd --- /dev/null +++ b/tpl/Dockerfile.debian-compat @@ -0,0 +1,355 @@ +# __ __ +# .-----.-----.|__|.-----.--.--.______| |.--.--.---.-. +# | | _ || || |_ _|______| || | | _ | +# |__|__|___ ||__||__|__|__.__| |__||_____|___._| +# |_____| +# +# Copyright (c) 2020 Fabio Cicerchia. https://fabiocicerchia.it. MIT License +# Repo: https://github.com/fabiocicerchia/nginx-lua + +############################# +# Settings Common Variables # +############################# +FROM {{DOCKER_IMAGE_OS}}:{{DOCKER_IMAGE_TAG}} AS base + +ARG DOCKER_IMAGE={{DOCKER_IMAGE}} +ENV DOCKER_IMAGE=$DOCKER_IMAGE +ARG DOCKER_IMAGE_OS={{DOCKER_IMAGE_OS}} +ENV DOCKER_IMAGE_OS=$DOCKER_IMAGE_OS +ARG DOCKER_IMAGE_TAG={{DOCKER_IMAGE_TAG}} +ENV DOCKER_IMAGE_TAG=$DOCKER_IMAGE_TAG + +ARG BUILD_DATE +ENV BUILD_DATE=$BUILD_DATE +ARG VCS_REF +ENV VCS_REF=$VCS_REF + +ARG EXTENDED_IMAGE=1 +ENV EXTENDED_IMAGE=$EXTENDED_IMAGE + +# lua +ARG VER_LUA=5.4.3 +ENV VER_LUA=$VER_LUA + +# ngx_devel_kit +# https://github.com/vision5/ngx_devel_kit/releases +# The NDK is now considered to be stable. +ARG VER_NGX_DEVEL_KIT=0.3.1 +ENV VER_NGX_DEVEL_KIT=$VER_NGX_DEVEL_KIT + +# luajit2 +# https://github.com/openresty/luajit2/releases +ARG VER_LUAJIT=2.1-20210510 +ENV VER_LUAJIT=$VER_LUAJIT +ARG LUAJIT_LIB=/usr/local/lib +ENV LUAJIT_LIB=$LUAJIT_LIB +ARG LUAJIT_INC=/usr/local/include/luajit-2.1 +ENV LUAJIT_INC=$LUAJIT_INC +ENV LUA_INCDIR=$LUAJIT_INC +ARG LD_LIBRARY_PATH=/usr/local/lib/:$LD_LIBRARY_PATH +ENV LD_LIBRARY_PATH=$LD_LIBRARY_PATH + +# lua-nginx-module +# https://github.com/openresty/lua-nginx-module/releases +# Production ready. +ARG VER_LUA_NGINX_MODULE=0.10.20 +ENV VER_LUA_NGINX_MODULE=$VER_LUA_NGINX_MODULE + +# lua-resty-core +# https://github.com/openresty/lua-resty-core/releases +# This library is production ready. +ARG VER_LUA_RESTY_CORE=0.1.22 +ENV VER_LUA_RESTY_CORE=$VER_LUA_RESTY_CORE +ARG LUA_LIB_DIR=/usr/local/share/lua/5.1 +ENV LUA_LIB_DIR=$LUA_LIB_DIR + +# lua-resty-lrucache +# https://github.com/openresty/lua-resty-lrucache/releases +# This library is considered production ready. +ARG VER_LUA_RESTY_LRUCACHE=0.11 +ENV VER_LUA_RESTY_LRUCACHE=$VER_LUA_RESTY_LRUCACHE + +# headers-more-nginx-module +# https://github.com/openresty/headers-more-nginx-module/commits/master +ARG VER_OPENRESTY_HEADERS=d6d7ebab3c0c5b32ab421ba186783d3e5d2c6a17 +ENV VER_OPENRESTY_HEADERS=$VER_OPENRESTY_HEADERS + +# lua-resty-cookie +# https://github.com/cloudflare/lua-resty-cookie/commits/master +ARG VER_CLOUDFLARE_COOKIE=303e32e512defced053a6484bc0745cf9dc0d39e +ENV VER_CLOUDFLARE_COOKIE=$VER_CLOUDFLARE_COOKIE + +# lua-resty-dns +# https://github.com/openresty/lua-resty-dns/releases +ARG VER_OPENRESTY_DNS=0.22 +ENV VER_OPENRESTY_DNS=$VER_OPENRESTY_DNS + +# lua-resty-memcached +# https://github.com/openresty/lua-resty-memcached/releases +ARG VER_OPENRESTY_MEMCACHED=0.16 +ENV VER_OPENRESTY_MEMCACHED=$VER_OPENRESTY_MEMCACHED + +# lua-resty-mysql +# https://github.com/openresty/lua-resty-mysql/releases +ARG VER_OPENRESTY_MYSQL=0.24 +ENV VER_OPENRESTY_MYSQL=$VER_OPENRESTY_MYSQL + +# lua-resty-redis +# https://github.com/openresty/lua-resty-redis/releases +ARG VER_OPENRESTY_REDIS=0.29 +ENV VER_OPENRESTY_REDIS=$VER_OPENRESTY_REDIS + +# lua-resty-shell +# https://github.com/openresty/lua-resty-shell/releases +ARG VER_OPENRESTY_SHELL=0.03 +ENV VER_OPENRESTY_SHELL=$VER_OPENRESTY_SHELL + +# lua-resty-upstream-healthcheck +# https://github.com/openresty/lua-resty-upstream-healthcheck/releases +ARG VER_OPENRESTY_HEALTHCHECK=0.06 +ENV VER_OPENRESTY_HEALTHCHECK=$VER_OPENRESTY_HEALTHCHECK + +# lua-resty-websocket +# https://github.com/openresty/lua-resty-websocket/releases +ARG VER_OPENRESTY_WEBSOCKET=0.08 +ENV VER_OPENRESTY_WEBSOCKET=$VER_OPENRESTY_WEBSOCKET + +# lua-rocks +# https://luarocks.github.io/luarocks/releases/ +ARG VER_LUAROCKS=3.8.0 +ENV VER_LUAROCKS=$VER_LUAROCKS + +# lua-upstream-nginx-module +# https://github.com/openresty/lua-upstream-nginx-module/releases +ARG VER_LUA_UPSTREAM=0.07 +ENV VER_LUA_UPSTREAM=$VER_LUA_UPSTREAM + +# nginx-lua-prometheus +# https://github.com/knyar/nginx-lua-prometheus/releases +ARG VER_PROMETHEUS=0.20210206 +ENV VER_PROMETHEUS=$VER_PROMETHEUS + +# stream-lua-nginx-module +# https://github.com/openresty/stream-lua-nginx-module/releases +ARG VER_OPENRESTY_STREAMLUA=0.0.10 +ENV VER_OPENRESTY_STREAMLUA=$VER_OPENRESTY_STREAMLUA + +# https://github.com/nginx/nginx/releases +ARG VER_NGINX={{VER_NGINX}} +ENV VER_NGINX=$VER_NGINX +ARG NGX_CFLAGS="-g -O2 -fstack-protector-strong -Wformat -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -fPIC" +ENV NGX_CFLAGS=$NGX_CFLAGS +ARG NGX_LDOPT="-Wl,-rpath,/usr/local/lib -Wl,-z,relro -Wl,-z,now -Wl,--as-needed -pie" +ENV NGX_LDOPT=$NGX_LDOPT +ARG NGINX_BUILD_CONFIG="\ + --prefix=/etc/nginx \ + --sbin-path=/usr/sbin/nginx \ + --modules-path=/usr/lib/nginx/modules \ + --conf-path=/etc/nginx/nginx.conf \ + --error-log-path=/var/log/nginx/error.log \ + --http-log-path=/var/log/nginx/access.log \ + --pid-path=/var/run/nginx.pid \ + --lock-path=/var/run/nginx.lock \ + --http-client-body-temp-path=/var/cache/nginx/client_temp \ + --http-proxy-temp-path=/var/cache/nginx/proxy_temp \ + --http-fastcgi-temp-path=/var/cache/nginx/fastcgi_temp \ + --http-uwsgi-temp-path=/var/cache/nginx/uwsgi_temp \ + --http-scgi-temp-path=/var/cache/nginx/scgi_temp \ + --with-perl_modules_path=/usr/lib/perl5/vendor_perl \ + --user=nginx \ + --group=nginx \ + --with-compat \ + --with-file-aio \ + --with-threads \ + --with-http_addition_module \ + --with-http_auth_request_module \ + --with-http_dav_module \ + --with-http_flv_module \ + --with-http_gunzip_module \ + --with-http_gzip_static_module \ + --with-http_mp4_module \ + --with-http_random_index_module \ + --with-http_realip_module \ + --with-http_secure_link_module \ + --with-http_slice_module \ + --with-http_ssl_module \ + --with-http_stub_status_module \ + --with-http_sub_module \ + --with-http_v2_module \ + --with-mail \ + --with-mail_ssl_module \ + --with-stream \ + --with-stream_realip_module \ + --with-stream_ssl_module \ + --with-stream_ssl_preread_module \ + --add-module=/lua-nginx-module-${VER_LUA_NGINX_MODULE} \ + --add-module=/ngx_devel_kit-${VER_NGX_DEVEL_KIT} \ + --add-module=/lua-upstream-nginx-module-${VER_LUA_UPSTREAM} \ +" +ENV NGINX_BUILD_CONFIG=$NGINX_BUILD_CONFIG + +ENV DEBIAN_FRONTEND noninteractive + +ARG BUILD_DEPS="\ + ca-certificates \ + curl \ + g++ \ + libgeoip-dev \ + libpcre3-dev \ + libssl-dev \ + make \ + unzip \ + zlib1g-dev \ +" +ENV BUILD_DEPS=$BUILD_DEPS + +ARG NGINX_BUILD_DEPS="" +ENV NGINX_BUILD_DEPS=$NGINX_BUILD_DEPS + +#################################### +# Build Nginx with support for LUA # +#################################### +FROM base AS builder + +COPY tpl/Makefile Makefile + +# TODO: NGINX_BUILD_CONFIG not updated +# hadolint ignore=SC2086 +RUN set -eux \ + && apt-get update \ + && apt-get install -y --no-install-recommends --no-install-suggests \ + apt-utils \ + && apt-get install -y --no-install-recommends --no-install-suggests \ + $BUILD_DEPS \ + $NGINX_BUILD_DEPS \ + && [ $EXTENDED_IMAGE -eq 1 ] && \ + NGINX_BUILD_CONFIG="${NGINX_BUILD_CONFIG} \ + --add-module=/headers-more-nginx-module-${VER_OPENRESTY_HEADERS} \ + --add-module=/stream-lua-nginx-module-${VER_OPENRESTY_STREAMLUA} \ + " \ + && make -j "$(nproc)" lua-src \ + && make -j "$(nproc)" deps \ + && make -j "$(nproc)" core \ + && make -j "$(nproc)" luarocks \ + && rm -rf /var/lib/apt/lists/* + +RUN set -eux \ +# envsubst +# ############################################################################## + && apt-get update \ + && apt-get install -y --no-install-recommends --no-install-suggests \ + gettext-base \ + && rm -rf /var/lib/apt/lists/* + +########################################## +# Combine everything with minimal layers # +########################################## +FROM base + +# http://label-schema.org/rc1/ +LABEL maintainer="Fabio Cicerchia " \ + org.label-schema.build-date=$BUILD_DATE \ + org.label-schema.description="Nginx $VER_NGINX with Lua support based on $DOCKER_IMAGE_OS $DOCKER_IMAGE_TAG." \ + org.label-schema.docker.cmd="docker run -p 80:80 -d $DOCKER_IMAGE:$VER_NGINX-$DOCKER_IMAGE_OS$DOCKER_IMAGE_TAG" \ + org.label-schema.name="$DOCKER_IMAGE" \ + org.label-schema.schema-version="1.0" \ + org.label-schema.url="https://github.com/$DOCKER_IMAGE" \ + org.label-schema.vcs-ref=$VCS_REF \ + org.label-schema.vcs-url="https://github.com/$DOCKER_IMAGE" \ + org.label-schema.version="$VER_NGINX-$DOCKER_IMAGE_OS$DOCKER_IMAGE_TAG" \ + versions.extended=${EXTENDED_IMAGE} \ + versions.headers-more-nginx-module=${VER_OPENRESTY_HEADERS} \ + versions.lua=${VER_LUA} \ + versions.luarocks=${VER_LUAROCKS} \ + versions.lua-nginx-module=${VER_LUA_NGINX_MODULE} \ + versions.lua-resty-cookie=${VER_CLOUDFLARE_COOKIE} \ + versions.lua-resty-core=${VER_LUA_RESTY_CORE} \ + versions.lua-resty-dns=${VER_OPENRESTY_DNS} \ + versions.lua-resty-lrucache=${VER_LUA_RESTY_LRUCACHE} \ + versions.lua-resty-memcached=${VER_OPENRESTY_MEMCACHED} \ + versions.lua-resty-mysql=${VER_OPENRESTY_MYSQL} \ + versions.lua-resty-redis=${VER_OPENRESTY_REDIS} \ + versions.lua-resty-shell=${VER_OPENRESTY_SHELL} \ + versions.lua-resty-upstream-healthcheck=${VER_OPENRESTY_HEALTHCHECK} \ + versions.lua-resty-websocket=${VER_OPENRESTY_WEBSOCKET} \ + versions.lua-upstream=${VER_LUA_UPSTREAM} \ + versions.luajit2=${VER_LUAJIT} \ + versions.nginx-lua-prometheus=${VER_PROMETHEUS} \ + versions.nginx=${VER_NGINX} \ + versions.ngx_devel_kit=${VER_NGX_DEVEL_KIT} \ + versions.os=${DOCKER_IMAGE_TAG} \ + versions.stream-lua-nginx-module=${VER_OPENRESTY_STREAMLUA} + +ARG PKG_DEPS="\ + ca-certificates \ + libgeoip-dev \ + libpcre3-dev \ + libssl-dev \ + unzip \ + zlib1g-dev \ +" +ENV PKG_DEPS=$PKG_DEPS + +COPY --from=builder /etc/nginx /etc/nginx +COPY --from=builder /usr/local/lib /usr/local/lib +COPY --from=builder /usr/local/share/lua /usr/local/share/lua +COPY --from=builder /usr/sbin/nginx /usr/sbin/nginx +COPY --from=builder /usr/sbin/nginx-debug /usr/sbin/nginx-debug +COPY --from=builder /var/cache/nginx /var/cache/nginx +COPY --from=builder /usr/bin/envsubst /usr/local/bin/envsubst +COPY --from=builder /usr/local/bin/lua /usr/local/bin/lua +COPY --from=builder /usr/local/bin/luajit /usr/local/bin/luajit +COPY --from=builder /usr/local/bin/luarocks /usr/local/bin/luarocks +COPY --from=builder /usr/local/etc/luarocks /usr/local/etc/luarocks +COPY --from=builder $LUAJIT_INC $LUAJIT_INC + +SHELL ["/bin/bash", "-o", "pipefail", "-c"] + +# hadolint ignore=SC2086 +RUN set -eux \ + && apt-get update \ + && apt-get install -y --no-install-recommends --no-install-suggests \ + $PKG_DEPS \ +# Bring in tzdata so users could set the timezones through the environment +# variables + && apt-get install -y --no-install-recommends --no-install-suggests tzdata \ +# Bring in curl and ca-certificates to make registering on DNS SD easier + && apt-get install -y --no-install-recommends --no-install-suggests curl ca-certificates \ +# forward request and error logs to docker log collector + && mkdir -p /var/log/nginx \ + && ln -sf /dev/stdout /var/log/nginx/access.log \ + && ln -sf /dev/stderr /var/log/nginx/error.log \ +# create nginx user/group first, to be consistent throughout docker variants + && addgroup --system --gid 101 nginx \ + && adduser --system --disabled-login --ingroup nginx --no-create-home --home /nonexistent --gecos "nginx user" --shell /bin/false --uid 101 nginx \ + && mkdir /docker-entrypoint.d \ +# Cleanup +# ############################################################################## + && apt-get autoremove -y \ + && rm -rf /var/lib/apt/lists/* + +COPY tpl/support.sh / +COPY tpl/docker-entrypoint.sh / +COPY tpl/10-listen-on-ipv6-by-default.sh /docker-entrypoint.d/ +COPY tpl/20-envsubst-on-templates.sh /docker-entrypoint.d/ +COPY tpl/nginx.conf /etc/nginx/nginx.conf +COPY tpl/default.conf /etc/nginx/conf.d/default.conf + +# smoke test +# ############################################################################## +RUN envsubst -V \ + && nginx -V \ + && nginx -t \ + && lua -v \ + && luarocks --version + +EXPOSE 80 443 + +HEALTHCHECK --interval=30s --timeout=3s CMD curl --fail http://localhost/ || exit 1 + +# Override stop signal to stop process gracefully +STOPSIGNAL SIGQUIT + +ENTRYPOINT ["/docker-entrypoint.sh"] + +CMD ["nginx", "-g", "daemon off;"] diff --git a/tpl/Dockerfile.fedora b/tpl/Dockerfile.fedora index 3f87891e..ee9c0e68 100644 --- a/tpl/Dockerfile.fedora +++ b/tpl/Dockerfile.fedora @@ -115,7 +115,7 @@ ENV VER_OPENRESTY_WEBSOCKET=$VER_OPENRESTY_WEBSOCKET # lua-rocks # https://luarocks.github.io/luarocks/releases/ -ARG VER_LUAROCKS=3.7.0 +ARG VER_LUAROCKS=3.8.0 ENV VER_LUAROCKS=$VER_LUAROCKS # lua-upstream-nginx-module @@ -216,7 +216,7 @@ COPY tpl/Makefile Makefile # TODO: NGINX_BUILD_CONFIG not updated # hadolint ignore=SC2086 RUN set -eux \ - && rpm --import https://src.fedoraproject.org/rpms/fedora-repos/raw/rawhide/f/RPM-GPG-KEY-fedora-33-primary \ + && rpm --import https://src.fedoraproject.org/rpms/fedora-repos/raw/rawhide/f/RPM-GPG-KEY-fedora-35-primary \ && dnf makecache \ && dnf install -y \ $BUILD_DEPS \ @@ -227,7 +227,8 @@ RUN set -eux \ --add-module=/stream-lua-nginx-module-${VER_OPENRESTY_STREAMLUA} \ " \ && make -j "$(nproc)" deps \ - && make -j "$(nproc)" core + && make -j "$(nproc)" core \ + && make -j "$(nproc)" luarocks RUN set -eux \ # envsubst @@ -296,12 +297,14 @@ COPY --from=builder /usr/sbin/nginx /usr/sbin/nginx COPY --from=builder /usr/sbin/nginx-debug /usr/sbin/nginx-debug COPY --from=builder /var/cache/nginx /var/cache/nginx COPY --from=builder /usr/bin/envsubst /usr/local/bin/envsubst +COPY --from=builder /usr/local/bin/luarocks /usr/local/bin/luarocks +COPY --from=builder /usr/local/etc/luarocks /usr/local/etc/luarocks SHELL ["/bin/sh", "-o", "pipefail", "-c"] # hadolint ignore=SC2086 RUN set -eux \ - && rpm --import https://src.fedoraproject.org/rpms/fedora-repos/raw/rawhide/f/RPM-GPG-KEY-fedora-33-primary \ + && rpm --import https://src.fedoraproject.org/rpms/fedora-repos/raw/rawhide/f/RPM-GPG-KEY-fedora-35-primary \ && dnf makecache \ && dnf install -y \ $PKG_DEPS \ diff --git a/tpl/Dockerfile.fedora-compat b/tpl/Dockerfile.fedora-compat new file mode 100644 index 00000000..e38eea3e --- /dev/null +++ b/tpl/Dockerfile.fedora-compat @@ -0,0 +1,353 @@ +# __ __ +# .-----.-----.|__|.-----.--.--.______| |.--.--.---.-. +# | | _ || || |_ _|______| || | | _ | +# |__|__|___ ||__||__|__|__.__| |__||_____|___._| +# |_____| +# +# Copyright (c) 2020 Fabio Cicerchia. https://fabiocicerchia.it. MIT License +# Repo: https://github.com/fabiocicerchia/nginx-lua + +############################# +# Settings Common Variables # +############################# +FROM {{DOCKER_IMAGE_OS}}:{{DOCKER_IMAGE_TAG}} AS base + +ARG DOCKER_IMAGE={{DOCKER_IMAGE}} +ENV DOCKER_IMAGE=$DOCKER_IMAGE +ARG DOCKER_IMAGE_OS={{DOCKER_IMAGE_OS}} +ENV DOCKER_IMAGE_OS=$DOCKER_IMAGE_OS +ARG DOCKER_IMAGE_TAG={{DOCKER_IMAGE_TAG}} +ENV DOCKER_IMAGE_TAG=$DOCKER_IMAGE_TAG + +ARG BUILD_DATE +ENV BUILD_DATE=$BUILD_DATE +ARG VCS_REF +ENV VCS_REF=$VCS_REF + +ARG EXTENDED_IMAGE=1 +ENV EXTENDED_IMAGE=$EXTENDED_IMAGE + +# lua +ARG VER_LUA=5.4.3 +ENV VER_LUA=$VER_LUA + +# ngx_devel_kit +# https://github.com/vision5/ngx_devel_kit/releases +# The NDK is now considered to be stable. +ARG VER_NGX_DEVEL_KIT=0.3.1 +ENV VER_NGX_DEVEL_KIT=$VER_NGX_DEVEL_KIT + +# luajit2 +# https://github.com/openresty/luajit2/releases +ARG VER_LUAJIT=2.1-20210510 +ENV VER_LUAJIT=$VER_LUAJIT +ARG LUAJIT_LIB=/usr/local/lib +ENV LUAJIT_LIB=$LUAJIT_LIB +ARG LUAJIT_INC=/usr/local/include/luajit-2.1 +ENV LUAJIT_INC=$LUAJIT_INC +ENV LUA_INCDIR=$LUAJIT_INC +ARG LD_LIBRARY_PATH=/usr/local/lib/:$LD_LIBRARY_PATH +ENV LD_LIBRARY_PATH=$LD_LIBRARY_PATH + +# lua-nginx-module +# https://github.com/openresty/lua-nginx-module/releases +# Production ready. +ARG VER_LUA_NGINX_MODULE=0.10.20 +ENV VER_LUA_NGINX_MODULE=$VER_LUA_NGINX_MODULE + +# lua-resty-core +# https://github.com/openresty/lua-resty-core/releases +# This library is production ready. +ARG VER_LUA_RESTY_CORE=0.1.22 +ENV VER_LUA_RESTY_CORE=$VER_LUA_RESTY_CORE +ARG LUA_LIB_DIR=/usr/local/share/lua/5.1 +ENV LUA_LIB_DIR=$LUA_LIB_DIR + +# lua-resty-lrucache +# https://github.com/openresty/lua-resty-lrucache/releases +# This library is considered production ready. +ARG VER_LUA_RESTY_LRUCACHE=0.11 +ENV VER_LUA_RESTY_LRUCACHE=$VER_LUA_RESTY_LRUCACHE + +# headers-more-nginx-module +# https://github.com/openresty/headers-more-nginx-module/commits/master +ARG VER_OPENRESTY_HEADERS=d6d7ebab3c0c5b32ab421ba186783d3e5d2c6a17 +ENV VER_OPENRESTY_HEADERS=$VER_OPENRESTY_HEADERS + +# lua-resty-cookie +# https://github.com/cloudflare/lua-resty-cookie/commits/master +ARG VER_CLOUDFLARE_COOKIE=303e32e512defced053a6484bc0745cf9dc0d39e +ENV VER_CLOUDFLARE_COOKIE=$VER_CLOUDFLARE_COOKIE + +# lua-resty-dns +# https://github.com/openresty/lua-resty-dns/releases +ARG VER_OPENRESTY_DNS=0.22 +ENV VER_OPENRESTY_DNS=$VER_OPENRESTY_DNS + +# lua-resty-memcached +# https://github.com/openresty/lua-resty-memcached/releases +ARG VER_OPENRESTY_MEMCACHED=0.16 +ENV VER_OPENRESTY_MEMCACHED=$VER_OPENRESTY_MEMCACHED + +# lua-resty-mysql +# https://github.com/openresty/lua-resty-mysql/releases +ARG VER_OPENRESTY_MYSQL=0.24 +ENV VER_OPENRESTY_MYSQL=$VER_OPENRESTY_MYSQL + +# lua-resty-redis +# https://github.com/openresty/lua-resty-redis/releases +ARG VER_OPENRESTY_REDIS=0.29 +ENV VER_OPENRESTY_REDIS=$VER_OPENRESTY_REDIS + +# lua-resty-shell +# https://github.com/openresty/lua-resty-shell/releases +ARG VER_OPENRESTY_SHELL=0.03 +ENV VER_OPENRESTY_SHELL=$VER_OPENRESTY_SHELL + +# lua-resty-upstream-healthcheck +# https://github.com/openresty/lua-resty-upstream-healthcheck/releases +ARG VER_OPENRESTY_HEALTHCHECK=0.06 +ENV VER_OPENRESTY_HEALTHCHECK=$VER_OPENRESTY_HEALTHCHECK + +# lua-resty-websocket +# https://github.com/openresty/lua-resty-websocket/releases +ARG VER_OPENRESTY_WEBSOCKET=0.08 +ENV VER_OPENRESTY_WEBSOCKET=$VER_OPENRESTY_WEBSOCKET + +# lua-rocks +# https://luarocks.github.io/luarocks/releases/ +ARG VER_LUAROCKS=3.8.0 +ENV VER_LUAROCKS=$VER_LUAROCKS + +# lua-upstream-nginx-module +# https://github.com/openresty/lua-upstream-nginx-module/releases +ARG VER_LUA_UPSTREAM=0.07 +ENV VER_LUA_UPSTREAM=$VER_LUA_UPSTREAM + +# nginx-lua-prometheus +# https://github.com/knyar/nginx-lua-prometheus/releases +ARG VER_PROMETHEUS=0.20210206 +ENV VER_PROMETHEUS=$VER_PROMETHEUS + +# stream-lua-nginx-module +# https://github.com/openresty/stream-lua-nginx-module/releases +ARG VER_OPENRESTY_STREAMLUA=0.0.10 +ENV VER_OPENRESTY_STREAMLUA=$VER_OPENRESTY_STREAMLUA + +# https://github.com/nginx/nginx/releases +ARG VER_NGINX={{VER_NGINX}} +ENV VER_NGINX=$VER_NGINX +ARG NGX_CFLAGS="-g -O2 -fstack-protector-strong -Wformat -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -fPIC" +ENV NGX_CFLAGS=$NGX_CFLAGS +ARG NGX_LDOPT="-Wl,-rpath,/usr/local/lib -Wl,-z,relro -Wl,-z,now -Wl,--as-needed -pie" +ENV NGX_LDOPT=$NGX_LDOPT +ARG NGINX_BUILD_CONFIG="\ + --prefix=/etc/nginx \ + --sbin-path=/usr/sbin/nginx \ + --modules-path=/usr/lib/nginx/modules \ + --conf-path=/etc/nginx/nginx.conf \ + --error-log-path=/var/log/nginx/error.log \ + --http-log-path=/var/log/nginx/access.log \ + --pid-path=/var/run/nginx.pid \ + --lock-path=/var/run/nginx.lock \ + --http-client-body-temp-path=/var/cache/nginx/client_temp \ + --http-proxy-temp-path=/var/cache/nginx/proxy_temp \ + --http-fastcgi-temp-path=/var/cache/nginx/fastcgi_temp \ + --http-uwsgi-temp-path=/var/cache/nginx/uwsgi_temp \ + --http-scgi-temp-path=/var/cache/nginx/scgi_temp \ + --with-perl_modules_path=/usr/lib/perl5/vendor_perl \ + --user=nginx \ + --group=nginx \ + --with-compat \ + --with-file-aio \ + --with-threads \ + --with-http_addition_module \ + --with-http_auth_request_module \ + --with-http_dav_module \ + --with-http_flv_module \ + --with-http_gunzip_module \ + --with-http_gzip_static_module \ + --with-http_mp4_module \ + --with-http_random_index_module \ + --with-http_realip_module \ + --with-http_secure_link_module \ + --with-http_slice_module \ + --with-http_ssl_module \ + --with-http_stub_status_module \ + --with-http_sub_module \ + --with-http_v2_module \ + --with-mail \ + --with-mail_ssl_module \ + --with-stream \ + --with-stream_realip_module \ + --with-stream_ssl_module \ + --with-stream_ssl_preread_module \ + --add-module=/lua-nginx-module-${VER_LUA_NGINX_MODULE} \ + --add-module=/ngx_devel_kit-${VER_NGX_DEVEL_KIT} \ + --add-module=/lua-upstream-nginx-module-${VER_LUA_UPSTREAM} \ +" +ENV NGINX_BUILD_CONFIG=$NGINX_BUILD_CONFIG + +ARG BUILD_DEPS="\ + GeoIP-devel \ + ca-certificates \ + gcc-c++ \ + gzip \ + make \ + openssl-devel \ + pcre-devel \ + tar \ + unzip \ + zlib-devel \ +" +ENV BUILD_DEPS=$BUILD_DEPS + +ARG NGINX_BUILD_DEPS="" +ENV NGINX_BUILD_DEPS=$NGINX_BUILD_DEPS + +#################################### +# Build Nginx with support for LUA # +#################################### +FROM base AS builder + +COPY tpl/Makefile Makefile + +# TODO: NGINX_BUILD_CONFIG not updated +# hadolint ignore=SC2086 +RUN set -eux \ + && rpm --import https://src.fedoraproject.org/rpms/fedora-repos/raw/rawhide/f/RPM-GPG-KEY-fedora-35-primary \ + && dnf makecache \ + && dnf install -y \ + $BUILD_DEPS \ + $NGINX_BUILD_DEPS \ + && [ $EXTENDED_IMAGE -eq 1 ] && \ + NGINX_BUILD_CONFIG="${NGINX_BUILD_CONFIG} \ + --add-module=/headers-more-nginx-module-${VER_OPENRESTY_HEADERS} \ + --add-module=/stream-lua-nginx-module-${VER_OPENRESTY_STREAMLUA} \ + " \ + && make -j "$(nproc)" lua-src \ + && make -j "$(nproc)" deps \ + && make -j "$(nproc)" core \ + && make -j "$(nproc)" luarocks + +RUN set -eux \ +# envsubst +# ############################################################################## + && dnf makecache \ + && dnf install -y \ + gettext + +########################################## +# Combine everything with minimal layers # +########################################## +FROM base + +# http://label-schema.org/rc1/ +LABEL maintainer="Fabio Cicerchia " \ + org.label-schema.build-date=$BUILD_DATE \ + org.label-schema.description="Nginx $VER_NGINX with Lua support based on $DOCKER_IMAGE_OS $DOCKER_IMAGE_TAG." \ + org.label-schema.docker.cmd="docker run -p 80:80 -d $DOCKER_IMAGE:$VER_NGINX-$DOCKER_IMAGE_OS$DOCKER_IMAGE_TAG" \ + org.label-schema.name="$DOCKER_IMAGE" \ + org.label-schema.schema-version="1.0" \ + org.label-schema.url="https://github.com/$DOCKER_IMAGE" \ + org.label-schema.vcs-ref=$VCS_REF \ + org.label-schema.vcs-url="https://github.com/$DOCKER_IMAGE" \ + org.label-schema.version="$VER_NGINX-$DOCKER_IMAGE_OS$DOCKER_IMAGE_TAG" \ + versions.extended=${EXTENDED_IMAGE} \ + versions.headers-more-nginx-module=${VER_OPENRESTY_HEADERS} \ + versions.lua=${VER_LUA} \ + versions.luarocks=${VER_LUAROCKS} \ + versions.lua-nginx-module=${VER_LUA_NGINX_MODULE} \ + versions.lua-resty-cookie=${VER_CLOUDFLARE_COOKIE} \ + versions.lua-resty-core=${VER_LUA_RESTY_CORE} \ + versions.lua-resty-dns=${VER_OPENRESTY_DNS} \ + versions.lua-resty-lrucache=${VER_LUA_RESTY_LRUCACHE} \ + versions.lua-resty-memcached=${VER_OPENRESTY_MEMCACHED} \ + versions.lua-resty-mysql=${VER_OPENRESTY_MYSQL} \ + versions.lua-resty-redis=${VER_OPENRESTY_REDIS} \ + versions.lua-resty-shell=${VER_OPENRESTY_SHELL} \ + versions.lua-resty-upstream-healthcheck=${VER_OPENRESTY_HEALTHCHECK} \ + versions.lua-resty-websocket=${VER_OPENRESTY_WEBSOCKET} \ + versions.lua-upstream=${VER_LUA_UPSTREAM} \ + versions.luajit2=${VER_LUAJIT} \ + versions.nginx-lua-prometheus=${VER_PROMETHEUS} \ + versions.nginx=${VER_NGINX} \ + versions.ngx_devel_kit=${VER_NGX_DEVEL_KIT} \ + versions.os=${DOCKER_IMAGE_TAG} \ + versions.stream-lua-nginx-module=${VER_OPENRESTY_STREAMLUA} + +ARG PKG_DEPS="\ + GeoIP-devel \ + ca-certificates \ + gcc-c++ \ + openssl-devel \ + pcre-devel \ + unzip \ + zlib-devel \ +" +ENV PKG_DEPS=$PKG_DEPS + +COPY --from=builder /etc/nginx /etc/nginx +COPY --from=builder /usr/local/lib /usr/local/lib +COPY --from=builder /usr/local/share/lua /usr/local/share/lua +COPY --from=builder /usr/sbin/nginx /usr/sbin/nginx +COPY --from=builder /usr/sbin/nginx-debug /usr/sbin/nginx-debug +COPY --from=builder /var/cache/nginx /var/cache/nginx +COPY --from=builder /usr/bin/envsubst /usr/local/bin/envsubst +COPY --from=builder /usr/local/bin/lua /usr/local/bin/lua +COPY --from=builder /usr/local/bin/luajit /usr/local/bin/luajit +COPY --from=builder /usr/local/bin/luarocks /usr/local/bin/luarocks +COPY --from=builder /usr/local/etc/luarocks /usr/local/etc/luarocks +COPY --from=builder $LUAJIT_INC $LUAJIT_INC + +SHELL ["/bin/sh", "-o", "pipefail", "-c"] + +# hadolint ignore=SC2086 +RUN set -eux \ + && rpm --import https://src.fedoraproject.org/rpms/fedora-repos/raw/rawhide/f/RPM-GPG-KEY-fedora-35-primary \ + && dnf makecache \ + && dnf install -y \ + $PKG_DEPS \ +# Bring in tzdata so users could set the timezones through the environment +# variables + && dnf install -y tzdata \ +# Bring in curl and ca-certificates to make registering on DNS SD easier + && dnf install -y curl ca-certificates \ +# forward request and error logs to docker log collector + && mkdir -p /var/log/nginx \ + && ln -sf /dev/stdout /var/log/nginx/access.log \ + && ln -sf /dev/stderr /var/log/nginx/error.log \ +# create nginx user/group first, to be consistent throughout docker variants + && groupadd --system --gid 101 nginx \ + && useradd --system --gid nginx --no-create-home --home /nonexistent --comment "nginx user" --shell /bin/false --uid 101 nginx \ + && mkdir /docker-entrypoint.d \ +# Cleanup +# ############################################################################## + && dnf clean all \ + && rm -rf /var/cache/dnf + +COPY tpl/support.sh / +COPY tpl/docker-entrypoint.sh / +COPY tpl/10-listen-on-ipv6-by-default.sh /docker-entrypoint.d/ +COPY tpl/20-envsubst-on-templates.sh /docker-entrypoint.d/ +COPY tpl/nginx.conf /etc/nginx/nginx.conf +COPY tpl/default.conf /etc/nginx/conf.d/default.conf + +# smoke test +# ############################################################################## +RUN envsubst -V \ + && nginx -V \ + && nginx -t \ + && lua -v \ + && luarocks --version + +EXPOSE 80 443 + +HEALTHCHECK --interval=30s --timeout=3s CMD curl --fail http://localhost/ || exit 1 + +# Override stop signal to stop process gracefully +STOPSIGNAL SIGQUIT + +ENTRYPOINT ["/docker-entrypoint.sh"] + +CMD ["nginx", "-g", "daemon off;"] diff --git a/tpl/Dockerfile.ubuntu b/tpl/Dockerfile.ubuntu index 0a8c3b0a..40477020 100644 --- a/tpl/Dockerfile.ubuntu +++ b/tpl/Dockerfile.ubuntu @@ -115,7 +115,7 @@ ENV VER_OPENRESTY_WEBSOCKET=$VER_OPENRESTY_WEBSOCKET # lua-rocks # https://luarocks.github.io/luarocks/releases/ -ARG VER_LUAROCKS=3.7.0 +ARG VER_LUAROCKS=3.8.0 ENV VER_LUAROCKS=$VER_LUAROCKS # lua-upstream-nginx-module diff --git a/tpl/Dockerfile.ubuntu-compat b/tpl/Dockerfile.ubuntu-compat new file mode 100644 index 00000000..0ca4c353 --- /dev/null +++ b/tpl/Dockerfile.ubuntu-compat @@ -0,0 +1,357 @@ +# __ __ +# .-----.-----.|__|.-----.--.--.______| |.--.--.---.-. +# | | _ || || |_ _|______| || | | _ | +# |__|__|___ ||__||__|__|__.__| |__||_____|___._| +# |_____| +# +# Copyright (c) 2020 Fabio Cicerchia. https://fabiocicerchia.it. MIT License +# Repo: https://github.com/fabiocicerchia/nginx-lua + +############################# +# Settings Common Variables # +############################# +FROM {{DOCKER_IMAGE_OS}}:{{DOCKER_IMAGE_TAG}} AS base + +ARG DOCKER_IMAGE={{DOCKER_IMAGE}} +ENV DOCKER_IMAGE=$DOCKER_IMAGE +ARG DOCKER_IMAGE_OS={{DOCKER_IMAGE_OS}} +ENV DOCKER_IMAGE_OS=$DOCKER_IMAGE_OS +ARG DOCKER_IMAGE_TAG={{DOCKER_IMAGE_TAG}} +ENV DOCKER_IMAGE_TAG=$DOCKER_IMAGE_TAG + +ARG BUILD_DATE +ENV BUILD_DATE=$BUILD_DATE +ARG VCS_REF +ENV VCS_REF=$VCS_REF + +ARG EXTENDED_IMAGE=1 +ENV EXTENDED_IMAGE=$EXTENDED_IMAGE + +# lua +ARG VER_LUA=5.4.3 +ENV VER_LUA=$VER_LUA + +# ngx_devel_kit +# https://github.com/vision5/ngx_devel_kit/releases +# The NDK is now considered to be stable. +ARG VER_NGX_DEVEL_KIT=0.3.1 +ENV VER_NGX_DEVEL_KIT=$VER_NGX_DEVEL_KIT + +# luajit2 +# https://github.com/openresty/luajit2/releases +ARG VER_LUAJIT=2.1-20210510 +ENV VER_LUAJIT=$VER_LUAJIT +ARG LUAJIT_LIB=/usr/local/lib +ENV LUAJIT_LIB=$LUAJIT_LIB +ARG LUAJIT_INC=/usr/local/include/luajit-2.1 +ENV LUAJIT_INC=$LUAJIT_INC +ENV LUA_INCDIR=$LUAJIT_INC +ARG LD_LIBRARY_PATH=/usr/local/lib/:$LD_LIBRARY_PATH +ENV LD_LIBRARY_PATH=$LD_LIBRARY_PATH + +# lua-nginx-module +# https://github.com/openresty/lua-nginx-module/releases +# Production ready. +ARG VER_LUA_NGINX_MODULE=0.10.20 +ENV VER_LUA_NGINX_MODULE=$VER_LUA_NGINX_MODULE + +# lua-resty-core +# https://github.com/openresty/lua-resty-core/releases +# This library is production ready. +ARG VER_LUA_RESTY_CORE=0.1.22 +ENV VER_LUA_RESTY_CORE=$VER_LUA_RESTY_CORE +ARG LUA_LIB_DIR=/usr/local/share/lua/5.1 +ENV LUA_LIB_DIR=$LUA_LIB_DIR + +# lua-resty-lrucache +# https://github.com/openresty/lua-resty-lrucache/releases +# This library is considered production ready. +ARG VER_LUA_RESTY_LRUCACHE=0.11 +ENV VER_LUA_RESTY_LRUCACHE=$VER_LUA_RESTY_LRUCACHE + +# headers-more-nginx-module +# https://github.com/openresty/headers-more-nginx-module/commits/master +ARG VER_OPENRESTY_HEADERS=d6d7ebab3c0c5b32ab421ba186783d3e5d2c6a17 +ENV VER_OPENRESTY_HEADERS=$VER_OPENRESTY_HEADERS + +# lua-resty-cookie +# https://github.com/cloudflare/lua-resty-cookie/commits/master +ARG VER_CLOUDFLARE_COOKIE=303e32e512defced053a6484bc0745cf9dc0d39e +ENV VER_CLOUDFLARE_COOKIE=$VER_CLOUDFLARE_COOKIE + +# lua-resty-dns +# https://github.com/openresty/lua-resty-dns/releases +ARG VER_OPENRESTY_DNS=0.22 +ENV VER_OPENRESTY_DNS=$VER_OPENRESTY_DNS + +# lua-resty-memcached +# https://github.com/openresty/lua-resty-memcached/releases +ARG VER_OPENRESTY_MEMCACHED=0.16 +ENV VER_OPENRESTY_MEMCACHED=$VER_OPENRESTY_MEMCACHED + +# lua-resty-mysql +# https://github.com/openresty/lua-resty-mysql/releases +ARG VER_OPENRESTY_MYSQL=0.24 +ENV VER_OPENRESTY_MYSQL=$VER_OPENRESTY_MYSQL + +# lua-resty-redis +# https://github.com/openresty/lua-resty-redis/releases +ARG VER_OPENRESTY_REDIS=0.29 +ENV VER_OPENRESTY_REDIS=$VER_OPENRESTY_REDIS + +# lua-resty-shell +# https://github.com/openresty/lua-resty-shell/releases +ARG VER_OPENRESTY_SHELL=0.03 +ENV VER_OPENRESTY_SHELL=$VER_OPENRESTY_SHELL + +# lua-resty-upstream-healthcheck +# https://github.com/openresty/lua-resty-upstream-healthcheck/releases +ARG VER_OPENRESTY_HEALTHCHECK=0.06 +ENV VER_OPENRESTY_HEALTHCHECK=$VER_OPENRESTY_HEALTHCHECK + +# lua-resty-websocket +# https://github.com/openresty/lua-resty-websocket/releases +ARG VER_OPENRESTY_WEBSOCKET=0.08 +ENV VER_OPENRESTY_WEBSOCKET=$VER_OPENRESTY_WEBSOCKET + +# lua-rocks +# https://luarocks.github.io/luarocks/releases/ +ARG VER_LUAROCKS=3.8.0 +ENV VER_LUAROCKS=$VER_LUAROCKS + +# lua-upstream-nginx-module +# https://github.com/openresty/lua-upstream-nginx-module/releases +ARG VER_LUA_UPSTREAM=0.07 +ENV VER_LUA_UPSTREAM=$VER_LUA_UPSTREAM + +# nginx-lua-prometheus +# https://github.com/knyar/nginx-lua-prometheus/releases +ARG VER_PROMETHEUS=0.20210206 +ENV VER_PROMETHEUS=$VER_PROMETHEUS + +# stream-lua-nginx-module +# https://github.com/openresty/stream-lua-nginx-module/releases +ARG VER_OPENRESTY_STREAMLUA=0.0.10 +ENV VER_OPENRESTY_STREAMLUA=$VER_OPENRESTY_STREAMLUA + +# https://github.com/nginx/nginx/releases +ARG VER_NGINX={{VER_NGINX}} +ENV VER_NGINX=$VER_NGINX +ARG NGX_CFLAGS="-g -O2 -fstack-protector-strong -Wformat -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -fPIC" +ENV NGX_CFLAGS=$NGX_CFLAGS +ARG NGX_LDOPT="-Wl,-rpath,/usr/local/lib -Wl,-z,relro -Wl,-z,now -Wl,--as-needed -pie" +ENV NGX_LDOPT=$NGX_LDOPT +ARG NGINX_BUILD_CONFIG="\ + --prefix=/etc/nginx \ + --sbin-path=/usr/sbin/nginx \ + --modules-path=/usr/lib/nginx/modules \ + --conf-path=/etc/nginx/nginx.conf \ + --error-log-path=/var/log/nginx/error.log \ + --http-log-path=/var/log/nginx/access.log \ + --pid-path=/var/run/nginx.pid \ + --lock-path=/var/run/nginx.lock \ + --http-client-body-temp-path=/var/cache/nginx/client_temp \ + --http-proxy-temp-path=/var/cache/nginx/proxy_temp \ + --http-fastcgi-temp-path=/var/cache/nginx/fastcgi_temp \ + --http-uwsgi-temp-path=/var/cache/nginx/uwsgi_temp \ + --http-scgi-temp-path=/var/cache/nginx/scgi_temp \ + --with-perl_modules_path=/usr/lib/perl5/vendor_perl \ + --user=nginx \ + --group=nginx \ + --with-compat \ + --with-file-aio \ + --with-threads \ + --with-http_addition_module \ + --with-http_auth_request_module \ + --with-http_dav_module \ + --with-http_flv_module \ + --with-http_gunzip_module \ + --with-http_gzip_static_module \ + --with-http_mp4_module \ + --with-http_random_index_module \ + --with-http_realip_module \ + --with-http_secure_link_module \ + --with-http_slice_module \ + --with-http_ssl_module \ + --with-http_stub_status_module \ + --with-http_sub_module \ + --with-http_v2_module \ + --with-mail \ + --with-mail_ssl_module \ + --with-stream \ + --with-stream_realip_module \ + --with-stream_ssl_module \ + --with-stream_ssl_preread_module \ + --add-module=/lua-nginx-module-${VER_LUA_NGINX_MODULE} \ + --add-module=/ngx_devel_kit-${VER_NGX_DEVEL_KIT} \ + --add-module=/lua-upstream-nginx-module-${VER_LUA_UPSTREAM} \ +" +ENV NGINX_BUILD_CONFIG=$NGINX_BUILD_CONFIG + +ARG BUILD_DEPS="\ + ca-certificates \ + curl \ + g++ \ + libgeoip-dev \ + libpcre3-dev \ + libssl-dev \ + make \ + unzip \ + zlib1g-dev \ +" +ENV BUILD_DEPS=$BUILD_DEPS + +ARG NGINX_BUILD_DEPS="" +ENV NGINX_BUILD_DEPS=$NGINX_BUILD_DEPS + +ENV DEBIAN_FRONTEND noninteractive + +#################################### +# Build Nginx with support for LUA # +#################################### +FROM base AS builder + +COPY tpl/Makefile Makefile + +# TODO: NGINX_BUILD_CONFIG not updated +# hadolint ignore=SC2086 +RUN set -eux \ + && apt-get update \ + && apt-get install -y --no-install-recommends --no-install-suggests \ + apt-utils \ + && apt-get install -y --no-install-recommends --no-install-suggests \ + $BUILD_DEPS \ + $NGINX_BUILD_DEPS \ + && [ $EXTENDED_IMAGE -eq 1 ] && \ + NGINX_BUILD_CONFIG="${NGINX_BUILD_CONFIG} \ + --add-module=/headers-more-nginx-module-${VER_OPENRESTY_HEADERS} \ + --add-module=/stream-lua-nginx-module-${VER_OPENRESTY_STREAMLUA} \ + " \ + && make -j "$(nproc)" lua-src \ + && make -j "$(nproc)" deps \ + && make -j "$(nproc)" core \ + && make -j "$(nproc)" luarocks \ + && rm -rf /var/lib/apt/lists/* + +RUN set -eux \ +# envsubst +# ############################################################################## + && apt-get update \ + && apt-get install -y --no-install-recommends --no-install-suggests \ + gettext-base \ + && rm -rf /var/lib/apt/lists/* + +########################################## +# Combine everything with minimal layers # +########################################## +FROM base + +# http://label-schema.org/rc1/ +LABEL maintainer="Fabio Cicerchia " \ + org.label-schema.build-date=$BUILD_DATE \ + org.label-schema.description="Nginx $VER_NGINX with Lua support based on $DOCKER_IMAGE_OS $DOCKER_IMAGE_TAG." \ + org.label-schema.docker.cmd="docker run -p 80:80 -d $DOCKER_IMAGE:$VER_NGINX-$DOCKER_IMAGE_OS$DOCKER_IMAGE_TAG" \ + org.label-schema.name="$DOCKER_IMAGE" \ + org.label-schema.schema-version="1.0" \ + org.label-schema.url="https://github.com/$DOCKER_IMAGE" \ + org.label-schema.vcs-ref=$VCS_REF \ + org.label-schema.vcs-url="https://github.com/$DOCKER_IMAGE" \ + org.label-schema.version="$VER_NGINX-$DOCKER_IMAGE_OS$DOCKER_IMAGE_TAG" \ + versions.extended=${EXTENDED_IMAGE} \ + versions.headers-more-nginx-module=${VER_OPENRESTY_HEADERS} \ + versions.lua=${VER_LUA} \ + versions.luarocks=${VER_LUAROCKS} \ + versions.lua-nginx-module=${VER_LUA_NGINX_MODULE} \ + versions.lua-resty-cookie=${VER_CLOUDFLARE_COOKIE} \ + versions.lua-resty-core=${VER_LUA_RESTY_CORE} \ + versions.lua-resty-dns=${VER_OPENRESTY_DNS} \ + versions.lua-resty-lrucache=${VER_LUA_RESTY_LRUCACHE} \ + versions.lua-resty-memcached=${VER_OPENRESTY_MEMCACHED} \ + versions.lua-resty-mysql=${VER_OPENRESTY_MYSQL} \ + versions.lua-resty-redis=${VER_OPENRESTY_REDIS} \ + versions.lua-resty-shell=${VER_OPENRESTY_SHELL} \ + versions.lua-resty-upstream-healthcheck=${VER_OPENRESTY_HEALTHCHECK} \ + versions.lua-resty-websocket=${VER_OPENRESTY_WEBSOCKET} \ + versions.lua-upstream=${VER_LUA_UPSTREAM} \ + versions.luajit2=${VER_LUAJIT} \ + versions.nginx-lua-prometheus=${VER_PROMETHEUS} \ + versions.nginx=${VER_NGINX} \ + versions.ngx_devel_kit=${VER_NGX_DEVEL_KIT} \ + versions.os=${DOCKER_IMAGE_TAG} \ + versions.stream-lua-nginx-module=${VER_OPENRESTY_STREAMLUA} + +ARG PKG_DEPS="\ + ca-certificates \ + libgeoip-dev \ + libpcre3-dev \ + libssl-dev \ + unzip \ + zlib1g-dev \ +" +ENV PKG_DEPS=$PKG_DEPS + +COPY --from=builder /etc/nginx /etc/nginx +COPY --from=builder /usr/local/lib /usr/local/lib +COPY --from=builder /usr/local/share/lua /usr/local/share/lua +COPY --from=builder /usr/sbin/nginx /usr/sbin/nginx +COPY --from=builder /usr/sbin/nginx-debug /usr/sbin/nginx-debug +COPY --from=builder /var/cache/nginx /var/cache/nginx +COPY --from=builder /usr/bin/envsubst /usr/local/bin/envsubst +COPY --from=builder /usr/local/bin/lua /usr/local/bin/lua +COPY --from=builder /usr/local/bin/luajit /usr/local/bin/luajit +COPY --from=builder /usr/local/bin/luarocks /usr/local/bin/luarocks +COPY --from=builder /usr/local/etc/luarocks /usr/local/etc/luarocks +COPY --from=builder $LUAJIT_INC $LUAJIT_INC + +SHELL ["/bin/bash", "-o", "pipefail", "-c"] + +ENV DEBIAN_FRONTEND noninteractive + +# hadolint ignore=SC2086 +RUN set -eux \ + && apt-get update \ + && apt-get install -y --no-install-recommends --no-install-suggests \ + $PKG_DEPS \ +# Bring in tzdata so users could set the timezones through the environment +# variables + && apt-get install -y --no-install-recommends --no-install-suggests tzdata \ +# Bring in curl and ca-certificates to make registering on DNS SD easier + && apt-get install -y --no-install-recommends --no-install-suggests curl ca-certificates \ +# forward request and error logs to docker log collector + && mkdir -p /var/log/nginx \ + && ln -sf /dev/stdout /var/log/nginx/access.log \ + && ln -sf /dev/stderr /var/log/nginx/error.log \ +# create nginx user/group first, to be consistent throughout docker variants + && addgroup --system --gid 101 nginx \ + && adduser --system --disabled-login --ingroup nginx --no-create-home --home /nonexistent --gecos "nginx user" --shell /bin/false --uid 101 nginx \ + && mkdir /docker-entrypoint.d \ +# Cleanup +# ############################################################################## + && apt-get autoremove -y \ + && rm -rf /var/lib/apt/lists/* + +COPY tpl/support.sh / +COPY tpl/docker-entrypoint.sh / +COPY tpl/10-listen-on-ipv6-by-default.sh /docker-entrypoint.d/ +COPY tpl/20-envsubst-on-templates.sh /docker-entrypoint.d/ +COPY tpl/nginx.conf /etc/nginx/nginx.conf +COPY tpl/default.conf /etc/nginx/conf.d/default.conf + +# smoke test +# ############################################################################## +RUN envsubst -V \ + && nginx -V \ + && nginx -t \ + && lua -v \ + && luarocks --version + +EXPOSE 80 443 + +HEALTHCHECK --interval=30s --timeout=3s CMD curl --fail http://localhost/ || exit 1 + +# Override stop signal to stop process gracefully +STOPSIGNAL SIGQUIT + +ENTRYPOINT ["/docker-entrypoint.sh"] + +CMD ["nginx", "-g", "daemon off;"] diff --git a/tpl/Makefile b/tpl/Makefile index 2e9b1459..6afa70d5 100644 --- a/tpl/Makefile +++ b/tpl/Makefile @@ -211,3 +211,15 @@ luarocks: ./configure \ && make \ && make install + +################################################################################ +##@ COMPILE LUA +################################################################################ + +lua-src: + curl -Lo /luasrc.tar.gz http://www.lua.org/ftp/lua-${VER_LUA}.tar.gz + tar -C / -xzvf /luasrc.tar.gz + cd /lua-$${VER_LUA}; \ + sed -i "s/DLUA_COMPAT_5_3/DLUA_COMPAT_5_1/" src/Makefile \ + && make all test \ + && make install