mirror of
https://github.com/hoellen/dockerfiles.git
synced 2025-07-27 11:25:41 +00:00
cowrie
ghost
isso
lufi
lutim
lychee
nodejs
owncloud
piwik
rainloop
reverse
Dockerfile
README.md
nginx.conf
ngxpasswd
run.sh
rutorrent
searx
subsonic
zerobin
LICENSE
96 lines
3.1 KiB
Docker
96 lines
3.1 KiB
Docker
FROM alpine:3.3
|
|
MAINTAINER Wonderfall <wonderfall@mondedie.fr>
|
|
|
|
ARG NGINX_VER=1.9.14
|
|
ARG LIBRESSL_VER=2.3.3
|
|
ARG SIGNATURE=secret
|
|
ARG BUILD_CORES
|
|
|
|
ENV UID=991 GID=991
|
|
|
|
RUN echo "@testing http://nl.alpinelinux.org/alpine/edge/testing" >> /etc/apk/repositories \
|
|
&& echo "@commuedge http://nl.alpinelinux.org/alpine/edge/community" >> /etc/apk/repositories \
|
|
&& NB_CORES=${BUILD_CORES-`getconf _NPROCESSORS_CONF`} \
|
|
&& BUILD_DEPS=" \
|
|
build-base \
|
|
linux-headers \
|
|
ca-certificates \
|
|
automake \
|
|
autoconf \
|
|
git \
|
|
tar \
|
|
libtool \
|
|
pcre-dev \
|
|
zlib-dev" \
|
|
&& apk -U add \
|
|
$BUILD_DEPS \
|
|
pcre \
|
|
zlib \
|
|
libgcc \
|
|
libstdc++ \
|
|
gosu@testing \
|
|
libressl@testing \
|
|
tini@commuedge \
|
|
&& cd /tmp && git clone https://github.com/bagder/libbrotli && cd libbrotli \
|
|
&& ./autogen.sh && ./configure && make -j $NB_CORES && make install \
|
|
&& mkdir /tmp/ngx_brotli && cd /tmp/ngx_brotli \
|
|
&& wget -qO- https://github.com/google/ngx_brotli/archive/master.tar.gz | tar xz --strip 1 \
|
|
&& mkdir /tmp/libressl && cd /tmp/libressl \
|
|
&& wget -qO- http://ftp.openbsd.org/pub/OpenBSD/LibreSSL/libressl-$LIBRESSL_VER.tar.gz | tar xz --strip 1 \
|
|
&& ./configure \
|
|
LDFLAGS=-lrt \
|
|
CFLAGS=-fstack-protector-strong \
|
|
--prefix=/tmp/libressl/.openssl/ \
|
|
--enable-shared=no \
|
|
&& make install-strip -j $NB_CORES \
|
|
&& mkdir /tmp/nginx && cd /tmp/nginx \
|
|
&& wget -qO- http://nginx.org/download/nginx-$NGINX_VER.tar.gz | tar zxf - \
|
|
&& cd nginx-$NGINX_VER \
|
|
&& sed -i -e "s/\"Server: nginx\" CRLF/\"Server: $SIGNATURE\" CRLF/g" \
|
|
-e "s/\"Server: \" NGINX_VER CRLF/\"Server: $SIGNATURE\" NGINX_VER CRLF/g" \
|
|
src/http/ngx_http_header_filter_module.c \
|
|
&& ./configure \
|
|
--with-http_ssl_module \
|
|
--with-http_v2_module \
|
|
--with-http_gzip_static_module \
|
|
--with-http_stub_status_module \
|
|
--with-openssl=/tmp/libressl \
|
|
--with-cc-opt='-g -O2 -fstack-protector-strong -Wformat -Werror=format-security' \
|
|
--with-ld-opt="-lrt" \
|
|
--with-file-aio \
|
|
--with-threads \
|
|
--without-http_ssi_module \
|
|
--without-http_scgi_module \
|
|
--without-http_uwsgi_module \
|
|
--without-http_fastcgi_module \
|
|
--without-http_geo_module \
|
|
--without-http_autoindex_module \
|
|
--without-http_map_module \
|
|
--without-http_split_clients_module \
|
|
--without-http_memcached_module \
|
|
--without-http_empty_gif_module \
|
|
--without-http_browser_module \
|
|
--prefix=/etc/nginx \
|
|
--http-log-path=/var/log/nginx/access.log \
|
|
--error-log-path=/var/log/nginx/error.log \
|
|
--sbin-path=/usr/local/sbin/nginx \
|
|
--add-module=/tmp/ngx_brotli \
|
|
&& make -j $NB_CORES && make install \
|
|
&& apk del $BUILD_DEPS \
|
|
&& rm -rf /tmp/* /var/cache/apk/*
|
|
|
|
COPY nginx.conf /etc/nginx/conf/nginx.conf
|
|
COPY run.sh /usr/local/bin/run.sh
|
|
COPY ngxpasswd /usr/local/bin/ngxpasswd
|
|
|
|
RUN chmod +x /usr/local/bin/*
|
|
|
|
EXPOSE 8000 4430
|
|
VOLUME /sites-enabled /conf.d /passwds /certs /var/log/nginx
|
|
|
|
LABEL description="Secure reverse proxy using nginx" \
|
|
libressl="LibreSSL v$LIBRESSL_VER" \
|
|
nginx="nginx v$NGINX_VER"
|
|
|
|
CMD ["tini","--","run.sh"]
|