forked from nginxinc/nginx-s3-gateway
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Dockerfile.buildkit.plus
77 lines (64 loc) · 3.04 KB
/
Dockerfile.buildkit.plus
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
FROM debian:bullseye-slim
ENV NGINX_PLUS_VERSION 28-1
ENV NGINX_VERSION 1.23.2
ENV NJS_VERSION 28+0.7.10-1
ENV XSLT_VERSION 28-1
ENV PROXY_CACHE_VALID_OK "1h"
ENV PROXY_CACHE_VALID_NOTFOUND "1m"
ENV PROXY_CACHE_VALID_FORBIDDEN "30s"
ENV PROXY_CACHE_VALID_OK "1h"
ENV PROXY_CACHE_VALID_NOTFOUND "1m"
ENV PROXY_CACHE_VALID_FORBIDDEN "30s"
ENV CORS_ENABLED 0
COPY plus/usr /usr
# Copy files from the OSS NGINX Docker container such that the container
# startup is the same.
# Source: https://github.com/nginxinc/docker-nginx/tree/1.19.2/stable/buster
COPY common/docker-entrypoint.sh /docker-entrypoint.sh
COPY common/docker-entrypoint.d /docker-entrypoint.d/
COPY plus/docker-entrypoint.d /docker-entrypoint.d/
# Add NGINX Plus package repository keyring
COPY plus/usr/share/keyrings/nginx-archive-keyring.gpg /usr/share/keyrings/nginx-archive-keyring.gpg
RUN --mount=type=secret,id=nginx-crt --mount=type=secret,id=nginx-key \
set -eux \
export DEBIAN_FRONTEND=noninteractive; \
mkdir -p /etc/ssl/nginx; \
cp /run/secrets/nginx-crt /etc/ssl/nginx/nginx-repo.crt; \
chmod 0664 /etc/ssl/nginx/nginx-repo.crt; \
cp /run/secrets/nginx-key /etc/ssl/nginx/nginx-repo.key; \
chmod 0664 /etc/ssl/nginx/nginx-repo.key; \
# create nginx user/group first, to be consistent throughout docker variants
addgroup --system --gid 101 nginx; \
adduser --system --disabled-login --ingroup nginx --no-create-home --home /nonexistent --gecos "nginx user" --shell /bin/false --uid 101 nginx; \
apt-get -qq update; \
apt-get -qq upgrade --yes; \
apt-get -qq install --yes ca-certificates; \
sh -a /usr/local/bin/add_nginx_plus_repo.sh; \
rm /usr/local/bin/add_nginx_plus_repo.sh; \
apt-get -qq update; \
export DISTRO_VERSION="$(grep '^VERSION_CODENAME=' /etc/os-release | awk -v FS='=' '{print $2}')" && \
apt-get -qq install --no-install-recommends --no-install-suggests -y \
nginx-plus=${NGINX_PLUS_VERSION}~${DISTRO_VERSION} \
nginx-plus-module-njs=${NJS_VERSION}~${DISTRO_VERSION} \
nginx-plus-module-xslt=${XSLT_VERSION}~${DISTRO_VERSION} \
gettext-base; \
apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false; \
rm -rf /var/lib/apt/lists/* /var/tmp/* /tmp/* /etc/ssl/nginx; \
# forward request and error logs to docker log collector
ln -sf /dev/stdout /var/log/nginx/access.log; \
ln -sf /dev/stderr /var/log/nginx/error.log; \
chmod -R -v +x /docker-entrypoint.sh /docker-entrypoint.d/*.sh
ENTRYPOINT ["/docker-entrypoint.sh"]
EXPOSE 80
STOPSIGNAL SIGTERM
CMD ["nginx", "-g", "daemon off;"]
# NGINX Docker image setup complete, everything below is specific for
# the S3 Gateway use case.
COPY plus/etc/nginx /etc/nginx
COPY common/etc /etc
COPY common/docker-entrypoint.d/00-check-for-required-env.sh /docker-entrypoint.d/00-check-for-required-env.sh
RUN set -eux \
export DEBIAN_FRONTEND=noninteractive; \
mkdir -p /var/cache/nginx/s3_proxy; \
chown nginx:nginx /var/cache/nginx/s3_proxy; \
chmod -R +x /docker-entrypoint.d/*