From 37fd5d408087e5335af26c4c49d42271f4ece4d6 Mon Sep 17 00:00:00 2001 From: Andrew Duty <4403436-aduty@users.noreply.gitlab.com> Date: Mon, 2 Jan 2023 14:29:59 -0700 Subject: [PATCH 1/8] use Alpine as base, latest nginx, multistage build --- nginx-relay/Dockerfile | 47 ++++++++++++++++++++++++++++---------- nginx-terminate/Dockerfile | 47 ++++++++++++++++++++++++++++---------- 2 files changed, 70 insertions(+), 24 deletions(-) diff --git a/nginx-relay/Dockerfile b/nginx-relay/Dockerfile index 1900884..8034b31 100644 --- a/nginx-relay/Dockerfile +++ b/nginx-relay/Dockerfile @@ -1,21 +1,44 @@ -FROM ubuntu:20.04 +FROM alpine:3.17 as build -RUN apt-get update && apt-get -y upgrade && \ - apt-get install -y wget libpcre3-dev build-essential libssl-dev zlib1g-dev && \ - rm -rf /var/lib/apt/lists/* +ARG NGINX_VER='1.22.1' + +RUN apk add --no-cache \ + build-base \ + libressl-dev \ + pcre-dev \ + zlib-dev WORKDIR /opt -RUN wget https://nginx.org/download/nginx-1.18.0.tar.gz && \ - tar -zxvf nginx-1.*.tar.gz && \ - cd nginx-1.* && \ - ./configure --prefix=/opt/nginx --user=nginx --group=nginx --with-http_ssl_module --with-ipv6 --with-threads --with-stream --with-stream_ssl_module --with-stream_ssl_preread_module && \ - make && make install && \ - cd .. && rm -rf nginx-1.* +RUN wget "https://nginx.org/download/nginx-${NGINX_VER}.tar.gz" \ + && tar -zxvf "nginx-${NGINX_VER}.tar.gz" \ + && cd "nginx-${NGINX_VER}" \ + && ./configure \ + --prefix=/opt/nginx \ + --user=nginx \ + --group=nginx \ + --with-http_ssl_module \ + --with-ipv6 \ + --with-threads \ + --with-stream \ + --with-stream_ssl_module \ + --with-stream_ssl_preread_module \ + && make && make install \ + && cd .. && rm -rf "nginx-${NGINX_VER}*" + +FROM alpine:3.17 as final + +RUN apk upgrade --update-cache \ + && apk add \ + libressl3.6-libcrypto \ + libressl3.6-libssl \ + pcre \ + && rm -rf /var/cache/apk -RUN adduser --system --no-create-home --disabled-login --disabled-password --group nginx +COPY --from=build /opt/ /opt/ -WORKDIR / +RUN addgroup -S nginx \ + && adduser -SDHG nginx nginx EXPOSE 443 diff --git a/nginx-terminate/Dockerfile b/nginx-terminate/Dockerfile index 1900884..8034b31 100644 --- a/nginx-terminate/Dockerfile +++ b/nginx-terminate/Dockerfile @@ -1,21 +1,44 @@ -FROM ubuntu:20.04 +FROM alpine:3.17 as build -RUN apt-get update && apt-get -y upgrade && \ - apt-get install -y wget libpcre3-dev build-essential libssl-dev zlib1g-dev && \ - rm -rf /var/lib/apt/lists/* +ARG NGINX_VER='1.22.1' + +RUN apk add --no-cache \ + build-base \ + libressl-dev \ + pcre-dev \ + zlib-dev WORKDIR /opt -RUN wget https://nginx.org/download/nginx-1.18.0.tar.gz && \ - tar -zxvf nginx-1.*.tar.gz && \ - cd nginx-1.* && \ - ./configure --prefix=/opt/nginx --user=nginx --group=nginx --with-http_ssl_module --with-ipv6 --with-threads --with-stream --with-stream_ssl_module --with-stream_ssl_preread_module && \ - make && make install && \ - cd .. && rm -rf nginx-1.* +RUN wget "https://nginx.org/download/nginx-${NGINX_VER}.tar.gz" \ + && tar -zxvf "nginx-${NGINX_VER}.tar.gz" \ + && cd "nginx-${NGINX_VER}" \ + && ./configure \ + --prefix=/opt/nginx \ + --user=nginx \ + --group=nginx \ + --with-http_ssl_module \ + --with-ipv6 \ + --with-threads \ + --with-stream \ + --with-stream_ssl_module \ + --with-stream_ssl_preread_module \ + && make && make install \ + && cd .. && rm -rf "nginx-${NGINX_VER}*" + +FROM alpine:3.17 as final + +RUN apk upgrade --update-cache \ + && apk add \ + libressl3.6-libcrypto \ + libressl3.6-libssl \ + pcre \ + && rm -rf /var/cache/apk -RUN adduser --system --no-create-home --disabled-login --disabled-password --group nginx +COPY --from=build /opt/ /opt/ -WORKDIR / +RUN addgroup -S nginx \ + && adduser -SDHG nginx nginx EXPOSE 443 From 0b333683a07155bff05769f6a6f59e111686bcf7 Mon Sep 17 00:00:00 2001 From: Andrew Duty <4403436-aduty@users.noreply.gitlab.com> Date: Mon, 2 Jan 2023 14:32:04 -0700 Subject: [PATCH 2/8] make init script compatible with Alpine, use new docker compose plugin --- init-certificate.sh | 14 ++++++++------ 1 file changed, 8 insertions(+), 6 deletions(-) diff --git a/init-certificate.sh b/init-certificate.sh index cfa81f1..b67645b 100755 --- a/init-certificate.sh +++ b/init-certificate.sh @@ -1,7 +1,9 @@ -#!/bin/bash +#!/usr/bin/env ash -if ! [ -x "$(command -v docker-compose)" ]; then - echo 'Error: docker-compose is not installed.' >&2 +set -Eeuo pipefail + +if ! [ -x "$(command -v docker compose)" ]; then + echo 'Error: docker compose is not installed.' >&2 exit 1 fi @@ -28,11 +30,11 @@ fi echo "### Requesting Let's Encrypt certificate for $domains ..." #Join $domains to -d args domain_args="" -for domain in "${domains[@]}"; do +for domain in $domains; do domain_args="$domain_args -d $domain" done -docker-compose run -p 80:80 --rm --entrypoint "\ +docker compose run -p 80:80 --rm --entrypoint "\ sh -c \"certbot certonly --standalone \ --register-unsafely-without-email \ $domain_args \ @@ -40,4 +42,4 @@ docker-compose run -p 80:80 --rm --entrypoint "\ --force-renewal && \ ln -fs /etc/letsencrypt/live/$domains/ /etc/letsencrypt/active\"" certbot echo -echo "After running 'docker-compose up --detach' you can share your proxy as: https://signal.tube/#$domains" +echo "After running 'docker compose up --detach' you can share your proxy as: https://signal.tube/#$domains" From 839d8b6b75b1487d38205da70ce596ac99109847 Mon Sep 17 00:00:00 2001 From: Andrew Duty <4403436-aduty@users.noreply.gitlab.com> Date: Mon, 2 Jan 2023 14:32:32 -0700 Subject: [PATCH 3/8] allow for non-interactive installs --- init-certificate.sh | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/init-certificate.sh b/init-certificate.sh index b67645b..fa0a59d 100755 --- a/init-certificate.sh +++ b/init-certificate.sh @@ -9,7 +9,9 @@ fi data_path="./data/certbot" -read -p "Enter domain name (eg. www.example.com): " domains +if [ -z "$domains"]; then + read -p "Enter domain name (eg. www.example.com): " domains +fi if [ -d "$data_path" ]; then read -p "Existing data found. Continue and replace existing certificate? (y/N) " decision From ad4f6823a522e4f66443a1120bb46a9235452341 Mon Sep 17 00:00:00 2001 From: Andrew Duty <4403436-aduty@users.noreply.gitlab.com> Date: Tue, 3 Jan 2023 22:00:18 -0700 Subject: [PATCH 4/8] use sh for maximum compatibility --- init-certificate.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/init-certificate.sh b/init-certificate.sh index fa0a59d..8c45423 100755 --- a/init-certificate.sh +++ b/init-certificate.sh @@ -1,6 +1,6 @@ -#!/usr/bin/env ash +#!/usr/bin/env sh -set -Eeuo pipefail +set -eu if ! [ -x "$(command -v docker compose)" ]; then echo 'Error: docker compose is not installed.' >&2 From fead43211080c2a560c747480f37c2e376b37ce0 Mon Sep 17 00:00:00 2001 From: Andrew Duty <4403436-aduty@users.noreply.gitlab.com> Date: Tue, 3 Jan 2023 22:00:51 -0700 Subject: [PATCH 5/8] support both docker-compose and docker compose --- init-certificate.sh | 10 +++++++--- 1 file changed, 7 insertions(+), 3 deletions(-) diff --git a/init-certificate.sh b/init-certificate.sh index 8c45423..f10f72f 100755 --- a/init-certificate.sh +++ b/init-certificate.sh @@ -2,7 +2,11 @@ set -eu -if ! [ -x "$(command -v docker compose)" ]; then +if [ -x "$(command -v docker compose)" ]; then + DOCKER_COMPOSE='docker compose' +elif [ -x "$(command -v docker-compose)" ]; then + DOCKER_COMPOSE='docker-compose' +else echo 'Error: docker compose is not installed.' >&2 exit 1 fi @@ -36,7 +40,7 @@ for domain in $domains; do domain_args="$domain_args -d $domain" done -docker compose run -p 80:80 --rm --entrypoint "\ +$DOCKER_COMPOSE run -p 80:80 --rm --entrypoint "\ sh -c \"certbot certonly --standalone \ --register-unsafely-without-email \ $domain_args \ @@ -44,4 +48,4 @@ docker compose run -p 80:80 --rm --entrypoint "\ --force-renewal && \ ln -fs /etc/letsencrypt/live/$domains/ /etc/letsencrypt/active\"" certbot echo -echo "After running 'docker compose up --detach' you can share your proxy as: https://signal.tube/#$domains" +echo "After running '$DOCKER_COMPOSE up --detach' you can share your proxy as: https://signal.tube/#$domains" From 9315994ca97681d5996330d101ba3c3ea32aae3e Mon Sep 17 00:00:00 2001 From: Andrew Duty <4403436-aduty@users.noreply.gitlab.com> Date: Tue, 3 Jan 2023 22:18:07 -0700 Subject: [PATCH 6/8] fix if statement syntax --- init-certificate.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/init-certificate.sh b/init-certificate.sh index f10f72f..e181576 100755 --- a/init-certificate.sh +++ b/init-certificate.sh @@ -13,7 +13,7 @@ fi data_path="./data/certbot" -if [ -z "$domains"]; then +if [ -z "$domains" ]; then read -p "Enter domain name (eg. www.example.com): " domains fi From 897ab1b238b2d704832d603cbeb25a449e4eb7ad Mon Sep 17 00:00:00 2001 From: adduty <9246737+adduty@users.noreply.github.com> Date: Mon, 16 Oct 2023 21:39:48 -0600 Subject: [PATCH 7/8] create dependabot.yml Use Dependabot to keep images in dockerfiles up-to-date. --- .github/dependabot.yml | 6 ++++++ 1 file changed, 6 insertions(+) create mode 100644 .github/dependabot.yml diff --git a/.github/dependabot.yml b/.github/dependabot.yml new file mode 100644 index 0000000..84c87d6 --- /dev/null +++ b/.github/dependabot.yml @@ -0,0 +1,6 @@ +version: 2 +updates: + - package-ecosystem: "docker" + directory: "/" + schedule: + interval: "weekly" From 7dd500707525e9dea28965c7cf74e5338e166b8b Mon Sep 17 00:00:00 2001 From: adduty <9246737+adduty@users.noreply.github.com> Date: Mon, 16 Oct 2023 21:47:35 -0600 Subject: [PATCH 8/8] specify directories --- .github/dependabot.yml | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/.github/dependabot.yml b/.github/dependabot.yml index 84c87d6..c01df84 100644 --- a/.github/dependabot.yml +++ b/.github/dependabot.yml @@ -1,6 +1,10 @@ version: 2 updates: - package-ecosystem: "docker" - directory: "/" + directory: "/nginx-relay" + schedule: + interval: "weekly" + - package-ecosystem: "docker" + directory: "/nginx-terminate" schedule: interval: "weekly"