Having to maintain the latest nginx version is what led to the currently outdated nginx version in the current code. Having the version hardcoded in a variable is not a big improvement for maintainability over the current state of having it in the URL below. In both cases, the repo here has to be updated for every nginx release.

Could the official nginx:latest docker image be used as base, instead of having the specific version in the source code here?

Compare #23

The reason I moved the nginx version to an ARG is because it is referenced in multiple places, so declaring it as a variable will make it less likely to be missed somewhere when it is changed. This also resulted in more general commands. For instance, rm -rf nginx-1.* was used to clean up, but this would fail once nginx 2.X was used, whereas rm -rf "nginx-${NGINX_VER}*" will have the intended effect regardless of nginx version.

As for using nginx:latest, there are several reasons not to do this. First, it is considered best practice to pin a specific version, or at least a major version. Otherwise, builds could start failing for users when a new major version is released. Second, it looks like this project is using a build option (--with-ipv6) for nginx that is not used in the official image, and the official image includes many build options that are not needed by this project. Finally, LibreSSL has advantages over OpenSSL, and using the official image would confine the project to using OpenSSL.

You are correct that pinning the version requires manual changes for updates, but this is usually preferable to using the latest tag, and it would be possible to use something like GitHub Actions to automatically make a PR when a new version of nginx is released. That way we could get the best of both worlds.

ditto