From 9a95baba757a0f38dfd0c77e3b6a613e4310d3aa Mon Sep 17 00:00:00 2001 From: nser77 <> Date: Tue, 15 Aug 2023 10:12:32 +0000 Subject: [PATCH] fix --- README.md | 2 ++ docker/Dockerfile | 5 +++++ local-build.sh | 2 ++ scripts/build-openresty | 18 ++++++++++++++++++ scripts/buildx | 1 + 5 files changed, 28 insertions(+) diff --git a/README.md b/README.md index fea4ac5..d941cfe 100644 --- a/README.md +++ b/README.md @@ -2,6 +2,7 @@

+ @@ -18,6 +19,7 @@ The following images are built: **latest** - OpenResty +- OpenSSL - Lua - [Crowdsec Openresty Bouncer](https://github.com/crowdsecurity/cs-openresty-bouncer) diff --git a/docker/Dockerfile b/docker/Dockerfile index bdbc213..d261d40 100644 --- a/docker/Dockerfile +++ b/docker/Dockerfile @@ -5,6 +5,7 @@ FROM debian:buster-slim as nginxbuilder ARG OPENRESTY_VERSION +ARG OPENSSL_VERSION ARG LUA_VERSION ARG LUAROCKS_VERSION @@ -71,6 +72,10 @@ COPY --from=nginxbuilder /tmp/lua /tmp/lua COPY --from=nginxbuilder /tmp/luarocks /tmp/luarocks COPY ./scripts/install-lua /tmp/install-lua +# Copy openssl build from first image +COPY --from=nginxbuilder /usr/local/ssl /usr/local/ssl +RUN echo "/usr/local/ssl/lib64" > /etc/ld.so.conf.d/openssl.conf && ldconfig + # Copy openresty build from first image COPY --from=nginxbuilder /tmp/openresty /tmp/openresty COPY ./scripts/install-openresty /tmp/install-openresty diff --git a/local-build.sh b/local-build.sh index ffd672e..9cbaba4 100755 --- a/local-build.sh +++ b/local-build.sh @@ -9,6 +9,7 @@ RESET='\E[0m' DOCKER_IMAGE=jc21/nginx-full export OPENRESTY_VERSION=1.21.4.2 +export OPENSSL_VERSION=3.1.2 export CROWDSEC_OPENRESTY_BOUNCER_VERSION=0.1.7 export LUA_VERSION=5.1.5 export LUAROCKS_VERSION=3.3.1 @@ -19,6 +20,7 @@ echo -e "${BLUE}❯ ${CYAN}Building ${YELLOW}latest ${CYAN}...${RESET}" docker build \ --pull \ --build-arg OPENRESTY_VERSION \ + --build-arg OPENSSL_VERSION \ --build-arg CROWDSEC_OPENRESTY_BOUNCER_VERSION \ --build-arg LUA_VERSION \ --build-arg LUAROCKS_VERSION \ diff --git a/scripts/build-openresty b/scripts/build-openresty index 3019542..4f1dd9e 100755 --- a/scripts/build-openresty +++ b/scripts/build-openresty @@ -6,6 +6,22 @@ YELLOW='\E[1;33m' GREEN='\E[1;32m' RESET='\E[0m' + +echo -e "${BLUE}❯ ${CYAN}Building OpenSSL ${YELLOW}${OPENSSL_VERSION}...${RESET}" + +cd /usr/src +wget https://github.com/openssl/openssl/releases/download/openssl-${OPENSSL_VERSION}/openssl-${OPENSSL_VERSION}.tar.gz && \ + wget https://github.com/openssl/openssl/releases/download/openssl-${OPENSSL_VERSION}/openssl-${OPENSSL_VERSION}.tar.gz.sha256 + +echo "`cat openssl-${OPENSSL_VERSION}.tar.gz.sha256 | sed "s/ //g"` *openssl-${OPENSSL_VERSION}.tar.gz" | shasum -a 256 --check || exit -1 + +tar -xzf openssl-${OPENSSL_VERSION}.tar.gz && cd openssl-${OPENSSL_VERSION} && \ + ./Configure -d --prefix=/usr/local/ssl --openssldir=/usr/local/ssl '-Wl,-rpath,$(LIBRPATH)' shared && \ + make && make install + +echo -e "${BLUE}❯ ${GREEN}OpenSSL build completed${RESET}" + + echo -e "${BLUE}❯ ${CYAN}Building OpenResty ${YELLOW}${OPENRESTY_VERSION}...${RESET}" cd /tmp @@ -15,6 +31,8 @@ mv /tmp/openresty-${OPENRESTY_VERSION} /tmp/openresty cd /tmp/openresty ./configure \ + --with-cc-opt='-I/usr/local/ssl/include' \ + --with-ld-opt='-L/usr/local/ssl/lib64' \ --prefix=/etc/nginx \ --sbin-path=/usr/sbin/nginx \ --modules-path=/usr/lib/nginx/modules \ diff --git a/scripts/buildx b/scripts/buildx index ffebd42..2cadf92 100755 --- a/scripts/buildx +++ b/scripts/buildx @@ -23,6 +23,7 @@ docker buildx build \ --build-arg ACMESH_BASE_TAG \ --build-arg CERTBOT_BASE_TAG \ --build-arg OPENRESTY_VERSION \ + --build-arg OPENSSL_VERSION \ --build-arg LUA_VERSION \ --build-arg LUAROCKS_VERSION \ --build-arg CROWDSEC_OPENRESTY_BOUNCER_VERSION \