Add custom OpenSSL version

README.md

@@ -2,6 +2,7 @@
 
 <p>
   <img src="https://img.shields.io/badge/openresty-1.21.4.2-green.svg?style=for-the-badge">
+  <img src="https://img.shields.io/badge/openssl-3-1-2-green.svg?style=for-the-badge">
   <img src="https://img.shields.io/badge/lua-5.1.5-green.svg?style=for-the-badge">
   <img src="https://img.shields.io/badge/luarocks-3.3.1-green.svg?style=for-the-badge">
   <a href="https://hub.docker.com/repository/docker/jc21/nginx-full">
@@ -18,6 +19,7 @@ The following images are built:
 
 **latest**
 - OpenResty
+- OpenSSL
 - Lua
 - [Crowdsec Openresty Bouncer](https://github.com/crowdsecurity/cs-openresty-bouncer)
 

docker/Dockerfile

@@ -5,6 +5,7 @@
 FROM debian:buster-slim as nginxbuilder
 
 ARG OPENRESTY_VERSION
+ARG OPENSSL_VERSION
 ARG LUA_VERSION
 ARG LUAROCKS_VERSION
 
@@ -71,6 +72,10 @@ COPY --from=nginxbuilder /tmp/lua /tmp/lua
 COPY --from=nginxbuilder /tmp/luarocks /tmp/luarocks
 COPY ./scripts/install-lua /tmp/install-lua
 
+# Copy openssl build from first image
+COPY --from=nginxbuilder /usr/local/ssl /usr/local/ssl
+RUN echo "/usr/local/ssl/lib64" > /etc/ld.so.conf.d/openssl.conf && ldconfig
+
 # Copy openresty build from first image
 COPY --from=nginxbuilder /tmp/openresty /tmp/openresty
 COPY ./scripts/install-openresty /tmp/install-openresty

local-build.sh

@@ -9,6 +9,7 @@ RESET='\E[0m'
 DOCKER_IMAGE=jc21/nginx-full
 
 export OPENRESTY_VERSION=1.21.4.2
+export OPENSSL_VERSION=3.1.2
 export CROWDSEC_OPENRESTY_BOUNCER_VERSION=0.1.7
 export LUA_VERSION=5.1.5
 export LUAROCKS_VERSION=3.3.1
@@ -19,6 +20,7 @@ echo -e "${BLUE}❯ ${CYAN}Building ${YELLOW}latest ${CYAN}...${RESET}"
 docker build \
 	--pull \
 	--build-arg OPENRESTY_VERSION \
+	--build-arg OPENSSL_VERSION \
 	--build-arg CROWDSEC_OPENRESTY_BOUNCER_VERSION \
 	--build-arg LUA_VERSION \
 	--build-arg LUAROCKS_VERSION \

scripts/build-openresty

@@ -6,6 +6,22 @@ YELLOW='\E[1;33m'
 GREEN='\E[1;32m'
 RESET='\E[0m'
 
+
+echo -e "${BLUE}❯ ${CYAN}Building OpenSSL ${YELLOW}${OPENSSL_VERSION}...${RESET}"
+
+cd /usr/src
+wget https://github.com/openssl/openssl/releases/download/openssl-${OPENSSL_VERSION}/openssl-${OPENSSL_VERSION}.tar.gz && \
+  wget https://github.com/openssl/openssl/releases/download/openssl-${OPENSSL_VERSION}/openssl-${OPENSSL_VERSION}.tar.gz.sha256
+
+echo "`cat openssl-${OPENSSL_VERSION}.tar.gz.sha256 | sed "s/ //g"` *openssl-${OPENSSL_VERSION}.tar.gz" | shasum -a 256 --check || exit -1
+
+tar -xzf openssl-${OPENSSL_VERSION}.tar.gz && cd openssl-${OPENSSL_VERSION} && \
+  ./Configure -d --prefix=/usr/local/ssl --openssldir=/usr/local/ssl '-Wl,-rpath,$(LIBRPATH)' shared && \
+    make && make install
+
+echo -e "${BLUE}❯ ${GREEN}OpenSSL build completed${RESET}"
+
+
 echo -e "${BLUE}❯ ${CYAN}Building OpenResty ${YELLOW}${OPENRESTY_VERSION}...${RESET}"
 
 cd /tmp
@@ -15,6 +31,8 @@ mv /tmp/openresty-${OPENRESTY_VERSION} /tmp/openresty
 cd /tmp/openresty
 
 ./configure \
+        --with-cc-opt='-I/usr/local/ssl/include' \
+        --with-ld-opt='-L/usr/local/ssl/lib64' \
 	--prefix=/etc/nginx \
 	--sbin-path=/usr/sbin/nginx \
 	--modules-path=/usr/lib/nginx/modules \

scripts/buildx

@@ -23,6 +23,7 @@ docker buildx build \
 	--build-arg ACMESH_BASE_TAG \
 	--build-arg CERTBOT_BASE_TAG \
 	--build-arg OPENRESTY_VERSION \
+        --build-arg OPENSSL_VERSION \
 	--build-arg LUA_VERSION \
 	--build-arg LUAROCKS_VERSION \
 	--build-arg CROWDSEC_OPENRESTY_BOUNCER_VERSION \