-
Notifications
You must be signed in to change notification settings - Fork 3
/
Dockerfile
222 lines (205 loc) · 9.98 KB
/
Dockerfile
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
# Copyright (c) 2021 aasaam software development group
FROM ubuntu:focal AS builder
ARG PROXY
ENV HTTP_PROXY=${PROXY}
ENV HTTPS_PROXY=${PROXY}
ENV ALL_PROXY=${PROXY}
ENV http_proxy=${PROXY}
ENV https_proxy=${PROXY}
ENV all_proxy=${PROXY}
LABEL org.label-schema.name="web-server" \
org.label-schema.description="Improved version of Nginx/OpenResty" \
org.label-schema.url=https://github.com/aasaam/web-server \
org.label-schema.vendor="aasaam" \
maintainer="Muhammad Hussein Fattahizadeh <[email protected]>"
ADD tools/patch-source.py /tmp/patch-source.py
RUN export DEBIAN_FRONTEND=noninteractive ; \
export LANG=en_US.utf8 ; \
export LC_ALL=C.UTF-8 ; \
apt-get update -y \
&& apt-get -y upgrade \
&& apt-get install --no-install-recommends -y gnupg \
&& apt-key adv --keyserver keyserver.ubuntu.com --recv-keys F44B38CE3DB1BF64B61DBD28DE1997DCDE742AFA \
&& echo 'deb http://ppa.launchpad.net/maxmind/ppa/ubuntu focal main' > /etc/apt/sources.list.d/maxmind.list \
&& apt-get update -y \
&& apt-get install -y build-essential bzr-builddeb ca-certificates curl dh-make dh-systemd gnupg gnupg2 jq gzip \
libmaxminddb0 libmaxminddb-dev mmdb-bin libpcre3 libpcre3-dev libtemplate-perl lsb-release make perl python sudo systemtap-sdt-dev unzip uuid-dev wget zlib1g-dev \
# check proxy
&& curl -s ifconfig.me
RUN rm -rf /tmp/builder/resty \
&& mkdir -p /tmp/builder/resty \
&& mkdir /tmp/modules
# modules/naxsi
RUN cd /tmp \
&& wget -q -O naxsi.tgz https://github.com/nbs-system/naxsi/archive/refs/tags/1.3.tar.gz \
&& tar -xf naxsi.tgz \
&& export NGINX_MODULE_NAXI=`realpath naxsi-1.*/naxsi_src` \
&& mv $NGINX_MODULE_NAXI /tmp/modules/naxsi
# modules/brotli
RUN cd /tmp \
&& git clone https://github.com/google/ngx_brotli /tmp/ngx_brotli \
&& cd /tmp/ngx_brotli \
&& git submodule update --init \
&& export NGINX_MODULE_BROTLI=`realpath /tmp/ngx_brotl*` \
&& mv $NGINX_MODULE_BROTLI /tmp/modules/brotli
# modules/ps
RUN cd /tmp \
&& curl ifconfig.me \
&& export NPS_VERSION=1.13.35.2-stable \
&& wget -q -c https://github.com/apache/incubator-pagespeed-ngx/archive/v${NPS_VERSION}.zip \
&& unzip v${NPS_VERSION}.zip \
&& export nps_dir=`realpath *pagespeed-ngx*` \
&& cd $nps_dir \
&& export NPS_RELEASE_NUMBER=$NPS_VERSION/beta/ \
&& export NPS_RELEASE_NUMBER=$NPS_VERSION/stable/ \
&& export psol_url="https://dl.google.com/dl/page-speed/psol/$NPS_RELEASE_NUMBER.tar.gz" \
&& ls -laF scripts/ \
&& [ -e scripts/format_binary_url.sh ] && psol_url=$(scripts/format_binary_url.sh PSOL_BINARY_URL) \
&& wget -c ${psol_url} \
&& tar -xzvf $(basename ${psol_url}) \
&& export NGINX_MODULE_PS=`realpath "$nps_dir"` \
&& mv $NGINX_MODULE_PS /tmp/modules/ps
# modules/geoip2
RUN cd /tmp \
&& wget -q -O ngx_http_geoip2_module.tgz https://github.com/leev/ngx_http_geoip2_module/archive/refs/tags/3.4.tar.gz \
&& tar -xf ngx_http_geoip2_module.tgz \
&& export NGINX_MODULE_GEOIP2=`realpath /tmp/ngx_http_geoip2_module-*` \
&& mv $NGINX_MODULE_GEOIP2 /tmp/modules/geoip2
# openresty
RUN cd /tmp \
&& cd /tmp \
&& wget -q -O openresty.tgz https://github.com/openresty/openresty-packaging/archive/master.tar.gz \
&& tar -xf openresty.tgz \
&& chmod +x /tmp/patch-source.py \
&& cd /tmp/openresty-packaging-master/deb \
&& grep -v "debsigs" Makefile > temp && cat temp > Makefile \
&& sed -i 's#OPTS=#OPTS=-b -uc -us#g' Makefile \
&& sed -i 's#tar xf openresty_$(OR_VER).orig.tar.gz --strip-components=1 -C openresty#tar xf openresty_$(OR_VER).orig.tar.gz --strip-components=1 -C openresty \&\& /tmp/patch-source.py `realpath openresty/bundle/nginx-1*/` #g' Makefile \
&& sed -i "s#--with-threads#--with-threads --with-ld-opt=\"-Wl,-rpath,$PHP_LIB\" --add-module=/tmp/modules/brotli --add-module=/tmp/modules/naxsi --add-module=/tmp/modules/ps --add-module=/tmp/modules/geoip2#g" openresty/debian/rules \
&& make zlib-build \
&& export DEB_TO_INSTALL=`realpath openresty-zlib_1.*.deb` \
&& export DEB_DEV_TO_INSTALL=`realpath openresty-zlib-dev_1.*.deb` \
&& cp $DEB_TO_INSTALL /tmp/builder/openresty-zlib.deb \
&& cp $DEB_DEV_TO_INSTALL /tmp/builder/openresty-zlib-dev.deb \
&& dpkg -i /tmp/builder/openresty-zlib.deb \
&& dpkg -i /tmp/builder/openresty-zlib-dev.deb \
&& make pcre-build \
&& export DEB_TO_INSTALL=`realpath openresty-pcre_8.*deb` \
&& export DEB_DEV_TO_INSTALL=`realpath openresty-pcre-dev_8.*.deb` \
&& cp $DEB_TO_INSTALL /tmp/builder/openresty-pcre.deb \
&& cp $DEB_DEV_TO_INSTALL /tmp/builder/openresty-pcre-dev.deb \
&& dpkg -i /tmp/builder/openresty-pcre.deb \
&& dpkg -i /tmp/builder/openresty-pcre-dev.deb \
&& make openssl111-build \
&& echo "======== DEBUG ==========" \
&& ls -la \
&& find /tmp -type f -name "*.deb" \
&& echo "======== /DEBUG ==========" \
&& export DEB_TO_INSTALL=`realpath openresty-openssl111_1.*deb` \
&& export DEB_DEV_TO_INSTALL=`realpath openresty-openssl111-dev_1*.deb` \
&& cp $DEB_TO_INSTALL /tmp/builder/openresty-openssl.deb \
&& cp $DEB_DEV_TO_INSTALL /tmp/builder/openresty-openssl-dev.deb \
&& dpkg -i /tmp/builder/openresty-openssl.deb \
&& dpkg -i /tmp/builder/openresty-openssl-dev.deb \
&& make openresty-build \
&& echo "======== DEBUG ==========" \
&& ls -la \
&& find /tmp -type f -name "*.deb" \
&& echo "======== /DEBUG ==========" \
&& export DEB_TO_INSTALL=`realpath openresty_1*focal1_amd64.deb` \
&& cp $DEB_TO_INSTALL /tmp/builder/openresty.deb \
&& export DEB_TO_INSTALL=`realpath openresty-resty_1*focal1_all.deb` \
&& cp $DEB_TO_INSTALL /tmp/builder/openresty-resty.deb \
&& export DEB_TO_INSTALL=`realpath openresty-opm_1*focal1_amd64.deb` \
&& cp $DEB_TO_INSTALL /tmp/builder/openresty-opm.deb \
&& cd /tmp \
&& wget -q -O error-pages.tgz https://github.com/aasaam/error-pages/archive/master.tar.gz \
&& tar -xf error-pages.tgz \
&& cd /tmp/error-pages-master/dist/nginx \
&& rm -rf /tmp/builder/error-pages \
&& mv error-pages /tmp/builder/ \
&& cd /tmp \
&& wget -q -O /tmp/icons.tgz https://github.com/aasaam/brand-icons/archive/master.tar.gz \
&& tar -xf /tmp/icons.tgz \
&& mv brand-icons-master/svg /tmp/builder/error-pages/ \
&& wget -q -O dl_woothee.tgz https://github.com/woothee/lua-resty-woothee/archive/refs/tags/v1.12.0-1.tar.gz \
&& tar -xf dl_woothee.tgz \
&& export WOOTHEE_PATH=`realpath /tmp/lua-resty-woothee-1*/lib` \
&& cd $WOOTHEE_PATH \
&& cp -rf resty/* /tmp/builder/resty/ \
&& cd /tmp \
&& wget -q -O lua_resty_url.tgz https://github.com/3scale/lua-resty-url/archive/refs/tags/v0.3.5.tar.gz \
&& tar -xf lua_resty_url.tgz \
&& export LUA_RESTY_URL_PATH=`realpath /tmp/lua-resty-url*/src/` \
&& cd $LUA_RESTY_URL_PATH \
&& cp -rf resty/* /tmp/builder/resty/ \
&& wget -q -O /tmp/builder/favicon.ico https://raw.githubusercontent.com/aasaam/information/master/logo/icons/favicon.ico \
&& cd /tmp \
&& tar -czf builder.tgz builder
FROM ubuntu:focal
COPY --from=aasaam/maxmind-lite-docker /*.mmdb /tmp/
COPY --from=builder /tmp/builder.tgz /tmp/builder.tgz
COPY --from=hairyhenderson/gomplate /gomplate /bin/gomplate
COPY entrypoint.sh /entrypoint.sh
RUN export DEBIAN_FRONTEND=noninteractive ; \
export LANG=en_US.utf8 ; \
export LC_ALL=C.UTF-8 ; \
apt-get update -y \
&& apt-get -y upgrade \
&& apt-get install --no-install-recommends -y gnupg \
&& apt-key adv --keyserver keyserver.ubuntu.com --recv-keys F44B38CE3DB1BF64B61DBD28DE1997DCDE742AFA \
&& echo 'deb http://ppa.launchpad.net/maxmind/ppa/ubuntu focal main' > /etc/apt/sources.list.d/maxmind.list \
&& apt-get update -y \
&& apt-get install --no-install-recommends -y libmaxminddb0 libtime-hires-perl \
&& cd /tmp/ \
&& tar -xf builder.tgz \
&& dpkg -i /tmp/builder/openresty-zlib.deb \
&& dpkg -i /tmp/builder/openresty-pcre.deb \
&& dpkg -i /tmp/builder/openresty-openssl.deb \
&& dpkg -i /tmp/builder/openresty.deb \
&& dpkg -i /tmp/builder/openresty-resty.deb \
&& cp /tmp/builder/resty/* /usr/local/openresty/lualib/resty/ -rf \
&& cp /tmp/builder/error-pages /usr/local/openresty/nginx/ -rf \
&& rm -rf /usr/local/openresty/nginx/conf \
&& mkdir -p /usr/local/openresty/nginx/conf \
&& mkdir -p /usr/local/openresty/nginx/addon \
&& export OPENSSL_BIN=`find /usr/local/openresty -type f -executable -name openssl` \
&& cp /tmp/builder/favicon.ico /usr/local/openresty/nginx/favicon.ico \
# geoip
&& mkdir /GeoIP2 \
&& cp /tmp/*.mmdb /GeoIP2/ \
&& mkdir -p /usr/local/openresty/addon-generated/sites-enabled \
&& mkdir -p /usr/local/openresty/htpasswd \
&& printf "monitoring:$($OPENSSL_BIN passwd -apr1 monitoring)\n" > /usr/local/openresty/htpasswd/monitoring.htpasswd \
&& echo "======== VERSION ==========" \
&& /usr/bin/openresty -V 2>&1 | tee /tmp/VERSION \
&& cat /tmp/VERSION \
&& echo "======== /VERSION ==========" \
&& apt-get autoremove -y \
&& apt-get clean \
&& rm -rf /usr/share/doc \
&& rm -rf /usr/share/man \
&& rm -rf /usr/share/locale \
&& rm -rf /root/.op* \
&& cd / \
&& rm -r /var/lib/apt/lists/* && rm -rf /tmp && mkdir /tmp && chmod 777 /tmp && truncate -s 0 /var/log/*.log \
&& find /usr/local/openresty/nginx/error-pages -type f -print0 | xargs -0 chmod 0644 \
&& find /usr/local/openresty/lualib -type d -print0 | xargs -0 chmod 0755 \
&& find /usr/local/openresty/lualib -type f -print0 | xargs -0 chmod 0644 \
&& chmod +x /entrypoint.sh
# defaults config
COPY config/defaults /usr/local/openresty/nginx/defaults
# lua scripts
COPY config/lua/access_normal.lua /usr/local/openresty/lualib/access_normal.lua
COPY config/lua/normalize.lua /usr/local/openresty/lualib/normalize.lua
COPY config/lua/locales.lua /usr/local/openresty/lualib/locales.lua
COPY config/lua/utils.lua /usr/local/openresty/lualib/utils.lua
COPY config/lua/browsers.lua /usr/local/openresty/lualib/browsers.lua
COPY config/lua/loading_page.lua /usr/local/openresty/lualib/loading_page.lua
# nginx.conf
COPY addon /usr/local/openresty/nginx/addon
COPY config/nginx.conf /usr/local/openresty/nginx/conf/nginx.conf
EXPOSE 80/tcp 443/tcp
STOPSIGNAL SIGQUIT
ENTRYPOINT ["/entrypoint.sh"]
CMD ["openresty", "-g", "daemon off;"]