-
-
Notifications
You must be signed in to change notification settings - Fork 20
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Bump to golang:1.22.3-alpine3.19@sha256:2a882244fb51835ebbd8313bffee8…
…3775b0c076aaf56b497b43d8a4c72db65e1 Signed-off-by: Jauder Ho <[email protected]>
- Loading branch information
Showing
63 changed files
with
650 additions
and
57 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,124 @@ | ||
| name: freenginx | ||
|
|
||
| on: | ||
| push: | ||
| branches: | ||
| - main | ||
| paths: | ||
| - freenginx/* | ||
| - .github/workflows/freenginx.yml | ||
| workflow_dispatch: | ||
| schedule: | ||
| - cron: "0 8 * * 1" | ||
|
|
||
| env: | ||
| BUILD_VERSION: "1.26.0" | ||
| OPENSSL_VERSION: "3.3.0" | ||
| PCRE_VERSION: "10.43" | ||
| DOCKER_CLI_EXPERIMENTAL: enabled | ||
| REPOSITORY: ${{ github.actor }}/${{ github.workflow }} | ||
|
|
||
| permissions: read-all | ||
|
|
||
| jobs: | ||
| deploy: | ||
| runs-on: ubuntu-22.04 | ||
| permissions: | ||
| packages: write | ||
|
|
||
| steps: | ||
| - name: Harden Runner | ||
| uses: step-security/harden-runner@a4aa98b93cab29d9b1101a6143fb8bce00e2eac4 # v1 | ||
| with: | ||
| egress-policy: block | ||
| disable-telemetry: true | ||
| allowed-endpoints: > | ||
| api.github.com:443 | ||
| auth.docker.io:443 | ||
| dl-cdn.alpinelinux.org:443 | ||
| ghcr.io:443 | ||
| github.com:443 | ||
| freenginx.org:80 | ||
| objects.githubusercontent.com:443 | ||
| production.cloudflare.docker.com:443 | ||
| registry-1.docker.io:443 | ||
| www.openssl.org:443 | ||
| umsah0twc0d25lndsc0j.blob.core.windows.net:443 | ||
| - name: Source checkout | ||
| uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v2.4.0 | ||
|
|
||
| - name: Setup QEMU | ||
| id: qemu | ||
| uses: docker/setup-qemu-action@68827325e0b33c7199eb31dd4e31fbe9023e06e3 # v1.2.0 | ||
|
|
||
| - name: Setup Buildx | ||
| id: buildx | ||
| uses: docker/setup-buildx-action@d70bba72b1f3fd22344832f00baa16ece964efeb # v1 | ||
|
|
||
| - name: Setup mold | ||
| id: mold | ||
| uses: rui314/setup-mold@c9803d2102b7e020ad0ccd687c55b2ad8baf3496 | ||
|
|
||
| # - name: Setup cache | ||
| # uses: actions/cache@c64c572235d810460d0d6876e9c705ad5002b353 # v2.1.6 | ||
| # with: | ||
| # path: ~/.cache/ccache | ||
| # key: ${{ runner.os }}-buildx-${{ github.sha }} | ||
| # restore-keys: | | ||
| # ${{ runner.os }}-buildx- | ||
|
|
||
| - name: Set Docker metadata | ||
| id: docker_meta | ||
| uses: docker/metadata-action@8e5442c4ef9f78752691e2d8f8d19755c6f78e81 # v3 | ||
| with: | ||
| images: ${{ env.REPOSITORY }} | ||
| labels: | | ||
| org.opencontainers.image.version=${{ env.BUILD_VERSION }} | ||
| org.opencontainers.image.revision=${{ github.sha }} | ||
| org.opencontainers.image.title=${{ env.REPOSITORY }} | ||
| - name: GitHub login | ||
| if: ${{ github.event_name != 'pull_request' }} | ||
| uses: docker/login-action@e92390c5fb421da1463c202d546fed0ec5c39f20 # v1.12.0 | ||
| with: | ||
| registry: ghcr.io | ||
| username: ${{ github.actor }} | ||
| password: ${{ secrets.GITHUB_TOKEN }} | ||
|
|
||
| - name: DockerHub login | ||
| if: ${{ github.event_name != 'pull_request' }} | ||
| uses: docker/login-action@e92390c5fb421da1463c202d546fed0ec5c39f20 # v1.12.0 | ||
| with: | ||
| username: ${{ secrets.DOCKERHUB_USERNAME }} | ||
| password: ${{ secrets.DOCKERHUB_PASSWORD }} | ||
|
|
||
| - name: Build and push | ||
| uses: docker/build-push-action@2cdde995de11925a030ce8070c3d77a52ffcf1c0 # v2.8.0 | ||
| with: | ||
| push: ${{ github.event_name != 'pull_request' }} | ||
| context: ${{ github.workflow }} | ||
| #platforms: linux/amd64,linux/arm64,linux/arm/v7,linux/arm/v6,linux/ppc64le | ||
| platforms: linux/amd64,linux/arm64 | ||
| #platforms: linux/amd64 | ||
| build-args: | | ||
| BUILD_VERSION | ||
| OPENSSL_VERSION | ||
| PCRE_VERSION | ||
| sbom: true | ||
| provenance: true | ||
| cache-from: type=gha, scope=${{ github.workflow }} | ||
| cache-to: type=gha, scope=${{ github.workflow }} | ||
| labels: ${{ steps.docker_meta.outputs.labels }} | ||
| tags: | | ||
| docker.io/${{ env.REPOSITORY }}:${{ env.BUILD_VERSION }} | ||
| docker.io/${{ env.REPOSITORY }}:latest | ||
| ghcr.io/${{ env.REPOSITORY }}:${{ env.BUILD_VERSION }} | ||
| ghcr.io/${{ env.REPOSITORY }}:latest | ||
| # # Temporary cache workaround | ||
| # # See https://github.com/docker/build-push-action/issues/252#issuecomment-744400434 | ||
| # - name: Move cache | ||
| # run: | | ||
| # rm -rf ~/.cache/ccache | ||
| # mv ~/.cache/ccache-new ~/.cache/ccache |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,120 @@ | ||
| FROM alpine:3.19.1@sha256:c5b1261d6d3e43071626931fc004f70149baeba2c8ec672bd4f27761f8e1ad6b | ||
| #FROM alpine:edge@sha256:c8420124adc6f31031a88c85f53e1e78f419b1ac46b827fd1d4d0fdae2c7e3aa | ||
|
|
||
| # https://nginx.org/en/download.html | ||
| #ENV BUILD_VERSION 1.25.3 | ||
|
|
||
| # https://www.openssl.org/source | ||
| #ENV OPENSSL_VERSION 3.2.1 | ||
|
|
||
| # https://www.pcre.org/ | ||
| #ENV PCRE_VERSION 10.42 | ||
|
|
||
| ARG BUILD_VERSION | ||
| ARG OPENSSL_VERSION | ||
| ARG PCRE_VERSION | ||
| ARG ZLIB_URL=https://github.com/cloudflare/zlib.git | ||
| ARG BROTLI_URL=https://github.com/google/ngx_brotli.git | ||
| ARG PATCHES_URL=https://github.com/jauderho/patches.git | ||
|
|
||
| RUN \ | ||
| #build_pkgs="build-base linux-headers openssl-dev pcre-dev wget zlib-dev perl-dev lld ccache openssl zlib git" && \ | ||
| apk update && \ | ||
| apk upgrade -a && \ | ||
| build_pkgs="build-base linux-headers openssl-dev wget perl-dev ccache openssl zlib git mold brotli-dev" && \ | ||
| runtime_pkgs="ca-certificates tzdata brotli-libs" && \ | ||
| apk --no-cache add ${build_pkgs} ${runtime_pkgs} && \ | ||
| update-ca-certificates && \ | ||
| cd /tmp && \ | ||
| wget -O - http://freenginx.org/download/freenginx-${BUILD_VERSION}.tar.gz --tries=3 | tar zxf - -C /tmp && \ | ||
| wget -O - https://www.openssl.org/source/openssl-${OPENSSL_VERSION}.tar.gz --tries=3 --no-dns-cache | tar xzf - -C /tmp && \ | ||
| wget -O - https://github.com/PCRE2Project/pcre2/releases/download/pcre2-${PCRE_VERSION}/pcre2-${PCRE_VERSION}.tar.gz --tries=3 | tar xzf - -C /tmp && \ | ||
| git clone --depth 1 ${ZLIB_URL} /tmp/zlib && \ | ||
| cd /tmp/zlib && \ | ||
| ./configure && \ | ||
| git clone --depth 1 ${BROTLI_URL} /tmp/ngx_brotli && \ | ||
| cd /tmp/ngx_brotli && \ | ||
| git submodule update --init && \ | ||
| git clone --depth 1 ${PATCHES_URL} /tmp/patches && \ | ||
| cd /tmp/freenginx-${BUILD_VERSION} && \ | ||
| NB_PROC=$(grep -c ^processor /proc/cpuinfo) && \ | ||
| echo "Patching..." && \ | ||
| patch -p1 < /tmp/patches/nginx/nginx__dynamic_tls_records_1.25.1+.patch && \ | ||
| #patch -p1 < /tmp/patches/nginx/nginx_hpack_push_1.25.0.patch && \ | ||
| patch -p1 < /tmp/patches/nginx/nginx-1.25.3-reprioritize-chacha-openssl-1.1.1.patch && \ | ||
| patch -p1 < /tmp/patches/nginx/nginx-gzip-207-status.patch && \ | ||
| ./configure \ | ||
| --prefix=/usr/share/nginx \ | ||
| --sbin-path=/usr/sbin/nginx \ | ||
| --conf-path=/etc/nginx/nginx.conf \ | ||
| --error-log-path=/var/log/nginx/error.log \ | ||
| --http-log-path=/var/log/nginx/access.log \ | ||
| --pid-path=/var/run/nginx.pid \ | ||
| --lock-path=/var/run/nginx.lock \ | ||
| --http-client-body-temp-path=/var/cache/nginx/client_temp \ | ||
| --http-proxy-temp-path=/var/cache/nginx/proxy_temp \ | ||
| --http-fastcgi-temp-path=/var/cache/nginx/fastcgi_temp \ | ||
| --http-uwsgi-temp-path=/var/cache/nginx/uwsgi_temp \ | ||
| --http-scgi-temp-path=/var/cache/nginx/scgi_temp \ | ||
| --user=nginx \ | ||
| --group=nginx \ | ||
| --with-http_ssl_module \ | ||
| --with-http_realip_module \ | ||
| --with-http_v2_module \ | ||
| #--with-http_v2_hpack_enc \ | ||
| --with-http_gunzip_module \ | ||
| --with-http_gzip_static_module \ | ||
| --with-http_secure_link_module \ | ||
| --with-http_slice_module \ | ||
| --with-http_stub_status_module \ | ||
| --with-http_auth_request_module \ | ||
| --without-http_autoindex_module \ | ||
| --without-http_ssi_module \ | ||
| --with-file-aio \ | ||
| --with-threads \ | ||
| --add-module=/tmp/ngx_brotli \ | ||
| --with-cc-opt='-fuse-ld=mold -O3 -march=native -pipe -flto -ffat-lto-objects -fomit-frame-pointer -fstack-protector-strong -fstack-clash-protection -fPIE -fexceptions --param=ssp-buffer-size=4 -grecord-gcc-switches -pie -fno-semantic-interposition -Wl,-Bsymbolic-functions -Wl,-z,relro -Wl,-z,now -Wformat-security -Wno-error=strict-aliasing -Wextra -Wp,-D_FORTIFY_SOURCE=2 -D_GLIBCXX_ASSERTIONS' \ | ||
| --with-ld-opt='-O3 -Wl,-Bsymbolic-functions -Wl,-z,relro' \ | ||
| --with-openssl=/tmp/openssl-${OPENSSL_VERSION} \ | ||
| --with-openssl-opt="enable-ec_nistp_64_gcc_128 enable-ktls threads no-ssl no-tls1 no-tls1_1 no-weak-ssl-ciphers no-tests" \ | ||
| --with-pcre-jit \ | ||
| --with-pcre=/tmp/pcre2-${PCRE_VERSION} \ | ||
| --with-zlib=/tmp/zlib \ | ||
| && \ | ||
| PATH="/usr/lib/ccache:${PATH}" make -j $NB_PROC && \ | ||
| ccache -s && \ | ||
| strip objs/nginx && \ | ||
| make install && \ | ||
| sed -i -e 's/#access_log logs\/access.log main;/access_log \/dev\/stdout;/' -e 's/#error_log logs\/error.log notice;/error_log stderr notice;/' /etc/nginx/nginx.conf && \ | ||
| addgroup -S nginx && \ | ||
| adduser -D -S -h /var/cache/nginx -s /sbin/nologin -G nginx nginx && \ | ||
| rm -rf /tmp/* && \ | ||
| apk del ${build_pkgs} && \ | ||
| rm -rf /var/cache/apk/* | ||
|
|
||
| # --with-ld-opt='-Wl,-Bsymbolic-functions -Wl,-z,relro -Wl,--as-needed' \ | ||
|
|
||
| LABEL org.opencontainers.image.authors "Jauder Ho <[email protected]>" | ||
| LABEL org.opencontainers.image.url "https://github.com/jauderho/dockerfiles" | ||
| LABEL org.opencontainers.image.documentation "https://github.com/jauderho/dockerfiles" | ||
| LABEL org.opencontainers.image.source "https://github.com/jauderho/dockerfiles" | ||
| LABEL org.opencontainers.image.title "jauderho/freenginx" | ||
| LABEL org.opencontainers.image.description "freenginx is a web server" | ||
|
|
||
| COPY files/index.html /usr/share/nginx/html/ | ||
| COPY files/nginx.conf /etc/nginx/nginx.conf | ||
|
|
||
| #VOLUME ["/var/cache/nginx"] | ||
|
|
||
| EXPOSE 80 443 | ||
|
|
||
| #ENTRYPOINT ["nginx"] | ||
| ENTRYPOINT ["nginx", "-g", "daemon off;"] | ||
|
|
||
| # Notes | ||
| # | ||
| # Use the following to enable streaming | ||
| # --with-stream \ | ||
| # --with-stream_ssl_module \ | ||
| # --with-stream_ssl_preread_module \ | ||
| # --with-stream_realip_module \ |
Oops, something went wrong.