| ADD alpine-minirootfs-3.23.3-x86_64.tar.gz / # buildkit |
| CMD ["/bin/sh"] |
| LABEL maintainer=NGINX Docker Maintainers <docker-maint@nginx.com> |
| ENV NGINX_VERSION=1.29.5 |
| ENV PKG_RELEASE=1 |
| ENV DYNPKG_RELEASE=1 |
| RUN /bin/sh -c set -x && addgroup -g 101 -S nginx && adduser -S -D -H -u 101 -h /var/cache/nginx -s /sbin/nologin -G nginx -g nginx nginx && apkArch="$(cat /etc/apk/arch)" && nginxPackages=" nginx=${NGINX_VERSION}-r${PKG_RELEASE} " && apk add --no-cache --virtual .checksum-deps openssl && case "$apkArch" in x86_64|aarch64) set -x && KEY_SHA512="e09fa32f0a0eab2b879ccbbc4d0e4fb9751486eedda75e35fac65802cc9faa266425edf83e261137a2f4d16281ce2c1a5f4502930fe75154723da014214f0655" && wget -O /tmp/nginx_signing.rsa.pub https://nginx.org/keys/nginx_signing.rsa.pub && if echo "$KEY_SHA512 */tmp/nginx_signing.rsa.pub" | sha512sum -c -; then echo "key verification succeeded!"; mv /tmp/nginx_signing.rsa.pub /etc/apk/keys/; else echo "key verification failed!"; exit 1; fi && apk add -X "https://nginx.org/packages/mainline/alpine/v$(egrep -o '^[0-9]+\.[0-9]+' /etc/alpine-release)/main" --no-cache $nginxPackages ;; *) set -x && tempDir="$(mktemp -d)" && chown nobody:nobody $tempDir && apk add --no-cache --virtual .build-deps gcc libc-dev make openssl-dev pcre2-dev zlib-dev linux-headers bash alpine-sdk findutils curl && su nobody -s /bin/sh -c " export HOME=${tempDir} && cd ${tempDir} && curl -f -L -O https://github.com/nginx/pkg-oss/archive/${NGINX_VERSION}-${PKG_RELEASE}.tar.gz && PKGOSSCHECKSUM=\"b8584eaa97130ba7743dfbb2a10f665d64cb54b864e2038d0fd298d24682fc05eb4472738430b15862dabc6f374917f1b9889117051a852d36d0a6c8bc898921 *${NGINX_VERSION}-${PKG_RELEASE}.tar.gz\" && if [ \"\$(openssl sha512 -r ${NGINX_VERSION}-${PKG_RELEASE}.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then echo \"pkg-oss tarball checksum verification succeeded!\"; else echo \"pkg-oss tarball checksum verification failed!\"; exit 1; fi && tar xzvf ${NGINX_VERSION}-${PKG_RELEASE}.tar.gz && cd pkg-oss-${NGINX_VERSION}-${PKG_RELEASE} && cd alpine && make base && apk index --allow-untrusted -o ${tempDir}/packages/alpine/${apkArch}/APKINDEX.tar.gz ${tempDir}/packages/alpine/${apkArch}/*.apk && abuild-sign -k ${tempDir}/.abuild/abuild-key.rsa ${tempDir}/packages/alpine/${apkArch}/APKINDEX.tar.gz " && cp ${tempDir}/.abuild/abuild-key.rsa.pub /etc/apk/keys/ && apk del --no-network .build-deps && apk add -X ${tempDir}/packages/alpine/ --no-cache $nginxPackages ;; esac && apk del --no-network .checksum-deps && if [ -n "$tempDir" ]; then rm -rf "$tempDir"; fi && if [ -f "/etc/apk/keys/abuild-key.rsa.pub" ]; then rm -f /etc/apk/keys/abuild-key.rsa.pub; fi && apk add --no-cache gettext-envsubst && apk add --no-cache tzdata && ln -sf /dev/stdout /var/log/nginx/access.log && ln -sf /dev/stderr /var/log/nginx/error.log && mkdir /docker-entrypoint.d # buildkit |
| COPY docker-entrypoint.sh / # buildkit |
| COPY 10-listen-on-ipv6-by-default.sh /docker-entrypoint.d # buildkit |
| COPY 15-local-resolvers.envsh /docker-entrypoint.d # buildkit |
| COPY 20-envsubst-on-templates.sh /docker-entrypoint.d # buildkit |
| COPY 30-tune-worker-processes.sh /docker-entrypoint.d # buildkit |
| ENTRYPOINT ["/docker-entrypoint.sh"] |
| EXPOSE map[80/tcp:{}] |
| STOPSIGNAL SIGQUIT |
| CMD ["nginx" "-g" "daemon off;"] |
| ENV NJS_VERSION=0.9.5 |
| ENV NJS_RELEASE=1 |
| ENV ACME_VERSION=0.3.1 |
| RUN /bin/sh -c set -x && apkArch="$(cat /etc/apk/arch)" && nginxPackages=" nginx=${NGINX_VERSION}-r${PKG_RELEASE} nginx-module-xslt=${NGINX_VERSION}-r${DYNPKG_RELEASE} nginx-module-geoip=${NGINX_VERSION}-r${DYNPKG_RELEASE} nginx-module-image-filter=${NGINX_VERSION}-r${DYNPKG_RELEASE} nginx-module-njs=${NGINX_VERSION}.${NJS_VERSION}-r${NJS_RELEASE} nginx-module-acme=${NGINX_VERSION}.${ACME_VERSION}-r${PKG_RELEASE} " && apk add --no-cache --virtual .checksum-deps openssl && case "$apkArch" in x86_64|aarch64) apk add -X "https://nginx.org/packages/mainline/alpine/v$(egrep -o '^[0-9]+\.[0-9]+' /etc/alpine-release)/main" --no-cache $nginxPackages ;; *) set -x && tempDir="$(mktemp -d)" && chown nobody:nobody $tempDir && apk add --no-cache --virtual .build-deps gcc libc-dev make openssl-dev pcre2-dev zlib-dev linux-headers libxslt-dev gd-dev geoip-dev libedit-dev bash alpine-sdk findutils curl cargo clang-libclang && su nobody -s /bin/sh -c " export HOME=${tempDir} && cd ${tempDir} && curl -f -L -O https://github.com/nginx/pkg-oss/archive/${NGINX_VERSION}-${PKG_RELEASE}.tar.gz && PKGOSSCHECKSUM=\"b8584eaa97130ba7743dfbb2a10f665d64cb54b864e2038d0fd298d24682fc05eb4472738430b15862dabc6f374917f1b9889117051a852d36d0a6c8bc898921 *${NGINX_VERSION}-${PKG_RELEASE}.tar.gz\" && if [ \"\$(openssl sha512 -r ${NGINX_VERSION}-${PKG_RELEASE}.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then echo \"pkg-oss tarball checksum verification succeeded!\"; else echo \"pkg-oss tarball checksum verification failed!\"; exit 1; fi && tar xzvf ${NGINX_VERSION}-${PKG_RELEASE}.tar.gz && cd pkg-oss-${NGINX_VERSION}-${PKG_RELEASE} && cd alpine && export BUILDTARGET=\"module-geoip module-image-filter module-njs module-xslt module-acme\" && if [ \"\$(apk --print-arch)\" = \"armhf\" ]; then BUILDTARGET=\"\$( echo \$BUILDTARGET | sed 's,module-acme,,' )\"; fi && make \$BUILDTARGET && apk index --allow-untrusted -o ${tempDir}/packages/alpine/${apkArch}/APKINDEX.tar.gz ${tempDir}/packages/alpine/${apkArch}/*.apk && abuild-sign -k ${tempDir}/.abuild/abuild-key.rsa ${tempDir}/packages/alpine/${apkArch}/APKINDEX.tar.gz " && cp ${tempDir}/.abuild/abuild-key.rsa.pub /etc/apk/keys/ && apk del --no-network .build-deps && if [ "$apkArch" = "armhf" ]; then nginxPackages="$( echo $nginxPackages | sed 's,nginx-module-acme=.*,,')"; fi && apk add -X ${tempDir}/packages/alpine/ --no-cache $nginxPackages ;; esac && apk del --no-network .checksum-deps && if [ -n "$tempDir" ]; then rm -rf "$tempDir"; fi && if [ -f "/etc/apk/keys/abuild-key.rsa.pub" ]; then rm -f /etc/apk/keys/abuild-key.rsa.pub; fi && apk add --no-cache curl ca-certificates # buildkit |
| RUN /bin/sh -c apk upgrade --no-cache && apk add --no-cache --virtual .build-deps gcc libc-dev make pcre-dev zlib-dev linux-headers openssl-dev git && NGINX_VERSION=$(nginx -v 2>&1 | sed 's/.*\///') && cd /tmp && git clone --depth 1 https://github.com/openresty/headers-more-nginx-module.git && wget -q "http://nginx.org/download/nginx-${NGINX_VERSION}.tar.gz" && tar xzf "nginx-${NGINX_VERSION}.tar.gz" && cd "nginx-${NGINX_VERSION}" && ./configure --with-compat --add-dynamic-module=/tmp/headers-more-nginx-module && make modules && cp objs/ngx_http_headers_more_filter_module.so /etc/nginx/modules/ && cd / && rm -rf /tmp/* && apk del .build-deps # buildkit |
| RUN /bin/sh -c echo 'load_module modules/ngx_http_headers_more_filter_module.so;' > /etc/nginx/modules/headers-more.conf && grep -q 'include /etc/nginx/modules/' /etc/nginx/nginx.conf || sed -i '1i include /etc/nginx/modules/*.conf;' /etc/nginx/nginx.conf # buildkit |
| RUN /bin/sh -c rm -f /etc/nginx/conf.d/default.conf # buildkit |
| RUN /bin/sh -c addgroup -g 1001 -S tmf && adduser -u 1001 -S tmf -G tmf && chown -R tmf:tmf /var/cache/nginx && chown -R tmf:tmf /var/log/nginx && chown -R tmf:tmf /etc/nginx/conf.d && touch /var/run/nginx.pid && chown -R tmf:tmf /var/run/nginx.pid # buildkit |
| COPY nginx.conf /etc/nginx/conf.d/default.conf # buildkit |
| COPY /app/dist /usr/share/nginx/html # buildkit |
| RUN /bin/sh -c chown -R tmf:tmf /usr/share/nginx/html # buildkit |
| EXPOSE [8080/tcp] |
| HEALTHCHECK &{["CMD-SHELL" "wget --quiet --tries=1 --spider http://localhost:8080/health || exit 1"] "30s" "10s" "5s" "0s" '\x03'} |
| USER tmf |
| CMD ["nginx" "-g" "daemon off;"] |
