Permalink
Find file Copy path
Fetching contributors…
Cannot retrieve contributors at this time
178 lines (156 sloc) 6.43 KB
FROM centos:7
MAINTAINER Karl Stoney <me@karlstoney.com>
# iputils causes the build to fail because of some incompatibility between
# docker hosts running on ubuntu, aufs and centos.
# Details: https://github.com/docker/docker/issues/6980
RUN yum -y -q update && \
yum -y -q remove iputils && \
yum -y -q install wget epel-release openssl openssl-devel tar unzip \
libffi-devel python-devel redhat-rpm-config git-core \
gcc gcc-c++ make zlib-devel pcre-devel ca-certificates && \
yum -y -q clean all
# Setup the nginx user and groups
RUN groupadd nginx && \
useradd -g nginx nginx
# Download LUA JIT
# http://luajit.org/download.html
RUN cd /tmp && \
wget --quiet http://luajit.org/download/LuaJIT-2.1.0-beta2.tar.gz && \
tar xzf Lua* && \
cd Lua* && \
make && \
make install && \
rm -rf /tmp/Lua*
ENV LUAJIT_LIB=/usr/local/lib
ENV LUAJIT_INC=/usr/local/include/luajit-2.1
# Download NGX Dev kit
# https://github.com/simpl/ngx_devel_kit/releases
RUN cd /tmp && \
wget --quiet https://github.com/simpl/ngx_devel_kit/archive/v0.3.0.tar.gz && \
tar xzf v0.3.0* && \
mv ngx_devel_kit* /usr/local/src/ngx-devel-kit && \
rm -f v0.3.0*
# Download NGX_Lua
# https://github.com/openresty/lua-nginx-module/releases
ENV LUA_VERSION=0.10.8
RUN cd /tmp && \
wget --quiet https://github.com/openresty/lua-nginx-module/archive/v$LUA_VERSION.tar.gz && \
tar xzf v$LUA_VERSION* && \
mv lua-nginx-module* /usr/local/src/lua-nginx-module && \
rm -f v$LUA_VERSION*
# Download the nginx_set_misc module
# https://github.com/openresty/set-misc-nginx-module/releases
ENV MISC_VERSION=0.31
RUN cd /tmp && \
wget --quiet https://github.com/openresty/set-misc-nginx-module/archive/v$MISC_VERSION.tar.gz && \
tar xzf v$MISC_VERSION* && \
mv set-misc-nginx-module-* /usr/local/src/set-misc-nginx-module && \
rm -f v$MISC_VERSION*
# Download the nginx pagespeed module
# https://modpagespeed.com/doc/release_notes
ENV NGX_PAGESPEED=1.12.34.2
RUN cd /tmp && \
wget --quiet https://github.com/pagespeed/ngx_pagespeed/archive/v$NGX_PAGESPEED-beta.zip && \
unzip v$NGX_PAGESPEED-beta.zip && \
rm *.zip && \
cd ngx_pagespeed-*-beta && \
psol_url=https://dl.google.com/dl/page-speed/psol/$NGX_PAGESPEED.tar.gz && \
[ -e scripts/format_binary_url.sh ] && psol_url=$(scripts/format_binary_url.sh PSOL_BINARY_URL) && \
wget --quiet ${psol_url} && \
tar -xzvf $(basename ${psol_url}) && \
mv /tmp/ngx_pagespeed-* /usr/local/src/ngx-pagespeed
# Download the latest source and build it
# https://nginx.org/en/download.html
ENV NGINX_VERSION=1.11.10
RUN cd /usr/local/src && \
wget --quiet http://nginx.org/download/nginx-$NGINX_VERSION.tar.gz && \
tar -xzf nginx-$NGINX_VERSION.tar.gz && \
ln -sf nginx-$NGINX_VERSION nginx && \
cd nginx && \
./configure \
--with-ld-opt="-Wl,-rpath,$LUAJIT_LIB" \
--add-module=/usr/local/src/lua-nginx-module \
--add-module=/usr/local/src/ngx-devel-kit \
--add-module=/usr/local/src/set-misc-nginx-module \
--add-module=/usr/local/src/ngx-pagespeed \
--user=nginx \
--group=nginx \
--prefix=/usr/share/nginx \
--sbin-path=/usr/sbin/nginx \
--conf-path=/etc/nginx/nginx.conf \
--pid-path=/var/run/nginx/nginx.pid \
--lock-path=/var/run/nginx/nginx.lock \
--error-log-path=/var/log/nginx/error.log \
--http-log-path=/var/log/nginx/access.log \
--with-http_gzip_static_module \
--with-http_stub_status_module \
--with-http_sub_module \
--with-http_ssl_module \
--with-pcre \
--with-file-aio \
--with-http_realip_module \
--without-http_scgi_module \
--without-http_uwsgi_module \
--without-http_fastcgi_module && \
make && \
make install && \
rm -rf /usr/local/src/nginx*
# Add latest pip
RUN wget --quiet https://bootstrap.pypa.io/get-pip.py && \
python get-pip.py
# Download and setup lets encrypt
RUN pip install 'acme>=0.4.1,<0.9' && \
mkdir -p /tmp/src && \
git clone https://github.com/zenhack/simp_le /tmp/src/simp_le && \
cd /tmp/src/simp_le && \
python ./setup.py install && \
yum -y -q clean all
# Remove build tools from a public facing weberver
RUN yum -y -q remove gcc gcc-c++ make && \
yum -y -q install openssl
# Setup directories and ownership, as well as allowing nginx to bind to low ports
RUN mkdir -p /var/log/nginx && \
mkdir -p /var/run/nginx && \
mkdir -p /usr/share/nginx && \
mkdir -p /etc/nginx/conf.d && \
mkdir -p /usr/local/etc/nginx && \
mkdir -p /etc/letsencrypt && \
mkdir -p /mnt/live && \
mkdir -p /mnt/html && \
rm -rf /usr/share/nginx/html && \
ln -sf /mnt/live /etc/letsencrypt/live && \
ln -sf /mnt/html /usr/share/nginx/html && \
chown -R nginx:nginx /var/log/nginx && \
chown -R nginx:nginx /var/run/nginx && \
chown -R nginx:nginx /usr/share/nginx && \
chown -R nginx:nginx /etc/nginx && \
chown -R nginx:nginx /usr/local/etc/nginx && \
chown -R nginx:nginx /etc/letsencrypt && \
chown -R nginx:nginx /mnt
# Get nodejs repos
RUN curl --silent --location https://rpm.nodesource.com/setup_7.x | bash -
RUN yum -y -q install nodejs
RUN npm install -g handlebars
RUN mkdir -p /template
COPY template/package.json /template/package.json
RUN cd /template && \
npm install
RUN setcap 'cap_net_bind_service=+ep' /usr/sbin/nginx
EXPOSE 80
EXPOSE 443
# Setup NGINX configuration
COPY nginx.conf /etc/nginx/nginx.conf
COPY scripts/* /usr/local/bin/
COPY template/template.js /template/template.js
# Copy default conf
COPY ssl.default.conf /usr/local/etc/nginx
COPY redirect.default.conf /usr/local/etc/nginx
RUN cd /usr/local/share && \
git clone https://github.com/mariusv/nginx-badbot-blocker.git && \
cd nginx-badbot-blocker && \
git checkout f64d4f9f74a1a845b76b4c43012e3636f28545f2 && \
cd /etc/nginx/conf.d && \
ln -sf /usr/local/share/nginx-badbot-blocker/VERSION_2/conf.d/blacklist.conf blacklist.conf && \
cd /etc/nginx && \
ln -sf /usr/local/share/nginx-badbot-blocker/VERSION_2/bots.d bots.d
CMD ["/usr/local/bin/start_nginx.sh"]