-
Notifications
You must be signed in to change notification settings - Fork 0
/
Dockerfile
118 lines (115 loc) 路 6.06 KB
/
Dockerfile
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
FROM --platform=linux/amd64 docker.io/library/alpine:latest
RUN NB_CORES="${BUILD_CORES-$(getconf _NPROCESSORS_CONF)}" \
&& apk -U upgrade && apk add --no-cache \
openssl \
pcre \
zlib-ng \
libgcc \
libstdc++ \
g++ \
make \
build-base \
linux-headers \
ca-certificates \
automake \
autoconf \
git \
talloc \
talloc-dev \
libtool \
pcre-dev \
zlib-ng-dev \
binutils \
gnupg \
cmake \
go \
mercurial \
libxslt \
libxslt-dev \
tini \
&& cd /tmp && hg clone -r default https://freenginx.org/hg/nginx \
&& sed -i -e 's@"freenginx"@" "@g' /tmp/nginx/src/core/nginx.h \
&& sed -i -e 's@"freenginx version: "@" "@g' /tmp/nginx/src/core/nginx.c \
&& sed -i -e 's@r->headers_out.server == NULL@0@g' /tmp/nginx/src/http/ngx_http_header_filter_module.c \
&& sed -i -e 's@r->headers_out.server == NULL@0@g' /tmp/nginx/src/http/v2/ngx_http_v2_filter_module.c \
&& sed -i -e 's@r->headers_out.server == NULL@0@g' /tmp/nginx/src/http/v3/ngx_http_v3_filter_module.c \
&& sed -i -e 's@<hr><center>freenginx</center>@@g' /tmp/nginx/src/http/ngx_http_special_response.c \
&& sed -i -e 's@NGINX_VERSION ".*"@NGINX_VERSION " "@g' /tmp/nginx/src/core/nginx.h \
&& sed -i -e 's/listen 80;/listen 8080;/g' /tmp/nginx/conf/nginx.conf \
&& sed -i -e 's@#tcp_nopush on;@client_body_temp_path /tmp/client_temp;@g' /tmp/nginx/conf/nginx.conf \
&& sed -i -e 's@#keepalive_timeout 0;@proxy_temp_path /tmp/proxy_temp;@g' /tmp/nginx/conf/nginx.conf \
&& sed -i -e 's@#gzip on;@fastcgi_temp_path /tmp/fastcgi_temp;@g' /tmp/nginx/conf/nginx.conf \
&& sed -i -e '1i pid /tmp/freenginx.pid;\n' /tmp/nginx/conf/nginx.conf \
&& addgroup --gid 101 -S freenginx && adduser -S freenginx --uid 101 -s /sbin/nologin -G freenginx --no-create-home \
&& hg clone https://hg.nginx.org/njs && (git clone https://boringssl.googlesource.com/boringssl /tmp/boringssl \
&& cd /tmp/boringssl && git checkout --force --quiet e648990 \
&& (grep -qxF 'SET_TARGET_PROPERTIES(crypto PROPERTIES SOVERSION 1)' /tmp/boringssl/crypto/CMakeLists.txt || echo -e '\nSET_TARGET_PROPERTIES(crypto PROPERTIES SOVERSION 1)' >> /tmp/boringssl/crypto/CMakeLists.txt) \
&& (grep -qxF 'SET_TARGET_PROPERTIES(ssl PROPERTIES SOVERSION 1)' /tmp/boringssl/ssl/CMakeLists.txt || echo -e '\nSET_TARGET_PROPERTIES(ssl PROPERTIES SOVERSION 1)' >> /tmp/boringssl/ssl/CMakeLists.txt) \
&& mkdir -p /tmp/boringssl/build && cmake -B/tmp/boringssl/build -S/tmp/boringssl -DCMAKE_BUILD_TYPE=RelWithDebInfo \
&& make -C/tmp/boringssl/build -j$(getconf _NPROCESSORS_ONLN)) && cd /tmp/njs && ./configure \
&& make -j "${NB_CORES}" && make clean && mkdir /var/cache/freenginx && cd /tmp/nginx && ./auto/configure \
--with-debug \
--prefix=/etc/freenginx \
--sbin-path=/usr/sbin/freenginx \
--user=freenginx \
--group=freenginx \
--http-log-path=/tmp/access.log \
--error-log-path=/tmp/error.log \
--conf-path=/etc/nginx/nginx.conf \
--pid-path=/tmp/freenginx.pid \
--lock-path=/tmp/freenginx.lock \
--http-client-body-temp-path=/var/cache/freenginx/client_temp \
--http-proxy-temp-path=/var/cache/freenginx/proxy_temp \
--http-fastcgi-temp-path=/var/cache/freenginx/fastcgi_temp \
--with-cc-opt="-O2 -g -m64 -march=westmere -falign-functions=32 -flto -funsafe-math-optimizations -fstack-protector-strong --param=ssp-buffer-size=4 -Wimplicit-fallthrough=0 -Wno-error=strict-aliasing -Wformat -Wno-error=pointer-sign -Wno-implicit-function-declaration -Wno-int-conversion -Wno-error=unused-result -Wno-unused-result -fcode-hoisting -Werror=format-security -Wno-deprecated-declarations -Wp,-D_FORTIFY_SOURCE=2 -DTCP_FASTOPEN=23 -fPIC -I/tmp/boringssl/include" \
--with-ld-opt="-L/tmp/boringssl/build/ssl -L/tmp/boringssl/build/crypto" \
--with-compat \
--with-file-aio \
--with-pcre-jit \
--with-threads \
--with-http_realip_module \
--with-http_stub_status_module \
--with-http_ssl_module \
--with-http_v2_module \
--with-http_v3_module \
--with-http_gzip_static_module \
--with-stream \
--with-stream_realip_module \
--with-stream_ssl_module \
--with-stream_ssl_preread_module \
--without-stream_split_clients_module \
--without-stream_set_module \
--without-stream_map_module \
--without-http_geo_module \
--without-http_scgi_module \
--without-http_uwsgi_module \
--without-http_autoindex_module \
--without-http_split_clients_module \
--without-http_memcached_module \
--without-http_ssi_module \
--without-http_empty_gif_module \
--without-http_browser_module \
--without-http_userid_module \
--without-http_mirror_module \
--without-http_referer_module \
--without-mail_pop3_module \
--without-mail_imap_module \
--without-mail_smtp_module \
--add-module=/tmp/njs/nginx \
&& make -j "${NB_CORES}" && make install && make clean && strip /usr/sbin/freenginx* \
&& chown -R freenginx:freenginx /var/cache/freenginx && chmod -R g+w /var/cache/freenginx \
&& chown -R freenginx:freenginx /etc/nginx && chmod -R g+w /etc/freenginx \
&& update-ca-certificates && apk --purge del libgcc libstdc++ g++ make build-base linux-headers automake autoconf git talloc talloc-dev libtool zlib-ng-dev binutils gnupg cmake mercurial go pcre-dev ca-certificates openssl libxslt-dev apk-tools \
&& rm -rf /tmp/* /var/cache/apk/ /var/cache/misc /root/.gnupg /root/.cache /root/go /etc/apk \
&& ln -sf /dev/stdout /tmp/access.log && ln -sf /dev/stderr /tmp/error.log
ENTRYPOINT [ "/sbin/tini", "--" ]
EXPOSE 8080/tcp 8443/tcp 8443/udp
LABEL description="Distroless FreeNGINX built with QUIC and HTTP/3 support馃殌" \
maintainer="ammnt <admin@msftcnsi.com>" \
org.opencontainers.image.description="Distroless FreeNGINX built with QUIC and HTTP/3 support馃殌" \
org.opencontainers.image.authors="ammnt, admin@msftcnsi.com" \
org.opencontainers.image.title="Distroless FreeNGINX built with QUIC and HTTP/3 support馃殌" \
org.opencontainers.image.source="https://github.com/ammnt/freenginx/"
STOPSIGNAL SIGQUIT
USER freenginx
CMD ["/usr/sbin/freenginx", "-g", "daemon off;"]