"Fossies" - the Fresh Open Source Software Archive

Member "wire-server-2021-10-01/services/nginz/Dockerfile" (4 Oct 2021, 5948 Bytes) of package /linux/misc/wire-server-2021-10-01.tar.gz:


As a special service "Fossies" has tried to format the requested text file into HTML format (style: standard) with prefixed line numbers. Alternatively you can here view or download the uninterpreted source code file.

    1 # Requires docker >= 17.05 (requires support for multi-stage builds)
    2 FROM alpine:3.11 as libzauth-builder
    3 
    4 # Compile libzauth
    5 COPY libs/libzauth /src/libzauth
    6 RUN cd /src/libzauth/libzauth-c \
    7     && apk add --no-cache make bash cargo libsodium-dev \
    8     && make install
    9 
   10 # Nginz container
   11 FROM alpine:3.11
   12 
   13 # Install libzauth
   14 COPY --from=libzauth-builder /usr/local/include/zauth.h /usr/local/include/zauth.h
   15 COPY --from=libzauth-builder /usr/local/lib/libzauth.so /usr/local/lib/libzauth.so
   16 COPY --from=libzauth-builder /usr/local/lib/pkgconfig/libzauth.pc /usr/local/lib/pkgconfig/libzauth.pc
   17 
   18 COPY services/nginz/third_party /src/third_party
   19 
   20 ENV CONFIG --prefix=/etc/nginx \
   21         --sbin-path=/usr/sbin/nginx \
   22         --modules-path=/usr/lib/nginx/modules \
   23         --conf-path=/etc/nginx/nginx.conf \
   24         --error-log-path=/var/log/nginx/error.log \
   25         --http-log-path=/var/log/nginx/access.log \
   26         --pid-path=/var/run/nginx.pid \
   27         --lock-path=/var/run/nginx.lock \
   28         --http-client-body-temp-path=/var/cache/nginx/client_temp \
   29         --http-proxy-temp-path=/var/cache/nginx/proxy_temp \
   30         --http-fastcgi-temp-path=/var/cache/nginx/fastcgi_temp \
   31         --http-uwsgi-temp-path=/var/cache/nginx/uwsgi_temp \
   32         --http-scgi-temp-path=/var/cache/nginx/scgi_temp \
   33         --user=nginx \
   34         --group=nginx \
   35         --with-http_ssl_module \
   36         --with-http_v2_module \
   37         --with-http_stub_status_module \
   38         --with-http_realip_module \
   39         --with-http_gunzip_module \
   40         --add-module=/src/third_party/nginx-zauth-module \
   41         --add-module=/src/third_party/headers-more-nginx-module \
   42         --add-module=/src/third_party/nginx-module-vts
   43 
   44 ################# similar block as upstream ########################################
   45 # see https://github.com/nginxinc/docker-nginx/blob/master/stable/alpine/Dockerfile
   46 # This uses dockerfile logic from before 1.16
   47 ####################################################################################
   48 
   49 ENV NGINX_VERSION 1.16.1
   50 
   51 RUN apk update
   52 
   53 RUN apk add -vv --virtual .build-deps \
   54         libsodium-dev \
   55         llvm-libunwind-dev \
   56         gcc \
   57         libc-dev \
   58         make \
   59         openssl-dev \
   60         pcre-dev \
   61         zlib-dev \
   62         linux-headers \
   63         curl \
   64         gnupg1 \
   65         libxslt-dev \
   66         gd-dev \
   67         geoip-dev
   68 
   69 # This line checks whether the 'apk add' succeeded, sometimes it doesn't work.
   70 RUN curl -h
   71 
   72 RUN set -x \
   73     && addgroup -g 101 -S nginx \
   74     && adduser -S -D -H -u 101 -h /var/cache/nginx -s /sbin/nologin -G nginx -g nginx nginx \
   75     && export GPG_KEYS=B0F4253373F8F6F510D42178520A9993A1C052F8 \
   76     && curl -fSL https://nginx.org/download/nginx-$NGINX_VERSION.tar.gz -o nginx.tar.gz \
   77     && curl -fSL https://nginx.org/download/nginx-$NGINX_VERSION.tar.gz.asc  -o nginx.tar.gz.asc \
   78     && found=''; \
   79     for server in \
   80         ha.pool.sks-keyservers.net \
   81         hkp://keyserver.ubuntu.com:80 \
   82         hkp://p80.pool.sks-keyservers.net:80 \
   83         pgp.mit.edu \
   84     ; do \
   85         echo "Fetching GPG key $GPG_KEYS from $server"; \
   86         gpg --keyserver "$server" --keyserver-options timeout=10 --recv-keys "$GPG_KEYS" && found=yes && break; \
   87     done; \
   88     test -z "$found" && echo >&2 "error: failed to fetch GPG key $GPG_KEYS" && exit 1; \
   89     gpg --batch --verify nginx.tar.gz.asc nginx.tar.gz \
   90     && rm -rf "$GNUPGHOME" nginx.tar.gz.asc \
   91     && mkdir -p /usr/src \
   92     && tar -zxC /usr/src -f nginx.tar.gz \
   93     && rm nginx.tar.gz \
   94     && cd /usr/src/nginx-$NGINX_VERSION \
   95     && ./configure $CONFIG --with-debug \
   96     && make -j$(getconf _NPROCESSORS_ONLN) \
   97     && mv objs/nginx objs/nginx-debug \
   98     && ./configure $CONFIG \
   99     && make -j$(getconf _NPROCESSORS_ONLN) \
  100     && make install \
  101     && rm -rf /etc/nginx/html/ \
  102     && mkdir /etc/nginx/conf.d/ \
  103     && mkdir -p /usr/share/nginx/html/ \
  104     && install -m644 html/index.html /usr/share/nginx/html/ \
  105     && install -m644 html/50x.html /usr/share/nginx/html/ \
  106     && install -m755 objs/nginx-debug /usr/sbin/nginx-debug \
  107     && ln -s ../../usr/lib/nginx/modules /etc/nginx/modules \
  108     && strip /usr/sbin/nginx* \
  109     && rm -rf /usr/src/nginx-$NGINX_VERSION \
  110     \
  111     # Bring in gettext so we can get `envsubst`, then throw
  112     # the rest away. To do this, we need to install `gettext`
  113     # then move `envsubst` out of the way so `gettext` can
  114     # be deleted completely, then move `envsubst` back.
  115     && apk add --no-cache --virtual .gettext gettext \
  116     && mv /usr/bin/envsubst /tmp/ \
  117     \
  118     && runDepsTmp="$( \
  119         scanelf --needed --nobanner --format '%n#p' /usr/sbin/nginx /usr/lib/nginx/modules/*.so /tmp/envsubst \
  120             | tr ',' '\n' \
  121             | sort -u \
  122             | awk 'system("[ -e /usr/local/lib/" $1 " ]") == 0 { next } { print "so:" $1 }' \
  123     )" \
  124     \
  125     # exclude libzauth from runDeps
  126     && runDeps=${runDepsTmp/so:libzauth.so/''} \
  127     && apk add --no-cache --virtual .nginx-rundeps $runDeps \
  128     && apk del .build-deps \
  129     && apk del .gettext \
  130     && mv /tmp/envsubst /usr/local/bin/ \
  131     \
  132     # Bring in tzdata so users could set the timezones through the environment
  133     # variables
  134     && apk add --no-cache tzdata \
  135     \
  136     # forward request and error logs to docker log collector
  137     && ln -sf /dev/stdout /var/log/nginx/access.log \
  138     && ln -sf /dev/stderr /var/log/nginx/error.log
  139 
  140 ################# wire/nginz specific ######################
  141 
  142 # Fix file permissions
  143 RUN mkdir -p /var/cache/nginx/client_temp && chown -R nginx:nginx /var/cache/nginx
  144 
  145 RUN apk add --no-cache inotify-tools dumb-init bash curl && \
  146     # add libzauth runtime dependencies back in
  147     apk add --no-cache libsodium llvm-libunwind libgcc
  148 
  149 COPY services/nginz/nginz_reload.sh /usr/bin/nginz_reload.sh
  150 
  151 ENTRYPOINT ["/usr/bin/dumb-init", "--"]
  152 CMD ["/usr/bin/nginz_reload.sh", "-g", "daemon off;", "-c", "/etc/wire/nginz/conf/nginx.conf"]