2021-07-25 15:37:38 -06:00
#
# build AB-NGINX container (based on NGINX mainline)
#
2022-11-02 01:10:04 -06:00
ARG NGINX_VERSION = 1 .23.2
2021-07-25 15:37:38 -06:00
FROM nginx:${NGINX_VERSION}-alpine
ARG NGINX_VERSION
2019-10-16 23:44:47 -06:00
2021-07-25 15:03:24 -06:00
# default uid and gid for nginx user
2021-01-07 11:25:12 -07:00
ARG UID = 8080
2021-07-25 15:03:24 -06:00
ARG GID = 8080
2019-11-11 00:04:15 -07:00
# create nginx user
2021-07-25 15:03:24 -06:00
RUN addgroup --gid ${ GID } www-docker \
2019-11-11 00:04:15 -07:00
&& adduser \
2021-01-07 10:45:40 -07:00
-S \
-h /home/www-docker \
-G www-docker \
2019-11-11 00:04:15 -07:00
--disabled-password \
--gecos 'nginx docker system user' \
--uid ${ UID } \
2021-01-07 07:03:57 -07:00
www-docker
2019-11-11 00:04:15 -07:00
2021-09-13 02:43:28 -06:00
# add libcap and allow nginx to bind to ports <1024;
# extract fun error pages;
# create /certs directory for auto-generation;
# create LetsEncrypt challenge directory outside webroot
2021-07-25 16:00:16 -06:00
RUN apk --update --no-cache add \
libcap \
openssl \
2021-07-27 23:18:17 -06:00
&& apk --update --no-cache upgrade \
2021-01-07 10:06:17 -07:00
&& setcap 'cap_net_bind_service=+ep' /usr/sbin/nginx \
&& cd /usr/share/nginx \
2019-10-17 23:27:50 -06:00
&& rm -rf html/* \
2021-07-25 15:42:18 -06:00
&& wget -O /tmp/errorpages.tar.gz https://git.asifbacchus.dev/asif/fun-errorpages/archive/v1.0.tar.gz \
2021-01-07 06:59:53 -07:00
&& tar -xzf /tmp/errorpages.tar.gz -C /tmp \
&& mv /tmp/fun-errorpages/errorpages ./ \
2021-01-07 10:16:24 -07:00
&& rm -rf /tmp/* \
2021-01-07 13:25:57 -07:00
&& rm -rf /docker-entrypoint.d \
&& rm -f /docker-entrypoint.sh \
2021-09-13 02:43:28 -06:00
&& mkdir /certs \
2021-01-07 10:16:24 -07:00
&& mkdir /usr/share/nginx/letsencrypt
2019-10-17 00:13:42 -06:00
2021-01-05 17:35:03 -07:00
# health check
2021-07-25 15:04:22 -06:00
HEALTHCHECK \
--interval= 10s \
--timeout= 5s \
--start-period= 60s \
--retries= 3 \
2021-01-05 18:24:58 -07:00
CMD curl --fail http://127.0.0.1:9000/nginx_status || exit 1
2021-01-05 17:35:03 -07:00
2019-10-16 23:44:47 -06:00
# standardized labels
2021-07-27 21:15:05 -06:00
MAINTAINER Asif Bacchus <asif@asifbacchus.dev>
LABEL maintainer = "Asif Bacchus <asif@asifbacchus.dev>"
2021-07-27 15:10:49 -06:00
LABEL dev.asifbacchus.docker.internalName= "ab-nginx"
2021-07-27 21:15:05 -06:00
LABEL org.opencontainers.image.author= "Asif Bacchus <asif@asifbacchus.dev>"
2021-07-25 15:42:18 -06:00
LABEL org.opencontainers.image.url= "https://git.asifbacchus.dev/ab-docker/ab-nginx"
LABEL org.opencontainers.image.documentation= "https://git.asifbacchus.dev/ab-docker/ab-nginx/wiki"
LABEL org.opencontainers.image.source= "https://git.asifbacchus.dev/ab-docker/ab-nginx.git"
2021-01-05 18:01:53 -07:00
LABEL org.opencontainers.image.vendor= "NGINX"
LABEL org.opencontainers.image.title= "ab-nginx"
LABEL org.opencontainers.image.description= "NGINX-mainline-alpine with more logical file location layout and automatic SSL set up if certificates are provided."
2019-10-16 23:44:47 -06:00
2021-07-25 19:18:32 -06:00
# copy configuration files and utility scripts
COPY entrypoint.sh /usr/local/bin/entrypoint.sh
COPY generate-cert.sh /usr/local/bin/generate-cert
COPY selfsigned.cnf /etc/selfsigned.cnf
2019-10-16 23:44:47 -06:00
COPY config /etc/nginx/
COPY sites /etc/nginx/sites/
2019-10-17 01:01:20 -06:00
COPY webroot /usr/share/nginx/html/
2019-10-16 23:44:47 -06:00
# expose ports
EXPOSE 80 443
2021-01-07 07:05:20 -07:00
# clean-up permissions and run as www-docker user
2021-01-07 10:06:17 -07:00
RUN chown -R www-docker:www-docker /usr/share/nginx \
&& find /usr/share/nginx -type d -exec chmod 755 { } \; \
&& find /usr/share/nginx -type f -exec chmod 644 { } \; \
2021-01-07 07:14:01 -07:00
&& chown -R www-docker:www-docker /etc/nginx \
2021-01-07 10:06:17 -07:00
&& find /etc/nginx -type d -exec chmod 750 { } \; \
2021-01-07 10:10:35 -07:00
&& find /etc/nginx -type f -exec chmod 640 { } \; \
2021-01-07 10:06:17 -07:00
&& chown www-docker:www-docker /var/cache/nginx \
2021-07-25 19:18:32 -06:00
&& chown www-docker:www-docker /var/log/nginx \
2021-09-13 02:43:28 -06:00
&& chown www-docker:www-docker /certs \
&& chmod 700 /certs \
2021-07-25 19:18:32 -06:00
&& chmod 644 /etc/selfsigned.cnf \
&& chmod 755 /usr/local/bin/generate-cert /usr/local/bin/entrypoint.sh
2021-01-07 07:03:57 -07:00
USER www-docker
2021-01-07 10:45:40 -07:00
WORKDIR /usr/share/nginx/html
2019-11-09 20:01:29 -07:00
2019-10-16 23:44:47 -06:00
# default environment variables
2019-10-18 01:32:48 -06:00
ENV TZ = Etc/UTC
2019-10-17 00:13:51 -06:00
ENV SERVER_NAMES = "_"
2019-10-17 21:26:18 -06:00
ENV HTTP_PORT = 80
ENV HTTPS_PORT = 443
2019-10-18 01:53:20 -06:00
ENV ACCESS_LOG = OFF
2019-10-17 00:13:51 -06:00
ENV HSTS = FALSE
ENV TLS13_ONLY = FALSE
2019-10-16 23:44:47 -06:00
# entrypoint script
2021-07-25 19:18:32 -06:00
ENTRYPOINT [ "/usr/local/bin/entrypoint.sh" ]
2019-10-16 23:44:47 -06:00
# run NGINX by default
2021-01-07 13:34:09 -07:00
STOPSIGNAL SIGQUIT
2019-10-16 23:44:47 -06:00
CMD [ "nginx" , "-g" , "daemon off;" ]
2020-03-10 23:20:54 -06:00
# add build date and version labels
2019-10-16 23:44:47 -06:00
ARG BUILD_DATE
2021-07-25 15:37:38 -06:00
ARG GIT_COMMIT
ARG INTERNAL_VERSION
LABEL org.opencontainers.image.revision= ${ GIT_COMMIT }
LABEL org.opencontainers.image.version= ${ NGINX_VERSION }
2021-07-27 15:10:49 -06:00
LABEL dev.asifbacchus.docker.internalVersion= ${ INTERNAL_VERSION } -${ NGINX_VERSION }
2021-01-05 18:01:53 -07:00
LABEL org.opencontainers.image.created= ${ BUILD_DATE }
2021-04-04 12:31:44 -06:00
#EOF