├── Dockerfile
├── LICENSE
├── README.md
├── certbot
    └── config.ini
├── docker-compose.yml
└── run
    └── bootstrap.sh


/Dockerfile:
--------------------------------------------------------------------------------
  1 | FROM alpine:3.6
  2 | ARG NGINX_VERSION=1.13.2
  3 | #ftp://ftp.openssl.org/source/
  4 | ARG OPENSSL_VERSION=1.0.2l
  5 | ARG HEADERES_MORE_NGINX_MODULE=0.33
  6 | ARG MODSECURITY_MODULE=3.0.0
  7 | ARG MODSECURITY_NGINX_MODULE=1.0.0
  8 | ARG NAXSI_MODULE=0.55.3
  9 | 
 10 | RUN apk --no-cache add \
 11 |     curl-dev \
 12 |     wget \
 13 |     linux-headers \
 14 |     alpine-sdk \
 15 |     zlib-dev \
 16 |     pcre-dev \
 17 |     libxslt-dev \
 18 |     libxml2-dev \
 19 |     geoip-dev \
 20 |     perl \
 21 |     libaio-dev \
 22 |     acme-client \
 23 |     libtool \
 24 |     m4 \
 25 |     autoconf \
 26 |     automake \
 27 |     yajl-dev \
 28 |     gd-dev
 29 | 
 30 | RUN addgroup -g 9000 -S www-data \
 31 |   && adduser -u 9000 -D -S -G www-data www-data
 32 | 
 33 | RUN mkdir -p /tmp/nginx \
 34 |     /tmp/headers-more-nginx-module \
 35 |     /tmp/modsecurity-nginx \
 36 |     /tmp/naxsi \
 37 |     /opt/.openssl \
 38 |     /opt/nginx-configuration \
 39 |     /opt/modsecurity
 40 | 
 41 | RUN wget http://nginx.org/download/nginx-${NGINX_VERSION}.tar.gz \
 42 |     -O latest_ngnix.gzipped
 43 | RUN wget ftp://ftp.openssl.org/source/openssl-${OPENSSL_VERSION}.tar.gz \
 44 |     -O latest_openssl.gzipped
 45 | RUN wget https://github.com/openresty/headers-more-nginx-module/archive/v${HEADERES_MORE_NGINX_MODULE}.tar.gz \
 46 |     -O headers_more_nginx_module.gzipped
 47 | RUN wget https://github.com/SpiderLabs/ModSecurity/releases/download/v${MODSECURITY_MODULE}/modsecurity-v${MODSECURITY_MODULE}.tar.gz \
 48 |     -O modsecurity.gzipped
 49 | RUN wget https://github.com/SpiderLabs/ModSecurity-nginx/releases/download/v${MODSECURITY_NGINX_MODULE}/modsecurity-nginx-v${MODSECURITY_NGINX_MODULE}.tar.gz \
 50 |     -O modsecurity-nginx.gzipped
 51 | RUN wget https://github.com/nbs-system/naxsi/archive/${NAXSI_MODULE}.tar.gz \
 52 |     -O naxsi.gzipped
 53 | 
 54 | WORKDIR /
 55 | RUN tar --extract \
 56 |     --strip-components=1 \
 57 |     --file=latest_ngnix.gzipped --directory=/tmp/nginx \
 58 |   && tar --extract \
 59 |     --strip-components=1 \
 60 |     --file=modsecurity.gzipped --directory=/opt/modsecurity \
 61 |   && tar --extract \
 62 |     --strip-components=1 \
 63 |     --file=headers_more_nginx_module.gzipped --directory=/tmp/headers-more-nginx-module \
 64 |   && tar --extract \
 65 |     --strip-components=1 \
 66 |     --file=latest_openssl.gzipped --directory=/opt/.openssl \
 67 |   && tar --extract \
 68 |     --strip-components=1 \
 69 |     --file=modsecurity-nginx.gzipped --directory=/tmp/modsecurity-nginx \
 70 |   && tar --extract \
 71 |     --strip-components=1 \
 72 |     --file=naxsi.gzipped --directory=/tmp/naxsi \
 73 |   && rm -Rfv latest_ngnix.gzipped \
 74 |     latest_openssl.gzipped \
 75 |     headers_more_nginx_module.gzipped \
 76 |     modsecurity.gzipped \
 77 |     modsecurity-nginx.gzipped \
 78 |     naxsi.gzipped
 79 | 
 80 | WORKDIR /opt/modsecurity
 81 | RUN ./configure \
 82 |   && make -j 8 \
 83 |   && make install
 84 | 
 85 | WORKDIR /opt/.openssl
 86 | RUN ./config --prefix=/usr/local \
 87 |     --openssldir=/usr/local/open-ssl \
 88 |     threads \
 89 |     zlib \
 90 |   && make -j 8 \
 91 |   && make test \
 92 |   && make install
 93 | 
 94 | WORKDIR /tmp/nginx
 95 | RUN ./configure --prefix=/usr/local/nginx \
 96 |     --sbin-path=/usr/local/sbin/nginx \
 97 |     --user=www-data --group=www-data \
 98 |     --pid-path=/var/run/nginx.pid \
 99 |     --lock-path=/run/lock/subsys/nginx \
100 |     --http-client-body-temp-path=/var/lib/nginx/body \
101 |     --http-proxy-temp-path=/var/lib/nginx/proxy \
102 |     --http-log-path=/var/log/nginx/access.log \
103 |     --error-log-path=/var/log/nginx/error.log \
104 |     --conf-path=/opt/nginx-configuration/nginx.conf \
105 |     --add-module=/tmp/headers-more-nginx-module \
106 |     --add-module=/tmp/modsecurity-nginx \
107 |     --add-module=/tmp/naxsi/naxsi_src \
108 |     --with-openssl=/opt/.openssl \
109 |     --with-file-aio \
110 |     --with-ipv6 \
111 |     --with-http_ssl_module \
112 |     --with-http_v2_module \
113 |     --with-stream \
114 |     --with-stream_ssl_module \
115 |     --with-http_realip_module \
116 |     --with-http_addition_module \
117 |     --with-http_xslt_module \
118 |     --with-http_image_filter_module \
119 |     --with-http_geoip_module \
120 |     --with-http_sub_module \
121 |     --with-http_dav_module \
122 |     --with-http_flv_module \
123 |     --with-http_mp4_module \
124 |     --with-http_gunzip_module \
125 |     --with-http_gzip_static_module \
126 |     --with-http_random_index_module \
127 |     --with-http_secure_link_module \
128 |     --with-http_degradation_module \
129 |     --with-http_stub_status_module \
130 |     --with-pcre-jit \
131 |     --with-pcre \
132 |     --with-debug \
133 |     --with-mail \
134 |     --with-mail_ssl_module \
135 |     --without-mail_pop3_module \
136 |     --without-http_uwsgi_module \
137 |     --without-http_scgi_module \
138 |   && make -j 8 \
139 |   && make install
140 | 
141 | RUN openssl dhparam -out /etc/dhparam.pem 4096
142 | RUN mv /tmp/naxsi/naxsi_config/naxsi_core.rules /opt/naxsi_core.rules
143 | RUN mkdir -p /var/lib/nginx/body /var/www/acme
144 | RUN rm -Rfv /tmp/*
145 | 
146 | EXPOSE 80 443
147 | WORKDIR /opt
148 | ADD ./run/bootstrap.sh bootstrap.sh
149 | ADD ./certbot certbot/
150 | RUN chmod u+x bootstrap.sh
151 | 
152 | ENTRYPOINT ["sh", "bootstrap.sh" ]
153 | 


--------------------------------------------------------------------------------
/LICENSE:
--------------------------------------------------------------------------------
 1 | The MIT License (MIT)
 2 | 
 3 | Copyright (c) 2015 Dario Andrei
 4 | 
 5 | Permission is hereby granted, free of charge, to any person obtaining a copy
 6 | of this software and associated documentation files (the "Software"), to deal
 7 | in the Software without restriction, including without limitation the rights
 8 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
 9 | copies of the Software, and to permit persons to whom the Software is
10 | furnished to do so, subject to the following conditions:
11 | 
12 | The above copyright notice and this permission notice shall be included in all
13 | copies or substantial portions of the Software.
14 | 
15 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
16 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
17 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
18 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
19 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
20 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
21 | SOFTWARE.
22 | 
23 | 


--------------------------------------------------------------------------------
/README.md:
--------------------------------------------------------------------------------
 1 | # nginx-docker-container
 2 | This is a container that contains a customized nginx installation with also the capability to add folder without shutting down the container.
 3 | 
 4 | nginx-docker-container is developed by [720kb](http://720kb.net).
 5 | 
 6 | ## Requirements
 7 | This container needs at least docker v1.8.
 8 | 
 9 | ## Usage
10 | Download the image from hub.docker.com:
11 | ```sh
12 |   $ docker pull 720kb/nginx
13 | ```
14 | Then you can run nginx issuing:
15 | ```sh
16 |   docker run \
17 |   --name nginx \
18 |   -d \
19 |   -h nginx \
20 |   --privileged \
21 |   -p 0.0.0.0:80:80 \
22 |   -p 0.0.0.0:443:443 \
23 |   720kb/nginx
24 | ```
25 | This bounds nginx to ports 80 and 443, with its configuration in `/opt/nginx-configuration` folder inside the container.
26 | 
27 | If you want to apply your nginx configuration that you already have you should:
28 | 1. copy the `add-folder.sh` that is in the `/add-folder` folder (via `docker cp` command) in the host machine;
29 | 2. run `./add-folder.sh <your_nginx_conf_folder> /opt/nginx-configuration y`;
30 | 
31 | and wait a bit.
32 | 
33 | Now the containerized nginx has your configurations.
34 | 
35 | To add folders to the container you have to call `./add-folder.sh <your_folder_to_add> <where_you_want_to_put_the_folder_inside_the_container> y`. The only thing to take care is that the folder `<where_you_want_to_put_the_folder_inside_the_container>` must be the same in the site configuration inside the configuration folder.
36 | 
37 | 
38 | ## Contributing
39 | 
40 | We will be very grateful if you help us making this project grow up.
41 | Feel free to contribute by forking, opening issues, pull requests etc.
42 | 
43 | ## License
44 | 
45 | The MIT License (MIT)
46 | 
47 | Copyright (c) 2014 Dario Andrei, Filippo Oretti
48 | 
49 | Permission is hereby granted, free of charge, to any person obtaining a copy
50 | of this software and associated documentation files (the "Software"), to deal
51 | in the Software without restriction, including without limitation the rights
52 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
53 | copies of the Software, and to permit persons to whom the Software is
54 | furnished to do so, subject to the following conditions:
55 | 
56 | The above copyright notice and this permission notice shall be included in all
57 | copies or substantial portions of the Software.
58 | 
59 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
60 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
61 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
62 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
63 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
64 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
65 | SOFTWARE.
66 | 


--------------------------------------------------------------------------------
/certbot/config.ini:
--------------------------------------------------------------------------------
1 | rsa-key-size = 4096
2 | email = wouldgo84@gmail.com
3 | server = https://acme-v01.api.letsencrypt.org/directory
4 | text = True
5 | 


--------------------------------------------------------------------------------
/docker-compose.yml:
--------------------------------------------------------------------------------
 1 | version: '3.2'
 2 | services:
 3 |   nginx:
 4 |     image: 720kb/nginx
 5 |     container_name: nginx
 6 |     hostname: nginx
 7 |     build:
 8 |       context: .
 9 |       dockerfile: Dockerfile
10 |       args:
11 |         NGINX_VERSION: 1.13.7
12 |         OPENSSL_VERSION: 1.0.2n
13 |         HEADERES_MORE_NGINX_MODULE: 0.33
14 |         MODSECURITY_MODULE: 3.0.0
15 |         MODSECURITY_NGINX_MODULE: 1.0.0
16 |         NAXSI_MODULE: 0.55.3
17 |     volumes:
18 |       - type: volume
19 |         source: nginx-conf
20 |         target: /opt/nginx-configuration
21 |         read_only: true
22 |       - type: volume
23 |         source: sites
24 |         target: /var/sites
25 |         read_only: true
26 |     networks:
27 |       - dmz
28 |       - internal
29 |     ports:
30 |       - "80:80"
31 |       - "443:443"
32 | networks:
33 |   dmz:
34 |   internal:
35 | 
36 | volumes:
37 |   nginx-conf:
38 |     driver: kassisol/gitvol:0.1.0
39 |     driver_opts:
40 |       url: https://${GITHUB_ACCESS_TOKEN}@github.com/720kb/nginx-confs.git
41 |   sites:
42 | 


--------------------------------------------------------------------------------
/run/bootstrap.sh:
--------------------------------------------------------------------------------
1 | #!/bin/bash
2 | 
3 | nginx && \
4 | tail -f /var/log/nginx/access.log /var/log/nginx/error.log
5 | 


--------------------------------------------------------------------------------