├── .gitignore ├── Dockerfile ├── README.md ├── conf.d └── defaul.conf ├── docker-compose.yml ├── example.com.conf └── nginx.conf /.gitignore: -------------------------------------------------------------------------------- 1 | *.save 2 | -------------------------------------------------------------------------------- /Dockerfile: -------------------------------------------------------------------------------- 1 | FROM alpine:3.19.1 2 | 3 | 4 | ENV TENGINE_VERSION 3.1.0 5 | 6 | # nginx: https://git.io/vSIyj 7 | 8 | RUN rm -rf /var/cache/apk/* && \ 9 | rm -rf /tmp/* 10 | 11 | ENV CONFIG "\ 12 | --prefix=/etc/nginx \ 13 | --sbin-path=/usr/sbin/nginx \ 14 | --modules-path=/usr/lib/nginx/modules \ 15 | --conf-path=/etc/nginx/nginx.conf \ 16 | --error-log-path=/var/log/nginx/error.log \ 17 | --http-log-path=/var/log/nginx/access.log \ 18 | --pid-path=/var/run/nginx.pid \ 19 | --lock-path=/var/run/nginx.lock \ 20 | --http-client-body-temp-path=/var/cache/nginx/client_temp \ 21 | --http-proxy-temp-path=/var/cache/nginx/proxy_temp \ 22 | --http-fastcgi-temp-path=/var/cache/nginx/fastcgi_temp \ 23 | --http-uwsgi-temp-path=/var/cache/nginx/uwsgi_temp \ 24 | --http-scgi-temp-path=/var/cache/nginx/scgi_temp \ 25 | --user=nginx \ 26 | --group=nginx \ 27 | --with-http_ssl_module \ 28 | --with-http_realip_module \ 29 | --with-http_addition_module \ 30 | --with-http_sub_module \ 31 | --with-http_dav_module \ 32 | --with-http_flv_module \ 33 | --with-http_mp4_module \ 34 | --with-http_gunzip_module \ 35 | --with-http_gzip_static_module \ 36 | --with-http_random_index_module \ 37 | --with-http_secure_link_module \ 38 | --with-http_stub_status_module \ 39 | --with-http_auth_request_module \ 40 | --with-http_xslt_module=dynamic \ 41 | --with-http_image_filter_module=dynamic \ 42 | --with-http_geoip_module=dynamic \ 43 | --with-threads \ 44 | --with-stream \ 45 | --with-stream_ssl_module \ 46 | --with-stream_ssl_preread_module \ 47 | --with-stream_realip_module \ 48 | --with-stream_geoip_module=dynamic \ 49 | --with-http_slice_module \ 50 | --with-mail \ 51 | --with-mail_ssl_module \ 52 | --with-compat \ 53 | --with-file-aio \ 54 | --with-http_v2_module \ 55 | --add-module=modules/ngx_http_upstream_check_module \ 56 | --add-module=modules/headers-more-nginx-module-0.37 \ 57 | --add-module=modules/ngx_http_upstream_session_sticky_module \ 58 | " 59 | RUN addgroup -S nginx \ 60 | && adduser -D -S -h /var/cache/nginx -s /sbin/nologin -G nginx nginx \ 61 | && adduser -u 82 -D -S -G www-data www-data \ 62 | && apk add --no-cache --virtual .build-deps \ 63 | gcc \ 64 | libc-dev \ 65 | make \ 66 | openssl-dev \ 67 | pcre-dev \ 68 | zlib-dev \ 69 | linux-headers \ 70 | curl \ 71 | libxslt-dev \ 72 | gd-dev \ 73 | geoip-dev \ 74 | && curl -L "https://github.com/alibaba/tengine/archive/$TENGINE_VERSION.tar.gz" -o tengine.tar.gz \ 75 | && mkdir -p /usr/src \ 76 | && tar -zxC /usr/src -f tengine.tar.gz \ 77 | && rm tengine.tar.gz \ 78 | && cd /usr/src/tengine-$TENGINE_VERSION \ 79 | && curl -L "https://github.com/openresty/headers-more-nginx-module/archive/v0.37.tar.gz" -o more.tar.gz \ 80 | && tar -zxC /usr/src/tengine-$TENGINE_VERSION/modules -f more.tar.gz \ 81 | && rm more.tar.gz \ 82 | && ls -l /usr/src/tengine-$TENGINE_VERSION/modules \ 83 | && ./configure $CONFIG --with-debug \ 84 | && make -j$(getconf _NPROCESSORS_ONLN) \ 85 | && mv objs/nginx objs/nginx-debug \ 86 | && mv objs/ngx_http_xslt_filter_module.so objs/ngx_http_xslt_filter_module-debug.so \ 87 | && mv objs/ngx_http_image_filter_module.so objs/ngx_http_image_filter_module-debug.so \ 88 | && mv objs/ngx_http_geoip_module.so objs/ngx_http_geoip_module-debug.so \ 89 | && mv objs/ngx_stream_geoip_module.so objs/ngx_stream_geoip_module-debug.so \ 90 | && ./configure $CONFIG \ 91 | && make -j$(getconf _NPROCESSORS_ONLN) \ 92 | && make install \ 93 | && rm -rf /etc/nginx/html/ \ 94 | && mkdir /etc/nginx/conf.d/ \ 95 | && mkdir -p /usr/share/nginx/html/ \ 96 | && install -m644 html/index.html /usr/share/nginx/html/ \ 97 | && install -m644 html/50x.html /usr/share/nginx/html/ \ 98 | && install -m755 objs/nginx-debug /usr/sbin/nginx-debug \ 99 | && install -m755 objs/ngx_http_xslt_filter_module-debug.so /usr/lib/nginx/modules/ngx_http_xslt_filter_module-debug.so \ 100 | && install -m755 objs/ngx_http_image_filter_module-debug.so /usr/lib/nginx/modules/ngx_http_image_filter_module-debug.so \ 101 | && install -m755 objs/ngx_http_geoip_module-debug.so /usr/lib/nginx/modules/ngx_http_geoip_module-debug.so \ 102 | && install -m755 objs/ngx_stream_geoip_module-debug.so /usr/lib/nginx/modules/ngx_stream_geoip_module-debug.so \ 103 | && ln -s ../../usr/lib/nginx/modules /etc/nginx/modules \ 104 | && strip /usr/sbin/nginx* \ 105 | && strip /usr/lib/nginx/modules/*.so \ 106 | && rm -rf /usr/src/tengine-$NGINX_VERSION \ 107 | \ 108 | # Bring in gettext so we can get `envsubst`, then throw 109 | # the rest away. To do this, we need to install `gettext` 110 | # then move `envsubst` out of the way so `gettext` can 111 | # be deleted completely, then move `envsubst` back. 112 | && apk add --no-cache --virtual .gettext gettext \ 113 | && mv /usr/bin/envsubst /tmp/ \ 114 | \ 115 | && runDeps="$( \ 116 | scanelf --needed --nobanner --format '%n#p' /usr/sbin/nginx /usr/lib/nginx/modules/*.so /tmp/envsubst \ 117 | | tr ',' '\n' \ 118 | | sort -u \ 119 | | awk 'system("[ -e /usr/local/lib/" $1 " ]") == 0 { next } { print "so:" $1 }' \ 120 | )" \ 121 | && apk add --no-cache --virtual .nginx-rundeps $runDeps \ 122 | && apk del .build-deps \ 123 | && apk del .gettext \ 124 | && mv /tmp/envsubst /usr/local/bin/ \ 125 | \ 126 | # Bring in tzdata so users could set the timezones through the environment 127 | # variables 128 | && apk add --no-cache tzdata \ 129 | # Bring in curl and ca-certificates to make registering on DNS SD easier 130 | && apk add --no-cache curl ca-certificates \ 131 | # forward request and error logs to docker log collector 132 | && ln -sf /dev/stdout /var/log/nginx/access.log \ 133 | && ln -sf /dev/stderr /var/log/nginx/error.log 134 | 135 | COPY nginx.conf /etc/nginx/nginx.conf 136 | 137 | EXPOSE 80 443 138 | 139 | STOPSIGNAL SIGTERM 140 | 141 | CMD ["nginx", "-g", "daemon off;"] 142 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # Simple docker image of Tengine web server based on Alpine # 2 | *** 3 | 4 | - [more about Tengine](http://tengine.taobao.org) 5 | - [docs](http://tengine.taobao.org/documentation.html) 6 | 7 | in this image added [Upstream check module](http://tengine.taobao.org/document/http_upstream_check.html) 8 | 9 | to start just type something like that: 10 | ``` 11 | docker exec -it -d -v example.com.conf:/etc/nginx/conf.d/example.com.conf \ 12 | -p "80:80" -p 443:443 axizdkr/tengine 13 | ``` 14 | or if you want rewrite nginx.conf you can type something like that: 15 | 16 | ``` 17 | docker exec -it -d -v example.com.conf:/etc/nginx/conf.d/example.com.conf \ 18 | -v nginx.conf:/etc/nginx/nginx.conf \ 19 | -p "80:80" -p 443:443 axizdkr/tengine 20 | ``` 21 | 22 | [example of conf see on github](https://github.com/Axizdkr/tengine) 23 | 24 | -------------------------------------------------------------------------------- /conf.d/defaul.conf: -------------------------------------------------------------------------------- 1 | server { 2 | listen 80; 3 | server_name localhost; 4 | 5 | #access_log /var/log/nginx/host.access.log main; 6 | 7 | location / { 8 | root /usr/share/nginx/html; 9 | index index.html index.htm; 10 | } 11 | 12 | #error_page 404 /404.html; 13 | 14 | # redirect server error pages to the static page /50x.html 15 | # 16 | error_page 500 502 503 504 /50x.html; 17 | location = /50x.html { 18 | root /usr/share/nginx/html; 19 | } 20 | 21 | # proxy the PHP scripts to Apache listening on 127.0.0.1:80 22 | # 23 | #location ~ \.php$ { 24 | # proxy_pass http://127.0.0.1; 25 | #} 26 | 27 | # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000 28 | # 29 | #location ~ \.php$ { 30 | # root html; 31 | # fastcgi_pass 127.0.0.1:9000; 32 | # fastcgi_index index.php; 33 | # fastcgi_param SCRIPT_FILENAME /scripts$fastcgi_script_name; 34 | # include fastcgi_params; 35 | #} 36 | 37 | # deny access to .htaccess files, if Apache's document root 38 | # concurs with nginx's one 39 | # 40 | #location ~ /\.ht { 41 | # deny all; 42 | #} 43 | } 44 | -------------------------------------------------------------------------------- /docker-compose.yml: -------------------------------------------------------------------------------- 1 | --- 2 | version: "3.8" 3 | 4 | services: 5 | tengine-http: 6 | image: axizdkr/tengine:3.1.0 7 | container_name: tengine-http 8 | restart: always 9 | ports: 10 | - "80:80" 11 | volumes: 12 | - ./nginx.conf:/etc/nginx/nginx.conf:ro 13 | - ./conf.d/:/etc/nginx/conf.d/ 14 | networks: 15 | - web-in 16 | 17 | networks: 18 | web-in: 19 | name: web-in 20 | -------------------------------------------------------------------------------- /example.com.conf: -------------------------------------------------------------------------------- 1 | upstream back.example.com { 2 | 3 | # list of backend servers 4 | server backend1.local; 5 | server backend2.local; 6 | server backend3.local; 7 | 8 | # sticky session on 9 | session_sticky; 10 | 11 | #chek interval in ms 12 | check interval=3000 rise=1 fall=3 timeout=3000 type=http default_down=true; 13 | check_keepalive_requests 1; 14 | check_http_send "HEAD / HTTP/1.1\r\nhost: example.com\r\nConnection: close\r\n\r\n"; 15 | check_http_expect_alive http_2xx; 16 | 17 | } 18 | 19 | 20 | server { 21 | listen 80; 22 | server_name example.com www.example.com; 23 | location / { 24 | # redirect to https 25 | return 301 https://$host$request_uri; 26 | } 27 | location ~ ^/(.well-known/acme-challenge/.*)$ { 28 | # redirect to acme storage 29 | proxy_pass http://acme.local/$1; 30 | proxy_set_header X-Real-IP $remote_addr; 31 | proxy_set_header Host $http_host; 32 | proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; 33 | } 34 | } 35 | 36 | server { 37 | #ssl settings 38 | ### server port and name ### 39 | listen 443 ssl; 40 | server_name example.com www.example.com; 41 | 42 | access_log off; 43 | error_log /var/log/nginx/example.com-error.log; 44 | 45 | ### SSL cert files ### 46 | ssl_certificate /cert/example.cer; 47 | ssl_certificate_key /cert/example.key; 48 | 49 | #ssl proto only 50 | ssl_protocols TLSv1.1 TLSv1.2 TLSv1.3; 51 | # stapling on 52 | ssl_stapling on; 53 | ssl_stapling_verify on; 54 | # cipher methods restrict 55 | ssl_ciphers HIGH:!aNULL:!MD5:!CAMELLIA; 56 | ssl_prefer_server_ciphers on; 57 | keepalive_timeout 60; 58 | ssl_session_cache shared:SSL:10m; 59 | ssl_session_timeout 10m; 60 | ssl_dhparam /cert/dhparam.pem; 61 | # HSTS 62 | add_header Strict-Transport-Security "max-age=31536000; preload" always; 63 | 64 | 65 | location / { 66 | proxy_pass http://back.example.com/; 67 | 68 | proxy_next_upstream error timeout invalid_header http_500 http_502 http_503 http_504; 69 | proxy_set_header Accept-Encoding ""; 70 | proxy_set_header Host $host; 71 | proxy_set_header X-Real-IP $remote_addr; 72 | proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; 73 | proxy_set_header X-Forwarded-Proto $scheme; 74 | add_header Front-End-Https on; 75 | proxy_redirect off; 76 | } 77 | 78 | } 79 | -------------------------------------------------------------------------------- /nginx.conf: -------------------------------------------------------------------------------- 1 | user nginx; 2 | # This number should be, at maximum, the number of CPU cores on your system. 3 | worker_processes auto; 4 | 5 | error_log /var/log/nginx/error.log error; 6 | pid /var/run/nginx.pid; 7 | 8 | 9 | events { 10 | # The effective method, used on Linux 2.6+, optmized to serve many clients with each thread. 11 | use epoll; 12 | # Determines how many clients will be served by each worker process. 13 | worker_connections 4000; 14 | # Accept as many connections as possible, after nginx gets notification about a new connection. 15 | multi_accept on; 16 | } 17 | 18 | 19 | http { 20 | include /etc/nginx/mime.types; 21 | default_type application/octet-stream; 22 | 23 | #long time 24 | check_shm_size 5M; 25 | # Allow the server to close the connection after a client stops responding. 26 | reset_timedout_connection on; 27 | client_header_timeout 15; 28 | # Send the client a "request timed out" if the body is not loaded by this time. 29 | client_body_timeout 10; 30 | # If the client stops reading data, free up the stale client connection after this much time. 31 | send_timeout 15; 32 | # Timeout for keep-alive connections. Server will close connections after this time. 33 | keepalive_timeout 30; 34 | # Number of requests a client can make over the keep-alive connection. 35 | keepalive_requests 30; 36 | 37 | log_format main '$remote_addr - $remote_user [$time_local] "$request" ' 38 | '$status $body_bytes_sent "$http_referer" ' 39 | '"$http_user_agent" "$http_x_forwarded_for"'; 40 | 41 | 42 | client_body_buffer_size 128k; 43 | client_max_body_size 10m; 44 | proxy_read_timeout 180s; 45 | 46 | # Compression. 47 | gzip on; 48 | gzip_min_length 10240; 49 | gzip_proxied expired no-cache no-store private auth; 50 | gzip_types text/plain text/css text/xml text/javascript application/x-javascript application/xml; 51 | gzip_disable "msie6"; 52 | 53 | # Sendfile copies data between one FD and other from within the kernel. 54 | sendfile on; 55 | # Don't buffer data-sends (disable Nagle algorithm). 56 | tcp_nodelay on; 57 | # Causes nginx to attempt to send its HTTP response head in one packet, instead of using partial frames. 58 | tcp_nopush on; 59 | 60 | 61 | # Hide web server information 62 | server_tokens off; 63 | server_info off; 64 | server_tag off; 65 | 66 | # redirect server error pages to the static page 67 | error_page 404 /404.html; 68 | error_page 500 502 503 504 /50x.html; 69 | 70 | include /etc/nginx/conf.d/*.conf; 71 | } 72 | --------------------------------------------------------------------------------