├── .gitignore ├── .gitlab-ci.yml ├── CONTROLLER-AGENT ├── entrypoint.sh └── nginx-plus-api.conf ├── Dockerfiles ├── alpine3.10 │ └── Dockerfile ├── alpine3.10_nap │ └── Dockerfile ├── alpine3.11 │ └── Dockerfile ├── alpine3.12 │ └── Dockerfile ├── alpine3.12_tools │ └── Dockerfile ├── amazonlinux │ └── Dockerfile ├── amazonlinux2 │ └── Dockerfile ├── amazonlinux2_controller │ └── Dockerfile ├── centos7.6 │ └── Dockerfile ├── centos7.6_nap │ └── Dockerfile ├── centos7.6_nim │ └── Dockerfile ├── centos7 │ └── Dockerfile ├── centos7_controller │ └── Dockerfile ├── centos8 │ └── Dockerfile ├── debian10 │ └── Dockerfile ├── debian10_nap │ └── Dockerfile ├── debian10_nim │ └── Dockerfile ├── debian9 │ └── Dockerfile ├── debian9_controller │ └── Dockerfile ├── debian9_nap │ └── Dockerfile ├── oracle7 │ └── Dockerfile ├── rhel7 │ └── Dockerfile ├── rhel7_nap │ └── Dockerfile ├── rhel8 │ └── Dockerfile ├── rhel8_nim │ └── Dockerfile ├── ubuntu16.04 │ └── Dockerfile ├── ubuntu16.04_controller │ └── Dockerfile ├── ubuntu18.04 │ └── Dockerfile ├── ubuntu18.04_controller │ └── Dockerfile ├── ubuntu18.04_crossplane │ └── Dockerfile ├── ubuntu18.04_nap │ └── Dockerfile ├── ubuntu20.04 │ └── Dockerfile └── ubuntu20.04_nim │ └── Dockerfile ├── NAP ├── entrypoint.sh └── etc │ ├── nginx │ ├── log-default.json │ ├── nap_test.conf │ └── nginx.conf │ └── ssl │ └── nginx │ └── PLACE_NGINX_REPO_KEY_AND_CRT_HERE ├── NGINX-PLUS └── etc │ ├── nginx │ └── nginx.conf │ └── ssl │ └── nginx │ └── PLACE_NGINX_REPO_KEY_AND_CRT_HERE ├── NIM ├── entrypoint.sh └── etc │ ├── nginx-manager │ ├── PLACE_NGINX-MANAGER-LICENSE_HERE │ └── nginx-manager.conf │ ├── nginx │ └── conf.d │ │ ├── nginx-manager-grpc.conf │ │ ├── nginx-manager-noauth-http.conf │ │ ├── nginx-manager-noauth-https.conf.disabled │ │ ├── nginx-manager-upstreams-grpc.conf │ │ ├── nginx-manager-upstreams.conf │ │ └── status_api.conf │ └── ssl │ └── nginx │ └── PLACE_NGINX_REPO_KEY_AND_CRT_HERE ├── README.md ├── build-nginx-plus.sh ├── ci-build.sh ├── test └── etc │ └── nginx │ ├── conf.d │ ├── status_api.conf │ └── stub_status.conf │ └── nginx.conf └── todo.md /.gitignore: -------------------------------------------------------------------------------- 1 | # OS generated files # 2 | ###################### 3 | .DS_Store 4 | .DS_Store? 5 | ._* 6 | .Spotlight-V100 7 | .Trashes 8 | ehthumbs.db 9 | Thumbs.db 10 | 11 | # NGINX Specific files # 12 | ######################## 13 | nginx-repo.key 14 | nginx-repo.crt 15 | *.pk12 16 | .log 17 | .lic 18 | nginx-manager.lic 19 | 20 | # Project Specific files # 21 | ########################## 22 | NAP/Dockerfile 23 | NIM/Dockerfile 24 | NGINX-PLUS/Dockerfile 25 | CONTROLLER_AGENT/Dockerfile -------------------------------------------------------------------------------- /.gitlab-ci.yml: -------------------------------------------------------------------------------- 1 | before_script: 2 | - docker info 3 | - docker login -u "$CI_REGISTRY_USER" -p "$CI_REGISTRY_PASSWORD" $CI_REGISTRY 4 | - echo "$NGINX_REPO_KEY" > "etc/ssl/nginx/nginx-repo.key" 5 | - echo "$NGINX_REPO_CRT" > "etc/ssl/nginx/nginx-repo.crt" 6 | # - cp /etc/ssl/nginx/nginx-repo.* etc/ssl/nginx/ 7 | 8 | # Run sequentially 9 | stages: 10 | - build 11 | - clean_up 12 | 13 | alpine3.9: # CI_JOB_NAME 14 | stage: build 15 | variables: 16 | NAME: nginx-plus-$CI_JOB_NAME-$CI_PIPELINE_ID # Unique container name 17 | TAG: $CI_JOB_NAME 18 | script: 19 | - cp -R etc/ Dockerfiles/$CI_JOB_NAME/ 20 | - docker build -t $NAME Dockerfiles/$CI_JOB_NAME 21 | - chmod +x ./ci-build.sh 22 | - ./ci-build.sh $NAME # Script to `docker run` with random ports 23 | - docker tag $NAME ${CI_REGISTRY}/${CI_PROJECT_PATH}:$TAG 24 | - docker push ${CI_REGISTRY}/${CI_PROJECT_PATH}:$TAG 25 | - docker stop $NAME 26 | - docker rm $NAME 27 | 28 | alpine3.9_tools: # CI_JOB_NAME 29 | stage: build 30 | variables: 31 | NAME: nginx-plus-$CI_JOB_NAME-$CI_PIPELINE_ID # Unique container name 32 | TAG: $CI_JOB_NAME 33 | script: 34 | - cp -R etc/ Dockerfiles/$CI_JOB_NAME/ 35 | - docker build -t $NAME Dockerfiles/$CI_JOB_NAME 36 | - chmod +x ./ci-build.sh 37 | - ./ci-build.sh $NAME # Script to `docker run` with random ports 38 | - docker tag $NAME ${CI_REGISTRY}/${CI_PROJECT_PATH}:$TAG 39 | - docker push ${CI_REGISTRY}/${CI_PROJECT_PATH}:$TAG 40 | - docker stop $NAME 41 | - docker rm $NAME 42 | 43 | alpine3.10: # CI_JOB_NAME 44 | stage: build 45 | variables: 46 | NAME: nginx-plus-$CI_JOB_NAME-$CI_PIPELINE_ID # Unique container name 47 | TAG: $CI_JOB_NAME 48 | script: 49 | - cp -R etc/ Dockerfiles/$CI_JOB_NAME/ 50 | - docker build -t $NAME Dockerfiles/$CI_JOB_NAME 51 | - chmod +x ./ci-build.sh 52 | - ./ci-build.sh $NAME # Script to `docker run` with random ports 53 | - docker tag $NAME ${CI_REGISTRY}/${CI_PROJECT_PATH}:$TAG 54 | - docker push ${CI_REGISTRY}/${CI_PROJECT_PATH}:$TAG 55 | - docker stop $NAME 56 | - docker rm $NAME 57 | 58 | centos7: # CI_JOB_NAME 59 | stage: build 60 | variables: 61 | NAME: nginx-plus-$CI_JOB_NAME-$CI_PIPELINE_ID # Unique container name 62 | TAG: $CI_JOB_NAME 63 | script: 64 | - cp -R etc/ Dockerfiles/$CI_JOB_NAME/ 65 | - docker build -t $NAME Dockerfiles/$CI_JOB_NAME 66 | - chmod +x ./ci-build.sh 67 | - ./ci-build.sh $NAME # Script to `docker run` with random ports 68 | - docker tag $NAME ${CI_REGISTRY}/${CI_PROJECT_PATH}:$TAG 69 | - docker push ${CI_REGISTRY}/${CI_PROJECT_PATH}:$TAG 70 | - docker stop $NAME 71 | - docker rm $NAME 72 | 73 | centos7.6: # CI_JOB_NAME 74 | stage: build 75 | variables: 76 | NAME: nginx-plus-$CI_JOB_NAME-$CI_PIPELINE_ID # Unique container name 77 | TAG: $CI_JOB_NAME 78 | script: 79 | - cp -R etc/ Dockerfiles/$CI_JOB_NAME/ 80 | - docker build -t $NAME Dockerfiles/$CI_JOB_NAME 81 | - chmod +x ./ci-build.sh 82 | - ./ci-build.sh $NAME # Script to `docker run` with random ports 83 | - docker tag $NAME ${CI_REGISTRY}/${CI_PROJECT_PATH}:$TAG 84 | - docker push ${CI_REGISTRY}/${CI_PROJECT_PATH}:$TAG 85 | - docker stop $NAME 86 | - docker rm $NAME 87 | 88 | centos8: # CI_JOB_NAME 89 | stage: build 90 | variables: 91 | NAME: nginx-plus-$CI_JOB_NAME-$CI_PIPELINE_ID # Unique container name 92 | TAG: $CI_JOB_NAME 93 | script: 94 | - cp -R etc/ Dockerfiles/$CI_JOB_NAME/ 95 | - docker build -t $NAME Dockerfiles/$CI_JOB_NAME 96 | - chmod +x ./ci-build.sh 97 | - ./ci-build.sh $NAME # Script to `docker run` with random ports 98 | - docker tag $NAME ${CI_REGISTRY}/${CI_PROJECT_PATH}:$TAG 99 | - docker push ${CI_REGISTRY}/${CI_PROJECT_PATH}:$TAG 100 | - docker stop $NAME 101 | - docker rm $NAME 102 | 103 | debian9: # CI_JOB_NAME 104 | stage: build 105 | variables: 106 | NAME: nginx-plus-$CI_JOB_NAME-$CI_PIPELINE_ID # Unique container name 107 | TAG: $CI_JOB_NAME 108 | script: 109 | - cp -R etc/ Dockerfiles/$CI_JOB_NAME/ 110 | - docker build -t $NAME Dockerfiles/$CI_JOB_NAME 111 | - chmod +x ./ci-build.sh 112 | - ./ci-build.sh $NAME # Script to `docker run` with random ports 113 | - docker tag $NAME ${CI_REGISTRY}/${CI_PROJECT_PATH}:$TAG 114 | - docker push ${CI_REGISTRY}/${CI_PROJECT_PATH}:$TAG 115 | - docker stop $NAME 116 | - docker rm $NAME 117 | 118 | debian10: # CI_JOB_NAME 119 | stage: build 120 | variables: 121 | NAME: nginx-plus-$CI_JOB_NAME-$CI_PIPELINE_ID # Unique container name 122 | TAG: $CI_JOB_NAME 123 | script: 124 | - cp -R etc/ Dockerfiles/$CI_JOB_NAME/ 125 | - docker build -t $NAME Dockerfiles/$CI_JOB_NAME 126 | - chmod +x ./ci-build.sh 127 | - ./ci-build.sh $NAME # Script to `docker run` with random ports 128 | - docker tag $NAME ${CI_REGISTRY}/${CI_PROJECT_PATH}:$TAG 129 | - docker push ${CI_REGISTRY}/${CI_PROJECT_PATH}:$TAG 130 | - docker stop $NAME 131 | - docker rm $NAME 132 | 133 | ubuntu16.04: # CI_JOB_NAME 134 | stage: build 135 | variables: 136 | NAME: nginx-plus-$CI_JOB_NAME-$CI_PIPELINE_ID # Unique container name 137 | TAG: $CI_JOB_NAME 138 | script: 139 | - cp -R etc/ Dockerfiles/$CI_JOB_NAME/ 140 | - docker build -t $NAME Dockerfiles/$CI_JOB_NAME 141 | - chmod +x ./ci-build.sh 142 | - ./ci-build.sh $NAME # Script to `docker run` with random ports 143 | - docker tag $NAME ${CI_REGISTRY}/${CI_PROJECT_PATH}:$TAG 144 | - docker push ${CI_REGISTRY}/${CI_PROJECT_PATH}:$TAG 145 | - docker stop $NAME 146 | - docker rm $NAME 147 | 148 | ubuntu18.04: # CI_JOB_NAME 149 | stage: build 150 | variables: 151 | NAME: nginx-plus-$CI_JOB_NAME-$CI_PIPELINE_ID # Unique container name 152 | TAG: $CI_JOB_NAME 153 | script: 154 | 155 | - cp -R etc/ Dockerfiles/$CI_JOB_NAME/ 156 | - docker build -t $NAME Dockerfiles/$CI_JOB_NAME 157 | - chmod +x ./ci-build.sh 158 | - ./ci-build.sh $NAME # Script to `docker run` with random ports 159 | - docker tag $NAME ${CI_REGISTRY}/${CI_PROJECT_PATH}:$TAG 160 | - docker push ${CI_REGISTRY}/${CI_PROJECT_PATH}:$TAG 161 | - docker stop $NAME 162 | - docker rm $NAME 163 | 164 | ubuntu18.04_crossplane: # CI_JOB_NAME 165 | stage: build 166 | variables: 167 | NAME: nginx-plus-$CI_JOB_NAME-$CI_PIPELINE_ID # Unique container name 168 | TAG: $CI_JOB_NAME 169 | script: 170 | - cp -R etc/ Dockerfiles/$CI_JOB_NAME/ 171 | - docker build -t $NAME Dockerfiles/$CI_JOB_NAME 172 | - chmod +x ./ci-build.sh 173 | - ./ci-build.sh $NAME # Script to `docker run` with random ports 174 | - docker tag $NAME ${CI_REGISTRY}/${CI_PROJECT_PATH}:$TAG 175 | - docker push ${CI_REGISTRY}/${CI_PROJECT_PATH}:$TAG 176 | - docker stop $NAME 177 | - docker rm $NAME 178 | 179 | clean_up: 180 | stage: clean_up 181 | script: 182 | - docker system prune -f 183 | - docker images 184 | when: always # Run regardless of job failures -------------------------------------------------------------------------------- /CONTROLLER-AGENT/entrypoint.sh: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | # 3 | # This script launches nginx and the NGINX Controller Agent. 4 | # 5 | # If several instances use the same imagename, the metrics will 6 | # be aggregated into a single object in Controller. Otherwise NGINX Controller 7 | # will create separate objects for monitoring (an object per instance). 8 | 9 | # Variables 10 | agent_conf_file="/etc/controller-agent/agent.conf" 11 | agent_log_file="/var/log/nginx-controller/agent.log" 12 | nginx_status_conf="/etc/nginx/conf.d/stub_status.conf" 13 | api_key="" 14 | controller_hostname="" 15 | controller_url="" 16 | location="" 17 | 18 | # Launch nginx 19 | echo "starting nginx ..." 20 | nginx -g "daemon off;" & 21 | 22 | nginx_pid=$! 23 | 24 | test -n "${ENV_API_KEY}" && \ 25 | api_key=${ENV_API_KEY} 26 | 27 | # if controller_hostname is defined in the env vars, use it 28 | test -n "${ENV_CONTROLLER_HOSTNAME}" && \ 29 | controller_hostname=${ENV_CONTROLLER_HOSTNAME} 30 | 31 | # if controller_hostname is not defined in the env vars, fail back to hostname 32 | test -z "${controller_hostname}" && \ 33 | controller_hostname=$(hostname -f) 34 | 35 | test -n "${ENV_CONTROLLER_URL}" && \ 36 | controller_url=${ENV_CONTROLLER_URL} 37 | 38 | test -n "${ENV_LOCATION}" && \ 39 | location=${ENV_LOCATION} 40 | 41 | if [ -n "${api_key}" -o -n "${controller_hostname}" -o -n "${controller_url}" -o -n "${location}" ]; then 42 | echo "updating ${agent_conf_file} ..." 43 | 44 | if [ ! -f "${agent_conf_file}" ]; then 45 | test -f "${agent_conf_file}.default" && \ 46 | cp -p "${agent_conf_file}.default" "${agent_conf_file}" || \ 47 | { echo "no ${agent_conf_file}.default found! exiting."; exit 1; } 48 | fi 49 | 50 | test -n "${api_key}" && \ 51 | echo " ---> using api_key = ${api_key}" && \ 52 | sh -c "sed -i.old -e 's/api_key.*$/api_key = $api_key/' \ 53 | ${agent_conf_file}" 54 | 55 | test -n "${controller_hostname}" && \ 56 | echo " ---> using hostname = ${controller_hostname}" && \ 57 | sh -c "sed -i.old -e 's/instance_name.*$/instance_name = $controller_hostname/' \ 58 | ${agent_conf_file}" 59 | 60 | test -n "${controller_url}" && \ 61 | echo " ---> using controller = ${controller_url}" && \ 62 | sh -c "sed -i.old -e 's@api_url.*@api_url = $controller_url@' \ 63 | ${agent_conf_file}" 64 | 65 | test -n "${location}" && \ 66 | echo " ---> using location = ${location}" && \ 67 | sh -c "sed -i.old -e 's/location_name.*$/location_name = $location/' \ 68 | ${agent_conf_file}" 69 | 70 | test -f "${agent_conf_file}" && \ 71 | chmod 644 ${agent_conf_file} && \ 72 | chown nginx ${agent_conf_file} > /dev/null 2>&1 73 | 74 | test -f "${nginx_status_conf}" && \ 75 | chmod 644 ${nginx_status_conf} && \ 76 | chown nginx ${nginx_status_conf} > /dev/null 2>&1 77 | fi 78 | 79 | if ! grep '^api_key.*=[ ]*[[:alnum:]].*' ${agent_conf_file} > /dev/null 2>&1; then 80 | echo "no api_key found in ${agent_conf_file}! exiting." 81 | fi 82 | 83 | echo "starting controller-agent ..." 84 | service controller-agent start > /dev/null 2>&1 < /dev/null 85 | 86 | if [ $? != 0 ]; then 87 | echo "couldn't start the agent, please check ${agent_log_file}" 88 | exit 1 89 | fi 90 | 91 | wait ${nginx_pid} 92 | 93 | echo "nginx master process has stopped, exiting." -------------------------------------------------------------------------------- /CONTROLLER-AGENT/nginx-plus-api.conf: -------------------------------------------------------------------------------- 1 | # This sample NGINX Plus configuration enables the NGINX Plus API, for live 2 | # activity monitoring and the built-in dashboard, dynamic configuration of 3 | # upstream groups, and key-value stores. Keep in mind that any features 4 | # added to the API in future NGINX Plus releases will be enabled 5 | # automatically by this file. 6 | # Created in May 2018 by NGINX, Inc. for NGINX Plus R14 and later. 7 | 8 | # Documentation: 9 | # https://docs.nginx.com/nginx/admin-guide/monitoring/live-activity-monitoring/ 10 | # https://www.nginx.com/blog/live-activity-monitoring-nginx-plus-3-simple-steps 11 | 12 | # To conform with the conventional configuration scheme, place this file in 13 | # the /etc/nginx/conf.d directory and add an 'include' directive that 14 | # references it in the main configuration file, /etc/nginx/nginx.conf, 15 | # either by name or with a wildcard expression. Then validate and reload 16 | # the configuration, for example with this command: 17 | # 18 | # nginx -t && nginx -s reload 19 | 20 | # Note that additional directives are required in other parts of the 21 | # configuration: 22 | # 23 | # For metrics to be gathered for an HTTP or TCP/UDP virtual server, you must 24 | # include the 'status_zone' directive in its 'server' block. See: 25 | # http://nginx.org/r/status_zone 26 | # 27 | # Similarly, for metrics to be gathered for an upstream server group, you 28 | # must include the 'zone' directive in the 'upstream' block. See: 29 | # http://nginx.org/r/zone 30 | # 31 | # For more information and instructions, see: 32 | # https://docs.nginx.com/nginx/admin-guide/monitoring/live-activity-monitoring#status_data 33 | 34 | # We strongly recommend that you restrict access to the NGINX Plus API so 35 | # that only authorized users can view metrics and configuration, change 36 | # configuration, or both. Here are a few options: 37 | # 38 | # (1) Configure your firewall to limit access to port 8080. 39 | # 40 | # (2) Use SSL/TLS client certificates. See: 41 | # https://docs.nginx.com/nginx/admin-guide/security-controls/terminating-ssl-http/ 42 | # 43 | # (3) Enable HTTP Basic authentication (RFC 7617) by uncommenting the 44 | # 'auth_basic*' directives in the 'server' block below. You can add users 45 | # with an htpasswd generator, which is readily available, or reuse an 46 | # existing htpasswd file (from an Apache HTTP Server, for example). See: 47 | # http://nginx.org/en/docs/http/ngx_http_auth_basic_module.html 48 | # 49 | # (4) Enable access from a defined network and disable it from all others, 50 | # by uncommenting the 'allow' and 'deny' directives in the 'server' block 51 | # below and specifying the appropriate network ranges. See: 52 | # http://nginx.org/en/docs/http/ngx_http_access_module.html 53 | # 54 | # You can create further restrictions on write operations, to distinguish 55 | # between users with read permission and those who can change configuration. 56 | # Uncomment the sample 'limit_except' directive in the 'location api' 57 | # block below. In addition to the HTTP Basic authentication shown, other 58 | # authentication schemes are supported. See: 59 | # http://nginx.org/r/limit_except 60 | 61 | server { 62 | # Conventional port for the NGINX Plus API is 8080 63 | listen 8080; 64 | 65 | # Uncomment to use HTTP Basic authentication; see (3) above 66 | #auth_basic "NGINX Plus API"; 67 | #auth_basic_user_file /etc/nginx/users; 68 | 69 | # Uncomment to use permissions based on IP address; see (4) above 70 | #allow 10.0.0.0/8; 71 | #deny all; 72 | 73 | # Conventional location for accessing the NGINX Plus API 74 | location /api/ { 75 | # Enable in read-write mode 76 | api write=on; 77 | 78 | # Uncomment to further restrict write permissions; see note above 79 | #limit_except GET { 80 | #auth_basic "NGINX Plus API"; 81 | #auth_basic_user_file /etc/nginx/admins; 82 | #} 83 | } 84 | 85 | # Conventional location of the NGINX Plus dashboard 86 | location = /dashboard.html { 87 | root /usr/share/nginx/html; 88 | } 89 | 90 | # Redirect requests for "/" to "/dashboard.html" 91 | location / { 92 | return 301 /dashboard.html; 93 | } 94 | 95 | # Redirect requests for pre-R14 dashboard 96 | location /status.html { 97 | return 301 /dashboard.html; 98 | } 99 | } 100 | # vim: syntax=nginx -------------------------------------------------------------------------------- /Dockerfiles/amazonlinux/Dockerfile: -------------------------------------------------------------------------------- 1 | FROM amazonlinux:1 2 | 3 | LABEL maintainer="armand@f5.com" 4 | 5 | # Define NGINX versions for NGINX Plus and NGINX Plus modules 6 | # Uncomment this block and the versioned nginxPackages in the main RUN 7 | # instruction to install a specific release 8 | ENV NGINX_VERSION 23 9 | # https://nginx.org/en/docs/njs/changes.html 10 | ENV NJS_VERSION 0.5.2 11 | # https://plus-pkgs.nginx.com 12 | ENV PKG_RELEASE 1.amzn1.ngx 13 | 14 | ## Install Nginx Plus 15 | # Download certificate and key from the customer portal https://account.f5.com/myf5 16 | # and copy to the build context and set correct permissions 17 | RUN mkdir -p /etc/ssl/nginx 18 | COPY etc/ssl/nginx/nginx-repo.crt /etc/ssl/nginx/nginx-repo.crt 19 | COPY etc/ssl/nginx/nginx-repo.key /etc/ssl/nginx/nginx-repo.key 20 | RUN set -x \ 21 | && chmod 644 /etc/ssl/nginx/* \ 22 | # Install prerequisite packages and vim for editing: 23 | && yum install -y --setopt=tsflags=nodocs wget ca-certificates bind-utils wget bind-utils vim-minimal shadow-utils \ 24 | # Create nginx user/group first, to be consistent throughout Docker variants 25 | && groupadd --system --gid 101 nginx \ 26 | && adduser -g nginx --system --no-create-home --home /nonexistent --shell /bin/false --uid 101 nginx \ 27 | && usermod -s /sbin/nologin nginx \ 28 | && usermod -L nginx \ 29 | # Prepare repo config and install NGINX Plus https://docs.nginx.com/nginx/admin-guide/installing-nginx/installing-nginx-plus/ 30 | && wget -P /etc/yum.repos.d https://cs.nginx.com/static/files/nginx-plus-amazon.repo \ 31 | # 32 | ## Install the latest release of NGINX App Protect and/or NGINX Plus modules 33 | ## Optionally use versioned packages over defaults to specify a release 34 | # List available versions: 35 | && yum --showduplicates list nginx-plus \ 36 | ## Uncomment one: 37 | # && yum install -y --setopt=tsflags=nodocs nginx-plus \ 38 | && yum install -y --setopt=tsflags=nodocs nginx-plus-${NGINX_VERSION}-${PKG_RELEASE} \ 39 | # 40 | ## Optional: Install NGINX Plus Dynamic Modules (3rd-party) from repo 41 | ## See https://www.nginx.com/products/nginx/modules 42 | ## Some modules include debug binaries, install module ending with "-dbg" 43 | ## Uncomment one: 44 | ## njs dynamic modules 45 | #nginx-plus-module-njs \ 46 | #nginx-plus-module-dbg \ 47 | #nginx-plus-module-njs=${NGINX_VERSION}+${NJS_VERSION}-${PKG_RELEASE} \ 48 | #nginx-plus-module-njs-dbg=${NGINX_VERSION}+${NJS_VERSION}-${PKG_RELEASE} \ 49 | ## NGINX high Availablity keepalived 50 | #nginx-ha-keepalived \ 51 | ## NGINX agent for New Relic \ 52 | #nginx-nr-agent \ 53 | ## SPNEGO for Kerberos authentication 54 | #nginx-plus-module-auth-spnego 55 | #nginx-plus-module-auth-spnego-dbg 56 | #nginx-plus-module-auth-spnego=${NGINX_VERSION}+${NJS_VERSION}-${PKG_RELEASE} 57 | #nginx-plus-module-auth-spnego-dbg=${NGINX_VERSION}+${NJS_VERSION}-${PKG_RELEASE} 58 | ## brotli compression dynamic modules 59 | #nginx-plus-module-brotli \ 60 | #nginx-plus-module-brotli-dbg \ 61 | #nginx-plus-module-brotli=${NGINX_VERSION}-${PKG_RELEASE} \ 62 | #nginx-plus-module-brotli-dbg=${NGINX_VERSION}-${PKG_RELEASE} \ 63 | ## cookie flag dynamic module 64 | #nginx-plus-module-cookie-flag \ 65 | #nginx-plus-module-cookie-flag-dbg 66 | #nginx-plus-module-cookie-flag=${NGINX_VERSION}-${PKG_RELEASE} \ 67 | #nginx-plus-module-cookie-flag-dbg=${NGINX_VERSION}-${PKG_RELEASE} \ 68 | ## Encrypted-Session dynamic module 69 | #nginx-plus-module-encrypted-session \ 70 | #nginx-plus-module-encrypted-session=${NGINX_VERSION}-${PKG_RELEASE} \ 71 | #nginx-plus-module-encrypted-session-dbg \ 72 | #nginx-plus-module-encrypted-session-dbg=${NGINX_VERSION}-${PKG_RELEASE} \ 73 | ## FIPS Check 74 | #nginx-plus-module-fips-check \ 75 | #nginx-plus-module-fips-check-dbg \ 76 | #nginx-plus-module-fips-check=${NGINX_VERSION}-${PKG_RELEASE} \ 77 | #nginx-plus-module-fips-check-dbg=${NGINX_VERSION}-${PKG_RELEASE} \ 78 | ## GeoIP dynamic modules 79 | #nginx-plus-module-geoip \ 80 | #nginx-plus-module-geoip-dbg \ 81 | #nginx-plus-module-geoip=${NGINX_VERSION}-${PKG_RELEASE} \ 82 | #nginx-plus-module-geoip-dbg=${NGINX_VERSION}-${PKG_RELEASE} \ 83 | ## GeoIP2 dynamic modules 84 | #nginx-plus-module-geoip2 \ 85 | #nginx-plus-module-geoip2-dbg \ 86 | #nginx-plus-module-geoip2=${NGINX_VERSION}-${PKG_RELEASE} \ 87 | #nginx-plus-module-geoip2-dbg=${NGINX_VERSION}-${PKG_RELEASE} \ 88 | ## headers-more dynamic module 89 | #nginx-plus-module-headers-more \ 90 | #nginx-plus-module-headers-more-dbg \ 91 | #nginx-plus-module-headers-more=${NGINX_VERSION}-${PKG_RELEASE} \ 92 | #nginx-plus-module-headers-more-dbg=${NGINX_VERSION}-${PKG_RELEASE} \ 93 | ## image filter dynamic module 94 | #nginx-plus-module-image-filter \ 95 | #nginx-plus-module-image-filter-dbg \ 96 | #nginx-plus-module-image-filter=${NGINX_VERSION}-${PKG_RELEASE} \ 97 | #nginx-plus-module-image-filter-dbg=${NGINX_VERSION}-${PKG_RELEASE} \ 98 | ## Lua dynamic module 99 | #nginx-plus-module-lua \ 100 | #nginx-plus-module-lua-dbg \ 101 | #nginx-plus-module-lua=${NGINX_VERSION}-${PKG_RELEASE} \ 102 | #nginx-plus-module-lua-dbg=${NGINX_VERSION}-${PKG_RELEASE} \ 103 | ## ModSecurity dynamic module 104 | #nginx-plus-module-modsecurity \ 105 | #nginx-plus-module-modsecurity-dbg \ 106 | #nginx-plus-module-modsecurity=${NGINX_VERSION}-${PKG_RELEASE} \ 107 | #nginx-plus-module-modsecurity-dbg=${NGINX_VERSION}-${PKG_RELEASE} \ 108 | ## Nginx Development Kit dynamic module 109 | #nginx-plus-module-ndk \ 110 | #nginx-plus-module-ndk-dbg \ 111 | #nginx-plus-module-ndk=${NGINX_VERSION}-${PKG_RELEASE} \ 112 | #nginx-plus-module-ndk-dbg=${NGINX_VERSION}-${PKG_RELEASE} \ 113 | ## OpenTracing dynamic module 114 | #nginx-plus-module-opentracing \ 115 | #nginx-plus-module-opentracing-dbg \ 116 | #nginx-plus-module-opentracing=${NGINX_VERSION}-${PKG_RELEASE} \ 117 | #nginx-plus-module-opentracing-dbg=${NGINX_VERSION}-${PKG_RELEASE} \ 118 | ## Phusion Passenger Open Source dynamic module 119 | #nginx-plus-module-passenger \ 120 | #nginx-plus-module-passenger-dbg \ 121 | #nginx-plus-module-passenger=${NGINX_VERSION}-${PKG_RELEASE} \ 122 | #nginx-plus-module-passenger-dbg=${NGINX_VERSION}-${PKG_RELEASE} \ 123 | ## Perl dynamic module 124 | #nginx-plus-module-perl \ 125 | #nginx-plus-module-perl-dbg \ 126 | #nginx-plus-module-perl=${NGINX_VERSION}-${PKG_RELEASE} \ 127 | #nginx-plus-module-perl-dbg=${NGINX_VERSION}-${PKG_RELEASE} \ 128 | ## Prometheus exporter NJS module 129 | #nginx-plus-module-prometheus \ 130 | #nginx-plus-module-prometheus=${NGINX_VERSION}-${PKG_RELEASE} \ 131 | ## RTMP dynamic module 132 | #nginx-plus-module-rtmp \ 133 | #nginx-plus-module-rtmp-dbg \ 134 | #nginx-plus-module-rtmp=${NGINX_VERSION}-${PKG_RELEASE} \ 135 | #nginx-plus-module-rtmp-dbg=${NGINX_VERSION}-${PKG_RELEASE} \ 136 | ## set-misc dynamic module 137 | #nginx-plus-module-set-misc \ 138 | #nginx-plus-module-set-misc-dbg \ 139 | #nginx-plus-module-set-misc=${NGINX_VERSION}-${PKG_RELEASE} \ 140 | #nginx-plus-module-set-misc-dbg=${NGINX_VERSION}-${PKG_RELEASE} \ 141 | ## HTTP Substitutions Filter dynamic module 142 | #nginx-plus-module-subs-filter \ 143 | #nginx-plus-module-subs-filter-dbg \ 144 | #nginx-plus-module-subs-filter=${NGINX_VERSION}-${PKG_RELEASE} \ 145 | #nginx-plus-module-subs-filter-dbg=${NGINX_VERSION}-${PKG_RELEASE} \ 146 | ## xslt dynamic module 147 | #nginx-plus-module-xslt \ 148 | #nginx-plus-module-xslt-dbg \ 149 | #nginx-plus-module-xslt=${NGINX_VERSION}-${PKG_RELEASE} \ 150 | #nginx-plus-module-xslt-dbg=${NGINX_VERSION}-${PKG_RELEASE} \ 151 | ## NGINX Sync Script nginx-sync.sh 152 | #nginx-sync \ 153 | # Cleanup 154 | # Remove default nginx config 155 | && rm /etc/nginx/conf.d/default.conf \ 156 | # Optional: Create cache folder and set permissions for proxy caching 157 | && mkdir -p /var/cache/nginx \ 158 | # Optional: Create State file folder and set permissions 159 | && mkdir -p /var/lib/nginx/state \ 160 | # Set permissions 161 | && chown -R nginx:nginx /etc/nginx \ 162 | # Forward request and error logs to docker log collector 163 | && ln -sf /dev/stdout /var/log/nginx/access.log \ 164 | && ln -sf /dev/stderr /var/log/nginx/error.log \ 165 | # Raise the limits to successfully run benchmarks 166 | && ulimit -c -m -s -t unlimited \ 167 | # Cleanup 168 | && yum clean all \ 169 | && rm -rf /var/cache/yum \ 170 | && rm -rf /etc/yum.repos.d/* \ 171 | # Remove the cert/keys from the image 172 | && rm /etc/ssl/nginx/nginx-repo.crt /etc/ssl/nginx/nginx-repo.key 173 | 174 | # Optional: COPY over any of your SSL certs for HTTPS servers 175 | # e.g. 176 | #COPY etc/ssl/www.example.com.crt /etc/ssl/www.example.com.crt 177 | #COPY etc/ssl/www.example.com.key /etc/ssl/www.example.com.key 178 | 179 | # COPY /etc/nginx (Nginx configuration) directory 180 | COPY etc/nginx /etc/nginx 181 | 182 | # EXPOSE ports, HTTP 80, HTTPS 443 and, Nginx status page 8080 183 | EXPOSE 80 443 8080 184 | STOPSIGNAL SIGTERM 185 | CMD ["nginx", "-g", "daemon off;"] -------------------------------------------------------------------------------- /Dockerfiles/amazonlinux2/Dockerfile: -------------------------------------------------------------------------------- 1 | FROM amazonlinux:2 2 | 3 | LABEL maintainer="armand@f5.com" 4 | 5 | # Define NGINX versions for NGINX Plus and NGINX Plus modules 6 | # Uncomment this block and the versioned nginxPackages in the main RUN 7 | # instruction to install a specific release 8 | ENV NGINX_VERSION 23 9 | # https://nginx.org/en/docs/njs/changes.html 10 | ENV NJS_VERSION 0.5.2 11 | # https://plus-pkgs.nginx.com 12 | ENV PKG_RELEASE 1.amzn2.ngx 13 | 14 | ## Install Nginx Plus 15 | # Download certificate and key from the customer portal https://account.f5.com/myf5 16 | # and copy to the build context and set correct permissions 17 | RUN mkdir -p /etc/ssl/nginx 18 | COPY etc/ssl/nginx/nginx-repo.crt /etc/ssl/nginx/nginx-repo.crt 19 | COPY etc/ssl/nginx/nginx-repo.key /etc/ssl/nginx/nginx-repo.key 20 | RUN set -x \ 21 | && chmod 644 /etc/ssl/nginx/* \ 22 | # Install prerequisite packages and vim for editing: 23 | && yum install -y --setopt=tsflags=nodocs wget ca-certificates bind-utils wget bind-utils vim-minimal shadow-utils \ 24 | # Create nginx user/group first, to be consistent throughout Docker variants 25 | && groupadd --system --gid 101 nginx \ 26 | && adduser -g nginx --system --no-create-home --home /nonexistent --shell /bin/false --uid 101 nginx \ 27 | && usermod -s /sbin/nologin nginx \ 28 | && usermod -L nginx \ 29 | # Prepare repo config and install NGINX Plus https://docs.nginx.com/nginx/admin-guide/installing-nginx/installing-nginx-plus/ 30 | && wget -P /etc/yum.repos.d https://cs.nginx.com/static/files/nginx-plus-amazon2.repo \ 31 | # 32 | ## Install the latest release of NGINX App Protect and/or NGINX Plus modules 33 | ## Optionally use versioned packages over defaults to specify a release 34 | # List available versions: 35 | && yum --showduplicates list nginx-plus \ 36 | ## Uncomment one: 37 | # && yum install -y --setopt=tsflags=nodocs nginx-plus \ 38 | && yum install -y --setopt=tsflags=nodocs nginx-plus-${NGINX_VERSION}-${PKG_RELEASE} \ 39 | # 40 | ## Optional: Install NGINX Plus Dynamic Modules (3rd-party) from repo 41 | ## See https://www.nginx.com/products/nginx/modules 42 | ## Some modules include debug binaries, install module ending with "-dbg" 43 | ## Uncomment one: 44 | ## njs dynamic modules 45 | #nginx-plus-module-njs \ 46 | #nginx-plus-module-dbg \ 47 | #nginx-plus-module-njs=${NGINX_VERSION}+${NJS_VERSION}-${PKG_RELEASE} \ 48 | #nginx-plus-module-njs-dbg=${NGINX_VERSION}+${NJS_VERSION}-${PKG_RELEASE} \ 49 | ## NGINX high Availablity keepalived 50 | #nginx-ha-keepalived \ 51 | ## NGINX agent for New Relic \ 52 | #nginx-nr-agent \ 53 | ## SPNEGO for Kerberos authentication 54 | #nginx-plus-module-auth-spnego 55 | #nginx-plus-module-auth-spnego-dbg 56 | #nginx-plus-module-auth-spnego=${NGINX_VERSION}+${NJS_VERSION}-${PKG_RELEASE} 57 | #nginx-plus-module-auth-spnego-dbg=${NGINX_VERSION}+${NJS_VERSION}-${PKG_RELEASE} 58 | ## brotli compression dynamic modules 59 | #nginx-plus-module-brotli \ 60 | #nginx-plus-module-brotli-dbg \ 61 | #nginx-plus-module-brotli=${NGINX_VERSION}-${PKG_RELEASE} \ 62 | #nginx-plus-module-brotli-dbg=${NGINX_VERSION}-${PKG_RELEASE} \ 63 | ## cookie flag dynamic module 64 | #nginx-plus-module-cookie-flag \ 65 | #nginx-plus-module-cookie-flag-dbg 66 | #nginx-plus-module-cookie-flag=${NGINX_VERSION}-${PKG_RELEASE} \ 67 | #nginx-plus-module-cookie-flag-dbg=${NGINX_VERSION}-${PKG_RELEASE} \ 68 | ## Encrypted-Session dynamic module 69 | #nginx-plus-module-encrypted-session \ 70 | #nginx-plus-module-encrypted-session=${NGINX_VERSION}-${PKG_RELEASE} \ 71 | #nginx-plus-module-encrypted-session-dbg \ 72 | #nginx-plus-module-encrypted-session-dbg=${NGINX_VERSION}-${PKG_RELEASE} \ 73 | ## FIPS Check 74 | #nginx-plus-module-fips-check \ 75 | #nginx-plus-module-fips-check-dbg \ 76 | #nginx-plus-module-fips-check=${NGINX_VERSION}-${PKG_RELEASE} \ 77 | #nginx-plus-module-fips-check-dbg=${NGINX_VERSION}-${PKG_RELEASE} \ 78 | ## GeoIP dynamic modules 79 | #nginx-plus-module-geoip \ 80 | #nginx-plus-module-geoip-dbg \ 81 | #nginx-plus-module-geoip=${NGINX_VERSION}-${PKG_RELEASE} \ 82 | #nginx-plus-module-geoip-dbg=${NGINX_VERSION}-${PKG_RELEASE} \ 83 | ## GeoIP2 dynamic modules 84 | #nginx-plus-module-geoip2 \ 85 | #nginx-plus-module-geoip2-dbg \ 86 | #nginx-plus-module-geoip2=${NGINX_VERSION}-${PKG_RELEASE} \ 87 | #nginx-plus-module-geoip2-dbg=${NGINX_VERSION}-${PKG_RELEASE} \ 88 | ## headers-more dynamic module 89 | #nginx-plus-module-headers-more \ 90 | #nginx-plus-module-headers-more-dbg \ 91 | #nginx-plus-module-headers-more=${NGINX_VERSION}-${PKG_RELEASE} \ 92 | #nginx-plus-module-headers-more-dbg=${NGINX_VERSION}-${PKG_RELEASE} \ 93 | ## image filter dynamic module 94 | #nginx-plus-module-image-filter \ 95 | #nginx-plus-module-image-filter-dbg \ 96 | #nginx-plus-module-image-filter=${NGINX_VERSION}-${PKG_RELEASE} \ 97 | #nginx-plus-module-image-filter-dbg=${NGINX_VERSION}-${PKG_RELEASE} \ 98 | ## Lua dynamic module 99 | #nginx-plus-module-lua \ 100 | #nginx-plus-module-lua-dbg \ 101 | #nginx-plus-module-lua=${NGINX_VERSION}-${PKG_RELEASE} \ 102 | #nginx-plus-module-lua-dbg=${NGINX_VERSION}-${PKG_RELEASE} \ 103 | ## ModSecurity dynamic module 104 | #nginx-plus-module-modsecurity \ 105 | #nginx-plus-module-modsecurity-dbg \ 106 | #nginx-plus-module-modsecurity=${NGINX_VERSION}-${PKG_RELEASE} \ 107 | #nginx-plus-module-modsecurity-dbg=${NGINX_VERSION}-${PKG_RELEASE} \ 108 | ## Nginx Development Kit dynamic module 109 | #nginx-plus-module-ndk \ 110 | #nginx-plus-module-ndk-dbg \ 111 | #nginx-plus-module-ndk=${NGINX_VERSION}-${PKG_RELEASE} \ 112 | #nginx-plus-module-ndk-dbg=${NGINX_VERSION}-${PKG_RELEASE} \ 113 | ## OpenTracing dynamic module 114 | #nginx-plus-module-opentracing \ 115 | #nginx-plus-module-opentracing-dbg \ 116 | #nginx-plus-module-opentracing=${NGINX_VERSION}-${PKG_RELEASE} \ 117 | #nginx-plus-module-opentracing-dbg=${NGINX_VERSION}-${PKG_RELEASE} \ 118 | ## Phusion Passenger Open Source dynamic module 119 | #nginx-plus-module-passenger \ 120 | #nginx-plus-module-passenger-dbg \ 121 | #nginx-plus-module-passenger=${NGINX_VERSION}-${PKG_RELEASE} \ 122 | #nginx-plus-module-passenger-dbg=${NGINX_VERSION}-${PKG_RELEASE} \ 123 | ## Perl dynamic module 124 | #nginx-plus-module-perl \ 125 | #nginx-plus-module-perl-dbg \ 126 | #nginx-plus-module-perl=${NGINX_VERSION}-${PKG_RELEASE} \ 127 | #nginx-plus-module-perl-dbg=${NGINX_VERSION}-${PKG_RELEASE} \ 128 | ## Prometheus exporter NJS module 129 | #nginx-plus-module-prometheus \ 130 | #nginx-plus-module-prometheus=${NGINX_VERSION}-${PKG_RELEASE} \ 131 | ## RTMP dynamic module 132 | #nginx-plus-module-rtmp \ 133 | #nginx-plus-module-rtmp-dbg \ 134 | #nginx-plus-module-rtmp=${NGINX_VERSION}-${PKG_RELEASE} \ 135 | #nginx-plus-module-rtmp-dbg=${NGINX_VERSION}-${PKG_RELEASE} \ 136 | ## set-misc dynamic module 137 | #nginx-plus-module-set-misc \ 138 | #nginx-plus-module-set-misc-dbg \ 139 | #nginx-plus-module-set-misc=${NGINX_VERSION}-${PKG_RELEASE} \ 140 | #nginx-plus-module-set-misc-dbg=${NGINX_VERSION}-${PKG_RELEASE} \ 141 | ## HTTP Substitutions Filter dynamic module 142 | #nginx-plus-module-subs-filter \ 143 | #nginx-plus-module-subs-filter-dbg \ 144 | #nginx-plus-module-subs-filter=${NGINX_VERSION}-${PKG_RELEASE} \ 145 | #nginx-plus-module-subs-filter-dbg=${NGINX_VERSION}-${PKG_RELEASE} \ 146 | ## xslt dynamic module 147 | #nginx-plus-module-xslt \ 148 | #nginx-plus-module-xslt-dbg \ 149 | #nginx-plus-module-xslt=${NGINX_VERSION}-${PKG_RELEASE} \ 150 | #nginx-plus-module-xslt-dbg=${NGINX_VERSION}-${PKG_RELEASE} \ 151 | ## NGINX Sync Script nginx-sync.sh 152 | #nginx-sync \ 153 | # Remove default nginx config 154 | && rm /etc/nginx/conf.d/default.conf \ 155 | # Optional: Create cache folder and set permissions for proxy caching 156 | && mkdir -p /var/cache/nginx \ 157 | # Optional: Create State file folder and set permissions 158 | && mkdir -p /var/lib/nginx/state \ 159 | # Set permissions 160 | && chown -R nginx:nginx /etc/nginx \ 161 | # Forward request and error logs to docker log collector 162 | && ln -sf /dev/stdout /var/log/nginx/access.log \ 163 | && ln -sf /dev/stderr /var/log/nginx/error.log \ 164 | # Raise the limits to successfully run benchmarks 165 | && ulimit -c -m -s -t unlimited \ 166 | # Cleanup 167 | && yum clean all \ 168 | && rm -rf /var/cache/yum \ 169 | && rm -rf /etc/yum.repos.d/* \ 170 | # Remove the cert/keys from the image 171 | && rm /etc/ssl/nginx/nginx-repo.crt /etc/ssl/nginx/nginx-repo.key 172 | 173 | # Optional: COPY over any of your SSL certs for HTTPS servers 174 | # e.g. 175 | #COPY etc/ssl/www.example.com.crt /etc/ssl/www.example.com.crt 176 | #COPY etc/ssl/www.example.com.key /etc/ssl/www.example.com.key 177 | 178 | # COPY /etc/nginx (Nginx configuration) directory 179 | COPY etc/nginx /etc/nginx 180 | 181 | # EXPOSE ports, HTTP 80, HTTPS 443 and, Nginx status page 8080 182 | EXPOSE 80 443 8080 183 | STOPSIGNAL SIGTERM 184 | CMD ["nginx", "-g", "daemon off;"] -------------------------------------------------------------------------------- /Dockerfiles/amazonlinux2_controller/Dockerfile: -------------------------------------------------------------------------------- 1 | FROM amazonlinux:2 2 | 3 | LABEL maintainer="armand@f5.com" 4 | 5 | # Define NGINX versions for NGINX Plus and NGINX Plus modules 6 | # Uncomment this block and the versioned nginxPackages in the main RUN 7 | # instruction to install a specific release 8 | # ENV NGINX_VERSION 23 9 | # https://nginx.org/en/docs/njs/changes.html 10 | # ENV NJS_VERSION 0.5.2 11 | # https://plus-pkgs.nginx.com 12 | # ENV PKG_RELEASE r1 13 | 14 | # e.g '1234567890' 15 | ARG API_KEY 16 | ENV ENV_API_KEY=$API_KEY 17 | 18 | # e.g https://:8443/1.4 19 | ARG CONTROLLER_URL 20 | ENV ENV_CONTROLLER_URL=$CONTROLLER_URL 21 | 22 | # e.g True or False 23 | ARG STORE_UUID=False 24 | ENV ENV_STORE_UUID=$STORE_UUID 25 | 26 | # e.g Instance location already defined in Controller 27 | ARG LOCATION 28 | ENV ENV_LOCATION=$LOCATION 29 | 30 | # Download certificate (nginx-repo.crt) and key (nginx-repo.key) from the customer portal (https://cs.nginx.com) 31 | # and copy to the build context 32 | COPY nginx-repo.* /etc/ssl/nginx/ 33 | COPY nginx-plus-api.conf /etc/nginx/conf.d/ 34 | COPY ./entrypoint.sh / 35 | 36 | ## Install Nginx Plus 37 | # Download certificate and key from the customer portal https://account.f5.com/myf5 38 | # and copy to the build context and set correct permissions 39 | RUN mkdir -p /etc/ssl/nginx 40 | COPY etc/ssl/nginx/nginx-repo.crt /etc/ssl/nginx/nginx-repo.crt 41 | COPY etc/ssl/nginx/nginx-repo.key /etc/ssl/nginx/nginx-repo.key 42 | RUN chmod 644 /etc/ssl/nginx/* \ 43 | # Install prerequisite packages and vim for editing: 44 | && yum install -y --setopt=tsflags=nodocs wget ca-certificates bind-utils wget bind-utils vim-minimal \ 45 | # Prepare repo config and install NGINX Plus https://docs.nginx.com/nginx/admin-guide/installing-nginx/installing-nginx-plus/ 46 | && wget -P /etc/yum.repos.d https://cs.nginx.com/static/files/nginx-plus-amazon2.repo \ 47 | # 48 | ## Install the latest release of NGINX Plus and/or NGINX Plus modules 49 | ## Optionally use versioned packages over defaults to specify a release 50 | ## Uncomment one: 51 | && yum install -y --setopt=tsflags=nodocs nginx-plus \ 52 | # 53 | # NGINX Javascript module needed for APIM 54 | nginx-plus-module-njs \ 55 | # 56 | # 57 | # Install Controller Agent 58 | && curl -k -sS -L ${CONTROLLER_URL}/install/controller/ > install.sh \ 59 | && sed -i 's/^assume_yes=""/assume_yes="-y"/' install.sh \ 60 | && sh ./install.sh -y 61 | # Set Permissions 62 | && chown -R nginx:nginx /etc/nginx \ 63 | # Forward request and error logs to docker log collector 64 | && ln -sf /dev/stdout /var/log/nginx-controller/agent.log \ 65 | && ln -sf /dev/stderr /var/log/nginx/error.log \ 66 | # Raise the limits to successfully run benchmarks 67 | && ulimit -c -m -s -t unlimited \ 68 | # Cleanup 69 | && yum clean all \ 70 | && rm -rf /var/cache/yum \ 71 | && rm -rf /etc/yum.repos.d/* \ 72 | # Remove the cert/keys from the image 73 | && rm /etc/ssl/nginx/nginx-repo.crt /etc/ssl/nginx/nginx-repo.key 74 | 75 | # COPY /etc/nginx (Nginx configuration) directory 76 | COPY etc/nginx /etc/nginx 77 | 78 | # EXPOSE common ports, HTTP 80 and HTTPS 443 79 | EXPOSE 80 443 80 | STOPSIGNAL SIGTERM 81 | ENTRYPOINT ["sh", "/entrypoint.sh"] -------------------------------------------------------------------------------- /Dockerfiles/centos7.6/Dockerfile: -------------------------------------------------------------------------------- 1 | FROM centos:centos7.6.1810 2 | 3 | LABEL maintainer="armand@f5.com" 4 | 5 | # Define NGINX versions for NGINX Plus and NGINX Plus modules 6 | # Uncomment this block and the versioned nginxPackages in the main RUN 7 | # instruction to install a specific release 8 | ENV NGINX_VERSION 23 9 | # https://nginx.org/en/docs/njs/changes.html 10 | ENV NJS_VERSION 0.5.2 11 | # https://plus-pkgs.nginx.com 12 | ENV PKG_RELEASE 1.el7.ngx 13 | 14 | ## Install Nginx Plus 15 | # Download certificate and key from the customer portal https://account.f5.com/myf5 16 | # and copy to the build context and set correct permissions 17 | RUN mkdir -p /etc/ssl/nginx 18 | COPY etc/ssl/nginx/nginx-repo.crt /etc/ssl/nginx/nginx-repo.crt 19 | COPY etc/ssl/nginx/nginx-repo.key /etc/ssl/nginx/nginx-repo.key 20 | RUN set -x \ 21 | && chmod 644 /etc/ssl/nginx/* \ 22 | # Create nginx user/group first, to be consistent throughout Docker variants 23 | && groupadd --system --gid 101 nginx \ 24 | && adduser -g nginx --system --no-create-home --home /nonexistent --shell /bin/false --uid 101 nginx \ 25 | && usermod -s /sbin/nologin nginx \ 26 | && usermod -L nginx \ 27 | # Install prerequisite packages (ca-certificates epel-release) and tools for editing/troubleshooting: 28 | && yum install -y --setopt=tsflags=nodocs wget ca-certificates bind-utils wget bind-utils vim-minimal \ 29 | # Prepare repo config and install NGINX Plus https://docs.nginx.com/nginx/admin-guide/installing-nginx/installing-nginx-plus/ 30 | && wget -q -O /etc/yum.repos.d/nginx-plus-7.repo https://cs.nginx.com/static/files/nginx-plus-7.4.repo \ 31 | # 32 | ## Install the latest release of NGINX App Protect and/or NGINX Plus modules 33 | ## Optionally use versioned packages over defaults to specify a release 34 | # List available versions: 35 | && yum --showduplicates list nginx-plus \ 36 | ## Uncomment one: 37 | # && yum install -y --setopt=tsflags=nodocs nginx-plus \ 38 | && yum install -y --setopt=tsflags=nodocs nginx-plus-${NGINX_VERSION}-${PKG_RELEASE} \ 39 | # 40 | ## Optional: Install NGINX Plus Dynamic Modules (3rd-party) from repo 41 | ## See https://www.nginx.com/products/nginx/modules 42 | ## Some modules include debug binaries, install module ending with "-dbg" 43 | ## Uncomment one (run "yum --showduplicates list nginx-plus-module-njs" to see all versions): 44 | ## njs dynamic modules 45 | #nginx-plus-module-njs \ 46 | #nginx-plus-module-dbg \ 47 | #nginx-plus-module-njs=${NGINX_VERSION}+${NJS_VERSION}-${PKG_RELEASE} \ 48 | #nginx-plus-module-njs-dbg=${NGINX_VERSION}+${NJS_VERSION}-${PKG_RELEASE} \ 49 | ## NGINX high Availablity keepalived 50 | #nginx-ha-keepalived \ 51 | ## NGINX agent for New Relic \ 52 | #nginx-nr-agent \ 53 | ## SPNEGO for Kerberos authentication 54 | #nginx-plus-module-auth-spnego 55 | #nginx-plus-module-auth-spnego-dbg 56 | #nginx-plus-module-auth-spnego=${NGINX_VERSION}+${NJS_VERSION}-${PKG_RELEASE} 57 | #nginx-plus-module-auth-spnego-dbg=${NGINX_VERSION}+${NJS_VERSION}-${PKG_RELEASE} 58 | ## brotli compression dynamic modules 59 | #nginx-plus-module-brotli \ 60 | #nginx-plus-module-brotli-dbg \ 61 | #nginx-plus-module-brotli=${NGINX_VERSION}-${PKG_RELEASE} \ 62 | #nginx-plus-module-brotli-dbg=${NGINX_VERSION}-${PKG_RELEASE} \ 63 | ## cookie flag dynamic module 64 | #nginx-plus-module-cookie-flag \ 65 | #nginx-plus-module-cookie-flag-dbg 66 | #nginx-plus-module-cookie-flag=${NGINX_VERSION}-${PKG_RELEASE} \ 67 | #nginx-plus-module-cookie-flag-dbg=${NGINX_VERSION}-${PKG_RELEASE} \ 68 | ## Encrypted-Session dynamic module 69 | #nginx-plus-module-encrypted-session \ 70 | #nginx-plus-module-encrypted-session=${NGINX_VERSION}-${PKG_RELEASE} \ 71 | #nginx-plus-module-encrypted-session-dbg \ 72 | #nginx-plus-module-encrypted-session-dbg=${NGINX_VERSION}-${PKG_RELEASE} \ 73 | ## FIPS Check 74 | #nginx-plus-module-fips-check \ 75 | #nginx-plus-module-fips-check-dbg \ 76 | #nginx-plus-module-fips-check=${NGINX_VERSION}-${PKG_RELEASE} \ 77 | #nginx-plus-module-fips-check-dbg=${NGINX_VERSION}-${PKG_RELEASE} \ 78 | ## GeoIP dynamic modules 79 | #nginx-plus-module-geoip \ 80 | #nginx-plus-module-geoip-dbg \ 81 | #nginx-plus-module-geoip=${NGINX_VERSION}-${PKG_RELEASE} \ 82 | #nginx-plus-module-geoip-dbg=${NGINX_VERSION}-${PKG_RELEASE} \ 83 | ## GeoIP2 dynamic modules 84 | #nginx-plus-module-geoip2 \ 85 | #nginx-plus-module-geoip2-dbg \ 86 | #nginx-plus-module-geoip2=${NGINX_VERSION}-${PKG_RELEASE} \ 87 | #nginx-plus-module-geoip2-dbg=${NGINX_VERSION}-${PKG_RELEASE} \ 88 | ## headers-more dynamic module 89 | #nginx-plus-module-headers-more \ 90 | #nginx-plus-module-headers-more-dbg \ 91 | #nginx-plus-module-headers-more=${NGINX_VERSION}-${PKG_RELEASE} \ 92 | #nginx-plus-module-headers-more-dbg=${NGINX_VERSION}-${PKG_RELEASE} \ 93 | ## image filter dynamic module 94 | #nginx-plus-module-image-filter \ 95 | #nginx-plus-module-image-filter-dbg \ 96 | #nginx-plus-module-image-filter=${NGINX_VERSION}-${PKG_RELEASE} \ 97 | #nginx-plus-module-image-filter-dbg=${NGINX_VERSION}-${PKG_RELEASE} \ 98 | ## Lua dynamic module 99 | #nginx-plus-module-lua \ 100 | #nginx-plus-module-lua-dbg \ 101 | #nginx-plus-module-lua=${NGINX_VERSION}-${PKG_RELEASE} \ 102 | #nginx-plus-module-lua-dbg=${NGINX_VERSION}-${PKG_RELEASE} \ 103 | ## ModSecurity dynamic module 104 | #nginx-plus-module-modsecurity \ 105 | #nginx-plus-module-modsecurity-dbg \ 106 | #nginx-plus-module-modsecurity=${NGINX_VERSION}-${PKG_RELEASE} \ 107 | #nginx-plus-module-modsecurity-dbg=${NGINX_VERSION}-${PKG_RELEASE} \ 108 | ## Nginx Development Kit dynamic module 109 | #nginx-plus-module-ndk \ 110 | #nginx-plus-module-ndk-dbg \ 111 | #nginx-plus-module-ndk=${NGINX_VERSION}-${PKG_RELEASE} \ 112 | #nginx-plus-module-ndk-dbg=${NGINX_VERSION}-${PKG_RELEASE} \ 113 | ## OpenTracing dynamic module 114 | #nginx-plus-module-opentracing \ 115 | #nginx-plus-module-opentracing-dbg \ 116 | #nginx-plus-module-opentracing=${NGINX_VERSION}-${PKG_RELEASE} \ 117 | #nginx-plus-module-opentracing-dbg=${NGINX_VERSION}-${PKG_RELEASE} \ 118 | ## Phusion Passenger Open Source dynamic module 119 | #nginx-plus-module-passenger \ 120 | #nginx-plus-module-passenger-dbg \ 121 | #nginx-plus-module-passenger=${NGINX_VERSION}-${PKG_RELEASE} \ 122 | #nginx-plus-module-passenger-dbg=${NGINX_VERSION}-${PKG_RELEASE} \ 123 | ## Perl dynamic module 124 | #nginx-plus-module-perl \ 125 | #nginx-plus-module-perl-dbg \ 126 | #nginx-plus-module-perl=${NGINX_VERSION}-${PKG_RELEASE} \ 127 | #nginx-plus-module-perl-dbg=${NGINX_VERSION}-${PKG_RELEASE} \ 128 | ## Prometheus exporter NJS module 129 | #nginx-plus-module-prometheus \ 130 | #nginx-plus-module-prometheus=${NGINX_VERSION}-${PKG_RELEASE} \ 131 | ## RTMP dynamic module 132 | #nginx-plus-module-rtmp \ 133 | #nginx-plus-module-rtmp-dbg \ 134 | #nginx-plus-module-rtmp=${NGINX_VERSION}-${PKG_RELEASE} \ 135 | #nginx-plus-module-rtmp-dbg=${NGINX_VERSION}-${PKG_RELEASE} \ 136 | ## set-misc dynamic module 137 | #nginx-plus-module-set-misc \ 138 | #nginx-plus-module-set-misc-dbg \ 139 | #nginx-plus-module-set-misc=${NGINX_VERSION}-${PKG_RELEASE} \ 140 | #nginx-plus-module-set-misc-dbg=${NGINX_VERSION}-${PKG_RELEASE} \ 141 | ## HTTP Substitutions Filter dynamic module 142 | #nginx-plus-module-subs-filter \ 143 | #nginx-plus-module-subs-filter-dbg \ 144 | #nginx-plus-module-subs-filter=${NGINX_VERSION}-${PKG_RELEASE} \ 145 | #nginx-plus-module-subs-filter-dbg=${NGINX_VERSION}-${PKG_RELEASE} \ 146 | ## xslt dynamic module 147 | #nginx-plus-module-xslt \ 148 | #nginx-plus-module-xslt-dbg \ 149 | #nginx-plus-module-xslt=${NGINX_VERSION}-${PKG_RELEASE} \ 150 | #nginx-plus-module-xslt-dbg=${NGINX_VERSION}-${PKG_RELEASE} \ 151 | ## NGINX Sync Script nginx-sync.sh 152 | #nginx-sync \ 153 | # Remove default nginx config 154 | && rm /etc/nginx/conf.d/default.conf \ 155 | # Optional: Create cache folder and set permissions for proxy caching 156 | && mkdir -p /var/cache/nginx \ 157 | && chown -R nginx /var/cache/nginx \ 158 | # Optional: Create State file folder and set permissions 159 | && mkdir -p /var/lib/nginx/state \ 160 | && chown -R nginx /var/lib/nginx/state \ 161 | # Set permissions 162 | && chown -R nginx:nginx /etc/nginx \ 163 | # Forward request and error logs to docker log collector 164 | && ln -sf /dev/stdout /var/log/nginx/access.log \ 165 | && ln -sf /dev/stderr /var/log/nginx/error.log \ 166 | # Raise the limits to successfully run benchmarks 167 | && ulimit -c -m -s -t unlimited \ 168 | # Cleanup 169 | && yum clean all \ 170 | && rm -rf /var/cache/yum \ 171 | && rm -rf /etc/yum.repos.d/* \ 172 | # Remove the cert/keys from the image 173 | && rm /etc/ssl/nginx/nginx-repo.crt /etc/ssl/nginx/nginx-repo.key 174 | 175 | # Optional: COPY over any of your SSL certs for HTTPS servers 176 | # e.g. 177 | #COPY etc/ssl/www.example.com.crt /etc/ssl/www.example.com.crt 178 | #COPY etc/ssl/www.example.com.key /etc/ssl/www.example.com.key 179 | 180 | # COPY /etc/nginx (Nginx configuration) directory 181 | COPY etc/nginx /etc/nginx 182 | 183 | # EXPOSE ports, HTTP 80, HTTPS 443 and, Nginx status page 8080 184 | EXPOSE 80 443 8080 185 | STOPSIGNAL SIGTERM 186 | CMD ["nginx", "-g", "daemon off;"] -------------------------------------------------------------------------------- /Dockerfiles/centos7.6_nim/Dockerfile: -------------------------------------------------------------------------------- 1 | FROM centos:centos7.6.1810 2 | 3 | LABEL maintainer="armand@f5.com" 4 | 5 | # Define NGINX versions for NGINX Plus and NGINX Plus modules 6 | # Uncomment this block and the versioned nginxPackages in the main RUN 7 | # instruction to install a specific release 8 | ENV NGINX_VERSION 23 9 | # https://plus-pkgs.nginx.com 10 | ENV PKG_RELEASE 1.el7.ngx 11 | # https://docs.nginx.com/nginx-instance-manager/releases/ 12 | ENV NIM_VERSION 0.9.1-3047962 13 | 14 | ## Install NIM and Nginx Plus 15 | # Download certificate and key from the customer portal https://account.f5.com/myf5 16 | # and copy to the build context and set correct permissions 17 | # NIM: 18 | # * nginx-manager.lic 19 | # * nginx-manager.crt (optional) 20 | # * nginx-manager.key (optional) 21 | # Nginx Plus: 22 | # * nginx-repo.crt 23 | # * nginx-repo.key 24 | RUN mkdir -p /etc/ssl/nginx && \ 25 | mkdir -p /etc/nginx-manager 26 | COPY etc/ssl/nginx/nginx-repo.crt /etc/ssl/nginx/nginx-repo.crt 27 | COPY etc/ssl/nginx/nginx-repo.key /etc/ssl/nginx/nginx-repo.key 28 | COPY etc/nginx-manager/nginx-manager.lic /etc/nginx-manager/nginx-manager.lic 29 | # Add Optional .crt and .key (make sure they exist first) and uncomment below 30 | # COPY etc/nginx-manager/nginx-manager.crt /etc/nginx-manager/nginx-manager.crt 31 | # COPY etc/nginx-manager/nginx-manager.key /etc/nginx-manager/nginx-manager.key 32 | 33 | # Copy Entrypoint 34 | COPY entrypoint.sh / 35 | 36 | RUN set -x \ 37 | # Set correct permissions on entrypoint and NGINX cert directory 38 | && chmod +x /entrypoint.sh \ 39 | && chmod 644 /etc/ssl/nginx/* \ 40 | # Create nginx user/group first, to be consistent throughout Docker variants 41 | && groupadd --system --gid 101 nginx \ 42 | && adduser -g nginx --system --no-create-home --home /nonexistent --shell /bin/false --uid 101 nginx \ 43 | && usermod -s /sbin/nologin nginx \ 44 | && usermod -L nginx \ 45 | # Install prerequisite packages (ca-certificates epel-release) and tools for editing/troubleshooting: 46 | && yum install -y --setopt=tsflags=nodocs wget ca-certificates bind-utils wget bind-utils vim-minimal \ 47 | # WORKAROUND START (Public key error 3/23/2021) ############################ 48 | # Signing key for all NGINX things 49 | && curl -o /tmp/nginx_signing.key https://nginx.org/keys/nginx_signing.key \ 50 | && rpmkeys --import /tmp/nginx_signing.key \ 51 | # WORKAROUND END ########################################################### 52 | # Prepare repo config and install NGINX Plus https://docs.nginx.com/nginx/admin-guide/installing-nginx/installing-nginx-plus/ 53 | && wget -q -O /etc/yum.repos.d/nginx-plus-7.repo https://cs.nginx.com/static/files/nginx-plus-7.4.repo \ 54 | ## Install the latest release of NGINX Plus 55 | ## Optionally use versioned packages over defaults to specify a release 56 | # List available versions: 57 | && yum --showduplicates list nginx-plus \ 58 | ## Uncomment one: 59 | # && yum install -y --setopt=tsflags=nodocs nginx-plus \ 60 | && yum install -y --setopt=tsflags=nodocs nginx-plus-${NGINX_VERSION}-${PKG_RELEASE} \ 61 | # Install NIM 62 | && wget -P /etc/yum.repos.d https://cs.nginx.com/static/files/instance-manager.repo \ 63 | ## Install the latest release of NGINX Instance Manager 64 | ## Optionally use versioned packages over defaults to specify a release 65 | # List available versions: 66 | && yum --showduplicates list nginx-manager \ 67 | ## Uncomment one: 68 | # && yum install -y --setopt=tsflags=nodocs nginx-manager \ 69 | && yum install -y --setopt=tsflags=nodocs nginx-manager-${NIM_VERSION} \ 70 | # 71 | # Remove default nginx config 72 | && rm /etc/nginx/conf.d/default.conf \ 73 | # Optional: Create cache folder and set permissions for proxy caching 74 | && mkdir -p /var/cache/nginx \ 75 | && chown -R nginx /var/cache/nginx \ 76 | # Optional: Create State file folder and set permissions 77 | && mkdir -p /var/lib/nginx/state \ 78 | && chown -R nginx /var/lib/nginx/state \ 79 | # Set permissions 80 | && chown -R nginx:nginx /etc/nginx \ 81 | # Forward request and error logs to docker log collector 82 | && ln -sf /dev/stdout /var/log/nginx/access.log \ 83 | && ln -sf /dev/stderr /var/log/nginx/error.log \ 84 | # Raise the limits to successfully run benchmarks 85 | && ulimit -c -m -s -t unlimited \ 86 | # Cleanup 87 | && yum clean all \ 88 | && rm -rf /var/cache/yum \ 89 | && rm -rf /etc/yum.repos.d/* \ 90 | # Remove the cert/keys from the image 91 | && rm /etc/ssl/nginx/nginx-repo.crt /etc/ssl/nginx/nginx-repo.key 92 | 93 | ## Configs 94 | # Copy NGINX Plus (for reverse proxy) 95 | COPY etc/nginx/conf.d /etc/nginx/conf.d 96 | # NIM config files 97 | COPY etc/nginx-manager/nginx-manager.conf /etc/nginx-manager/nginx-manager.conf 98 | 99 | # EXPOSE NGINX Plus ports, HTTP 80, HTTPS 443, Nginx status page 8080 and GRPC 10002 100 | # Note: NIM ports GRPC 10000 and UI/API 11000 are proxied via NGINX Plus) 101 | EXPOSE 80 443 8080 10002 102 | STOPSIGNAL SIGQUIT 103 | ENTRYPOINT ["/entrypoint.sh"] -------------------------------------------------------------------------------- /Dockerfiles/centos7/Dockerfile: -------------------------------------------------------------------------------- 1 | FROM centos:centos7 2 | 3 | LABEL maintainer="armand@f5.com" 4 | 5 | # Define NGINX versions for NGINX Plus and NGINX Plus modules 6 | # Uncomment this block and the versioned nginxPackages in the main RUN 7 | # instruction to install a specific release 8 | ENV NGINX_VERSION 23 9 | # https://nginx.org/en/docs/njs/changes.html 10 | ENV NJS_VERSION 0.5.2 11 | # https://plus-pkgs.nginx.com 12 | ENV PKG_RELEASE 1.el7.ngx 13 | 14 | ## Install Nginx Plus 15 | # Download certificate and key from the customer portal https://account.f5.com/myf5 16 | # and copy to the build context and set correct permissions 17 | RUN mkdir -p /etc/ssl/nginx 18 | COPY etc/ssl/nginx/nginx-repo.crt /etc/ssl/nginx/nginx-repo.crt 19 | COPY etc/ssl/nginx/nginx-repo.key /etc/ssl/nginx/nginx-repo.key 20 | RUN set -x \ 21 | && chmod 644 /etc/ssl/nginx/* \ 22 | # Create nginx user/group first, to be consistent throughout Docker variants 23 | && groupadd --system --gid 101 nginx \ 24 | && adduser -g nginx --system --no-create-home --home /nonexistent --shell /bin/false --uid 101 nginx \ 25 | && usermod -s /sbin/nologin nginx \ 26 | && usermod -L nginx \ 27 | # Install prerequisite packages (ca-certificates epel-release) and tools for editing/troubleshooting: 28 | && yum install -y --setopt=tsflags=nodocs wget ca-certificates bind-utils wget bind-utils vim-minimal \ 29 | # Prepare repo config and install NGINX Plus https://docs.nginx.com/nginx/admin-guide/installing-nginx/installing-nginx-plus/ 30 | && wget -q -O /etc/yum.repos.d/nginx-plus-7.repo https://cs.nginx.com/static/files/nginx-plus-7.repo \ 31 | # 32 | ## Install the latest release of NGINX App Protect and/or NGINX Plus modules 33 | ## Optionally use versioned packages over defaults to specify a release 34 | # List available versions: 35 | && yum --showduplicates list nginx-plus \ 36 | ## Uncomment one: 37 | # && yum install -y --setopt=tsflags=nodocs nginx-plus \ 38 | && yum install -y --setopt=tsflags=nodocs nginx-plus-${NGINX_VERSION}-${PKG_RELEASE} \ 39 | # 40 | ## Optional: Install NGINX Plus Dynamic Modules (3rd-party) from repo 41 | ## See https://www.nginx.com/products/nginx/modules 42 | ## Some modules include debug binaries, install module ending with "-dbg" 43 | ## Uncomment one (run "yum --showduplicates list nginx-plus-module-njs" to see all versions): 44 | ## njs dynamic modules 45 | #nginx-plus-module-njs \ 46 | #nginx-plus-module-dbg \ 47 | #nginx-plus-module-njs=${NGINX_VERSION}+${NJS_VERSION}-${PKG_RELEASE} \ 48 | #nginx-plus-module-njs-dbg=${NGINX_VERSION}+${NJS_VERSION}-${PKG_RELEASE} \ 49 | ## NGINX high Availablity keepalived 50 | #nginx-ha-keepalived \ 51 | ## NGINX agent for New Relic \ 52 | #nginx-nr-agent \ 53 | ## SPNEGO for Kerberos authentication 54 | #nginx-plus-module-auth-spnego 55 | #nginx-plus-module-auth-spnego-dbg 56 | #nginx-plus-module-auth-spnego=${NGINX_VERSION}+${NJS_VERSION}-${PKG_RELEASE} 57 | #nginx-plus-module-auth-spnego-dbg=${NGINX_VERSION}+${NJS_VERSION}-${PKG_RELEASE} 58 | ## brotli compression dynamic modules 59 | #nginx-plus-module-brotli \ 60 | #nginx-plus-module-brotli-dbg \ 61 | #nginx-plus-module-brotli=${NGINX_VERSION}-${PKG_RELEASE} \ 62 | #nginx-plus-module-brotli-dbg=${NGINX_VERSION}-${PKG_RELEASE} \ 63 | ## cookie flag dynamic module 64 | #nginx-plus-module-cookie-flag \ 65 | #nginx-plus-module-cookie-flag-dbg 66 | #nginx-plus-module-cookie-flag=${NGINX_VERSION}-${PKG_RELEASE} \ 67 | #nginx-plus-module-cookie-flag-dbg=${NGINX_VERSION}-${PKG_RELEASE} \ 68 | ## Encrypted-Session dynamic module 69 | #nginx-plus-module-encrypted-session \ 70 | #nginx-plus-module-encrypted-session=${NGINX_VERSION}-${PKG_RELEASE} \ 71 | #nginx-plus-module-encrypted-session-dbg \ 72 | #nginx-plus-module-encrypted-session-dbg=${NGINX_VERSION}-${PKG_RELEASE} \ 73 | ## FIPS Check 74 | #nginx-plus-module-fips-check \ 75 | #nginx-plus-module-fips-check-dbg \ 76 | #nginx-plus-module-fips-check=${NGINX_VERSION}-${PKG_RELEASE} \ 77 | #nginx-plus-module-fips-check-dbg=${NGINX_VERSION}-${PKG_RELEASE} \ 78 | ## GeoIP dynamic modules 79 | #nginx-plus-module-geoip \ 80 | #nginx-plus-module-geoip-dbg \ 81 | #nginx-plus-module-geoip=${NGINX_VERSION}-${PKG_RELEASE} \ 82 | #nginx-plus-module-geoip-dbg=${NGINX_VERSION}-${PKG_RELEASE} \ 83 | ## GeoIP2 dynamic modules 84 | #nginx-plus-module-geoip2 \ 85 | #nginx-plus-module-geoip2-dbg \ 86 | #nginx-plus-module-geoip2=${NGINX_VERSION}-${PKG_RELEASE} \ 87 | #nginx-plus-module-geoip2-dbg=${NGINX_VERSION}-${PKG_RELEASE} \ 88 | ## headers-more dynamic module 89 | #nginx-plus-module-headers-more \ 90 | #nginx-plus-module-headers-more-dbg \ 91 | #nginx-plus-module-headers-more=${NGINX_VERSION}-${PKG_RELEASE} \ 92 | #nginx-plus-module-headers-more-dbg=${NGINX_VERSION}-${PKG_RELEASE} \ 93 | ## image filter dynamic module 94 | #nginx-plus-module-image-filter \ 95 | #nginx-plus-module-image-filter-dbg \ 96 | #nginx-plus-module-image-filter=${NGINX_VERSION}-${PKG_RELEASE} \ 97 | #nginx-plus-module-image-filter-dbg=${NGINX_VERSION}-${PKG_RELEASE} \ 98 | ## Lua dynamic module 99 | #nginx-plus-module-lua \ 100 | #nginx-plus-module-lua-dbg \ 101 | #nginx-plus-module-lua=${NGINX_VERSION}-${PKG_RELEASE} \ 102 | #nginx-plus-module-lua-dbg=${NGINX_VERSION}-${PKG_RELEASE} \ 103 | ## ModSecurity dynamic module 104 | #nginx-plus-module-modsecurity \ 105 | #nginx-plus-module-modsecurity-dbg \ 106 | #nginx-plus-module-modsecurity=${NGINX_VERSION}-${PKG_RELEASE} \ 107 | #nginx-plus-module-modsecurity-dbg=${NGINX_VERSION}-${PKG_RELEASE} \ 108 | ## Nginx Development Kit dynamic module 109 | #nginx-plus-module-ndk \ 110 | #nginx-plus-module-ndk-dbg \ 111 | #nginx-plus-module-ndk=${NGINX_VERSION}-${PKG_RELEASE} \ 112 | #nginx-plus-module-ndk-dbg=${NGINX_VERSION}-${PKG_RELEASE} \ 113 | ## OpenTracing dynamic module 114 | #nginx-plus-module-opentracing \ 115 | #nginx-plus-module-opentracing-dbg \ 116 | #nginx-plus-module-opentracing=${NGINX_VERSION}-${PKG_RELEASE} \ 117 | #nginx-plus-module-opentracing-dbg=${NGINX_VERSION}-${PKG_RELEASE} \ 118 | ## Phusion Passenger Open Source dynamic module 119 | #nginx-plus-module-passenger \ 120 | #nginx-plus-module-passenger-dbg \ 121 | #nginx-plus-module-passenger=${NGINX_VERSION}-${PKG_RELEASE} \ 122 | #nginx-plus-module-passenger-dbg=${NGINX_VERSION}-${PKG_RELEASE} \ 123 | ## Perl dynamic module 124 | #nginx-plus-module-perl \ 125 | #nginx-plus-module-perl-dbg \ 126 | #nginx-plus-module-perl=${NGINX_VERSION}-${PKG_RELEASE} \ 127 | #nginx-plus-module-perl-dbg=${NGINX_VERSION}-${PKG_RELEASE} \ 128 | ## Prometheus exporter NJS module 129 | #nginx-plus-module-prometheus \ 130 | #nginx-plus-module-prometheus=${NGINX_VERSION}-${PKG_RELEASE} \ 131 | ## RTMP dynamic module 132 | #nginx-plus-module-rtmp \ 133 | #nginx-plus-module-rtmp-dbg \ 134 | #nginx-plus-module-rtmp=${NGINX_VERSION}-${PKG_RELEASE} \ 135 | #nginx-plus-module-rtmp-dbg=${NGINX_VERSION}-${PKG_RELEASE} \ 136 | ## set-misc dynamic module 137 | #nginx-plus-module-set-misc \ 138 | #nginx-plus-module-set-misc-dbg \ 139 | #nginx-plus-module-set-misc=${NGINX_VERSION}-${PKG_RELEASE} \ 140 | #nginx-plus-module-set-misc-dbg=${NGINX_VERSION}-${PKG_RELEASE} \ 141 | ## HTTP Substitutions Filter dynamic module 142 | #nginx-plus-module-subs-filter \ 143 | #nginx-plus-module-subs-filter-dbg \ 144 | #nginx-plus-module-subs-filter=${NGINX_VERSION}-${PKG_RELEASE} \ 145 | #nginx-plus-module-subs-filter-dbg=${NGINX_VERSION}-${PKG_RELEASE} \ 146 | ## xslt dynamic module 147 | #nginx-plus-module-xslt \ 148 | #nginx-plus-module-xslt-dbg \ 149 | #nginx-plus-module-xslt=${NGINX_VERSION}-${PKG_RELEASE} \ 150 | #nginx-plus-module-xslt-dbg=${NGINX_VERSION}-${PKG_RELEASE} \ 151 | ## NGINX Sync Script nginx-sync.sh 152 | #nginx-sync \ 153 | # Remove default nginx config 154 | && rm /etc/nginx/conf.d/default.conf \ 155 | # Optional: Create cache folder and set permissions for proxy caching 156 | && mkdir -p /var/cache/nginx \ 157 | && chown -R nginx /var/cache/nginx \ 158 | # Optional: Create State file folder and set permissions 159 | && mkdir -p /var/lib/nginx/state \ 160 | && chown -R nginx /var/lib/nginx/state \ 161 | # Set permissions 162 | && chown -R nginx:nginx /etc/nginx \ 163 | # Forward request and error logs to docker log collector 164 | && ln -sf /dev/stdout /var/log/nginx/access.log \ 165 | && ln -sf /dev/stderr /var/log/nginx/error.log \ 166 | # Raise the limits to successfully run benchmarks 167 | && ulimit -c -m -s -t unlimited \ 168 | # Cleanup 169 | && yum clean all \ 170 | && rm -rf /var/cache/yum \ 171 | && rm -rf /etc/yum.repos.d/* \ 172 | # Remove the cert/keys from the image 173 | && rm /etc/ssl/nginx/nginx-repo.crt /etc/ssl/nginx/nginx-repo.key 174 | 175 | # Optional: COPY over any of your SSL certs for HTTPS servers 176 | # e.g. 177 | #COPY etc/ssl/www.example.com.crt /etc/ssl/www.example.com.crt 178 | #COPY etc/ssl/www.example.com.key /etc/ssl/www.example.com.key 179 | 180 | # COPY /etc/nginx (Nginx configuration) directory 181 | COPY etc/nginx /etc/nginx 182 | 183 | # EXPOSE ports, HTTP 80, HTTPS 443 and, Nginx status page 8080 184 | EXPOSE 80 443 8080 185 | STOPSIGNAL SIGTERM 186 | CMD ["nginx", "-g", "daemon off;"] -------------------------------------------------------------------------------- /Dockerfiles/centos7_controller/Dockerfile: -------------------------------------------------------------------------------- 1 | FROM centos:centos7 2 | 3 | LABEL maintainer="armand@f5.com" 4 | 5 | # Define NGINX versions for NGINX Plus and NGINX Plus modules 6 | # Uncomment this block and the versioned nginxPackages in the main RUN 7 | # instruction to install a specific release 8 | ENV NGINX_VERSION 23 9 | # https://nginx.org/en/docs/njs/changes.html 10 | ENV NJS_VERSION 0.5.2 11 | # https://plus-pkgs.nginx.com 12 | ENV PKG_RELEASE 1.el7.ngx 13 | 14 | # e.g '1234567890' 15 | ARG API_KEY 16 | ENV ENV_API_KEY=$API_KEY 17 | 18 | # e.g https://:8443/1.4 19 | ARG CONTROLLER_URL 20 | ENV ENV_CONTROLLER_URL=$CONTROLLER_URL 21 | 22 | # e.g True or False 23 | ARG STORE_UUID=False 24 | ENV ENV_STORE_UUID=$STORE_UUID 25 | 26 | # e.g Instance location already defined in Controller 27 | ARG LOCATION 28 | ENV ENV_LOCATION=$LOCATION 29 | 30 | # Download certificate (nginx-repo.crt) and key (nginx-repo.key) from the customer portal (https://cs.nginx.com) 31 | # and copy to the build context 32 | COPY nginx-repo.* /etc/ssl/nginx/ 33 | COPY nginx-plus-api.conf /etc/nginx/conf.d/ 34 | COPY ./entrypoint.sh / 35 | 36 | ## Install Nginx Plus 37 | # Download certificate and key from the customer portal https://account.f5.com/myf5 38 | # and copy to the build context and set correct permissions 39 | RUN mkdir -p /etc/ssl/nginx 40 | COPY etc/ssl/nginx/nginx-repo.crt /etc/ssl/nginx/nginx-repo.crt 41 | COPY etc/ssl/nginx/nginx-repo.key /etc/ssl/nginx/nginx-repo.key 42 | RUN chmod 644 /etc/ssl/nginx/* \ 43 | # Install prerequisite packages and vim for editing: 44 | && yum install -y --setopt=tsflags=nodocs wget ca-certificates bind-utils wget bind-utils vim-minimal \ 45 | # Prepare repo config and install NGINX Plus https://docs.nginx.com/nginx/admin-guide/installing-nginx/installing-nginx-plus/ 46 | && wget -q -O /etc/yum.repos.d/nginx-plus-7.repo https://cs.nginx.com/static/files/nginx-plus-7.repo \ 47 | # 48 | ## Install the latest release of NGINX App Protect and/or NGINX Plus modules 49 | ## Optionally use versioned packages over defaults to specify a release 50 | # List available versions: 51 | && yum --showduplicates list nginx-plus \ 52 | ## Uncomment one: 53 | # && yum install -y --setopt=tsflags=nodocs nginx-plus \ 54 | && yum install -y --setopt=tsflags=nodocs nginx-plus-${NGINX_VERSION}-${PKG_RELEASE} \ 55 | # 56 | # NGINX Javascript module needed for APIM 57 | nginx-plus-module-njs \ 58 | # 59 | # Cleanup 60 | && rm -rf /var/lib/apt/lists/* \ 61 | # 62 | # Install Controller Agent 63 | && curl -k -sS -L ${CONTROLLER_URL}/install/controller/ > install.sh \ 64 | && sed -i 's/^assume_yes=""/assume_yes="-y"/' install.sh \ 65 | && sh ./install.sh -y 66 | # Forward request and error logs to docker log collector 67 | && ln -sf /dev/stdout /var/log/nginx-controller/agent.log \ 68 | && ln -sf /dev/stderr /var/log/nginx/error.log \ 69 | # Raise the limits to successfully run benchmarks 70 | && ulimit -c -m -s -t unlimited \ 71 | # Cleanup 72 | && yum clean all \ 73 | && rm -rf /var/cache/yum \ 74 | && rm -rf /etc/yum.repos.d/* \ 75 | # Remove the cert/keys from the image 76 | && rm /etc/ssl/nginx/nginx-repo.crt /etc/ssl/nginx/nginx-repo.key 77 | 78 | # COPY /etc/nginx (Nginx configuration) directory 79 | COPY etc/nginx /etc/nginx 80 | 81 | # EXPOSE common ports, HTTP 80 and HTTPS 443 82 | EXPOSE 80 443 83 | STOPSIGNAL SIGTERM 84 | ENTRYPOINT ["sh", "/entrypoint.sh"] -------------------------------------------------------------------------------- /Dockerfiles/centos8/Dockerfile: -------------------------------------------------------------------------------- 1 | FROM centos:centos8 2 | 3 | LABEL maintainer="armand@f5.com" 4 | 5 | # Define NGINX versions for NGINX Plus and NGINX Plus modules 6 | # Uncomment this block and the versioned nginxPackages in the main RUN 7 | # instruction to install a specific release 8 | ENV NGINX_VERSION 23 9 | # https://nginx.org/en/docs/njs/changes.html 10 | ENV NJS_VERSION 0.5.2 11 | # https://plus-pkgs.nginx.com 12 | ENV PKG_RELEASE 1.el8.ngx 13 | 14 | ## Install Nginx Plus 15 | # Download certificate and key from the customer portal https://account.f5.com/myf5 16 | # and copy to the build context and set correct permissions 17 | RUN mkdir -p /etc/ssl/nginx 18 | COPY etc/ssl/nginx/nginx-repo.crt /etc/ssl/nginx/nginx-repo.crt 19 | COPY etc/ssl/nginx/nginx-repo.key /etc/ssl/nginx/nginx-repo.key 20 | RUN set -x \ 21 | && chmod 644 /etc/ssl/nginx/* \ 22 | # Create nginx user/group first, to be consistent throughout Docker variants 23 | && groupadd --system --gid 101 nginx \ 24 | && adduser -g nginx --system --no-create-home --home /nonexistent --shell /bin/false --uid 101 nginx \ 25 | && usermod -s /sbin/nologin nginx \ 26 | && usermod -L nginx \ 27 | # Install prerequisite packages and vim for editing: 28 | && yum install -y --setopt=tsflags=nodocs wget ca-certificates bind-utils wget bind-utils vim-minimal \ 29 | # Prepare repo config and install NGINX Plus https://docs.nginx.com/nginx/admin-guide/installing-nginx/installing-nginx-plus/ 30 | && wget -P /etc/yum.repos.d https://cs.nginx.com/static/files/nginx-plus-8.repo \ 31 | # 32 | ## Install the latest release of NGINX App Protect and/or NGINX Plus modules 33 | ## Optionally use versioned packages over defaults to specify a release 34 | # List available versions: 35 | && yum --showduplicates list nginx-plus \ 36 | ## Uncomment one: 37 | # && yum install -y --setopt=tsflags=nodocs nginx-plus \ 38 | && yum install -y --setopt=tsflags=nodocs nginx-plus-${NGINX_VERSION}-${PKG_RELEASE} \ 39 | # 40 | ## Optional: Install NGINX Plus Dynamic Modules (3rd-party) from repo 41 | ## See https://www.nginx.com/products/nginx/modules 42 | ## Some modules include debug binaries, install module ending with "-dbg" 43 | ## Uncomment one (run "yum --showduplicates list nginx-plus-module-njs" to see all versions): 44 | ## njs dynamic modules 45 | #nginx-plus-module-njs \ 46 | #nginx-plus-module-dbg \ 47 | #nginx-plus-module-njs=${NGINX_VERSION}+${NJS_VERSION}-${PKG_RELEASE} \ 48 | #nginx-plus-module-njs-dbg=${NGINX_VERSION}+${NJS_VERSION}-${PKG_RELEASE} \ 49 | ## NGINX high Availablity keepalived 50 | #nginx-ha-keepalived \ 51 | ## NGINX agent for New Relic \ 52 | #nginx-nr-agent \ 53 | ## SPNEGO for Kerberos authentication 54 | #nginx-plus-module-auth-spnego 55 | #nginx-plus-module-auth-spnego-dbg 56 | #nginx-plus-module-auth-spnego=${NGINX_VERSION}+${NJS_VERSION}-${PKG_RELEASE} 57 | #nginx-plus-module-auth-spnego-dbg=${NGINX_VERSION}+${NJS_VERSION}-${PKG_RELEASE} 58 | ## brotli compression dynamic modules 59 | #nginx-plus-module-brotli \ 60 | #nginx-plus-module-brotli-dbg \ 61 | #nginx-plus-module-brotli=${NGINX_VERSION}-${PKG_RELEASE} \ 62 | #nginx-plus-module-brotli-dbg=${NGINX_VERSION}-${PKG_RELEASE} \ 63 | ## cookie flag dynamic module 64 | #nginx-plus-module-cookie-flag \ 65 | #nginx-plus-module-cookie-flag-dbg 66 | #nginx-plus-module-cookie-flag=${NGINX_VERSION}-${PKG_RELEASE} \ 67 | #nginx-plus-module-cookie-flag-dbg=${NGINX_VERSION}-${PKG_RELEASE} \ 68 | ## Encrypted-Session dynamic module 69 | #nginx-plus-module-encrypted-session \ 70 | #nginx-plus-module-encrypted-session=${NGINX_VERSION}-${PKG_RELEASE} \ 71 | #nginx-plus-module-encrypted-session-dbg \ 72 | #nginx-plus-module-encrypted-session-dbg=${NGINX_VERSION}-${PKG_RELEASE} \ 73 | ## FIPS Check 74 | #nginx-plus-module-fips-check \ 75 | #nginx-plus-module-fips-check-dbg \ 76 | #nginx-plus-module-fips-check=${NGINX_VERSION}-${PKG_RELEASE} \ 77 | #nginx-plus-module-fips-check-dbg=${NGINX_VERSION}-${PKG_RELEASE} \ 78 | ## GeoIP dynamic modules 79 | #nginx-plus-module-geoip \ 80 | #nginx-plus-module-geoip-dbg \ 81 | #nginx-plus-module-geoip=${NGINX_VERSION}-${PKG_RELEASE} \ 82 | #nginx-plus-module-geoip-dbg=${NGINX_VERSION}-${PKG_RELEASE} \ 83 | ## GeoIP2 dynamic modules 84 | #nginx-plus-module-geoip2 \ 85 | #nginx-plus-module-geoip2-dbg \ 86 | #nginx-plus-module-geoip2=${NGINX_VERSION}-${PKG_RELEASE} \ 87 | #nginx-plus-module-geoip2-dbg=${NGINX_VERSION}-${PKG_RELEASE} \ 88 | ## headers-more dynamic module 89 | #nginx-plus-module-headers-more \ 90 | #nginx-plus-module-headers-more-dbg \ 91 | #nginx-plus-module-headers-more=${NGINX_VERSION}-${PKG_RELEASE} \ 92 | #nginx-plus-module-headers-more-dbg=${NGINX_VERSION}-${PKG_RELEASE} \ 93 | ## image filter dynamic module 94 | #nginx-plus-module-image-filter \ 95 | #nginx-plus-module-image-filter-dbg \ 96 | #nginx-plus-module-image-filter=${NGINX_VERSION}-${PKG_RELEASE} \ 97 | #nginx-plus-module-image-filter-dbg=${NGINX_VERSION}-${PKG_RELEASE} \ 98 | ## Lua dynamic module 99 | #nginx-plus-module-lua \ 100 | #nginx-plus-module-lua-dbg \ 101 | #nginx-plus-module-lua=${NGINX_VERSION}-${PKG_RELEASE} \ 102 | #nginx-plus-module-lua-dbg=${NGINX_VERSION}-${PKG_RELEASE} \ 103 | ## ModSecurity dynamic module 104 | #nginx-plus-module-modsecurity \ 105 | #nginx-plus-module-modsecurity-dbg \ 106 | #nginx-plus-module-modsecurity=${NGINX_VERSION}-${PKG_RELEASE} \ 107 | #nginx-plus-module-modsecurity-dbg=${NGINX_VERSION}-${PKG_RELEASE} \ 108 | ## Nginx Development Kit dynamic module 109 | #nginx-plus-module-ndk \ 110 | #nginx-plus-module-ndk-dbg \ 111 | #nginx-plus-module-ndk=${NGINX_VERSION}-${PKG_RELEASE} \ 112 | #nginx-plus-module-ndk-dbg=${NGINX_VERSION}-${PKG_RELEASE} \ 113 | ## OpenTracing dynamic module 114 | #nginx-plus-module-opentracing \ 115 | #nginx-plus-module-opentracing-dbg \ 116 | #nginx-plus-module-opentracing=${NGINX_VERSION}-${PKG_RELEASE} \ 117 | #nginx-plus-module-opentracing-dbg=${NGINX_VERSION}-${PKG_RELEASE} \ 118 | ## Phusion Passenger Open Source dynamic module 119 | #nginx-plus-module-passenger \ 120 | #nginx-plus-module-passenger-dbg \ 121 | #nginx-plus-module-passenger=${NGINX_VERSION}-${PKG_RELEASE} \ 122 | #nginx-plus-module-passenger-dbg=${NGINX_VERSION}-${PKG_RELEASE} \ 123 | ## Perl dynamic module 124 | #nginx-plus-module-perl \ 125 | #nginx-plus-module-perl-dbg \ 126 | #nginx-plus-module-perl=${NGINX_VERSION}-${PKG_RELEASE} \ 127 | #nginx-plus-module-perl-dbg=${NGINX_VERSION}-${PKG_RELEASE} \ 128 | ## Prometheus exporter NJS module 129 | #nginx-plus-module-prometheus \ 130 | #nginx-plus-module-prometheus=${NGINX_VERSION}-${PKG_RELEASE} \ 131 | ## RTMP dynamic module 132 | #nginx-plus-module-rtmp \ 133 | #nginx-plus-module-rtmp-dbg \ 134 | #nginx-plus-module-rtmp=${NGINX_VERSION}-${PKG_RELEASE} \ 135 | #nginx-plus-module-rtmp-dbg=${NGINX_VERSION}-${PKG_RELEASE} \ 136 | ## set-misc dynamic module 137 | #nginx-plus-module-set-misc \ 138 | #nginx-plus-module-set-misc-dbg \ 139 | #nginx-plus-module-set-misc=${NGINX_VERSION}-${PKG_RELEASE} \ 140 | #nginx-plus-module-set-misc-dbg=${NGINX_VERSION}-${PKG_RELEASE} \ 141 | ## HTTP Substitutions Filter dynamic module 142 | #nginx-plus-module-subs-filter \ 143 | #nginx-plus-module-subs-filter-dbg \ 144 | #nginx-plus-module-subs-filter=${NGINX_VERSION}-${PKG_RELEASE} \ 145 | #nginx-plus-module-subs-filter-dbg=${NGINX_VERSION}-${PKG_RELEASE} \ 146 | ## xslt dynamic module 147 | #nginx-plus-module-xslt \ 148 | #nginx-plus-module-xslt-dbg \ 149 | #nginx-plus-module-xslt=${NGINX_VERSION}-${PKG_RELEASE} \ 150 | #nginx-plus-module-xslt-dbg=${NGINX_VERSION}-${PKG_RELEASE} \ 151 | ## NGINX Sync Script nginx-sync.sh 152 | #nginx-sync \ 153 | # Remove default nginx config 154 | && rm /etc/nginx/conf.d/default.conf \ 155 | # Optional: Create cache folder and set permissions for proxy caching 156 | && mkdir -p /var/cache/nginx \ 157 | && chown -R nginx /var/cache/nginx \ 158 | # Optional: Create State file folder and set permissions 159 | && mkdir -p /var/lib/nginx/state \ 160 | && chown -R nginx /var/lib/nginx/state \ 161 | # Set permissions 162 | && chown -R nginx:nginx /etc/nginx \ 163 | # Forward request and error logs to docker log collector 164 | && ln -sf /dev/stdout /var/log/nginx/access.log \ 165 | && ln -sf /dev/stderr /var/log/nginx/error.log \ 166 | # Raise the limits to successfully run benchmarks 167 | && ulimit -c -m -s -t unlimited \ 168 | # Cleanup 169 | && yum clean all \ 170 | && rm -rf /var/cache/yum \ 171 | && rm -rf /etc/yum.repos.d/* \ 172 | # Remove the cert/keys from the image 173 | && rm /etc/ssl/nginx/nginx-repo.crt /etc/ssl/nginx/nginx-repo.key 174 | 175 | # Optional: COPY over any of your SSL certs for HTTPS servers 176 | # e.g. 177 | #COPY etc/ssl/www.example.com.crt /etc/ssl/www.example.com.crt 178 | #COPY etc/ssl/www.example.com.key /etc/ssl/www.example.com.key 179 | 180 | # COPY /etc/nginx (Nginx configuration) directory 181 | COPY etc/nginx /etc/nginx 182 | 183 | # EXPOSE ports, HTTP 80, HTTPS 443 and, Nginx status page 8080 184 | EXPOSE 80 443 8080 185 | STOPSIGNAL SIGTERM 186 | CMD ["nginx", "-g", "daemon off;"] -------------------------------------------------------------------------------- /Dockerfiles/debian10/Dockerfile: -------------------------------------------------------------------------------- 1 | #For Debian 10 2 | FROM debian:buster-slim 3 | 4 | LABEL maintainer="armand@f5.com" 5 | 6 | # Define NGINX versions for NGINX Plus and NGINX Plus modules 7 | # Uncomment this block and the versioned nginxPackages block in the main RUN 8 | # instruction to install a specific release 9 | # https://docs.nginx.com/nginx/releases/ 10 | ENV NGINX_VERSION 23 11 | # https://nginx.org/en/docs/njs/changes.html 12 | ENV NJS_VERSION 0.5.2 13 | # https://plus-pkgs.nginx.com 14 | ENV PKG_RELEASE 1~buster 15 | 16 | ## Install Nginx Plus 17 | # Download certificate and key from the customer portal https://account.f5.com/myf5 18 | # and copy to the build context and set correct permissions 19 | RUN mkdir -p /etc/ssl/nginx 20 | COPY etc/ssl/nginx/nginx-repo.crt /etc/ssl/nginx/nginx-repo.crt 21 | COPY etc/ssl/nginx/nginx-repo.key /etc/ssl/nginx/nginx-repo.key 22 | RUN set -x \ 23 | && chmod 644 /etc/ssl/nginx/* \ 24 | # Create nginx user/group first, to be consistent throughout Docker variants 25 | && addgroup --system --gid 101 nginx \ 26 | && adduser --system --disabled-login --ingroup nginx --no-create-home --home /nonexistent --gecos "nginx user" --shell /bin/false --uid 101 nginx \ 27 | # Install prerequisite packages, vim for editing, then Install NGINX Plus 28 | && apt-get update && apt-get upgrade -y \ 29 | && apt-get install --no-install-recommends --no-install-suggests -y apt-transport-https ca-certificates gnupg1 lsb-release curl wget procps vim-tiny less apt-utils \ 30 | && wget https://cs.nginx.com/static/keys/nginx_signing.key && apt-key add nginx_signing.key \ 31 | && printf "deb https://plus-pkgs.nginx.com/debian `lsb_release -cs` nginx-plus\n" | tee /etc/apt/sources.list.d/nginx-plus.list \ 32 | && wget -P /etc/apt/apt.conf.d https://cs.nginx.com/static/files/90nginx \ 33 | && apt-get update \ 34 | # 35 | ## Install the latest release of NGINX Plus and/or NGINX Plus modules 36 | ## Optionally use versioned packages over defaults to specify a release 37 | # List available versions: 38 | && apt-cache policy nginx-plus \ 39 | ## Uncomment one: 40 | && DEBIAN_FRONTEND=noninteractive apt-get -qq -y install --no-install-recommends nginx-plus \ 41 | # && DEBIAN_FRONTEND=noninteractive apt-get -qq -y install --no-install-recommends nginx-plus=${NGINX_VERSION}-${PKG_RELEASE} \ 42 | # 43 | ## Optional: Install NGINX Plus Dynamic Modules (3rd-party) from repo 44 | ## See https://www.nginx.com/products/nginx/modules 45 | ## Some modules include debug binaries, install module ending with "-dbg" 46 | ## Uncomment one: 47 | ## njs dynamic modules 48 | #nginx-plus-module-njs \ 49 | #nginx-plus-module-dbg \ 50 | #nginx-plus-module-njs=${NGINX_VERSION}+${NJS_VERSION}-${PKG_RELEASE} \ 51 | #nginx-plus-module-njs-dbg=${NGINX_VERSION}+${NJS_VERSION}-${PKG_RELEASE} \ 52 | ## NGINX high Availablity keepalived 53 | #nginx-ha-keepalived \ 54 | ## NGINX agent for New Relic \ 55 | #nginx-nr-agent \ 56 | ## SPNEGO for Kerberos authentication 57 | #nginx-plus-module-auth-spnego 58 | #nginx-plus-module-auth-spnego-dbg 59 | #nginx-plus-module-auth-spnego=${NGINX_VERSION}+${NJS_VERSION}-${PKG_RELEASE} 60 | #nginx-plus-module-auth-spnego-dbg=${NGINX_VERSION}+${NJS_VERSION}-${PKG_RELEASE} 61 | ## brotli compression dynamic modules 62 | #nginx-plus-module-brotli \ 63 | #nginx-plus-module-brotli-dbg \ 64 | #nginx-plus-module-brotli=${NGINX_VERSION}-${PKG_RELEASE} \ 65 | #nginx-plus-module-brotli-dbg=${NGINX_VERSION}-${PKG_RELEASE} \ 66 | ## cookie flag dynamic module 67 | #nginx-plus-module-cookie-flag \ 68 | #nginx-plus-module-cookie-flag-dbg 69 | #nginx-plus-module-cookie-flag=${NGINX_VERSION}-${PKG_RELEASE} \ 70 | #nginx-plus-module-cookie-flag-dbg=${NGINX_VERSION}-${PKG_RELEASE} \ 71 | ## Encrypted-Session dynamic module 72 | #nginx-plus-module-encrypted-session \ 73 | #nginx-plus-module-encrypted-session=${NGINX_VERSION}-${PKG_RELEASE} \ 74 | #nginx-plus-module-encrypted-session-dbg \ 75 | #nginx-plus-module-encrypted-session-dbg=${NGINX_VERSION}-${PKG_RELEASE} \ 76 | ## FIPS Check 77 | #nginx-plus-module-fips-check \ 78 | #nginx-plus-module-fips-check-dbg \ 79 | #nginx-plus-module-fips-check=${NGINX_VERSION}-${PKG_RELEASE} \ 80 | #nginx-plus-module-fips-check-dbg=${NGINX_VERSION}-${PKG_RELEASE} \ 81 | ## GeoIP dynamic modules 82 | #nginx-plus-module-geoip \ 83 | #nginx-plus-module-geoip-dbg \ 84 | #nginx-plus-module-geoip=${NGINX_VERSION}-${PKG_RELEASE} \ 85 | #nginx-plus-module-geoip-dbg=${NGINX_VERSION}-${PKG_RELEASE} \ 86 | ## GeoIP2 dynamic modules 87 | #nginx-plus-module-geoip2 \ 88 | #nginx-plus-module-geoip2-dbg \ 89 | #nginx-plus-module-geoip2=${NGINX_VERSION}-${PKG_RELEASE} \ 90 | #nginx-plus-module-geoip2-dbg=${NGINX_VERSION}-${PKG_RELEASE} \ 91 | ## headers-more dynamic module 92 | #nginx-plus-module-headers-more \ 93 | #nginx-plus-module-headers-more-dbg \ 94 | #nginx-plus-module-headers-more=${NGINX_VERSION}-${PKG_RELEASE} \ 95 | #nginx-plus-module-headers-more-dbg=${NGINX_VERSION}-${PKG_RELEASE} \ 96 | ## image filter dynamic module 97 | #nginx-plus-module-image-filter \ 98 | #nginx-plus-module-image-filter-dbg \ 99 | #nginx-plus-module-image-filter=${NGINX_VERSION}-${PKG_RELEASE} \ 100 | #nginx-plus-module-image-filter-dbg=${NGINX_VERSION}-${PKG_RELEASE} \ 101 | ## Lua dynamic module 102 | #nginx-plus-module-lua \ 103 | #nginx-plus-module-lua-dbg \ 104 | #nginx-plus-module-lua=${NGINX_VERSION}-${PKG_RELEASE} \ 105 | #nginx-plus-module-lua-dbg=${NGINX_VERSION}-${PKG_RELEASE} \ 106 | ## ModSecurity dynamic module 107 | #nginx-plus-module-modsecurity \ 108 | #nginx-plus-module-modsecurity-dbg \ 109 | #nginx-plus-module-modsecurity=${NGINX_VERSION}-${PKG_RELEASE} \ 110 | #nginx-plus-module-modsecurity-dbg=${NGINX_VERSION}-${PKG_RELEASE} \ 111 | ## Nginx Development Kit dynamic module 112 | #nginx-plus-module-ndk \ 113 | #nginx-plus-module-ndk-dbg \ 114 | #nginx-plus-module-ndk=${NGINX_VERSION}-${PKG_RELEASE} \ 115 | #nginx-plus-module-ndk-dbg=${NGINX_VERSION}-${PKG_RELEASE} \ 116 | ## OpenTracing dynamic module 117 | #nginx-plus-module-opentracing \ 118 | #nginx-plus-module-opentracing-dbg \ 119 | #nginx-plus-module-opentracing=${NGINX_VERSION}-${PKG_RELEASE} \ 120 | #nginx-plus-module-opentracing-dbg=${NGINX_VERSION}-${PKG_RELEASE} \ 121 | ## Phusion Passenger Open Source dynamic module 122 | #nginx-plus-module-passenger \ 123 | #nginx-plus-module-passenger-dbg \ 124 | #nginx-plus-module-passenger=${NGINX_VERSION}-${PKG_RELEASE} \ 125 | #nginx-plus-module-passenger-dbg=${NGINX_VERSION}-${PKG_RELEASE} \ 126 | ## Perl dynamic module 127 | #nginx-plus-module-perl \ 128 | #nginx-plus-module-perl-dbg \ 129 | #nginx-plus-module-perl=${NGINX_VERSION}-${PKG_RELEASE} \ 130 | #nginx-plus-module-perl-dbg=${NGINX_VERSION}-${PKG_RELEASE} \ 131 | ## Prometheus exporter NJS module 132 | #nginx-plus-module-prometheus \ 133 | #nginx-plus-module-prometheus=${NGINX_VERSION}-${PKG_RELEASE} \ 134 | ## RTMP dynamic module 135 | #nginx-plus-module-rtmp \ 136 | #nginx-plus-module-rtmp-dbg \ 137 | #nginx-plus-module-rtmp=${NGINX_VERSION}-${PKG_RELEASE} \ 138 | #nginx-plus-module-rtmp-dbg=${NGINX_VERSION}-${PKG_RELEASE} \ 139 | ## set-misc dynamic module 140 | #nginx-plus-module-set-misc \ 141 | #nginx-plus-module-set-misc-dbg \ 142 | #nginx-plus-module-set-misc=${NGINX_VERSION}-${PKG_RELEASE} \ 143 | #nginx-plus-module-set-misc-dbg=${NGINX_VERSION}-${PKG_RELEASE} \ 144 | ## HTTP Substitutions Filter dynamic module 145 | #nginx-plus-module-subs-filter \ 146 | #nginx-plus-module-subs-filter-dbg \ 147 | #nginx-plus-module-subs-filter=${NGINX_VERSION}-${PKG_RELEASE} \ 148 | #nginx-plus-module-subs-filter-dbg=${NGINX_VERSION}-${PKG_RELEASE} \ 149 | ## xslt dynamic module 150 | #nginx-plus-module-xslt \ 151 | #nginx-plus-module-xslt-dbg \ 152 | #nginx-plus-module-xslt=${NGINX_VERSION}-${PKG_RELEASE} \ 153 | #nginx-plus-module-xslt-dbg=${NGINX_VERSION}-${PKG_RELEASE} \ 154 | ## NGINX Sync Script nginx-sync.sh 155 | #nginx-sync \ 156 | # Remove default nginx config 157 | && rm /etc/nginx/conf.d/default.conf \ 158 | # Optional: Create cache folder and set permissions for proxy caching 159 | && mkdir -p /var/cache/nginx \ 160 | && chown -R nginx /var/cache/nginx \ 161 | # Optional: Create State file folder and set permissions 162 | && mkdir -p /var/lib/nginx/state \ 163 | && chown -R nginx /var/lib/nginx/state \ 164 | # Set permissions in case 165 | && chown -R nginx:nginx /etc/nginx \ 166 | # Forward request and error logs to docker log collector 167 | && ln -sf /dev/stdout /var/log/nginx/access.log \ 168 | && ln -sf /dev/stderr /var/log/nginx/error.log \ 169 | # Raise the limits to successfully run benchmarks 170 | && ulimit -c -m -s -t unlimited \ 171 | # Cleanup 172 | && apt-get remove --purge --auto-remove -y gnupg1 lsb-release apt-utils \ 173 | && rm -rf /var/lib/apt/lists/* /etc/apt/sources.list.d/nginx-plus.list \ 174 | && rm -rf /etc/apt/apt.conf.d/90nginx \ 175 | && rm -rf nginx_signing.key \ 176 | # Remove the cert/keys from the image 177 | && rm /etc/ssl/nginx/nginx-repo.crt /etc/ssl/nginx/nginx-repo.key 178 | 179 | # Optional: COPY over any of your SSL certs for HTTPS servers 180 | # e.g. 181 | #COPY etc/ssl/www.example.com.crt /etc/ssl/www.example.com.crt 182 | #COPY etc/ssl/www.example.com.key /etc/ssl/www.example.com.key 183 | 184 | # COPY /etc/nginx (Nginx configuration) directory 185 | COPY etc/nginx /etc/nginx 186 | 187 | # EXPOSE ports, HTTP 80, HTTPS 443 and, Nginx status page 8080 188 | EXPOSE 80 443 8080 189 | STOPSIGNAL SIGTERM 190 | CMD ["nginx", "-g", "daemon off;"] -------------------------------------------------------------------------------- /Dockerfiles/debian10_nim/Dockerfile: -------------------------------------------------------------------------------- 1 | FROM debian:buster-slim 2 | 3 | LABEL maintainer="armand@f5.com" 4 | 5 | # Define NGINX versions for NGINX Manager and NGINX Plus 6 | # Uncomment this block and the versioned NGINX Packages in the main RUN 7 | # instruction to install a specific release 8 | # https://docs.nginx.com/nginx/releases/ 9 | ENV NGINX_VERSION 23 10 | # https://plus-pkgs.nginx.com 11 | ENV PKG_RELEASE 1~buster 12 | # https://docs.nginx.com/nginx-instance-manager/releases/ 13 | ENV NIM_VERSION 0.9.1-3047962 14 | 15 | ## Install NIM and Nginx Plus 16 | # Download certificate and key from the customer portal https://account.f5.com/myf5 17 | # and copy to the build context and set correct permissions 18 | # NIM: 19 | # * nginx-manager.lic 20 | # * nginx-manager.crt (optional) 21 | # * nginx-manager.key (optional) 22 | # Nginx Plus: 23 | # * nginx-repo.crt 24 | # * nginx-repo.key 25 | RUN mkdir -p /etc/ssl/nginx && \ 26 | mkdir -p /etc/nginx-manager 27 | COPY etc/ssl/nginx/nginx-repo.crt /etc/ssl/nginx/nginx-repo.crt 28 | COPY etc/ssl/nginx/nginx-repo.key /etc/ssl/nginx/nginx-repo.key 29 | COPY etc/nginx-manager/nginx-manager.lic /etc/nginx-manager/nginx-manager.lic 30 | # Add Optional .crt and .key (make sure they exist first) and uncomment below 31 | # COPY etc/nginx-manager/nginx-manager.crt /etc/nginx-manager/nginx-manager.crt 32 | # COPY etc/nginx-manager/nginx-manager.key /etc/nginx-manager/nginx-manager.key 33 | 34 | # Copy Entrypoint 35 | COPY entrypoint.sh / 36 | 37 | RUN set -x \ 38 | # Set correct permissions on entrypoint and NGINX cert directory 39 | && chmod +x /entrypoint.sh \ 40 | && chmod 644 /etc/ssl/nginx/* \ 41 | # Create nginx user/group first, to be consistent throughout Docker variants 42 | && addgroup --system --gid 1001 nginx \ 43 | && adduser --system --disabled-login --ingroup nginx --no-create-home --home /nonexistent --gecos "nginx user" --shell /bin/false --uid 1001 nginx \ 44 | # Install prerequisite packages, vim for editing, then Install NGINX Plus 45 | && apt-get update && apt-get upgrade -y \ 46 | && DEBIAN_FRONTEND=noninteractive apt-get -qq -y install --no-install-recommends apt-transport-https lsb-release ca-certificates wget dnsutils gnupg vim-tiny apt-utils jq \ 47 | # Signing key for all NGINX things 48 | && wget http://nginx.org/keys/nginx_signing.key && apt-key add nginx_signing.key \ 49 | # Install NGINX Plus from repo (https://cs.nginx.com/repo_setup) 50 | && apt-get update && apt-get upgrade -y \ 51 | && apt-get install --no-install-recommends --no-install-suggests -y apt-transport-https ca-certificates gnupg1 lsb-release curl wget procps vim-tiny less apt-utils \ 52 | && wget https://cs.nginx.com/static/keys/nginx_signing.key && apt-key add nginx_signing.key \ 53 | && printf "deb https://plus-pkgs.nginx.com/debian `lsb_release -cs` nginx-plus\n" | tee /etc/apt/sources.list.d/nginx-plus.list \ 54 | && wget -P /etc/apt/apt.conf.d https://cs.nginx.com/static/files/90nginx \ 55 | && apt-get update \ 56 | ## Install the latest release of NGINX Plus and/or NGINX Plus modules 57 | ## Optionally use versioned packages over defaults to specify a release 58 | # List available versions: 59 | && apt-cache policy nginx-plus \ 60 | ## Uncomment one: 61 | # && DEBIAN_FRONTEND=noninteractive apt-get -qq -y install --no-install-recommends nginx-plus \ 62 | && DEBIAN_FRONTEND=noninteractive apt-get -qq -y install --no-install-recommends nginx-plus=${NGINX_VERSION}-${PKG_RELEASE} \ 63 | # Install NIM 64 | && printf "deb https://pkgs.nginx.com/instance-manager/debian stable nginx-plus\n" | tee /etc/apt/sources.list.d/instance-manager.list \ 65 | && wget -q -O /etc/apt/apt.conf.d/90pkgs-nginx https://cs.nginx.com/static/files/90pkgs-nginx \ 66 | && apt-get update \ 67 | ## Install the latest release of NGINX Instance Manager 68 | ## Optionally use versioned packages over defaults to specify a release 69 | # List available versions: 70 | && apt-cache policy nginx-manager \ 71 | ## Uncomment one: 72 | #&& DEBIAN_FRONTEND=noninteractive apt-get -qq -y install --no-install-recommends nginx-manager \ 73 | && DEBIAN_FRONTEND=noninteractive apt-get -qq -y install --no-install-recommends nginx-manager=${NIM_VERSION} \ 74 | # 75 | # Remove default nginx config 76 | && rm /etc/nginx/conf.d/default.conf \ 77 | # Optional: Create cache folder and set permissions for proxy caching 78 | && mkdir -p /var/cache/nginx \ 79 | && chown -R nginx /var/cache/nginx \ 80 | # Optional: Create State file folder and set permissions 81 | && mkdir -p /var/lib/nginx/state \ 82 | && chown -R nginx /var/lib/nginx/state \ 83 | # Set permissions 84 | && chown -R nginx:nginx /etc/nginx \ 85 | # Forward request and error logs to docker log collector 86 | && ln -sf /dev/stdout /var/log/nginx/access.log \ 87 | && ln -sf /dev/stderr /var/log/nginx/error.log \ 88 | #DO SOMETHING FOR /var/log/nginx-manager/ 89 | # Raise the limits to successfully run benchmarks 90 | && ulimit -c -m -s -t unlimited \ 91 | # Cleanup 92 | && apt-get remove --purge --auto-remove -y gnupg lsb-release apt-utils \ 93 | && rm -rf /var/lib/apt/lists/* /etc/apt/sources.list.d/nginx-plus.list \ 94 | && rm -rf /etc/apt/apt.conf.d/90nginx \ 95 | && rm -rf nginx_signing.key \ 96 | # Remove the cert/keys from the image 97 | && rm /etc/ssl/nginx/nginx-repo.crt /etc/ssl/nginx/nginx-repo.key 98 | 99 | ## Configs 100 | # Copy NGINX Plus (for reverse proxy) 101 | COPY etc/nginx/conf.d /etc/nginx/conf.d 102 | # NIM config files 103 | COPY etc/nginx-manager/nginx-manager.conf /etc/nginx-manager/nginx-manager.conf 104 | 105 | # EXPOSE NGINX Plus ports, HTTP 80, HTTPS 443, Nginx status page 8080 and GRPC 10002 106 | # Note: NIM ports GRPC 10000 and UI/API 11000 are proxied via NGINX Plus) 107 | EXPOSE 80 443 8080 10002 108 | STOPSIGNAL SIGQUIT 109 | ENTRYPOINT ["/entrypoint.sh"] -------------------------------------------------------------------------------- /Dockerfiles/debian9/Dockerfile: -------------------------------------------------------------------------------- 1 | #For Debian 9 2 | FROM debian:stretch-slim 3 | 4 | LABEL maintainer="armand@f5.com" 5 | 6 | # Define NGINX versions for NGINX Plus and NGINX Plus modules 7 | # Uncomment this block and the versioned nginxPackages block in the main RUN 8 | # instruction to install a specific release 9 | # https://docs.nginx.com/nginx/releases/ 10 | ENV NGINX_VERSION 23 11 | # https://nginx.org/en/docs/njs/changes.html 12 | ENV NJS_VERSION 0.5.2 13 | # https://plus-pkgs.nginx.com 14 | ENV PKG_RELEASE 1~stretch 15 | 16 | ## Install Nginx Plus 17 | # Download certificate and key from the customer portal https://account.f5.com/myf5 18 | # and copy to the build context and set correct permissions 19 | RUN mkdir -p /etc/ssl/nginx 20 | COPY etc/ssl/nginx/nginx-repo.crt /etc/ssl/nginx/nginx-repo.crt 21 | COPY etc/ssl/nginx/nginx-repo.key /etc/ssl/nginx/nginx-repo.key 22 | RUN set -x \ 23 | && chmod 644 /etc/ssl/nginx/* \ 24 | # Create nginx user/group first, to be consistent throughout Docker variants 25 | && addgroup --system --gid 101 nginx \ 26 | && adduser --system --disabled-login --ingroup nginx --no-create-home --home /nonexistent --gecos "nginx user" --shell /bin/false --uid 101 nginx \ 27 | # Install prerequisite packages, vim for editing, then Install NGINX Plus 28 | && apt-get update && apt-get upgrade -y \ 29 | && apt-get install --no-install-recommends --no-install-suggests -y apt-transport-https ca-certificates gnupg1 lsb-release curl wget procps vim-tiny less apt-utils \ 30 | && wget https://cs.nginx.com/static/keys/nginx_signing.key && apt-key add nginx_signing.key \ 31 | && printf "deb https://plus-pkgs.nginx.com/debian `lsb_release -cs` nginx-plus\n" | tee /etc/apt/sources.list.d/nginx-plus.list \ 32 | && wget -P /etc/apt/apt.conf.d https://cs.nginx.com/static/files/90nginx \ 33 | && apt-get update \ 34 | # 35 | ## Install the latest release of NGINX Plus and/or NGINX Plus modules 36 | ## Optionally use versioned packages over defaults to specify a release 37 | # List available versions: 38 | && apt-cache policy nginx-plus \ 39 | ## Uncomment one: 40 | && DEBIAN_FRONTEND=noninteractive apt-get -qq -y install --no-install-recommends nginx-plus \ 41 | #&& DEBIAN_FRONTEND=noninteractive apt-get -qq -y install --no-install-recommends nginx-plus=${NGINX_VERSION}-${PKG_RELEASE} \ 42 | # 43 | ## Optional: Install NGINX Plus Dynamic Modules (3rd-party) from repo 44 | ## See https://www.nginx.com/products/nginx/modules 45 | ## Some modules include debug binaries, install module ending with "-dbg" 46 | ## Uncomment one: 47 | ## njs dynamic modules 48 | nginx-plus-module-njs \ 49 | #nginx-plus-module-dbg \ 50 | #nginx-plus-module-njs=${NGINX_VERSION}+${NJS_VERSION}-${PKG_RELEASE} \ 51 | #nginx-plus-module-njs-dbg=${NGINX_VERSION}+${NJS_VERSION}-${PKG_RELEASE} \ 52 | ## NGINX high Availablity keepalived 53 | #nginx-ha-keepalived \ 54 | ## NGINX agent for New Relic \ 55 | #nginx-nr-agent \ 56 | ## SPNEGO for Kerberos authentication 57 | #nginx-plus-module-auth-spnego 58 | #nginx-plus-module-auth-spnego-dbg 59 | #nginx-plus-module-auth-spnego=${NGINX_VERSION}+${NJS_VERSION}-${PKG_RELEASE} 60 | #nginx-plus-module-auth-spnego-dbg=${NGINX_VERSION}+${NJS_VERSION}-${PKG_RELEASE} 61 | ## brotli compression dynamic modules 62 | #nginx-plus-module-brotli \ 63 | #nginx-plus-module-brotli-dbg \ 64 | #nginx-plus-module-brotli=${NGINX_VERSION}-${PKG_RELEASE} \ 65 | #nginx-plus-module-brotli-dbg=${NGINX_VERSION}-${PKG_RELEASE} \ 66 | ## cookie flag dynamic module 67 | #nginx-plus-module-cookie-flag \ 68 | #nginx-plus-module-cookie-flag-dbg 69 | #nginx-plus-module-cookie-flag=${NGINX_VERSION}-${PKG_RELEASE} \ 70 | #nginx-plus-module-cookie-flag-dbg=${NGINX_VERSION}-${PKG_RELEASE} \ 71 | ## Encrypted-Session dynamic module 72 | #nginx-plus-module-encrypted-session \ 73 | #nginx-plus-module-encrypted-session=${NGINX_VERSION}-${PKG_RELEASE} \ 74 | #nginx-plus-module-encrypted-session-dbg \ 75 | #nginx-plus-module-encrypted-session-dbg=${NGINX_VERSION}-${PKG_RELEASE} \ 76 | ## FIPS Check 77 | #nginx-plus-module-fips-check \ 78 | #nginx-plus-module-fips-check-dbg \ 79 | #nginx-plus-module-fips-check=${NGINX_VERSION}-${PKG_RELEASE} \ 80 | #nginx-plus-module-fips-check-dbg=${NGINX_VERSION}-${PKG_RELEASE} \ 81 | ## GeoIP dynamic modules 82 | #nginx-plus-module-geoip \ 83 | #nginx-plus-module-geoip-dbg \ 84 | #nginx-plus-module-geoip=${NGINX_VERSION}-${PKG_RELEASE} \ 85 | #nginx-plus-module-geoip-dbg=${NGINX_VERSION}-${PKG_RELEASE} \ 86 | ## GeoIP2 dynamic modules 87 | #nginx-plus-module-geoip2 \ 88 | #nginx-plus-module-geoip2-dbg \ 89 | #nginx-plus-module-geoip2=${NGINX_VERSION}-${PKG_RELEASE} \ 90 | #nginx-plus-module-geoip2-dbg=${NGINX_VERSION}-${PKG_RELEASE} \ 91 | ## headers-more dynamic module 92 | #nginx-plus-module-headers-more \ 93 | #nginx-plus-module-headers-more-dbg \ 94 | #nginx-plus-module-headers-more=${NGINX_VERSION}-${PKG_RELEASE} \ 95 | #nginx-plus-module-headers-more-dbg=${NGINX_VERSION}-${PKG_RELEASE} \ 96 | ## image filter dynamic module 97 | #nginx-plus-module-image-filter \ 98 | #nginx-plus-module-image-filter-dbg \ 99 | #nginx-plus-module-image-filter=${NGINX_VERSION}-${PKG_RELEASE} \ 100 | #nginx-plus-module-image-filter-dbg=${NGINX_VERSION}-${PKG_RELEASE} \ 101 | ## Lua dynamic module 102 | #nginx-plus-module-lua \ 103 | #nginx-plus-module-lua-dbg \ 104 | #nginx-plus-module-lua=${NGINX_VERSION}-${PKG_RELEASE} \ 105 | #nginx-plus-module-lua-dbg=${NGINX_VERSION}-${PKG_RELEASE} \ 106 | ## ModSecurity dynamic module 107 | #nginx-plus-module-modsecurity \ 108 | #nginx-plus-module-modsecurity-dbg \ 109 | #nginx-plus-module-modsecurity=${NGINX_VERSION}-${PKG_RELEASE} \ 110 | #nginx-plus-module-modsecurity-dbg=${NGINX_VERSION}-${PKG_RELEASE} \ 111 | ## Nginx Development Kit dynamic module 112 | #nginx-plus-module-ndk \ 113 | #nginx-plus-module-ndk-dbg \ 114 | #nginx-plus-module-ndk=${NGINX_VERSION}-${PKG_RELEASE} \ 115 | #nginx-plus-module-ndk-dbg=${NGINX_VERSION}-${PKG_RELEASE} \ 116 | ## OpenTracing dynamic module 117 | #nginx-plus-module-opentracing \ 118 | #nginx-plus-module-opentracing-dbg \ 119 | #nginx-plus-module-opentracing=${NGINX_VERSION}-${PKG_RELEASE} \ 120 | #nginx-plus-module-opentracing-dbg=${NGINX_VERSION}-${PKG_RELEASE} \ 121 | ## Phusion Passenger Open Source dynamic module 122 | #nginx-plus-module-passenger \ 123 | #nginx-plus-module-passenger-dbg \ 124 | #nginx-plus-module-passenger=${NGINX_VERSION}-${PKG_RELEASE} \ 125 | #nginx-plus-module-passenger-dbg=${NGINX_VERSION}-${PKG_RELEASE} \ 126 | ## Perl dynamic module 127 | #nginx-plus-module-perl \ 128 | #nginx-plus-module-perl-dbg \ 129 | #nginx-plus-module-perl=${NGINX_VERSION}-${PKG_RELEASE} \ 130 | #nginx-plus-module-perl-dbg=${NGINX_VERSION}-${PKG_RELEASE} \ 131 | ## Prometheus exporter NJS module 132 | #nginx-plus-module-prometheus \ 133 | #nginx-plus-module-prometheus=${NGINX_VERSION}-${PKG_RELEASE} \ 134 | ## RTMP dynamic module 135 | #nginx-plus-module-rtmp \ 136 | #nginx-plus-module-rtmp-dbg \ 137 | #nginx-plus-module-rtmp=${NGINX_VERSION}-${PKG_RELEASE} \ 138 | #nginx-plus-module-rtmp-dbg=${NGINX_VERSION}-${PKG_RELEASE} \ 139 | ## set-misc dynamic module 140 | #nginx-plus-module-set-misc \ 141 | #nginx-plus-module-set-misc-dbg \ 142 | #nginx-plus-module-set-misc=${NGINX_VERSION}-${PKG_RELEASE} \ 143 | #nginx-plus-module-set-misc-dbg=${NGINX_VERSION}-${PKG_RELEASE} \ 144 | ## HTTP Substitutions Filter dynamic module 145 | #nginx-plus-module-subs-filter \ 146 | #nginx-plus-module-subs-filter-dbg \ 147 | #nginx-plus-module-subs-filter=${NGINX_VERSION}-${PKG_RELEASE} \ 148 | #nginx-plus-module-subs-filter-dbg=${NGINX_VERSION}-${PKG_RELEASE} \ 149 | ## xslt dynamic module 150 | #nginx-plus-module-xslt \ 151 | #nginx-plus-module-xslt-dbg \ 152 | #nginx-plus-module-xslt=${NGINX_VERSION}-${PKG_RELEASE} \ 153 | #nginx-plus-module-xslt-dbg=${NGINX_VERSION}-${PKG_RELEASE} \ 154 | ## NGINX Sync Script nginx-sync.sh 155 | #nginx-sync \ 156 | # Remove default nginx config 157 | && rm /etc/nginx/conf.d/default.conf \ 158 | # Optional: Create cache folder and set permissions for proxy caching 159 | && mkdir -p /var/cache/nginx \ 160 | && chown -R nginx /var/cache/nginx \ 161 | # Optional: Create State file folder and set permissions 162 | && mkdir -p /var/lib/nginx/state \ 163 | && chown -R nginx /var/lib/nginx/state \ 164 | # Set permissions in case 165 | && chown -R nginx:nginx /etc/nginx \ 166 | # Forward request and error logs to docker log collector 167 | && ln -sf /dev/stdout /var/log/nginx/access.log \ 168 | && ln -sf /dev/stderr /var/log/nginx/error.log \ 169 | # Raise the limits to successfully run benchmarks 170 | && ulimit -c -m -s -t unlimited \ 171 | # Cleanup 172 | && apt-get remove --purge --auto-remove -y gnupg1 lsb-release apt-utils \ 173 | && rm -rf /var/lib/apt/lists/* /etc/apt/sources.list.d/nginx-plus.list \ 174 | && rm -rf /etc/apt/apt.conf.d/90nginx \ 175 | && rm -rf nginx_signing.key \ 176 | # Remove the cert/keys from the image 177 | && rm /etc/ssl/nginx/nginx-repo.crt /etc/ssl/nginx/nginx-repo.key 178 | 179 | # Optional: COPY over any of your SSL certs for HTTPS servers 180 | # e.g. 181 | #COPY etc/ssl/www.example.com.crt /etc/ssl/www.example.com.crt 182 | #COPY etc/ssl/www.example.com.key /etc/ssl/www.example.com.key 183 | 184 | # COPY /etc/nginx (Nginx configuration) directory 185 | COPY etc/nginx /etc/nginx 186 | 187 | # EXPOSE ports, HTTP 80, HTTPS 443 and, Nginx status page 8080 188 | EXPOSE 80 443 8080 189 | STOPSIGNAL SIGTERM 190 | CMD ["nginx", "-g", "daemon off;"] 191 | -------------------------------------------------------------------------------- /Dockerfiles/debian9_controller/Dockerfile: -------------------------------------------------------------------------------- 1 | FROM debian:stretch-slim 2 | 3 | LABEL maintainer="armand@f5.com" 4 | 5 | # Define NGINX versions for NGINX Plus and NGINX Plus modules 6 | # Uncomment this block and the versioned nginxPackages block in the main RUN 7 | # instruction to install a specific release 8 | # https://docs.nginx.com/nginx/releases/ 9 | ENV NGINX_VERSION 23 10 | # https://nginx.org/en/docs/njs/changes.html 11 | ENV NJS_VERSION 0.5.2 12 | # https://plus-pkgs.nginx.com 13 | ENV PKG_RELEASE 1~stretch 14 | 15 | # e.g '1234567890' 16 | ARG API_KEY 17 | ENV ENV_API_KEY=$API_KEY 18 | 19 | # e.g https://:8443/1.4 20 | ARG CONTROLLER_URL 21 | ENV ENV_CONTROLLER_URL=$CONTROLLER_URL 22 | 23 | # e.g True or False 24 | ARG STORE_UUID=False 25 | ENV ENV_STORE_UUID=$STORE_UUID 26 | 27 | # e.g Instance location already defined in Controller 28 | ARG LOCATION 29 | ENV ENV_LOCATION=$LOCATION 30 | 31 | # Download certificate (nginx-repo.crt) and key (nginx-repo.key) from the customer portal (https://cs.nginx.com) 32 | # and copy to the build context 33 | COPY nginx-repo.* /etc/ssl/nginx/ 34 | COPY nginx-plus-api.conf /etc/nginx/conf.d/ 35 | COPY ./entrypoint.sh / 36 | 37 | ## Install Nginx Plus 38 | # Download certificate and key from the customer portal https://account.f5.com/myf5 39 | # and copy to the build context and set correct permissions 40 | RUN mkdir -p /etc/ssl/nginx 41 | COPY etc/ssl/nginx/nginx-repo.crt /etc/ssl/nginx/nginx-repo.crt 42 | COPY etc/ssl/nginx/nginx-repo.key /etc/ssl/nginx/nginx-repo.key 43 | RUN set -x \ 44 | && chmod 644 /etc/ssl/nginx/* \ 45 | # Create nginx user/group first, to be consistent throughout Docker variants 46 | && addgroup --system --gid 101 nginx \ 47 | && adduser --system --disabled-login --ingroup nginx --no-create-home --home /nonexistent --gecos "nginx user" --shell /bin/false --uid 101 nginx \ 48 | # Install prerequisite packages, vim for editing, then Install NGINX Plus 49 | && apt-get update && apt-get upgrade -y \ 50 | && apt-get install --no-install-recommends --no-install-suggests -y apt-transport-https ca-certificates gnupg1 lsb-release curl wget procps vim-tiny less apt-utils \ 51 | && wget https://cs.nginx.com/static/keys/nginx_signing.key && apt-key add nginx_signing.key \ 52 | && printf "deb https://plus-pkgs.nginx.com/debian `lsb_release -cs` nginx-plus\n" | tee /etc/apt/sources.list.d/nginx-plus.list \ 53 | && wget -P /etc/apt/apt.conf.d https://cs.nginx.com/static/files/90nginx \ 54 | && apt-get update \ 55 | # 56 | ## Install the latest release of NGINX Plus and/or NGINX Plus modules 57 | ## Optionally use versioned packages over defaults to specify a release 58 | # List available versions: 59 | && apt-cache policy nginx-plus \ 60 | ## Uncomment one: 61 | && DEBIAN_FRONTEND=noninteractive apt-get -qq -y install --no-install-recommends nginx-plus \ 62 | # 63 | # NGINX Javascript module needed for APIM 64 | nginx-plus-module-njs \ 65 | # 66 | # 67 | # Install Controller Agent 68 | && curl -k -sS -L ${CONTROLLER_URL}/install/controller/ > install.sh \ 69 | && sed -i 's/^assume_yes=""/assume_yes="-y"/' install.sh \ 70 | && sh ./install.sh -y 71 | && chown -R nginx:nginx /etc/nginx \ 72 | # Forward request and error logs to docker log collector 73 | && ln -sf /dev/stdout /var/log/nginx-controller/agent.log \ 74 | && ln -sf /dev/stderr /var/log/nginx/error.log \ 75 | # Raise the limits to successfully run benchmarks 76 | && ulimit -c -m -s -t unlimited \ 77 | # Cleanup 78 | && apt-get remove --purge --auto-remove -y gnupg1 lsb-release apt-utils \ 79 | && rm -rf /var/lib/apt/lists/* /etc/apt/sources.list.d/nginx-plus.list \ 80 | && rm -rf /etc/apt/apt.conf.d/90nginx \ 81 | # Remove the cert/keys from the image 82 | && rm /etc/ssl/nginx/nginx-repo.crt /etc/ssl/nginx/nginx-repo.key 83 | 84 | # COPY /etc/nginx (Nginx configuration) directory 85 | COPY etc/nginx /etc/nginx 86 | 87 | # EXPOSE common ports, HTTP 80 and HTTPS 443 88 | EXPOSE 80 443 89 | STOPSIGNAL SIGTERM 90 | ENTRYPOINT ["sh", "/entrypoint.sh"] -------------------------------------------------------------------------------- /Dockerfiles/oracle7/Dockerfile: -------------------------------------------------------------------------------- 1 | FROM oraclelinux:7-slim 2 | 3 | LABEL maintainer="armand@f5.com" 4 | 5 | # Define NGINX versions for NGINX Plus and NGINX Plus modules 6 | # Uncomment this block and the versioned nginxPackages in the main RUN 7 | # instruction to install a specific release 8 | ENV NGINX_VERSION 23 9 | # https://nginx.org/en/docs/njs/changes.html 10 | ENV NJS_VERSION 0.5.2 11 | # https://plus-pkgs.nginx.com 12 | ENV PKG_RELEASE 1.el7.ngx 13 | 14 | ## Install Nginx Plus 15 | # Download certificate and key from the customer portal https://account.f5.com/myf5 16 | # and copy to the build context and set correct permissions 17 | RUN mkdir -p /etc/ssl/nginx 18 | COPY etc/ssl/nginx/nginx-repo.crt /etc/ssl/nginx/nginx-repo.crt 19 | COPY etc/ssl/nginx/nginx-repo.key /etc/ssl/nginx/nginx-repo.key 20 | RUN set -x \ 21 | && chmod 644 /etc/ssl/nginx/* \ 22 | # Create nginx user/group first, to be consistent throughout Docker variants 23 | && groupadd --system --gid 101 nginx \ 24 | && adduser -g nginx --system --no-create-home --home /nonexistent --shell /bin/false --uid 101 nginx \ 25 | && usermod -s /sbin/nologin nginx \ 26 | && usermod -L nginx \ 27 | # Install prerequisite packages (ca-certificates epel-release) and tools for editing/troubleshooting: 28 | && yum install -y --setopt=tsflags=nodocs wget ca-certificates bind-utils wget bind-utils vim-minimal \ 29 | # Prepare repo config and install NGINX Plus https://docs.nginx.com/nginx/admin-guide/installing-nginx/installing-nginx-plus/ 30 | && wget -q -O /etc/yum.repos.d/nginx-plus-7.repo https://cs.nginx.com/static/files/nginx-plus-7.4.repo \ 31 | # 32 | ## Install the latest release of NGINX App Protect and/or NGINX Plus modules 33 | ## Optionally use versioned packages over defaults to specify a release 34 | # List available versions: 35 | && yum --showduplicates list nginx-plus \ 36 | ## Uncomment one: 37 | # && yum install -y --setopt=tsflags=nodocs nginx-plus \ 38 | && yum install -y --setopt=tsflags=nodocs nginx-plus-${NGINX_VERSION}-${PKG_RELEASE} \ 39 | # 40 | ## Optional: Install NGINX Plus Dynamic Modules (3rd-party) from repo 41 | ## See https://www.nginx.com/products/nginx/modules 42 | ## Some modules include debug binaries, install module ending with "-dbg" 43 | ## Uncomment one (run "yum --showduplicates list nginx-plus-module-njs" to see all versions): 44 | ## njs dynamic modules 45 | #nginx-plus-module-njs \ 46 | #nginx-plus-module-dbg \ 47 | #nginx-plus-module-njs=${NGINX_VERSION}+${NJS_VERSION}-${PKG_RELEASE} \ 48 | #nginx-plus-module-njs-dbg=${NGINX_VERSION}+${NJS_VERSION}-${PKG_RELEASE} \ 49 | ## NGINX high Availablity keepalived 50 | #nginx-ha-keepalived \ 51 | ## NGINX agent for New Relic \ 52 | #nginx-nr-agent \ 53 | ## SPNEGO for Kerberos authentication 54 | #nginx-plus-module-auth-spnego 55 | #nginx-plus-module-auth-spnego-dbg 56 | #nginx-plus-module-auth-spnego=${NGINX_VERSION}+${NJS_VERSION}-${PKG_RELEASE} 57 | #nginx-plus-module-auth-spnego-dbg=${NGINX_VERSION}+${NJS_VERSION}-${PKG_RELEASE} 58 | ## brotli compression dynamic modules 59 | #nginx-plus-module-brotli \ 60 | #nginx-plus-module-brotli-dbg \ 61 | #nginx-plus-module-brotli=${NGINX_VERSION}-${PKG_RELEASE} \ 62 | #nginx-plus-module-brotli-dbg=${NGINX_VERSION}-${PKG_RELEASE} \ 63 | ## cookie flag dynamic module 64 | #nginx-plus-module-cookie-flag \ 65 | #nginx-plus-module-cookie-flag-dbg 66 | #nginx-plus-module-cookie-flag=${NGINX_VERSION}-${PKG_RELEASE} \ 67 | #nginx-plus-module-cookie-flag-dbg=${NGINX_VERSION}-${PKG_RELEASE} \ 68 | ## Encrypted-Session dynamic module 69 | #nginx-plus-module-encrypted-session \ 70 | #nginx-plus-module-encrypted-session=${NGINX_VERSION}-${PKG_RELEASE} \ 71 | #nginx-plus-module-encrypted-session-dbg \ 72 | #nginx-plus-module-encrypted-session-dbg=${NGINX_VERSION}-${PKG_RELEASE} \ 73 | ## FIPS Check 74 | #nginx-plus-module-fips-check \ 75 | #nginx-plus-module-fips-check-dbg \ 76 | #nginx-plus-module-fips-check=${NGINX_VERSION}-${PKG_RELEASE} \ 77 | #nginx-plus-module-fips-check-dbg=${NGINX_VERSION}-${PKG_RELEASE} \ 78 | ## GeoIP dynamic modules 79 | #nginx-plus-module-geoip \ 80 | #nginx-plus-module-geoip-dbg \ 81 | #nginx-plus-module-geoip=${NGINX_VERSION}-${PKG_RELEASE} \ 82 | #nginx-plus-module-geoip-dbg=${NGINX_VERSION}-${PKG_RELEASE} \ 83 | ## GeoIP2 dynamic modules 84 | #nginx-plus-module-geoip2 \ 85 | #nginx-plus-module-geoip2-dbg \ 86 | #nginx-plus-module-geoip2=${NGINX_VERSION}-${PKG_RELEASE} \ 87 | #nginx-plus-module-geoip2-dbg=${NGINX_VERSION}-${PKG_RELEASE} \ 88 | ## headers-more dynamic module 89 | #nginx-plus-module-headers-more \ 90 | #nginx-plus-module-headers-more-dbg \ 91 | #nginx-plus-module-headers-more=${NGINX_VERSION}-${PKG_RELEASE} \ 92 | #nginx-plus-module-headers-more-dbg=${NGINX_VERSION}-${PKG_RELEASE} \ 93 | ## image filter dynamic module 94 | #nginx-plus-module-image-filter \ 95 | #nginx-plus-module-image-filter-dbg \ 96 | #nginx-plus-module-image-filter=${NGINX_VERSION}-${PKG_RELEASE} \ 97 | #nginx-plus-module-image-filter-dbg=${NGINX_VERSION}-${PKG_RELEASE} \ 98 | ## Lua dynamic module 99 | #nginx-plus-module-lua \ 100 | #nginx-plus-module-lua-dbg \ 101 | #nginx-plus-module-lua=${NGINX_VERSION}-${PKG_RELEASE} \ 102 | #nginx-plus-module-lua-dbg=${NGINX_VERSION}-${PKG_RELEASE} \ 103 | ## ModSecurity dynamic module 104 | #nginx-plus-module-modsecurity \ 105 | #nginx-plus-module-modsecurity-dbg \ 106 | #nginx-plus-module-modsecurity=${NGINX_VERSION}-${PKG_RELEASE} \ 107 | #nginx-plus-module-modsecurity-dbg=${NGINX_VERSION}-${PKG_RELEASE} \ 108 | ## Nginx Development Kit dynamic module 109 | #nginx-plus-module-ndk \ 110 | #nginx-plus-module-ndk-dbg \ 111 | #nginx-plus-module-ndk=${NGINX_VERSION}-${PKG_RELEASE} \ 112 | #nginx-plus-module-ndk-dbg=${NGINX_VERSION}-${PKG_RELEASE} \ 113 | ## OpenTracing dynamic module 114 | #nginx-plus-module-opentracing \ 115 | #nginx-plus-module-opentracing-dbg \ 116 | #nginx-plus-module-opentracing=${NGINX_VERSION}-${PKG_RELEASE} \ 117 | #nginx-plus-module-opentracing-dbg=${NGINX_VERSION}-${PKG_RELEASE} \ 118 | ## Phusion Passenger Open Source dynamic module 119 | #nginx-plus-module-passenger \ 120 | #nginx-plus-module-passenger-dbg \ 121 | #nginx-plus-module-passenger=${NGINX_VERSION}-${PKG_RELEASE} \ 122 | #nginx-plus-module-passenger-dbg=${NGINX_VERSION}-${PKG_RELEASE} \ 123 | ## Perl dynamic module 124 | #nginx-plus-module-perl \ 125 | #nginx-plus-module-perl-dbg \ 126 | #nginx-plus-module-perl=${NGINX_VERSION}-${PKG_RELEASE} \ 127 | #nginx-plus-module-perl-dbg=${NGINX_VERSION}-${PKG_RELEASE} \ 128 | ## Prometheus exporter NJS module 129 | #nginx-plus-module-prometheus \ 130 | #nginx-plus-module-prometheus=${NGINX_VERSION}-${PKG_RELEASE} \ 131 | ## RTMP dynamic module 132 | #nginx-plus-module-rtmp \ 133 | #nginx-plus-module-rtmp-dbg \ 134 | #nginx-plus-module-rtmp=${NGINX_VERSION}-${PKG_RELEASE} \ 135 | #nginx-plus-module-rtmp-dbg=${NGINX_VERSION}-${PKG_RELEASE} \ 136 | ## set-misc dynamic module 137 | #nginx-plus-module-set-misc \ 138 | #nginx-plus-module-set-misc-dbg \ 139 | #nginx-plus-module-set-misc=${NGINX_VERSION}-${PKG_RELEASE} \ 140 | #nginx-plus-module-set-misc-dbg=${NGINX_VERSION}-${PKG_RELEASE} \ 141 | ## HTTP Substitutions Filter dynamic module 142 | #nginx-plus-module-subs-filter \ 143 | #nginx-plus-module-subs-filter-dbg \ 144 | #nginx-plus-module-subs-filter=${NGINX_VERSION}-${PKG_RELEASE} \ 145 | #nginx-plus-module-subs-filter-dbg=${NGINX_VERSION}-${PKG_RELEASE} \ 146 | ## xslt dynamic module 147 | #nginx-plus-module-xslt \ 148 | #nginx-plus-module-xslt-dbg \ 149 | #nginx-plus-module-xslt=${NGINX_VERSION}-${PKG_RELEASE} \ 150 | #nginx-plus-module-xslt-dbg=${NGINX_VERSION}-${PKG_RELEASE} \ 151 | ## NGINX Sync Script nginx-sync.sh 152 | #nginx-sync \ 153 | # Remove default nginx config 154 | && rm /etc/nginx/conf.d/default.conf \ 155 | # Optional: Create cache folder and set permissions for proxy caching 156 | && mkdir -p /var/cache/nginx \ 157 | && chown -R nginx /var/cache/nginx \ 158 | # Optional: Create State file folder and set permissions 159 | && mkdir -p /var/lib/nginx/state \ 160 | && chown -R nginx /var/lib/nginx/state \ 161 | # Set permissions 162 | && chown -R nginx:nginx /etc/nginx \ 163 | # Forward request and error logs to docker log collector 164 | && ln -sf /dev/stdout /var/log/nginx/access.log \ 165 | && ln -sf /dev/stderr /var/log/nginx/error.log \ 166 | # Raise the limits to successfully run benchmarks 167 | && ulimit -c -m -s -t unlimited \ 168 | # Cleanup 169 | && yum clean all \ 170 | && rm -rf /var/cache/yum \ 171 | && rm -rf /etc/yum.repos.d/* \ 172 | # Remove the cert/keys from the image 173 | && rm /etc/ssl/nginx/nginx-repo.crt /etc/ssl/nginx/nginx-repo.key 174 | 175 | # Optional: COPY over any of your SSL certs for HTTPS servers 176 | # e.g. 177 | #COPY etc/ssl/www.example.com.crt /etc/ssl/www.example.com.crt 178 | #COPY etc/ssl/www.example.com.key /etc/ssl/www.example.com.key 179 | 180 | # COPY /etc/nginx (Nginx configuration) directory 181 | COPY etc/nginx /etc/nginx 182 | 183 | # EXPOSE ports, HTTP 80, HTTPS 443 and, Nginx status page 8080 184 | EXPOSE 80 443 8080 185 | STOPSIGNAL SIGTERM 186 | CMD ["nginx", "-g", "daemon off;"] -------------------------------------------------------------------------------- /Dockerfiles/rhel7/Dockerfile: -------------------------------------------------------------------------------- 1 | FROM registry.access.redhat.com/ubi7/ubi:latest 2 | LABEL maintainer="armand@f5.com" 3 | 4 | # Define NGINX versions for NGINX Plus and NGINX Plus modules 5 | # Uncomment this block and the versioned nginxPackages in the main RUN 6 | # instruction to install a specific release 7 | ENV NGINX_VERSION 23 8 | # https://nginx.org/en/docs/njs/changes.html 9 | ENV NJS_VERSION 0.5.2 10 | # https://plus-pkgs.nginx.com 11 | ENV PKG_RELEASE 1.el7.ngx 12 | 13 | ## Install Nginx Plus 14 | # Download certificate and key from the customer portal https://account.f5.com/myf5 15 | # and copy to the build context and set correct permissions 16 | RUN mkdir -p /etc/ssl/nginx 17 | COPY etc/ssl/nginx/nginx-repo.crt /etc/ssl/nginx/nginx-repo.crt 18 | COPY etc/ssl/nginx/nginx-repo.key /etc/ssl/nginx/nginx-repo.key 19 | RUN set -x \ 20 | && chmod 644 /etc/ssl/nginx/* \ 21 | # Create nginx user/group first, to be consistent throughout Docker variants 22 | && yum install -y --disableplugin=subscription-manager --setopt=tsflags=nodocs shadow-utils.x86_64 \ 23 | && groupadd --system --gid 101 nginx \ 24 | && adduser -g nginx --system --no-create-home --home /nonexistent --shell /bin/false --uid 101 nginx \ 25 | && usermod -s /sbin/nologin nginx \ 26 | && usermod -L nginx \ 27 | # Install prerequisite packages (ca-certificates epel-release) and tools for editing/troubleshooting: 28 | && yum install -y --setopt=tsflags=nodocs wget ca-certificates bind-utils wget bind-utils vim-minimal \ 29 | # Prepare repo config and install NGINX Plus https://docs.nginx.com/nginx/admin-guide/installing-nginx/installing-nginx-plus/ 30 | && wget -P /etc/yum.repos.d https://cs.nginx.com/static/files/nginx-plus-7.4.repo \ 31 | # 32 | ## Install the latest release of NGINX App Protect and/or NGINX Plus modules 33 | ## Optionally use versioned packages over defaults to specify a release 34 | # List available versions: 35 | && yum --showduplicates list nginx-plus \ 36 | && yum --showduplicates list nginx-plus-module-njs \ 37 | ## Uncomment one: 38 | # && yum install -y --disableplugin=subscription-manager --setopt=tsflags=nodocs nginx-plus \ 39 | && yum install -y --disableplugin=subscription-manager --setopt=tsflags=nodocs nginx-plus-${NGINX_VERSION}-${PKG_RELEASE} \ 40 | # 41 | ## Optional: Install NGINX Plus Dynamic Modules (3rd-party) from repo 42 | ## See https://www.nginx.com/products/nginx/modules 43 | ## Some modules include debug binaries, install module ending with "-dbg" 44 | ## Uncomment one (run "yum --showduplicates list nginx-plus-module-njs" to see all versions): 45 | ## njs dynamic modules 46 | #nginx-plus-module-njs \ 47 | #nginx-plus-module-dbg \ 48 | # nginx-plus-module-njs=${NGINX_VERSION}+${NJS_VERSION}-${PKG_RELEASE} \ 49 | #nginx-plus-module-njs-dbg=${NGINX_VERSION}+${NJS_VERSION}-${PKG_RELEASE} \ 50 | ## NGINX high Availablity keepalived 51 | #nginx-ha-keepalived \ 52 | ## NGINX agent for New Relic \ 53 | #nginx-nr-agent \ 54 | ## SPNEGO for Kerberos authentication 55 | #nginx-plus-module-auth-spnego 56 | #nginx-plus-module-auth-spnego-dbg 57 | #nginx-plus-module-auth-spnego=${NGINX_VERSION}+${NJS_VERSION}-${PKG_RELEASE} 58 | #nginx-plus-module-auth-spnego-dbg=${NGINX_VERSION}+${NJS_VERSION}-${PKG_RELEASE} 59 | ## brotli compression dynamic modules 60 | #nginx-plus-module-brotli \ 61 | #nginx-plus-module-brotli-dbg \ 62 | #nginx-plus-module-brotli=${NGINX_VERSION}-${PKG_RELEASE} \ 63 | #nginx-plus-module-brotli-dbg=${NGINX_VERSION}-${PKG_RELEASE} \ 64 | ## cookie flag dynamic module 65 | #nginx-plus-module-cookie-flag \ 66 | #nginx-plus-module-cookie-flag-dbg 67 | #nginx-plus-module-cookie-flag=${NGINX_VERSION}-${PKG_RELEASE} \ 68 | #nginx-plus-module-cookie-flag-dbg=${NGINX_VERSION}-${PKG_RELEASE} \ 69 | ## Encrypted-Session dynamic module 70 | #nginx-plus-module-encrypted-session \ 71 | #nginx-plus-module-encrypted-session=${NGINX_VERSION}-${PKG_RELEASE} \ 72 | #nginx-plus-module-encrypted-session-dbg \ 73 | #nginx-plus-module-encrypted-session-dbg=${NGINX_VERSION}-${PKG_RELEASE} \ 74 | ## FIPS Check 75 | #nginx-plus-module-fips-check \ 76 | #nginx-plus-module-fips-check-dbg \ 77 | #nginx-plus-module-fips-check=${NGINX_VERSION}-${PKG_RELEASE} \ 78 | #nginx-plus-module-fips-check-dbg=${NGINX_VERSION}-${PKG_RELEASE} \ 79 | ## GeoIP dynamic modules 80 | #nginx-plus-module-geoip \ 81 | #nginx-plus-module-geoip-dbg \ 82 | #nginx-plus-module-geoip=${NGINX_VERSION}-${PKG_RELEASE} \ 83 | #nginx-plus-module-geoip-dbg=${NGINX_VERSION}-${PKG_RELEASE} \ 84 | ## GeoIP2 dynamic modules 85 | #nginx-plus-module-geoip2 \ 86 | #nginx-plus-module-geoip2-dbg \ 87 | #nginx-plus-module-geoip2=${NGINX_VERSION}-${PKG_RELEASE} \ 88 | #nginx-plus-module-geoip2-dbg=${NGINX_VERSION}-${PKG_RELEASE} \ 89 | ## headers-more dynamic module 90 | #nginx-plus-module-headers-more \ 91 | #nginx-plus-module-headers-more-dbg \ 92 | #nginx-plus-module-headers-more=${NGINX_VERSION}-${PKG_RELEASE} \ 93 | #nginx-plus-module-headers-more-dbg=${NGINX_VERSION}-${PKG_RELEASE} \ 94 | ## image filter dynamic module 95 | #nginx-plus-module-image-filter \ 96 | #nginx-plus-module-image-filter-dbg \ 97 | #nginx-plus-module-image-filter=${NGINX_VERSION}-${PKG_RELEASE} \ 98 | #nginx-plus-module-image-filter-dbg=${NGINX_VERSION}-${PKG_RELEASE} \ 99 | ## Lua dynamic module 100 | #nginx-plus-module-lua \ 101 | #nginx-plus-module-lua-dbg \ 102 | #nginx-plus-module-lua=${NGINX_VERSION}-${PKG_RELEASE} \ 103 | #nginx-plus-module-lua-dbg=${NGINX_VERSION}-${PKG_RELEASE} \ 104 | ## ModSecurity dynamic module 105 | #nginx-plus-module-modsecurity \ 106 | #nginx-plus-module-modsecurity-dbg \ 107 | #nginx-plus-module-modsecurity=${NGINX_VERSION}-${PKG_RELEASE} \ 108 | #nginx-plus-module-modsecurity-dbg=${NGINX_VERSION}-${PKG_RELEASE} \ 109 | ## Nginx Development Kit dynamic module 110 | #nginx-plus-module-ndk \ 111 | #nginx-plus-module-ndk-dbg \ 112 | #nginx-plus-module-ndk=${NGINX_VERSION}-${PKG_RELEASE} \ 113 | #nginx-plus-module-ndk-dbg=${NGINX_VERSION}-${PKG_RELEASE} \ 114 | ## OpenTracing dynamic module 115 | #nginx-plus-module-opentracing \ 116 | #nginx-plus-module-opentracing-dbg \ 117 | #nginx-plus-module-opentracing=${NGINX_VERSION}-${PKG_RELEASE} \ 118 | #nginx-plus-module-opentracing-dbg=${NGINX_VERSION}-${PKG_RELEASE} \ 119 | ## Phusion Passenger Open Source dynamic module 120 | #nginx-plus-module-passenger \ 121 | #nginx-plus-module-passenger-dbg \ 122 | #nginx-plus-module-passenger=${NGINX_VERSION}-${PKG_RELEASE} \ 123 | #nginx-plus-module-passenger-dbg=${NGINX_VERSION}-${PKG_RELEASE} \ 124 | ## Perl dynamic module 125 | #nginx-plus-module-perl \ 126 | #nginx-plus-module-perl-dbg \ 127 | #nginx-plus-module-perl=${NGINX_VERSION}-${PKG_RELEASE} \ 128 | #nginx-plus-module-perl-dbg=${NGINX_VERSION}-${PKG_RELEASE} \ 129 | ## Prometheus exporter NJS module 130 | #nginx-plus-module-prometheus \ 131 | #nginx-plus-module-prometheus=${NGINX_VERSION}-${PKG_RELEASE} \ 132 | ## RTMP dynamic module 133 | #nginx-plus-module-rtmp \ 134 | #nginx-plus-module-rtmp-dbg \ 135 | #nginx-plus-module-rtmp=${NGINX_VERSION}-${PKG_RELEASE} \ 136 | #nginx-plus-module-rtmp-dbg=${NGINX_VERSION}-${PKG_RELEASE} \ 137 | ## set-misc dynamic module 138 | #nginx-plus-module-set-misc \ 139 | #nginx-plus-module-set-misc-dbg \ 140 | #nginx-plus-module-set-misc=${NGINX_VERSION}-${PKG_RELEASE} \ 141 | #nginx-plus-module-set-misc-dbg=${NGINX_VERSION}-${PKG_RELEASE} \ 142 | ## HTTP Substitutions Filter dynamic module 143 | #nginx-plus-module-subs-filter \ 144 | #nginx-plus-module-subs-filter-dbg \ 145 | #nginx-plus-module-subs-filter=${NGINX_VERSION}-${PKG_RELEASE} \ 146 | #nginx-plus-module-subs-filter-dbg=${NGINX_VERSION}-${PKG_RELEASE} \ 147 | ## xslt dynamic module 148 | #nginx-plus-module-xslt \ 149 | #nginx-plus-module-xslt-dbg \ 150 | #nginx-plus-module-xslt=${NGINX_VERSION}-${PKG_RELEASE} \ 151 | #nginx-plus-module-xslt-dbg=${NGINX_VERSION}-${PKG_RELEASE} \ 152 | ## NGINX Sync Script nginx-sync.sh 153 | #nginx-sync \ 154 | # Remove default nginx config 155 | && rm /etc/nginx/conf.d/default.conf \ 156 | # Optional: Create cache folder and set permissions for proxy caching 157 | && mkdir -p /var/cache/nginx \ 158 | && chown -R nginx /var/cache/nginx \ 159 | # Optional: Create State file folder and set permissions 160 | && mkdir -p /var/lib/nginx/state \ 161 | && chown -R nginx /var/lib/nginx/state \ 162 | # Set permissions 163 | && chown -R nginx:nginx /etc/nginx \ 164 | # Forward request and error logs to docker log collector 165 | && ln -sf /dev/stdout /var/log/nginx/access.log \ 166 | && ln -sf /dev/stderr /var/log/nginx/error.log \ 167 | # Raise the limits to successfully run benchmarks 168 | && ulimit -c -m -s -t unlimited \ 169 | # Cleanup 170 | && yum clean all \ 171 | && rm -rf /var/cache/yum \ 172 | && rm -rf /etc/yum.repos.d/* \ 173 | # Remove the cert/keys from the image 174 | && rm /etc/ssl/nginx/nginx-repo.crt /etc/ssl/nginx/nginx-repo.key 175 | 176 | # Optional: COPY over any of your SSL certs for HTTPS servers 177 | # e.g. 178 | #COPY etc/ssl/www.example.com.crt /etc/ssl/www.example.com.crt 179 | #COPY etc/ssl/www.example.com.key /etc/ssl/www.example.com.key 180 | 181 | # COPY /etc/nginx (Nginx configuration) directory 182 | COPY etc/nginx /etc/nginx 183 | 184 | # EXPOSE ports, HTTP 80, HTTPS 443 and, Nginx status page 8080 185 | EXPOSE 80 443 8080 186 | STOPSIGNAL SIGTERM 187 | CMD ["nginx", "-g", "daemon off;"] 188 | -------------------------------------------------------------------------------- /Dockerfiles/rhel8/Dockerfile: -------------------------------------------------------------------------------- 1 | FROM registry.access.redhat.com/ubi8:latest 2 | LABEL maintainer="armand@f5.com" 3 | 4 | # Define NGINX versions for NGINX Plus and NGINX Plus modules 5 | # Uncomment this block and the versioned nginxPackages in the main RUN 6 | # instruction to install a specific release 7 | ENV NGINX_VERSION 23 8 | # https://nginx.org/en/docs/njs/changes.html 9 | ENV NJS_VERSION 0.5.2 10 | # https://plus-pkgs.nginx.com 11 | ENV PKG_RELEASE 1.el8.ngx 12 | 13 | ## Install Nginx Plus 14 | # Download certificate and key from the customer portal https://account.f5.com/myf5 15 | # and copy to the build context and set correct permissions 16 | RUN mkdir -p /etc/ssl/nginx 17 | COPY etc/ssl/nginx/nginx-repo.crt /etc/ssl/nginx/nginx-repo.crt 18 | COPY etc/ssl/nginx/nginx-repo.key /etc/ssl/nginx/nginx-repo.key 19 | RUN set -x \ 20 | && chmod 644 /etc/ssl/nginx/* \ 21 | # Create nginx user/group first, to be consistent throughout Docker variants 22 | && yum install -y --disableplugin=subscription-manager --setopt=tsflags=nodocs shadow-utils.x86_64 \ 23 | && groupadd --system --gid 101 nginx \ 24 | && adduser -g nginx --system --no-create-home --home /nonexistent --shell /bin/false --uid 101 nginx \ 25 | && usermod -s /sbin/nologin nginx \ 26 | && usermod -L nginx \ 27 | # Install prerequisite packages (ca-certificates epel-release) and tools for editing/troubleshooting: 28 | && yum install -y --setopt=tsflags=nodocs wget ca-certificates bind-utils wget bind-utils vim-minimal \ 29 | # Prepare repo config and install NGINX Plus https://docs.nginx.com/nginx/admin-guide/installing-nginx/installing-nginx-plus/ 30 | && wget -P /etc/yum.repos.d https://cs.nginx.com/static/files/nginx-plus-8.repo \ 31 | # 32 | ## Install the latest release of NGINX App Protect and/or NGINX Plus modules 33 | ## Optionally use versioned packages over defaults to specify a release 34 | # List available versions: 35 | && yum --showduplicates list nginx-plus \ 36 | ## Uncomment one: 37 | # && yum install -y --disableplugin=subscription-manager --setopt=tsflags=nodocs nginx-plus \ 38 | && yum install -y --disableplugin=subscription-manager --setopt=tsflags=nodocs nginx-plus-${NGINX_VERSION}-${PKG_RELEASE} \ 39 | # 40 | ## Optional: Install NGINX Plus Dynamic Modules (3rd-party) from repo 41 | ## See https://www.nginx.com/products/nginx/modules 42 | ## Some modules include debug binaries, install module ending with "-dbg" 43 | ## Uncomment one (run "yum --showduplicates list nginx-plus-module-njs" to see all versions): 44 | ## njs dynamic modules 45 | #nginx-plus-module-njs \ 46 | #nginx-plus-module-dbg \ 47 | # nginx-plus-module-njs=${NGINX_VERSION}+${NJS_VERSION}-${PKG_RELEASE} \ 48 | #nginx-plus-module-njs-dbg=${NGINX_VERSION}+${NJS_VERSION}-${PKG_RELEASE} \ 49 | ## NGINX high Availablity keepalived 50 | #nginx-ha-keepalived \ 51 | ## NGINX agent for New Relic \ 52 | #nginx-nr-agent \ 53 | ## SPNEGO for Kerberos authentication 54 | #nginx-plus-module-auth-spnego 55 | #nginx-plus-module-auth-spnego-dbg 56 | #nginx-plus-module-auth-spnego=${NGINX_VERSION}+${NJS_VERSION}-${PKG_RELEASE} 57 | #nginx-plus-module-auth-spnego-dbg=${NGINX_VERSION}+${NJS_VERSION}-${PKG_RELEASE} 58 | ## brotli compression dynamic modules 59 | #nginx-plus-module-brotli \ 60 | #nginx-plus-module-brotli-dbg \ 61 | #nginx-plus-module-brotli=${NGINX_VERSION}-${PKG_RELEASE} \ 62 | #nginx-plus-module-brotli-dbg=${NGINX_VERSION}-${PKG_RELEASE} \ 63 | ## cookie flag dynamic module 64 | #nginx-plus-module-cookie-flag \ 65 | #nginx-plus-module-cookie-flag-dbg 66 | #nginx-plus-module-cookie-flag=${NGINX_VERSION}-${PKG_RELEASE} \ 67 | #nginx-plus-module-cookie-flag-dbg=${NGINX_VERSION}-${PKG_RELEASE} \ 68 | ## Encrypted-Session dynamic module 69 | #nginx-plus-module-encrypted-session \ 70 | #nginx-plus-module-encrypted-session=${NGINX_VERSION}-${PKG_RELEASE} \ 71 | #nginx-plus-module-encrypted-session-dbg \ 72 | #nginx-plus-module-encrypted-session-dbg=${NGINX_VERSION}-${PKG_RELEASE} \ 73 | ## FIPS Check 74 | #nginx-plus-module-fips-check \ 75 | #nginx-plus-module-fips-check-dbg \ 76 | #nginx-plus-module-fips-check=${NGINX_VERSION}-${PKG_RELEASE} \ 77 | #nginx-plus-module-fips-check-dbg=${NGINX_VERSION}-${PKG_RELEASE} \ 78 | ## GeoIP dynamic modules 79 | #nginx-plus-module-geoip \ 80 | #nginx-plus-module-geoip-dbg \ 81 | #nginx-plus-module-geoip=${NGINX_VERSION}-${PKG_RELEASE} \ 82 | #nginx-plus-module-geoip-dbg=${NGINX_VERSION}-${PKG_RELEASE} \ 83 | ## GeoIP2 dynamic modules 84 | #nginx-plus-module-geoip2 \ 85 | #nginx-plus-module-geoip2-dbg \ 86 | #nginx-plus-module-geoip2=${NGINX_VERSION}-${PKG_RELEASE} \ 87 | #nginx-plus-module-geoip2-dbg=${NGINX_VERSION}-${PKG_RELEASE} \ 88 | ## headers-more dynamic module 89 | #nginx-plus-module-headers-more \ 90 | #nginx-plus-module-headers-more-dbg \ 91 | #nginx-plus-module-headers-more=${NGINX_VERSION}-${PKG_RELEASE} \ 92 | #nginx-plus-module-headers-more-dbg=${NGINX_VERSION}-${PKG_RELEASE} \ 93 | ## image filter dynamic module 94 | #nginx-plus-module-image-filter \ 95 | #nginx-plus-module-image-filter-dbg \ 96 | #nginx-plus-module-image-filter=${NGINX_VERSION}-${PKG_RELEASE} \ 97 | #nginx-plus-module-image-filter-dbg=${NGINX_VERSION}-${PKG_RELEASE} \ 98 | ## Lua dynamic module 99 | #nginx-plus-module-lua \ 100 | #nginx-plus-module-lua-dbg \ 101 | #nginx-plus-module-lua=${NGINX_VERSION}-${PKG_RELEASE} \ 102 | #nginx-plus-module-lua-dbg=${NGINX_VERSION}-${PKG_RELEASE} \ 103 | ## ModSecurity dynamic module 104 | #nginx-plus-module-modsecurity \ 105 | #nginx-plus-module-modsecurity-dbg \ 106 | #nginx-plus-module-modsecurity=${NGINX_VERSION}-${PKG_RELEASE} \ 107 | #nginx-plus-module-modsecurity-dbg=${NGINX_VERSION}-${PKG_RELEASE} \ 108 | ## Nginx Development Kit dynamic module 109 | #nginx-plus-module-ndk \ 110 | #nginx-plus-module-ndk-dbg \ 111 | #nginx-plus-module-ndk=${NGINX_VERSION}-${PKG_RELEASE} \ 112 | #nginx-plus-module-ndk-dbg=${NGINX_VERSION}-${PKG_RELEASE} \ 113 | ## OpenTracing dynamic module 114 | #nginx-plus-module-opentracing \ 115 | #nginx-plus-module-opentracing-dbg \ 116 | #nginx-plus-module-opentracing=${NGINX_VERSION}-${PKG_RELEASE} \ 117 | #nginx-plus-module-opentracing-dbg=${NGINX_VERSION}-${PKG_RELEASE} \ 118 | ## Phusion Passenger Open Source dynamic module 119 | #nginx-plus-module-passenger \ 120 | #nginx-plus-module-passenger-dbg \ 121 | #nginx-plus-module-passenger=${NGINX_VERSION}-${PKG_RELEASE} \ 122 | #nginx-plus-module-passenger-dbg=${NGINX_VERSION}-${PKG_RELEASE} \ 123 | ## Perl dynamic module 124 | #nginx-plus-module-perl \ 125 | #nginx-plus-module-perl-dbg \ 126 | #nginx-plus-module-perl=${NGINX_VERSION}-${PKG_RELEASE} \ 127 | #nginx-plus-module-perl-dbg=${NGINX_VERSION}-${PKG_RELEASE} \ 128 | ## Prometheus exporter NJS module 129 | #nginx-plus-module-prometheus \ 130 | #nginx-plus-module-prometheus=${NGINX_VERSION}-${PKG_RELEASE} \ 131 | ## RTMP dynamic module 132 | #nginx-plus-module-rtmp \ 133 | #nginx-plus-module-rtmp-dbg \ 134 | #nginx-plus-module-rtmp=${NGINX_VERSION}-${PKG_RELEASE} \ 135 | #nginx-plus-module-rtmp-dbg=${NGINX_VERSION}-${PKG_RELEASE} \ 136 | ## set-misc dynamic module 137 | #nginx-plus-module-set-misc \ 138 | #nginx-plus-module-set-misc-dbg \ 139 | #nginx-plus-module-set-misc=${NGINX_VERSION}-${PKG_RELEASE} \ 140 | #nginx-plus-module-set-misc-dbg=${NGINX_VERSION}-${PKG_RELEASE} \ 141 | ## HTTP Substitutions Filter dynamic module 142 | #nginx-plus-module-subs-filter \ 143 | #nginx-plus-module-subs-filter-dbg \ 144 | #nginx-plus-module-subs-filter=${NGINX_VERSION}-${PKG_RELEASE} \ 145 | #nginx-plus-module-subs-filter-dbg=${NGINX_VERSION}-${PKG_RELEASE} \ 146 | ## xslt dynamic module 147 | #nginx-plus-module-xslt \ 148 | #nginx-plus-module-xslt-dbg \ 149 | #nginx-plus-module-xslt=${NGINX_VERSION}-${PKG_RELEASE} \ 150 | #nginx-plus-module-xslt-dbg=${NGINX_VERSION}-${PKG_RELEASE} \ 151 | ## NGINX Sync Script nginx-sync.sh 152 | #nginx-sync \ 153 | # Remove default nginx config 154 | && rm /etc/nginx/conf.d/default.conf \ 155 | # Optional: Create cache folder and set permissions for proxy caching 156 | && mkdir -p /var/cache/nginx \ 157 | && chown -R nginx /var/cache/nginx \ 158 | # Optional: Create State file folder and set permissions 159 | && mkdir -p /var/lib/nginx/state \ 160 | && chown -R nginx /var/lib/nginx/state \ 161 | # Set permissions 162 | && chown -R nginx:nginx /etc/nginx \ 163 | # Forward request and error logs to docker log collector 164 | && ln -sf /dev/stdout /var/log/nginx/access.log \ 165 | && ln -sf /dev/stderr /var/log/nginx/error.log \ 166 | # Raise the limits to successfully run benchmarks 167 | && ulimit -c -m -s -t unlimited \ 168 | # Cleanup 169 | && yum clean all \ 170 | && rm -rf /var/cache/yum \ 171 | && rm -rf /etc/yum.repos.d/* \ 172 | # Remove the cert/keys from the image 173 | && rm /etc/ssl/nginx/nginx-repo.crt /etc/ssl/nginx/nginx-repo.key 174 | 175 | # Optional: COPY over any of your SSL certs for HTTPS servers 176 | # e.g. 177 | #COPY etc/ssl/www.example.com.crt /etc/ssl/www.example.com.crt 178 | #COPY etc/ssl/www.example.com.key /etc/ssl/www.example.com.key 179 | 180 | # COPY /etc/nginx (Nginx configuration) directory 181 | COPY etc/nginx /etc/nginx 182 | 183 | # EXPOSE ports, HTTP 80, HTTPS 443 and, Nginx status page 8080 184 | EXPOSE 80 443 8080 185 | STOPSIGNAL SIGTERM 186 | CMD ["nginx", "-g", "daemon off;"] 187 | -------------------------------------------------------------------------------- /Dockerfiles/rhel8_nim/Dockerfile: -------------------------------------------------------------------------------- 1 | FROM registry.access.redhat.com/ubi8:latest 2 | LABEL maintainer="armand@f5.com" 3 | 4 | # Define NGINX versions for NGINX Plus and NGINX Plus modules 5 | # Uncomment this block and the versioned nginxPackages in the main RUN 6 | # instruction to install a specific release 7 | ENV NGINX_VERSION 23 8 | # https://plus-pkgs.nginx.com 9 | ENV PKG_RELEASE 1.el8.ngx 10 | # https://docs.nginx.com/nginx-instance-manager/releases/ 11 | ENV NIM_VERSION 0.9.1-3047962 12 | 13 | ## Install NIM and Nginx Plus 14 | # Download certificate and key from the customer portal https://account.f5.com/myf5 15 | # and copy to the build context and set correct permissions 16 | # NIM: 17 | # * nginx-manager.lic 18 | # * nginx-manager.crt (optional) 19 | # * nginx-manager.key (optional) 20 | # Nginx Plus: 21 | # * nginx-repo.crt 22 | # * nginx-repo.key 23 | RUN mkdir -p /etc/ssl/nginx && \ 24 | mkdir -p /etc/nginx-manager 25 | COPY etc/ssl/nginx/nginx-repo.crt /etc/ssl/nginx/nginx-repo.crt 26 | COPY etc/ssl/nginx/nginx-repo.key /etc/ssl/nginx/nginx-repo.key 27 | COPY etc/nginx-manager/nginx-manager.lic /etc/nginx-manager/nginx-manager.lic 28 | # Add Optional .crt and .key (make sure they exist first) and uncomment below 29 | # COPY etc/nginx-manager/nginx-manager.crt /etc/nginx-manager/nginx-manager.crt 30 | # COPY etc/nginx-manager/nginx-manager.key /etc/nginx-manager/nginx-manager.key 31 | 32 | # Copy Entrypoint 33 | COPY entrypoint.sh / 34 | 35 | RUN set -x \ 36 | # Set correct permissions on entrypoint and NGINX cert directory 37 | && chmod +x /entrypoint.sh \ 38 | && chmod 644 /etc/ssl/nginx/* \ 39 | # Create nginx user/group first, to be consistent throughout Docker variants 40 | && yum install -y --disableplugin=subscription-manager --setopt=tsflags=nodocs shadow-utils.x86_64 \ 41 | && groupadd --system --gid 101 nginx \ 42 | && adduser -g nginx --system --no-create-home --home /nonexistent --shell /bin/false --uid 101 nginx \ 43 | && usermod -s /sbin/nologin nginx \ 44 | && usermod -L nginx \ 45 | # Install prerequisite packages (ca-certificates epel-release) and tools for editing/troubleshooting: 46 | && yum install -y --setopt=tsflags=nodocs wget ca-certificates bind-utils wget bind-utils vim-minimal \ 47 | # WORKAROUND START (Public key error 3/23/2021) ############################ 48 | # Signing key for all NGINX things 49 | && curl -o /tmp/nginx_signing.key https://nginx.org/keys/nginx_signing.key \ 50 | && rpmkeys --import /tmp/nginx_signing.key \ 51 | # WORKAROUND END ########################################################### 52 | # Prepare repo config and install NGINX Plus https://docs.nginx.com/nginx/admin-guide/installing-nginx/installing-nginx-plus/ 53 | && wget -P /etc/yum.repos.d https://cs.nginx.com/static/files/nginx-plus-8.repo \ 54 | ## Install the latest release of NGINX Plus 55 | ## Optionally use versioned packages over defaults to specify a release 56 | # List available versions: 57 | && yum --showduplicates list nginx-plus \ 58 | ## Uncomment one: 59 | # && yum install -y --setopt=tsflags=nodocs nginx-plus \ 60 | && yum install -y --disableplugin=subscription-manager --setopt=tsflags=nodocs nginx-plus-${NGINX_VERSION}-${PKG_RELEASE} \ 61 | # Install NIM 62 | && wget -P /etc/yum.repos.d https://cs.nginx.com/static/files/instance-manager.repo \ 63 | ## Install the latest release of NGINX Instance Manager 64 | ## Optionally use versioned packages over defaults to specify a release 65 | # List available versions: 66 | && yum --showduplicates list nginx-manager \ 67 | ## Uncomment one: 68 | # && yum install -y --setopt=tsflags=nodocs nginx-manager \ 69 | && yum install -y --disableplugin=subscription-manager --setopt=tsflags=nodocs nginx-manager-${NIM_VERSION} \ 70 | # 71 | # Remove default nginx config 72 | && rm /etc/nginx/conf.d/default.conf \ 73 | # Optional: Create cache folder and set permissions for proxy caching 74 | && mkdir -p /var/cache/nginx \ 75 | && chown -R nginx /var/cache/nginx \ 76 | # Optional: Create State file folder and set permissions 77 | && mkdir -p /var/lib/nginx/state \ 78 | && chown -R nginx /var/lib/nginx/state \ 79 | # Set permissions 80 | && chown -R nginx:nginx /etc/nginx \ 81 | # Forward request and error logs to docker log collector 82 | && ln -sf /dev/stdout /var/log/nginx/access.log \ 83 | && ln -sf /dev/stderr /var/log/nginx/error.log \ 84 | # Raise the limits to successfully run benchmarks 85 | && ulimit -c -m -s -t unlimited \ 86 | # Cleanup 87 | && yum clean all \ 88 | && rm -rf /var/cache/yum \ 89 | && rm -rf /etc/yum.repos.d/* \ 90 | # Remove the cert/keys from the image 91 | && rm /etc/ssl/nginx/nginx-repo.crt /etc/ssl/nginx/nginx-repo.key 92 | 93 | ## Configs 94 | # Copy NGINX Plus (for reverse proxy) 95 | COPY etc/nginx/conf.d /etc/nginx/conf.d 96 | # NIM config files 97 | COPY etc/nginx-manager/nginx-manager.conf /etc/nginx-manager/nginx-manager.conf 98 | 99 | # EXPOSE NGINX Plus ports, HTTP 80, HTTPS 443, Nginx status page 8080 and GRPC 10002 100 | # Note: NIM ports GRPC 10000 and UI/API 11000 are proxied via NGINX Plus) 101 | EXPOSE 80 443 8080 10002 102 | STOPSIGNAL SIGQUIT 103 | ENTRYPOINT ["/entrypoint.sh"] -------------------------------------------------------------------------------- /Dockerfiles/ubuntu16.04/Dockerfile: -------------------------------------------------------------------------------- 1 | FROM ubuntu:16.04 2 | 3 | LABEL maintainer="armand@f5.com" 4 | 5 | # Define NGINX versions for NGINX Plus and NGINX Plus modules 6 | # Uncomment this block and the versioned nginxPackages in the main RUN 7 | # instruction to install a specific release 8 | # https://docs.nginx.com/nginx/releases/ 9 | ENV NGINX_VERSION 23 10 | # https://nginx.org/en/docs/njs/changes.html 11 | ENV NJS_VERSION 0.5.2 12 | # https://plus-pkgs.nginx.com 13 | ENV PKG_RELEASE 1~xenial 14 | 15 | ## Install Nginx Plus 16 | # Download certificate and key from the customer portal https://account.f5.com/myf5 17 | # and copy to the build context and set correct permissions 18 | RUN mkdir -p /etc/ssl/nginx 19 | COPY etc/ssl/nginx/nginx-repo.crt /etc/ssl/nginx/nginx-repo.crt 20 | COPY etc/ssl/nginx/nginx-repo.key /etc/ssl/nginx/nginx-repo.key 21 | RUN set -x \ 22 | && chmod 644 /etc/ssl/nginx/* \ 23 | # Create nginx user/group first, to be consistent throughout Docker variants 24 | && addgroup --system --gid 1001 nginx \ 25 | && adduser --system --disabled-login --ingroup nginx --no-create-home --home /nonexistent --gecos "nginx user" --shell /bin/false --uid 1001 nginx \ 26 | # Install prerequisite packages, vim for editing, then Install NGINX Plus 27 | && apt-get update && apt-get upgrade -y \ 28 | && DEBIAN_FRONTEND=noninteractive apt-get -qq -y install --no-install-recommends apt-transport-https lsb-release ca-certificates curl wget dnsutils gnupg vim-tiny apt-utils \ 29 | # Install NGINX Plus from repo (https://cs.nginx.com/repo_setup) 30 | && wget http://nginx.org/keys/nginx_signing.key && apt-key add nginx_signing.key \ 31 | && printf "deb https://plus-pkgs.nginx.com/ubuntu `lsb_release -cs` nginx-plus\n" | tee /etc/apt/sources.list.d/nginx-plus.list \ 32 | && wget -P /etc/apt/apt.conf.d https://cs.nginx.com/static/files/90nginx \ 33 | && apt-get update \ 34 | # 35 | ## Install the latest release of NGINX Plus and/or NGINX Plus modules 36 | ## Optionally use versioned packages over defaults to specify a release 37 | # List available versions: 38 | && apt-cache policy nginx-plus \ 39 | ## Uncomment one: 40 | # && DEBIAN_FRONTEND=noninteractive apt-get -qq -y install --no-install-recommends nginx-plus \ 41 | && DEBIAN_FRONTEND=noninteractive apt-get -qq -y install --no-install-recommends nginx-plus=${NGINX_VERSION}-${PKG_RELEASE} \ 42 | # 43 | ## Optional: Install NGINX Plus Dynamic Modules (3rd-party) from repo 44 | ## See https://www.nginx.com/products/nginx/modules 45 | ## Some modules include debug binaries, install module ending with "-dbg" 46 | ## Uncomment one: 47 | ## njs dynamic modules 48 | #nginx-plus-module-njs \ 49 | #nginx-plus-module-dbg \ 50 | #nginx-plus-module-njs=${NGINX_VERSION}+${NJS_VERSION}-${PKG_RELEASE} \ 51 | #nginx-plus-module-njs-dbg=${NGINX_VERSION}+${NJS_VERSION}-${PKG_RELEASE} \ 52 | ## NGINX high Availablity keepalived 53 | #nginx-ha-keepalived \ 54 | ## NGINX agent for New Relic \ 55 | #nginx-nr-agent \ 56 | ## SPNEGO for Kerberos authentication 57 | #nginx-plus-module-auth-spnego 58 | #nginx-plus-module-auth-spnego-dbg 59 | #nginx-plus-module-auth-spnego=${NGINX_VERSION}+${NJS_VERSION}-${PKG_RELEASE} 60 | #nginx-plus-module-auth-spnego-dbg=${NGINX_VERSION}+${NJS_VERSION}-${PKG_RELEASE} 61 | ## brotli compression dynamic modules 62 | #nginx-plus-module-brotli \ 63 | #nginx-plus-module-brotli-dbg \ 64 | #nginx-plus-module-brotli=${NGINX_VERSION}-${PKG_RELEASE} \ 65 | #nginx-plus-module-brotli-dbg=${NGINX_VERSION}-${PKG_RELEASE} \ 66 | ## cookie flag dynamic module 67 | #nginx-plus-module-cookie-flag \ 68 | #nginx-plus-module-cookie-flag-dbg 69 | #nginx-plus-module-cookie-flag=${NGINX_VERSION}-${PKG_RELEASE} \ 70 | #nginx-plus-module-cookie-flag-dbg=${NGINX_VERSION}-${PKG_RELEASE} \ 71 | ## Encrypted-Session dynamic module 72 | #nginx-plus-module-encrypted-session \ 73 | #nginx-plus-module-encrypted-session=${NGINX_VERSION}-${PKG_RELEASE} \ 74 | #nginx-plus-module-encrypted-session-dbg \ 75 | #nginx-plus-module-encrypted-session-dbg=${NGINX_VERSION}-${PKG_RELEASE} \ 76 | ## FIPS Check 77 | #nginx-plus-module-fips-check \ 78 | #nginx-plus-module-fips-check-dbg \ 79 | #nginx-plus-module-fips-check=${NGINX_VERSION}-${PKG_RELEASE} \ 80 | #nginx-plus-module-fips-check-dbg=${NGINX_VERSION}-${PKG_RELEASE} \ 81 | ## GeoIP dynamic modules 82 | #nginx-plus-module-geoip \ 83 | #nginx-plus-module-geoip-dbg \ 84 | #nginx-plus-module-geoip=${NGINX_VERSION}-${PKG_RELEASE} \ 85 | #nginx-plus-module-geoip-dbg=${NGINX_VERSION}-${PKG_RELEASE} \ 86 | ## GeoIP2 dynamic modules 87 | #nginx-plus-module-geoip2 \ 88 | #nginx-plus-module-geoip2-dbg \ 89 | #nginx-plus-module-geoip2=${NGINX_VERSION}-${PKG_RELEASE} \ 90 | #nginx-plus-module-geoip2-dbg=${NGINX_VERSION}-${PKG_RELEASE} \ 91 | ## headers-more dynamic module 92 | #nginx-plus-module-headers-more \ 93 | #nginx-plus-module-headers-more-dbg \ 94 | #nginx-plus-module-headers-more=${NGINX_VERSION}-${PKG_RELEASE} \ 95 | #nginx-plus-module-headers-more-dbg=${NGINX_VERSION}-${PKG_RELEASE} \ 96 | ## image filter dynamic module 97 | #nginx-plus-module-image-filter \ 98 | #nginx-plus-module-image-filter-dbg \ 99 | #nginx-plus-module-image-filter=${NGINX_VERSION}-${PKG_RELEASE} \ 100 | #nginx-plus-module-image-filter-dbg=${NGINX_VERSION}-${PKG_RELEASE} \ 101 | ## Lua dynamic module 102 | #nginx-plus-module-lua \ 103 | #nginx-plus-module-lua-dbg \ 104 | #nginx-plus-module-lua=${NGINX_VERSION}-${PKG_RELEASE} \ 105 | #nginx-plus-module-lua-dbg=${NGINX_VERSION}-${PKG_RELEASE} \ 106 | ## ModSecurity dynamic module 107 | #nginx-plus-module-modsecurity \ 108 | #nginx-plus-module-modsecurity-dbg \ 109 | #nginx-plus-module-modsecurity=${NGINX_VERSION}-${PKG_RELEASE} \ 110 | #nginx-plus-module-modsecurity-dbg=${NGINX_VERSION}-${PKG_RELEASE} \ 111 | ## Nginx Development Kit dynamic module 112 | #nginx-plus-module-ndk \ 113 | #nginx-plus-module-ndk-dbg \ 114 | #nginx-plus-module-ndk=${NGINX_VERSION}-${PKG_RELEASE} \ 115 | #nginx-plus-module-ndk-dbg=${NGINX_VERSION}-${PKG_RELEASE} \ 116 | ## OpenTracing dynamic module 117 | #nginx-plus-module-opentracing \ 118 | #nginx-plus-module-opentracing-dbg \ 119 | #nginx-plus-module-opentracing=${NGINX_VERSION}-${PKG_RELEASE} \ 120 | #nginx-plus-module-opentracing-dbg=${NGINX_VERSION}-${PKG_RELEASE} \ 121 | ## Phusion Passenger Open Source dynamic module 122 | #nginx-plus-module-passenger \ 123 | #nginx-plus-module-passenger-dbg \ 124 | #nginx-plus-module-passenger=${NGINX_VERSION}-${PKG_RELEASE} \ 125 | #nginx-plus-module-passenger-dbg=${NGINX_VERSION}-${PKG_RELEASE} \ 126 | ## Perl dynamic module 127 | #nginx-plus-module-perl \ 128 | #nginx-plus-module-perl-dbg \ 129 | #nginx-plus-module-perl=${NGINX_VERSION}-${PKG_RELEASE} \ 130 | #nginx-plus-module-perl-dbg=${NGINX_VERSION}-${PKG_RELEASE} \ 131 | ## Prometheus exporter NJS module 132 | #nginx-plus-module-prometheus \ 133 | #nginx-plus-module-prometheus=${NGINX_VERSION}-${PKG_RELEASE} \ 134 | ## RTMP dynamic module 135 | #nginx-plus-module-rtmp \ 136 | #nginx-plus-module-rtmp-dbg \ 137 | #nginx-plus-module-rtmp=${NGINX_VERSION}-${PKG_RELEASE} \ 138 | #nginx-plus-module-rtmp-dbg=${NGINX_VERSION}-${PKG_RELEASE} \ 139 | ## set-misc dynamic module 140 | #nginx-plus-module-set-misc \ 141 | #nginx-plus-module-set-misc-dbg \ 142 | #nginx-plus-module-set-misc=${NGINX_VERSION}-${PKG_RELEASE} \ 143 | #nginx-plus-module-set-misc-dbg=${NGINX_VERSION}-${PKG_RELEASE} \ 144 | ## HTTP Substitutions Filter dynamic module 145 | #nginx-plus-module-subs-filter \ 146 | #nginx-plus-module-subs-filter-dbg \ 147 | #nginx-plus-module-subs-filter=${NGINX_VERSION}-${PKG_RELEASE} \ 148 | #nginx-plus-module-subs-filter-dbg=${NGINX_VERSION}-${PKG_RELEASE} \ 149 | ## xslt dynamic module 150 | #nginx-plus-module-xslt \ 151 | #nginx-plus-module-xslt-dbg \ 152 | #nginx-plus-module-xslt=${NGINX_VERSION}-${PKG_RELEASE} \ 153 | #nginx-plus-module-xslt-dbg=${NGINX_VERSION}-${PKG_RELEASE} \ 154 | ## NGINX Sync Script nginx-sync.sh 155 | #nginx-sync \ 156 | # Remove default nginx config 157 | && rm /etc/nginx/conf.d/default.conf \ 158 | # Optional: Create cache folder and set permissions for proxy caching 159 | && mkdir -p /var/cache/nginx \ 160 | && chown -R nginx /var/cache/nginx \ 161 | # Optional: Create State file folder and set permissions 162 | && mkdir -p /var/lib/nginx/state \ 163 | && chown -R nginx /var/lib/nginx/state \ 164 | # Set permissions 165 | && chown -R nginx:nginx /etc/nginx \ 166 | # Forward request and error logs to docker log collector 167 | && ln -sf /dev/stdout /var/log/nginx/access.log \ 168 | && ln -sf /dev/stderr /var/log/nginx/error.log \ 169 | # Raise the limits to successfully run benchmarks 170 | && ulimit -c -m -s -t unlimited \ 171 | # Cleanup 172 | && apt-get remove --purge --auto-remove -y gnupg lsb-release apt-utils \ 173 | && rm -rf /var/lib/apt/lists/* /etc/apt/sources.list.d/nginx-plus.list \ 174 | && rm -rf /etc/apt/apt.conf.d/90nginx \ 175 | && rm -rf nginx_signing.key \ 176 | # Remove the cert/keys from the image 177 | && rm /etc/ssl/nginx/nginx-repo.crt /etc/ssl/nginx/nginx-repo.key 178 | 179 | # Optional: COPY over any of your SSL certs for HTTPS servers 180 | # e.g. 181 | #COPY etc/ssl/www.example.com.crt /etc/ssl/www.example.com.crt 182 | #COPY etc/ssl/www.example.com.key /etc/ssl/www.example.com.key 183 | 184 | # COPY /etc/nginx (Nginx configuration) directory 185 | COPY etc/nginx /etc/nginx 186 | 187 | # EXPOSE ports, HTTP 80, HTTPS 443 and, Nginx status page 8080 188 | EXPOSE 80 443 8080 189 | STOPSIGNAL SIGTERM 190 | CMD ["nginx", "-g", "daemon off;"] -------------------------------------------------------------------------------- /Dockerfiles/ubuntu16.04_controller/Dockerfile: -------------------------------------------------------------------------------- 1 | FROM ubuntu:16.04 2 | 3 | LABEL maintainer="armand@f5.com" 4 | 5 | # Define NGINX versions for NGINX Plus and NGINX Plus modules 6 | # Uncomment this block and the versioned nginxPackages in the main RUN 7 | # instruction to install a specific release 8 | # https://docs.nginx.com/nginx/releases/ 9 | ENV NGINX_VERSION 23 10 | # https://nginx.org/en/docs/njs/changes.html 11 | ENV NJS_VERSION 0.5.2 12 | # https://plus-pkgs.nginx.com 13 | ENV PKG_RELEASE 1~xenial 14 | 15 | # e.g '1234567890' 16 | ARG API_KEY 17 | ENV ENV_API_KEY=$API_KEY 18 | 19 | # e.g https://:8443/1.4 20 | ARG CONTROLLER_URL 21 | ENV ENV_CONTROLLER_URL=$CONTROLLER_URL 22 | 23 | # e.g True or False 24 | ARG STORE_UUID=False 25 | ENV ENV_STORE_UUID=$STORE_UUID 26 | 27 | # e.g Instance location already defined in Controller 28 | ARG LOCATION 29 | ENV ENV_LOCATION=$LOCATION 30 | 31 | # Download certificate (nginx-repo.crt) and key (nginx-repo.key) from the customer portal (https://cs.nginx.com) 32 | # and copy to the build context 33 | COPY nginx-repo.* /etc/ssl/nginx/ 34 | COPY nginx-plus-api.conf /etc/nginx/conf.d/ 35 | COPY ./entrypoint.sh / 36 | 37 | ## Install Nginx Plus 38 | # Download certificate and key from the customer portal https://account.f5.com/myf5 39 | # and copy to the build context and set correct permissions 40 | RUN mkdir -p /etc/ssl/nginx 41 | COPY etc/ssl/nginx/nginx-repo.crt /etc/ssl/nginx/nginx-repo.crt 42 | COPY etc/ssl/nginx/nginx-repo.key /etc/ssl/nginx/nginx-repo.key 43 | RUN set -x \ 44 | && chmod 644 /etc/ssl/nginx/* \ 45 | # Create nginx user/group first, to be consistent throughout Docker variants 46 | && addgroup --system --gid 1001 nginx \ 47 | && adduser --system --disabled-login --ingroup nginx --no-create-home --home /nonexistent --gecos "nginx user" --shell /bin/false --uid 1001 nginx \ 48 | # Install prerequisite packages, vim for editing, then Install NGINX Plus 49 | && apt-get update && apt-get upgrade -y \ 50 | && DEBIAN_FRONTEND=noninteractive apt-get -qq -y install --no-install-recommends apt-transport-https lsb-release ca-certificates wget dnsutils gnupg vim-tiny apt-utils \ 51 | # Install NGINX Plus from repo (https://cs.nginx.com/repo_setup) 52 | && wget http://nginx.org/keys/nginx_signing.key && apt-key add nginx_signing.key \ 53 | && printf "deb https://plus-pkgs.nginx.com/ubuntu `lsb_release -cs` nginx-plus\n" | tee /etc/apt/sources.list.d/nginx-plus.list \ 54 | && wget -P /etc/apt/apt.conf.d https://cs.nginx.com/static/files/90nginx \ 55 | && apt-get update \ 56 | # 57 | ## Install the latest release of NGINX Plus and/or NGINX Plus modules 58 | ## Optionally use versioned packages over defaults to specify a release 59 | # List available versions: 60 | && apt-cache policy nginx-plus \ 61 | ## Uncomment one: 62 | # && DEBIAN_FRONTEND=noninteractive apt-get -qq -y install --no-install-recommends nginx-plus \ 63 | && DEBIAN_FRONTEND=noninteractive apt-get -qq -y install --no-install-recommends nginx-plus=${NGINX_VERSION}-${PKG_RELEASE} \ 64 | # 65 | # NGINX Javascript module needed for APIM 66 | nginx-plus-module-njs \ 67 | # 68 | # Install Controller Agent 69 | && curl -k -sS -L ${CONTROLLER_URL}/install/controller/ > install.sh \ 70 | && sed -i 's/^assume_yes=""/assume_yes="-y"/' install.sh \ 71 | && sh ./install.sh -y \ 72 | # Set permissions 73 | && chown -R nginx:nginx /etc/nginx \ 74 | # Forward request and error logs to docker log collector 75 | && ln -sf /dev/stdout /var/log/nginx-controller/agent.log \ 76 | && ln -sf /dev/stderr /var/log/nginx/error.log \ 77 | # Raise the limits to successfully run benchmarks 78 | && ulimit -c -m -s -t unlimited \ 79 | # Cleanup 80 | && apt-get remove --purge --auto-remove -y gnupg lsb-release apt-utils \ 81 | && rm -rf /var/lib/apt/lists/* /etc/apt/sources.list.d/nginx-plus.list \ 82 | && rm -rf /etc/apt/apt.conf.d/90nginx \ 83 | && rm -rf nginx_signing.key \ 84 | # Remove the cert/keys from the image 85 | && rm /etc/ssl/nginx/nginx-repo.crt /etc/ssl/nginx/nginx-repo.key 86 | 87 | # COPY /etc/nginx (Nginx configuration) directory 88 | COPY etc/nginx /etc/nginx 89 | 90 | # EXPOSE common ports, HTTP 80 and HTTPS 443 91 | EXPOSE 80 443 92 | STOPSIGNAL SIGTERM 93 | ENTRYPOINT ["sh", "/entrypoint.sh"] -------------------------------------------------------------------------------- /Dockerfiles/ubuntu18.04/Dockerfile: -------------------------------------------------------------------------------- 1 | FROM ubuntu:18.04 2 | 3 | LABEL maintainer="armand@f5.com" 4 | 5 | # Define NGINX versions for NGINX Plus and NGINX Plus modules 6 | # Uncomment this block and the versioned nginxPackages in the main RUN 7 | # instruction to install a specific release 8 | # https://docs.nginx.com/nginx/releases/ 9 | ENV NGINX_VERSION 23 10 | # https://nginx.org/en/docs/njs/changes.html 11 | ENV NJS_VERSION 0.5.2 12 | # https://plus-pkgs.nginx.com 13 | ENV PKG_RELEASE 1~bionic 14 | 15 | ## Install Nginx Plus 16 | # Download certificate and key from the customer portal https://account.f5.com/myf5 17 | # and copy to the build context and set correct permissions 18 | RUN mkdir -p /etc/ssl/nginx 19 | COPY etc/ssl/nginx/nginx-repo.crt /etc/ssl/nginx/nginx-repo.crt 20 | COPY etc/ssl/nginx/nginx-repo.key /etc/ssl/nginx/nginx-repo.key 21 | RUN set -x \ 22 | && chmod 644 /etc/ssl/nginx/* \ 23 | # Create nginx user/group first, to be consistent throughout Docker variants 24 | && addgroup --system --gid 1001 nginx \ 25 | && adduser --system --disabled-login --ingroup nginx --no-create-home --home /nonexistent --gecos "nginx user" --shell /bin/false --uid 1001 nginx \ 26 | # Install prerequisite packages, vim for editing, then Install NGINX Plus 27 | && apt-get update && apt-get upgrade -y \ 28 | && DEBIAN_FRONTEND=noninteractive apt-get -qq -y install --no-install-recommends apt-transport-https lsb-release ca-certificates wget dnsutils gnupg vim-tiny apt-utils \ 29 | # Install NGINX Plus from repo (https://cs.nginx.com/repo_setup) 30 | && wget http://nginx.org/keys/nginx_signing.key && apt-key add nginx_signing.key \ 31 | && printf "deb https://plus-pkgs.nginx.com/ubuntu `lsb_release -cs` nginx-plus\n" | tee /etc/apt/sources.list.d/nginx-plus.list \ 32 | && wget -P /etc/apt/apt.conf.d https://cs.nginx.com/static/files/90nginx \ 33 | && apt-get update \ 34 | # 35 | ## Install the latest release of NGINX Plus and/or NGINX Plus modules 36 | ## Optionally use versioned packages over defaults to specify a release 37 | # List available versions: 38 | && apt-cache policy nginx-plus \ 39 | ## Uncomment one: 40 | # && DEBIAN_FRONTEND=noninteractive apt-get -qq -y install --no-install-recommends nginx-plus \ 41 | && DEBIAN_FRONTEND=noninteractive apt-get -qq -y install --no-install-recommends nginx-plus=${NGINX_VERSION}-${PKG_RELEASE} \ 42 | # 43 | ## Optional: Install NGINX Plus Dynamic Modules (3rd-party) from repo 44 | ## See https://www.nginx.com/products/nginx/modules 45 | ## Some modules include debug binaries, install module ending with "-dbg" 46 | ## Uncomment one: 47 | ## njs dynamic modules 48 | #nginx-plus-module-njs \ 49 | #nginx-plus-module-dbg \ 50 | #nginx-plus-module-njs=${NGINX_VERSION}+${NJS_VERSION}-${PKG_RELEASE} \ 51 | #nginx-plus-module-njs-dbg=${NGINX_VERSION}+${NJS_VERSION}-${PKG_RELEASE} \ 52 | ## NGINX high Availablity keepalived 53 | #nginx-ha-keepalived \ 54 | ## NGINX agent for New Relic \ 55 | #nginx-nr-agent \ 56 | ## SPNEGO for Kerberos authentication 57 | #nginx-plus-module-auth-spnego 58 | #nginx-plus-module-auth-spnego-dbg 59 | #nginx-plus-module-auth-spnego=${NGINX_VERSION}+${NJS_VERSION}-${PKG_RELEASE} 60 | #nginx-plus-module-auth-spnego-dbg=${NGINX_VERSION}+${NJS_VERSION}-${PKG_RELEASE} 61 | ## brotli compression dynamic modules 62 | #nginx-plus-module-brotli \ 63 | #nginx-plus-module-brotli-dbg \ 64 | #nginx-plus-module-brotli=${NGINX_VERSION}-${PKG_RELEASE} \ 65 | #nginx-plus-module-brotli-dbg=${NGINX_VERSION}-${PKG_RELEASE} \ 66 | ## cookie flag dynamic module 67 | #nginx-plus-module-cookie-flag \ 68 | #nginx-plus-module-cookie-flag-dbg 69 | #nginx-plus-module-cookie-flag=${NGINX_VERSION}-${PKG_RELEASE} \ 70 | #nginx-plus-module-cookie-flag-dbg=${NGINX_VERSION}-${PKG_RELEASE} \ 71 | ## Encrypted-Session dynamic module 72 | #nginx-plus-module-encrypted-session \ 73 | #nginx-plus-module-encrypted-session=${NGINX_VERSION}-${PKG_RELEASE} \ 74 | #nginx-plus-module-encrypted-session-dbg \ 75 | #nginx-plus-module-encrypted-session-dbg=${NGINX_VERSION}-${PKG_RELEASE} \ 76 | ## FIPS Check 77 | #nginx-plus-module-fips-check \ 78 | #nginx-plus-module-fips-check-dbg \ 79 | #nginx-plus-module-fips-check=${NGINX_VERSION}-${PKG_RELEASE} \ 80 | #nginx-plus-module-fips-check-dbg=${NGINX_VERSION}-${PKG_RELEASE} \ 81 | ## GeoIP dynamic modules 82 | #nginx-plus-module-geoip \ 83 | #nginx-plus-module-geoip-dbg \ 84 | #nginx-plus-module-geoip=${NGINX_VERSION}-${PKG_RELEASE} \ 85 | #nginx-plus-module-geoip-dbg=${NGINX_VERSION}-${PKG_RELEASE} \ 86 | ## GeoIP2 dynamic modules 87 | #nginx-plus-module-geoip2 \ 88 | #nginx-plus-module-geoip2-dbg \ 89 | #nginx-plus-module-geoip2=${NGINX_VERSION}-${PKG_RELEASE} \ 90 | #nginx-plus-module-geoip2-dbg=${NGINX_VERSION}-${PKG_RELEASE} \ 91 | ## headers-more dynamic module 92 | #nginx-plus-module-headers-more \ 93 | #nginx-plus-module-headers-more-dbg \ 94 | #nginx-plus-module-headers-more=${NGINX_VERSION}-${PKG_RELEASE} \ 95 | #nginx-plus-module-headers-more-dbg=${NGINX_VERSION}-${PKG_RELEASE} \ 96 | ## image filter dynamic module 97 | #nginx-plus-module-image-filter \ 98 | #nginx-plus-module-image-filter-dbg \ 99 | #nginx-plus-module-image-filter=${NGINX_VERSION}-${PKG_RELEASE} \ 100 | #nginx-plus-module-image-filter-dbg=${NGINX_VERSION}-${PKG_RELEASE} \ 101 | ## Lua dynamic module 102 | #nginx-plus-module-lua \ 103 | #nginx-plus-module-lua-dbg \ 104 | #nginx-plus-module-lua=${NGINX_VERSION}-${PKG_RELEASE} \ 105 | #nginx-plus-module-lua-dbg=${NGINX_VERSION}-${PKG_RELEASE} \ 106 | ## ModSecurity dynamic module 107 | #nginx-plus-module-modsecurity \ 108 | #nginx-plus-module-modsecurity-dbg \ 109 | #nginx-plus-module-modsecurity=${NGINX_VERSION}-${PKG_RELEASE} \ 110 | #nginx-plus-module-modsecurity-dbg=${NGINX_VERSION}-${PKG_RELEASE} \ 111 | ## Nginx Development Kit dynamic module 112 | #nginx-plus-module-ndk \ 113 | #nginx-plus-module-ndk-dbg \ 114 | #nginx-plus-module-ndk=${NGINX_VERSION}-${PKG_RELEASE} \ 115 | #nginx-plus-module-ndk-dbg=${NGINX_VERSION}-${PKG_RELEASE} \ 116 | ## OpenTracing dynamic module 117 | #nginx-plus-module-opentracing \ 118 | #nginx-plus-module-opentracing-dbg \ 119 | #nginx-plus-module-opentracing=${NGINX_VERSION}-${PKG_RELEASE} \ 120 | #nginx-plus-module-opentracing-dbg=${NGINX_VERSION}-${PKG_RELEASE} \ 121 | ## Phusion Passenger Open Source dynamic module 122 | #nginx-plus-module-passenger \ 123 | #nginx-plus-module-passenger-dbg \ 124 | #nginx-plus-module-passenger=${NGINX_VERSION}-${PKG_RELEASE} \ 125 | #nginx-plus-module-passenger-dbg=${NGINX_VERSION}-${PKG_RELEASE} \ 126 | ## Perl dynamic module 127 | #nginx-plus-module-perl \ 128 | #nginx-plus-module-perl-dbg \ 129 | #nginx-plus-module-perl=${NGINX_VERSION}-${PKG_RELEASE} \ 130 | #nginx-plus-module-perl-dbg=${NGINX_VERSION}-${PKG_RELEASE} \ 131 | ## Prometheus exporter NJS module 132 | #nginx-plus-module-prometheus \ 133 | #nginx-plus-module-prometheus=${NGINX_VERSION}-${PKG_RELEASE} \ 134 | ## RTMP dynamic module 135 | #nginx-plus-module-rtmp \ 136 | #nginx-plus-module-rtmp-dbg \ 137 | #nginx-plus-module-rtmp=${NGINX_VERSION}-${PKG_RELEASE} \ 138 | #nginx-plus-module-rtmp-dbg=${NGINX_VERSION}-${PKG_RELEASE} \ 139 | ## set-misc dynamic module 140 | #nginx-plus-module-set-misc \ 141 | #nginx-plus-module-set-misc-dbg \ 142 | #nginx-plus-module-set-misc=${NGINX_VERSION}-${PKG_RELEASE} \ 143 | #nginx-plus-module-set-misc-dbg=${NGINX_VERSION}-${PKG_RELEASE} \ 144 | ## HTTP Substitutions Filter dynamic module 145 | #nginx-plus-module-subs-filter \ 146 | #nginx-plus-module-subs-filter-dbg \ 147 | #nginx-plus-module-subs-filter=${NGINX_VERSION}-${PKG_RELEASE} \ 148 | #nginx-plus-module-subs-filter-dbg=${NGINX_VERSION}-${PKG_RELEASE} \ 149 | ## xslt dynamic module 150 | #nginx-plus-module-xslt \ 151 | #nginx-plus-module-xslt-dbg \ 152 | #nginx-plus-module-xslt=${NGINX_VERSION}-${PKG_RELEASE} \ 153 | #nginx-plus-module-xslt-dbg=${NGINX_VERSION}-${PKG_RELEASE} \ 154 | ## NGINX Sync Script nginx-sync.sh 155 | #nginx-sync \ 156 | # Remove default nginx config 157 | && rm /etc/nginx/conf.d/default.conf \ 158 | # Optional: Create cache folder and set permissions for proxy caching 159 | && mkdir -p /var/cache/nginx \ 160 | && chown -R nginx /var/cache/nginx \ 161 | # Optional: Create State file folder and set permissions 162 | && mkdir -p /var/lib/nginx/state \ 163 | && chown -R nginx /var/lib/nginx/state \ 164 | # Set permissions 165 | && chown -R nginx:nginx /etc/nginx \ 166 | # Forward request and error logs to docker log collector 167 | && ln -sf /dev/stdout /var/log/nginx/access.log \ 168 | && ln -sf /dev/stderr /var/log/nginx/error.log \ 169 | # Raise the limits to successfully run benchmarks 170 | && ulimit -c -m -s -t unlimited \ 171 | # Cleanup 172 | && apt-get remove --purge --auto-remove -y gnupg lsb-release apt-utils \ 173 | && rm -rf /var/lib/apt/lists/* /etc/apt/sources.list.d/nginx-plus.list \ 174 | && rm -rf /etc/apt/apt.conf.d/90nginx \ 175 | && rm -rf nginx_signing.key \ 176 | # Remove the cert/keys from the image 177 | && rm /etc/ssl/nginx/nginx-repo.crt /etc/ssl/nginx/nginx-repo.key 178 | 179 | # Optional: COPY over any of your SSL certs for HTTPS servers 180 | # e.g. 181 | #COPY etc/ssl/www.example.com.crt /etc/ssl/www.example.com.crt 182 | #COPY etc/ssl/www.example.com.key /etc/ssl/www.example.com.key 183 | 184 | # COPY /etc/nginx (Nginx configuration) directory 185 | COPY etc/nginx /etc/nginx 186 | 187 | # EXPOSE ports, HTTP 80, HTTPS 443 and, Nginx status page 8080 188 | EXPOSE 80 443 8080 189 | STOPSIGNAL SIGTERM 190 | CMD ["nginx", "-g", "daemon off;"] -------------------------------------------------------------------------------- /Dockerfiles/ubuntu18.04_controller/Dockerfile: -------------------------------------------------------------------------------- 1 | FROM ubuntu:18.04 2 | 3 | LABEL maintainer="armand@f5.com" 4 | 5 | # Define NGINX versions for NGINX Plus and NGINX Plus modules 6 | # Uncomment this block and the versioned nginxPackages in the main RUN 7 | # instruction to install a specific release 8 | # https://docs.nginx.com/nginx/releases/ 9 | ENV NGINX_VERSION 23 10 | # https://nginx.org/en/docs/njs/changes.html 11 | ENV NJS_VERSION 0.5.2 12 | # https://plus-pkgs.nginx.com 13 | ENV PKG_RELEASE 1~bionic 14 | 15 | # e.g '1234567890' 16 | ARG API_KEY 17 | ENV ENV_API_KEY=$API_KEY 18 | 19 | # e.g https://:8443/1.4 20 | ARG CONTROLLER_URL 21 | ENV ENV_CONTROLLER_URL=$CONTROLLER_URL 22 | 23 | # e.g True or False 24 | ARG STORE_UUID=False 25 | ENV ENV_STORE_UUID=$STORE_UUID 26 | 27 | # e.g Instance location already defined in Controller 28 | ARG LOCATION 29 | ENV ENV_LOCATION=$LOCATION 30 | 31 | # Download certificate (nginx-repo.crt) and key (nginx-repo.key) from the customer portal (https://cs.nginx.com) 32 | # and copy to the build context 33 | COPY nginx-repo.* /etc/ssl/nginx/ 34 | COPY nginx-plus-api.conf /etc/nginx/conf.d/ 35 | COPY ./entrypoint.sh / 36 | 37 | ## Install Nginx Plus 38 | # Download certificate and key from the customer portal https://account.f5.com/myf5 39 | # and copy to the build context and set correct permissions 40 | RUN mkdir -p /etc/ssl/nginx 41 | COPY etc/ssl/nginx/nginx-repo.crt /etc/ssl/nginx/nginx-repo.crt 42 | COPY etc/ssl/nginx/nginx-repo.key /etc/ssl/nginx/nginx-repo.key 43 | RUN set -x \ 44 | && chmod 644 /etc/ssl/nginx/* \ 45 | # Create nginx user/group first, to be consistent throughout Docker variants 46 | && addgroup --system --gid 1001 nginx \ 47 | && adduser --system --disabled-login --ingroup nginx --no-create-home --home /nonexistent --gecos "nginx user" --shell /bin/false --uid 1001 nginx \ 48 | # Install prerequisite packages, vim for editing, then Install NGINX Plus 49 | && apt-get update && apt-get upgrade -y \ 50 | DEBIAN_FRONTEND=noninteractive apt-get -qq -y install --no-install-recommends apt-transport-https lsb-release ca-certificates wget dnsutils gnupg vim-tiny apt-utils \ 51 | # Install NGINX Plus from repo (https://cs.nginx.com/repo_setup) 52 | && wget http://nginx.org/keys/nginx_signing.key && apt-key add nginx_signing.key \ 53 | && printf "deb https://plus-pkgs.nginx.com/ubuntu `lsb_release -cs` nginx-plus\n" | tee /etc/apt/sources.list.d/nginx-plus.list \ 54 | && wget -P /etc/apt/apt.conf.d https://cs.nginx.com/static/files/90nginx \ 55 | && apt-get update \ 56 | # 57 | ## Install the latest release of NGINX Plus and/or NGINX Plus modules 58 | ## Optionally use versioned packages over defaults to specify a release 59 | # List available versions: 60 | && apt-cache policy nginx-plus \ 61 | ## Uncomment one: 62 | # && DEBIAN_FRONTEND=noninteractive apt-get -qq -y install --no-install-recommends nginx-plus \ 63 | && DEBIAN_FRONTEND=noninteractive apt-get -qq -y install --no-install-recommends nginx-plus=${NGINX_VERSION}-${PKG_RELEASE} \ 64 | # 65 | # NGINX Javascript module needed for APIM 66 | nginx-plus-module-njs \ 67 | # 68 | # Install Controller Agent 69 | && curl -k -sS -L ${CONTROLLER_URL}/install/controller/ > install.sh \ 70 | && sed -i 's/^assume_yes=""/assume_yes="-y"/' install.sh \ 71 | && sh ./install.sh -y \ 72 | # Set permissions 73 | && chown -R nginx:nginx /etc/nginx \ 74 | # Forward request and error logs to docker log collector 75 | && ln -sf /dev/stdout /var/log/nginx-controller/agent.log \ 76 | && ln -sf /dev/stderr /var/log/nginx/error.log \ 77 | # Raise the limits to successfully run benchmarks 78 | && ulimit -c -m -s -t unlimited \ 79 | # Cleanup 80 | && apt-get remove --purge --auto-remove -y gnupg lsb-release apt-utils \ 81 | && rm -rf /var/lib/apt/lists/* /etc/apt/sources.list.d/nginx-plus.list \ 82 | && rm -rf /etc/apt/apt.conf.d/90nginx \ 83 | && rm -rf nginx_signing.key \ 84 | # Remove the cert/keys from the image 85 | && rm /etc/ssl/nginx/nginx-repo.crt /etc/ssl/nginx/nginx-repo.key 86 | 87 | # COPY /etc/nginx (Nginx configuration) directory 88 | COPY etc/nginx /etc/nginx 89 | 90 | # EXPOSE common ports, HTTP 80 and HTTPS 443 91 | EXPOSE 80 443 92 | STOPSIGNAL SIGTERM 93 | ENTRYPOINT ["sh", "/entrypoint.sh"] -------------------------------------------------------------------------------- /Dockerfiles/ubuntu20.04_nim/Dockerfile: -------------------------------------------------------------------------------- 1 | FROM ubuntu:20.04 2 | 3 | LABEL maintainer="armand@f5.com" 4 | 5 | # Define NGINX versions for NGINX Manager and NGINX Plus 6 | # Uncomment this block and the versioned NGINX Packages in the main RUN 7 | # instruction to install a specific release 8 | # https://docs.nginx.com/nginx/releases/ 9 | ENV NGINX_VERSION 23 10 | # https://plus-pkgs.nginx.com 11 | ENV PKG_RELEASE 1~focal 12 | # https://docs.nginx.com/nginx-instance-manager/releases/ 13 | ENV NIM_VERSION 0.9.1-3047962 14 | 15 | ## Install NIM and Nginx Plus 16 | # Download certificate and key from the customer portal https://account.f5.com/myf5 17 | # and copy to the build context and set correct permissions 18 | # NIM: 19 | # * nginx-manager.lic 20 | # * nginx-manager.crt (optional) 21 | # * nginx-manager.key (optional) 22 | # Nginx Plus: 23 | # * nginx-repo.crt 24 | # * nginx-repo.key 25 | RUN mkdir -p /etc/ssl/nginx && \ 26 | mkdir -p /etc/nginx-manager 27 | COPY etc/ssl/nginx/nginx-repo.crt /etc/ssl/nginx/nginx-repo.crt 28 | COPY etc/ssl/nginx/nginx-repo.key /etc/ssl/nginx/nginx-repo.key 29 | COPY etc/nginx-manager/nginx-manager.lic /etc/nginx-manager/nginx-manager.lic 30 | # Add Optional .crt and .key (make sure they exist first) and uncomment below 31 | # COPY etc/nginx-manager/nginx-manager.crt /etc/nginx-manager/nginx-manager.crt 32 | # COPY etc/nginx-manager/nginx-manager.key /etc/nginx-manager/nginx-manager.key 33 | 34 | # Copy Entrypoint 35 | COPY entrypoint.sh / 36 | 37 | RUN set -x \ 38 | # Set correct permissions on entrypoint and NGINX cert directory 39 | && chmod +x /entrypoint.sh \ 40 | && chmod 644 /etc/ssl/nginx/* \ 41 | # Create nginx user/group first, to be consistent throughout Docker variants 42 | && addgroup --system --gid 1001 nginx \ 43 | && adduser --system --disabled-login --ingroup nginx --no-create-home --home /nonexistent --gecos "nginx user" --shell /bin/false --uid 1001 nginx \ 44 | # Install prerequisite packages, vim for editing, then Install NGINX Plus 45 | && apt-get update && apt-get upgrade -y \ 46 | && DEBIAN_FRONTEND=noninteractive apt-get -qq -y install --no-install-recommends apt-transport-https lsb-release ca-certificates wget dnsutils gnupg vim-tiny apt-utils jq \ 47 | # Signing key for all NGINX things 48 | && wget http://nginx.org/keys/nginx_signing.key && apt-key add nginx_signing.key \ 49 | # Install NGINX Plus from repo (https://cs.nginx.com/repo_setup) 50 | && printf "deb https://plus-pkgs.nginx.com/ubuntu `lsb_release -cs` nginx-plus\n" | tee /etc/apt/sources.list.d/nginx-plus.list \ 51 | && wget -P /etc/apt/apt.conf.d https://cs.nginx.com/static/files/90nginx \ 52 | && apt-get update \ 53 | ## Install the latest release of NGINX Plus and/or NGINX Plus modules 54 | ## Optionally use versioned packages over defaults to specify a release 55 | # List available versions: 56 | && apt-cache policy nginx-plus \ 57 | ## Uncomment one: 58 | # && DEBIAN_FRONTEND=noninteractive apt-get -qq -y install --no-install-recommends nginx-plus \ 59 | && DEBIAN_FRONTEND=noninteractive apt-get -qq -y install --no-install-recommends nginx-plus=${NGINX_VERSION}-${PKG_RELEASE} \ 60 | # Install NIM 61 | && printf "deb https://pkgs.nginx.com/instance-manager/debian stable nginx-plus\n" | tee /etc/apt/sources.list.d/instance-manager.list \ 62 | && wget -q -O /etc/apt/apt.conf.d/90pkgs-nginx https://cs.nginx.com/static/files/90pkgs-nginx \ 63 | && apt-get update \ 64 | ## Install the latest release of NGINX Instance Manager 65 | ## Optionally use versioned packages over defaults to specify a release 66 | # List available versions: 67 | && apt-cache policy nginx-manager \ 68 | ## Uncomment one: 69 | #&& DEBIAN_FRONTEND=noninteractive apt-get -qq -y install --no-install-recommends nginx-manager \ 70 | && DEBIAN_FRONTEND=noninteractive apt-get -qq -y install --no-install-recommends nginx-manager=${NIM_VERSION} \ 71 | # 72 | # Remove default nginx config 73 | && rm /etc/nginx/conf.d/default.conf \ 74 | # Optional: Create cache folder and set permissions for proxy caching 75 | && mkdir -p /var/cache/nginx \ 76 | && chown -R nginx /var/cache/nginx \ 77 | # Optional: Create State file folder and set permissions 78 | && mkdir -p /var/lib/nginx/state \ 79 | && chown -R nginx /var/lib/nginx/state \ 80 | # Set permissions 81 | && chown -R nginx:nginx /etc/nginx \ 82 | # Forward request and error logs to docker log collector 83 | && ln -sf /dev/stdout /var/log/nginx/access.log \ 84 | && ln -sf /dev/stderr /var/log/nginx/error.log \ 85 | #DO SOMETHING FOR /var/log/nginx-manager/ 86 | # Raise the limits to successfully run benchmarks 87 | && ulimit -c -m -s -t unlimited \ 88 | # Cleanup 89 | && apt-get remove --purge --auto-remove -y gnupg lsb-release apt-utils \ 90 | && rm -rf /var/lib/apt/lists/* /etc/apt/sources.list.d/nginx-plus.list \ 91 | && rm -rf /etc/apt/apt.conf.d/90nginx \ 92 | && rm -rf nginx_signing.key \ 93 | # Remove the cert/keys from the image 94 | && rm /etc/ssl/nginx/nginx-repo.crt /etc/ssl/nginx/nginx-repo.key 95 | 96 | ## Configs 97 | # Copy NGINX Plus (for reverse proxy) 98 | COPY etc/nginx/conf.d /etc/nginx/conf.d 99 | # NIM config files 100 | COPY etc/nginx-manager/nginx-manager.conf /etc/nginx-manager/nginx-manager.conf 101 | 102 | # EXPOSE NGINX Plus ports, HTTP 80, HTTPS 443, Nginx status page 8080 and GRPC 10002 103 | # Note: NIM ports GRPC 10000 and UI/API 11000 are proxied via NGINX Plus) 104 | EXPOSE 80 443 8080 10002 105 | STOPSIGNAL SIGQUIT 106 | ENTRYPOINT ["/entrypoint.sh"] -------------------------------------------------------------------------------- /NAP/entrypoint.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | 3 | /bin/su -s /bin/bash -c '/opt/app_protect/bin/bd_agent &' nginx 4 | /bin/su -s /bin/bash -c "/usr/share/ts/bin/bd-socket-plugin tmm_count 4 proc_cpuinfo_cpu_mhz 2000000 total_xml_memory 307200000 total_umu_max_size 3129344 sys_max_account_id 1024 no_static_config 2>&1 > /var/log/app_protect/bd-socket-plugin.log &" nginx 5 | /usr/sbin/nginx -g 'daemon off;' -------------------------------------------------------------------------------- /NAP/etc/nginx/log-default.json: -------------------------------------------------------------------------------- 1 | { 2 | "filter":{ 3 | "request_type":"all" 4 | }, 5 | "content":{ 6 | "format":"default", 7 | "max_request_size":"any", 8 | "max_message_size":"10k" 9 | } 10 | } -------------------------------------------------------------------------------- /NAP/etc/nginx/nap_test.conf: -------------------------------------------------------------------------------- 1 | server { 2 | listen 80; 3 | proxy_http_version 1.1; 4 | 5 | access_log /var/log/nginx/access.log security_waf; 6 | 7 | # 8 | # App Protect snippets: 9 | # 10 | 11 | # Enable NGINX App Protect in the relevant context/block 12 | # Best Practice: Set in a location block with a proxy_pass 13 | app_protect_enable on; 14 | 15 | # This is a reference to the policy file to use. If not defined, the default policy is used 16 | #app_protect_policy_file "/etc/nginx/NginxDefaultPolicy.json"; 17 | 18 | # This section enables the logging capability 19 | app_protect_security_log_enable on; 20 | 21 | # This is where the remote logger is defined in terms of: 22 | # logging options (defined in the referenced file), log server IP, log server port 23 | # Examples: 24 | # app_protect_security_log "/etc/app_protect/conf/log_default.json" /var/log/app_protect/security.log; 25 | # app_protect_security_log "/etc/app_protect/conf/log_default.json" stderr; 26 | app_protect_security_log "/etc/app_protect/conf/log_default.json" syslog:server=127.0.0.1:5144; 27 | 28 | 29 | location / { 30 | set $location_block default; 31 | app_protect_policy_file "/etc/nginx/NginxDefaultPolicy.json"; #file installed with app protect 32 | proxy_pass http://127.0.0.1:8000?$location_block; 33 | } 34 | location /strict { #needs more strict waf policy 35 | set $location_block strict; 36 | app_protect_policy_file "/etc/nginx/NginxStrictPolicy.json"; #file installed with app protect 37 | proxy_pass http://127.0.0.1:8000?$location_block; 38 | } 39 | location /off { #needs no security 40 | set $location_block off; 41 | app_protect_enable off; 42 | proxy_pass http://127.0.0.1:8000/?$location_block; 43 | } 44 | } 45 | server { 46 | listen 8000; 47 | location / { 48 | default_type text/plain; 49 | expires -1; 50 | return 200 '\n 51 | Location block: $query_string 52 | URI: $request_uri 53 | Status code: $status 54 | Server address: $server_addr:$server_port 55 | Server name: $hostname 56 | Date: $time_local 57 | nginx_version: $nginx_version 58 | User-Agent: $http_user_agent 59 | Cookie: $http_cookie 60 | request_id: $request_id 61 | \n'; 62 | } 63 | } 64 | -------------------------------------------------------------------------------- /NAP/etc/nginx/nginx.conf: -------------------------------------------------------------------------------- 1 | user nginx; 2 | #user nobody; 3 | # user daemon is the default; use root with transparent proxy_bind 4 | # user root; 5 | worker_processes auto; 6 | 7 | ## Load App Protect and Other Plus Dyanamic Modules ## 8 | # See: https://docs.nginx.com/nginx-app-protect/admin-guide/ 9 | load_module modules/ngx_http_app_protect_module.so; 10 | ## Other Plus Dyanamic Modules ## 11 | # See: https://docs.nginx.com/nginx/admin-guide/dynamic-modules/dynamic-modules/ 12 | ## Nginx javascript 13 | # load_module modules/ngx_http_js_module.so; 14 | # load_module modules/ngx_stream_js_module.so; 15 | # 16 | # SPNEGO for Kerberos authentication 17 | # load_module modules/spnego-http-auth-nginx-module.so; 18 | # 19 | ## Brotli compression 20 | # load_module modules/ngx_http_brotli_filter_module.so; 21 | # load_module modules/ngx_http_brotli_static_module.so; 22 | # 23 | ## cookie flag 24 | # load_module modules/ngx_http_cookie_flag_filter_module.so; 25 | # 26 | ## Encrypted-Session 27 | # load_module modules/ndk_http_module.so; 28 | # load_module modules/ngx_http_encrypted_session_module.so; 29 | # 30 | ## GeoIP 31 | # load_module modules/ngx_http_geoip_module.so; # GeoIP http 32 | # load_module modules/ngx_stream_geoip_module.so; # GeoIP stream 33 | # 34 | ## GeoIP2 35 | # load_module modules/ngx_http_geoip2_module.so; # GeoIP2 http 36 | # load_module modules/ngx_stream_geoip2_module.so;# GeoIP2 stream 37 | # 38 | ## Headers-More 39 | # load_module modules/ngx_http_headers_more_filter_module.so; 40 | # 41 | ## Image-Filter 42 | # load_module modules/ngx_http_image_filter_module.so; 43 | # 44 | ## Lua (NDK + lua must be enabled) 45 | # load_module modules/ndk_http_module.so; 46 | # load_module modules/ngx_http_lua_module.so; 47 | # 48 | ## ModSecurity dynamic module 49 | # load_module modules/ngx_http_modsecurity_module.so; 50 | # 51 | ## OpenTracing 52 | # load_module modules/ngx_http_opentracing_module.so; 53 | # 54 | ## Phusion Passenger Open Source dynamic module 55 | # load_module modules/ngx_http_passenger_module.so; 56 | ## Perl 57 | # load_module modules/ngx_http_perl_module.so; 58 | # 59 | ## RTMP 60 | # load_module modules/ngx_rtmp_module.so; 61 | # 62 | ## Set-Misc (NDK + lua must be enabled) 63 | # load_module modules/ndk_http_module.so; 64 | # load_module modules/ngx_http_set_misc_module.so; 65 | # 66 | ## HTTP Substitutions Filter 67 | # load_module modules/ngx_http_subs_filter_module.so; 68 | # 69 | ## XSLT 70 | # load_module modules/ngx_http_xslt_module.so; 71 | 72 | error_log /var/log/nginx/error.log notice; 73 | 74 | pid /var/run/nginx.pid; 75 | 76 | events { 77 | worker_connections 1024; 78 | } 79 | 80 | http { 81 | include /etc/nginx/mime.types; 82 | default_type application/octet-stream; 83 | 84 | log_format main '$remote_addr - $remote_user [$time_local] "$request" ' 85 | '$status $body_bytes_sent "$http_referer" ' 86 | '"$http_user_agent" "$http_x_forwarded_for"'; 87 | 88 | # NGINX WAF metrics 89 | log_format security_waf 'request_time=$request_time client_ip=$remote_addr,' 90 | 'request="$request", status=$status, ' 91 | 'waf_policy=$app_protect_policy_name, waf_request_id=$app_protect_support_id, ' 92 | 'waf_action=$app_protect_outcome, waf_action_reason=$app_protect_outcome_reason, ' 93 | 'app_protect_version=$app_protect_version'; 94 | 95 | access_log /var/log/nginx/access.log security_waf; # Default 96 | 97 | sendfile on; 98 | #tcp_nopush on; 99 | 100 | keepalive_timeout 65; 101 | 102 | gzip on; 103 | 104 | # APP PROTECT TEST SERVER 105 | include nap_test.conf; 106 | 107 | # Include Local sub files 108 | include /etc/nginx/conf.d/*.conf; 109 | 110 | } 111 | 112 | # TCP/UDP proxy and load balancing block 113 | 114 | # stream { 115 | # # Include Local sub files 116 | # include /etc/nginx/stream.conf.d/*.conf; 117 | # } 118 | 119 | # vim: syntax=nginx -------------------------------------------------------------------------------- /NAP/etc/ssl/nginx/PLACE_NGINX_REPO_KEY_AND_CRT_HERE: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/armsultan/nginx-plus-dockerfiles/caf9096c843aa4077ddde263be1a232ddcd678f1/NAP/etc/ssl/nginx/PLACE_NGINX_REPO_KEY_AND_CRT_HERE -------------------------------------------------------------------------------- /NGINX-PLUS/etc/nginx/nginx.conf: -------------------------------------------------------------------------------- 1 | user nginx; 2 | #user nobody; 3 | # user daemon is the default; use root with transparent proxy_bind 4 | # user root; 5 | worker_processes auto; 6 | 7 | ## Load NGINX Plus Dyanamic Modules ## 8 | # See: https://docs.nginx.com/nginx/admin-guide/dynamic-modules/dynamic-modules/ 9 | ## Nginx javascript 10 | # load_module modules/ngx_http_js_module.so; 11 | # load_module modules/ngx_stream_js_module.so; 12 | # 13 | # SPNEGO for Kerberos authentication 14 | # load_module modules/spnego-http-auth-nginx-module.so; 15 | # 16 | ## Brotli compression 17 | # load_module modules/ngx_http_brotli_filter_module.so; 18 | # load_module modules/ngx_http_brotli_static_module.so; 19 | # 20 | ## cookie flag 21 | # load_module modules/ngx_http_cookie_flag_filter_module.so; 22 | # 23 | ## Encrypted-Session 24 | # load_module modules/ndk_http_module.so; 25 | # load_module modules/ngx_http_encrypted_session_module.so; 26 | # 27 | ## GeoIP 28 | # load_module modules/ngx_http_geoip_module.so; # GeoIP http 29 | # load_module modules/ngx_stream_geoip_module.so; # GeoIP stream 30 | # 31 | ## GeoIP2 32 | # load_module modules/ngx_http_geoip2_module.so; # GeoIP2 http 33 | # load_module modules/ngx_stream_geoip2_module.so;# GeoIP2 stream 34 | # 35 | ## Headers-More 36 | # load_module modules/ngx_http_headers_more_filter_module.so; 37 | # 38 | ## Image-Filter 39 | # load_module modules/ngx_http_image_filter_module.so; 40 | # 41 | ## Lua (NDK + lua must be enabled) 42 | # load_module modules/ndk_http_module.so; 43 | # load_module modules/ngx_http_lua_module.so; 44 | # 45 | ## ModSecurity dynamic module 46 | # load_module modules/ngx_http_modsecurity_module.so; 47 | # 48 | ## OpenTracing 49 | # load_module modules/ngx_http_opentracing_module.so; 50 | # 51 | ## Phusion Passenger Open Source dynamic module 52 | # load_module modules/ngx_http_passenger_module.so; 53 | ## Perl 54 | # load_module modules/ngx_http_perl_module.so; 55 | # 56 | ## RTMP 57 | # load_module modules/ngx_rtmp_module.so; 58 | # 59 | ## Set-Misc (NDK + lua must be enabled) 60 | # load_module modules/ndk_http_module.so; 61 | # load_module modules/ngx_http_set_misc_module.so; 62 | # 63 | ## HTTP Substitutions Filter 64 | # load_module modules/ngx_http_subs_filter_module.so; 65 | # 66 | ## XSLT 67 | # load_module modules/ngx_http_xslt_module.so; 68 | 69 | error_log /var/log/nginx/error.log notice; 70 | 71 | pid /var/run/nginx.pid; 72 | 73 | events { 74 | worker_connections 1024; 75 | } 76 | 77 | http { 78 | include /etc/nginx/mime.types; 79 | default_type application/octet-stream; 80 | 81 | log_format main '$remote_addr - $remote_user [$time_local] "$request" ' 82 | '$status $body_bytes_sent "$http_referer" ' 83 | '"$http_user_agent" "$http_x_forwarded_for"'; 84 | 85 | # NGINX Plus Additional NGINX Metrics 86 | log_format main_ext '$remote_addr - $remote_user [$time_local] "$request" ' 87 | '$status $body_bytes_sent "$http_referer" "$http2" ' 88 | '"$http_user_agent" "$http_x_forwarded_for" ' 89 | '"$host" sn="$server_name" ' 90 | 'rt=$request_time ' 91 | 'ua="$upstream_addr" us="$upstream_status" ' 92 | 'ut="$upstream_response_time" ul="$upstream_response_length" ' 93 | 'cs=$upstream_cache_status' ; 94 | 95 | access_log /var/log/nginx/access.log main; # Default 96 | # access_log /var/log/nginx/access.log main_ext; # NGINX Plus Additional NGINX Metrics 97 | 98 | sendfile on; 99 | #tcp_nopush on; 100 | 101 | keepalive_timeout 65; 102 | 103 | gzip on; 104 | 105 | # Include Local sub files 106 | include /etc/nginx/conf.d/*.conf; 107 | 108 | } 109 | 110 | # TCP/UDP proxy and load balancing block 111 | 112 | # stream { 113 | # # Include Local sub files 114 | # include /etc/nginx/stream.conf.d/*.conf; 115 | # } 116 | 117 | # vim: syntax=nginx -------------------------------------------------------------------------------- /NGINX-PLUS/etc/ssl/nginx/PLACE_NGINX_REPO_KEY_AND_CRT_HERE: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/armsultan/nginx-plus-dockerfiles/caf9096c843aa4077ddde263be1a232ddcd678f1/NGINX-PLUS/etc/ssl/nginx/PLACE_NGINX_REPO_KEY_AND_CRT_HERE -------------------------------------------------------------------------------- /NIM/entrypoint.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | nginx 3 | nginx-manager -------------------------------------------------------------------------------- /NIM/etc/nginx-manager/PLACE_NGINX-MANAGER-LICENSE_HERE: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/armsultan/nginx-plus-dockerfiles/caf9096c843aa4077ddde263be1a232ddcd678f1/NIM/etc/nginx-manager/PLACE_NGINX-MANAGER-LICENSE_HERE -------------------------------------------------------------------------------- /NIM/etc/nginx-manager/nginx-manager.conf: -------------------------------------------------------------------------------- 1 | # 2 | # /etc/nginx-manager/nginx-manager.conf 3 | # 4 | # Configuration file for NGINX Instance Manager Server 5 | # bind address for all service ports (default "127.0.0.1") 6 | bind-address: 0.0.0.0 7 | # gRPC service port for agent communication (default "10000") 8 | grpc-port: 10000 9 | # gRPC-gateway service port for API and UI (default "11000") 10 | gateway-port: 11000 11 | # SSL CN or servername for certs 12 | server-name: test.example.com 13 | # # path to x.509 certificate file (optional) 14 | #cert: /etc/ssl/nginx-manager/nginx-manager.crt 15 | # # path to x.509 certificate key file (optional) 16 | #key: /etc/ssl/nginx-manager/nginx-manager.key 17 | # set log level (panic, fatal, error, info, debug, trace; default: info) (default "info") 18 | log: 19 | level: info 20 | path: /var/log/nginx-manager/ 21 | # Metrics default storage path (default "/tmp/metrics") (directory must be already present) 22 | metrics: 23 | storage-path: /var/nginx-manager/ 24 | ## Audit Log 25 | # audit-log: /var/log/nginx-manager/audit.log 26 | # Path to license file 27 | license: /etc/nginx-manager/nginx-manager.lic 28 | -------------------------------------------------------------------------------- /NIM/etc/nginx/conf.d/nginx-manager-grpc.conf: -------------------------------------------------------------------------------- 1 | # nginx-manager-grpc.conf 2 | # * Proxy grpc through tcp 10002 to 127.0.0.1 on nginx-manager 3 | # * Can have TLS/SSL added 4 | # * Replace 10002 with the port you want to use externally 5 | 6 | log_format grpc_json escape=json '{"timestamp":"$time_iso8601","client":"$remote_addr",' 7 | '"uri":"$uri","http-status":$status,' 8 | '"grpc-status":$grpc_status,"upstream":"$upstream_addr"' 9 | '"rx-bytes":$request_length,"tx-bytes":$bytes_sent}'; 10 | 11 | map $upstream_trailer_grpc_status $grpc_status { 12 | default $upstream_trailer_grpc_status; # We normally expect to receive 13 | # grpc-status as a trailer 14 | '' $sent_http_grpc_status; # Else use the header, regardless of 15 | # who generated it 16 | } 17 | 18 | server { 19 | listen 10002 http2; 20 | server_name nginx-manager.example.com; 21 | status_zone nginx-manager_grpc_grpc; 22 | 23 | access_log /var/log/nginx/nginx-manager-grpc-access.log grpc_json; # Alternate log location and format 24 | 25 | location / { 26 | grpc_pass grpc://nginx-manager_grpc_servers; # Adjust to grpcs for SSL 27 | health_check type=grpc grpc_status=12; # 12=unimplemented 28 | client_max_body_size 10m; 29 | client_body_timeout 3000s; 30 | } 31 | 32 | default_type application/grpc; # Ensure gRPC for all error responses 33 | # gRPC-compliant error responses 34 | # Standard HTTP-to-gRPC status code mappings 35 | # Ref: https://github.com/grpc/grpc/blob/master/doc/http-grpc-status-mapping.md 36 | # 37 | error_page 400 = @grpc_internal; 38 | error_page 401 = @grpc_unauthenticated; 39 | error_page 403 = @grpc_permission_denied; 40 | error_page 404 = @grpc_unimplemented; 41 | error_page 429 = @grpc_unavailable; 42 | error_page 502 = @grpc_unavailable; 43 | error_page 503 = @grpc_unavailable; 44 | error_page 504 = @grpc_unavailable; 45 | 46 | # NGINX-to-gRPC status code mappings 47 | # Ref: https://github.com/grpc/grpc/blob/master/doc/statuscodes.md 48 | # 49 | error_page 405 = @grpc_internal; # Method not allowed 50 | error_page 408 = @grpc_deadline_exceeded; # Request timeout 51 | error_page 413 = @grpc_resource_exhausted; # Payload too large 52 | error_page 414 = @grpc_resource_exhausted; # Request URI too large 53 | error_page 415 = @grpc_internal; # Unsupported media type; 54 | error_page 426 = @grpc_internal; # HTTP request was sent to HTTPS port 55 | error_page 495 = @grpc_unauthenticated; # Client certificate authentication error 56 | error_page 496 = @grpc_unauthenticated; # Client certificate not presented 57 | error_page 497 = @grpc_internal; # HTTP request was sent to mutual TLS port 58 | error_page 500 = @grpc_internal; # Server error 59 | error_page 501 = @grpc_internal; # Not implemented 60 | 61 | # gRPC error responses 62 | # Ref: https://github.com/grpc/grpc-go/blob/master/codes/codes.go 63 | # 64 | location @grpc_deadline_exceeded { 65 | add_header grpc-status 4; 66 | add_header grpc-message 'deadline exceeded'; 67 | return 204; 68 | } 69 | 70 | location @grpc_permission_denied { 71 | add_header grpc-status 7; 72 | add_header grpc-message 'permission denied'; 73 | return 204; 74 | } 75 | 76 | location @grpc_resource_exhausted { 77 | add_header grpc-status 8; 78 | add_header grpc-message 'resource exhausted'; 79 | return 204; 80 | } 81 | 82 | location @grpc_unimplemented { 83 | add_header grpc-status 12; 84 | add_header grpc-message unimplemented; 85 | return 204; 86 | } 87 | 88 | location @grpc_internal { 89 | add_header grpc-status 13; 90 | add_header grpc-message 'internal error'; 91 | return 204; 92 | } 93 | 94 | location @grpc_unavailable { 95 | add_header grpc-status 14; 96 | add_header grpc-message unavailable; 97 | return 204; 98 | } 99 | 100 | location @grpc_unauthenticated { 101 | add_header grpc-status 16; 102 | add_header grpc-message unauthenticated; 103 | return 204; 104 | } 105 | 106 | } 107 | 108 | # vim: syntax=nginx 109 | -------------------------------------------------------------------------------- /NIM/etc/nginx/conf.d/nginx-manager-noauth-http.conf: -------------------------------------------------------------------------------- 1 | # nginx-manager-noauth.conf 2 | # * Proxy UI/API with no auth to 127.0.0.1 on nginx-manager 3 | # * Include nginx-manager-upstreams.conf for the proxy_pass to work 4 | 5 | server { 6 | listen 80 default_server; 7 | # listen [::]:80 default_server; 8 | 9 | status_zone nginx-manager_noauth_http; 10 | server_name nginx-manager.example.com; 11 | 12 | # Optional log locations 13 | # access_log /var/log/nginx/nginx-manager-noauth-access.log info; 14 | # error_log /var/log/nginx/nginx-manager-noauth-error.log; 15 | 16 | location / { 17 | proxy_pass http://nginx-manager_servers; 18 | health_check uri=/swagger-ui/; 19 | } 20 | 21 | } 22 | 23 | # vim: syntax=nginx 24 | -------------------------------------------------------------------------------- /NIM/etc/nginx/conf.d/nginx-manager-noauth-https.conf.disabled: -------------------------------------------------------------------------------- 1 | # nginx-manager-noauth-https.conf 2 | # * This config is disabled when `.disabled` is appended to file, i.e nginx-manager-noauth-https.conf.disabled 3 | # * HTTP 301 redirect to HTTPS 4 | # * Proxy UI/API with no auth to 127.0.0.1 on nginx-manager 5 | # * Include nginx-manager-upstreams.conf for the proxy_pass to work 6 | # To enable this HTTPS Config: 7 | # * Make sure your crt, key and dhparams exist per the config 8 | # * Disable nginx-manager-noauth-http.conf by removing file or rename the file to end with anything other than `.conf` 9 | # e.g., `nginx-manager-noauth-http.conf.disabled` 10 | # * Remove `.disabled` from the filename, i.e nginx-manager-noauth-https.conf.disabled > nginx-manager-noauth-https.conf 11 | # * Start NGINX with this config enabled or reload NGINX on the fly 12 | 13 | 14 | # generated 2021-03-23, Mozilla Guideline v5.6, nginx 1.17.7, OpenSSL 1.1.1d, intermediate configuration 15 | # https://ssl-config.mozilla.org/#server=nginx&version=1.17.7&config=intermediate&openssl=1.1.1d&guideline=5.6 16 | server { 17 | listen 80 default_server; 18 | listen [::]:80 default_server; 19 | 20 | return 301 https://$host$request_uri; 21 | } 22 | 23 | server { 24 | listen 443 ssl http2; 25 | listen [::]:443 ssl http2; 26 | 27 | ssl_certificate /path/to/signed_cert_plus_intermediates.crt; 28 | ssl_certificate_key /path/to/private.key; 29 | ssl_session_timeout 1d; 30 | ssl_session_cache shared:MozSSL:10m; # about 40000 sessions 31 | ssl_session_tickets off; 32 | 33 | # curl https://ssl-config.mozilla.org/ffdhe2048.txt > /path/to/dhparam 34 | ssl_dhparam /path/to/dhparam; 35 | 36 | # intermediate configuration 37 | ssl_protocols TLSv1.2 TLSv1.3; 38 | ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384; 39 | ssl_prefer_server_ciphers off; 40 | 41 | # HSTS (ngx_http_headers_module is required) (63072000 seconds) 42 | add_header Strict-Transport-Security "max-age=63072000" always; 43 | 44 | # OCSP stapling 45 | ssl_stapling on; 46 | ssl_stapling_verify on; 47 | 48 | # verify chain of trust of OCSP response using Root CA and Intermediate certs 49 | ssl_trusted_certificate /path/to/root_CA_cert_plus_intermediates; 50 | 51 | # replace with the IP address of your resolver 52 | resolver 8.8.8.8; 53 | 54 | location / { 55 | proxy_pass http://nginx-manager_servers; 56 | health_check uri=/swagger-ui/; 57 | } 58 | } 59 | 60 | # vim: syntax=nginx 61 | -------------------------------------------------------------------------------- /NIM/etc/nginx/conf.d/nginx-manager-upstreams-grpc.conf: -------------------------------------------------------------------------------- 1 | # nginx-manager-upstreams-grpc.conf 2 | # * Upstreams for NGINX nginx-manager GRPC 3 | 4 | upstream nginx-manager_grpc_servers { 5 | zone nginx-manager_grpc 64k; 6 | server 127.0.0.1:10000; 7 | } 8 | 9 | # vim: syntax=nginx 10 | -------------------------------------------------------------------------------- /NIM/etc/nginx/conf.d/nginx-manager-upstreams.conf: -------------------------------------------------------------------------------- 1 | # nginx-manager-upstreams.conf 2 | # * Upstreams for NGINX nginx-manager API/UI 3 | 4 | upstream nginx-manager_servers { 5 | zone nginx-manager_servers 64k; 6 | server 127.0.0.1:11000; 7 | keepalive 64; 8 | } 9 | 10 | # vim: syntax=nginx 11 | -------------------------------------------------------------------------------- /NIM/etc/nginx/conf.d/status_api.conf: -------------------------------------------------------------------------------- 1 | # This sample NGINX Plus configuration enables the NGINX Plus API, for live 2 | # activity monitoring and the built-in dashboard, dynamic configuration of 3 | # upstream groups, and key-value stores. Keep in mind that any features 4 | # added to the API in future NGINX Plus releases will be enabled 5 | # automatically by this file. 6 | # Created in May 2018 by NGINX, Inc. for NGINX Plus R14 and later. 7 | 8 | # Documentation: 9 | # https://docs.nginx.com/nginx/admin-guide/monitoring/live-activity-monitoring/ 10 | # https://www.nginx.com/blog/live-activity-monitoring-nginx-plus-3-simple-steps 11 | 12 | # To conform with the conventional configuration scheme, place this file in 13 | # the /etc/nginx/conf.d directory and add an 'include' directive that 14 | # references it in the main configuration file, /etc/nginx/nginx.conf, 15 | # either by name or with a wildcard expression. Then validate and reload 16 | # the configuration, for example with this command: 17 | # 18 | # nginx -t && nginx -s reload 19 | 20 | # Note that additional directives are required in other parts of the 21 | # configuration: 22 | # 23 | # For metrics to be gathered for an HTTP or TCP/UDP virtual server, you must 24 | # include the 'status_zone' directive in its 'server' block. See: 25 | # http://nginx.org/r/status_zone 26 | # 27 | # Similarly, for metrics to be gathered for an upstream server group, you 28 | # must include the 'zone' directive in the 'upstream' block. See: 29 | # http://nginx.org/r/zone 30 | # 31 | # For more information and instructions, see: 32 | # https://docs.nginx.com/nginx/admin-guide/monitoring/live-activity-monitoring#status_data 33 | 34 | # We strongly recommend that you restrict access to the NGINX Plus API so 35 | # that only authorized users can view metrics and configuration, change 36 | # configuration, or both. Here are a few options: 37 | # 38 | # (1) Configure your firewall to limit access to port 8080. 39 | # 40 | # (2) Use SSL/TLS client certificates. See: 41 | # https://docs.nginx.com/nginx/admin-guide/security-controls/terminating-ssl-http/ 42 | # 43 | # (3) Enable HTTP Basic authentication (RFC 7617) by uncommenting the 44 | # 'auth_basic*' directives in the 'server' block below. You can add users 45 | # with an htpasswd generator, which is readily available, or reuse an 46 | # existing htpasswd file (from an Apache HTTP Server, for example). See: 47 | # http://nginx.org/en/docs/http/ngx_http_auth_basic_module.html 48 | # 49 | # (4) Enable access from a defined network and disable it from all others, 50 | # by uncommenting the 'allow' and 'deny' directives in the 'server' block 51 | # below and specifying the appropriate network ranges. See: 52 | # http://nginx.org/en/docs/http/ngx_http_access_module.html 53 | # 54 | # You can create further restrictions on write operations, to distinguish 55 | # between users with read permission and those who can change configuration. 56 | # Uncomment the sample 'limit_except' directive in the 'location api' 57 | # block below. In addition to the HTTP Basic authentication shown, other 58 | # authentication schemes are supported. See: 59 | # http://nginx.org/r/limit_except 60 | 61 | server { 62 | # Conventional port for the NGINX Plus API is 8080 63 | listen 8080; 64 | 65 | access_log off; # Don't log access here (test env) 66 | 67 | # Uncomment to use HTTP Basic authentication; see (3) above 68 | #auth_basic "NGINX Plus API"; 69 | #auth_basic_user_file /etc/nginx/users; 70 | 71 | # Uncomment to use permissions based on IP address; see (4) above 72 | #allow 10.0.0.0/8; 73 | #deny all; 74 | 75 | # Conventional location for accessing the NGINX Plus API 76 | location /api/ { 77 | # Enable in read-write mode 78 | api write=on; 79 | 80 | # Uncomment to further restrict write permissions; see note above 81 | #limit_except GET { 82 | #auth_basic "NGINX Plus API"; 83 | #auth_basic_user_file /etc/nginx/admins; 84 | #} 85 | } 86 | 87 | # Conventional location of the NGINX Plus dashboard 88 | location = /dashboard.html { 89 | root /usr/share/nginx/html; 90 | } 91 | 92 | # Redirect requests for "/" to "/dashboard.html" 93 | location / { 94 | root /usr/share/nginx/html; 95 | index dashboard.html; 96 | } 97 | 98 | # Swagger-UI exposure 99 | location /swagger-ui { 100 | root /usr/share/nginx/html; 101 | } 102 | 103 | # Redirect requests for pre-R14 dashboard 104 | location /status.html { 105 | return 301 /dashboard.html; 106 | } 107 | } 108 | 109 | # vim: syntax=nginx 110 | -------------------------------------------------------------------------------- /NIM/etc/ssl/nginx/PLACE_NGINX_REPO_KEY_AND_CRT_HERE: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/armsultan/nginx-plus-dockerfiles/caf9096c843aa4077ddde263be1a232ddcd678f1/NIM/etc/ssl/nginx/PLACE_NGINX_REPO_KEY_AND_CRT_HERE -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # NGINX Plus Dockerfiles 2 | 3 | A Bunch of Dockerfiles for [NGINX Plus, NGINX App Protect and NGINX Instance Manager](https://www.nginx.com/products/nginx/). 4 | 5 | * Try NGINX Plus and NGINX App Protect: **Just add [licenses](https://www.nginx.com/free-trial-request/)** 6 | * Try NGINX Instance Manager: **Just add [licenses](https://www.nginx.com/products/nginx/nginx-instance-manager/)** 7 | ## Build and run NGINX Plus Docker containers (Using Script) 8 | 9 | Run `./build-nginx-plus.sh [build_name]`, where `[build_name]` one of: 10 | 11 | | `[build_name]` | Description | 12 | | ------------------------- |--------------------------------------------------| 13 | |`alpine3.10` | Alpine Linux 3.10 with NGINX Plus | 14 | |`alpine3.10` | Alpine Linux 3.10 with NGINX App Protect | 15 | |`alpine3.11` | Alpine Linux 3.11 with NGINX Plus | 16 | |`alpine3.12` | Alpine Linux 3.11 with NGINX Plus | 17 | |`alpine3.12_tools` | Alpine Linux 3.12 with NGINX Plus and HTTP tools | 18 | |`amazonlinux` | Amazon Linux with NGINX Plus | 19 | |`amazonlinux2` | Amazon Linux 2 with NGINX Plus | 20 | |~~`amazonlinux2_controller`~~ | ~~Amazon Linux 2 with NGINX Plus and Controller agent~~ | 21 | |`centos7` | Centos 7 (Latest) with NGINX Plus | 22 | |`centos7.6` | Centos 7.6 with NGINX Plus | 23 | |`centos7.6_nap` | Centos 7.6 with NGINX App Protect | 24 | |`centos7.6_nim` | Centos 7.6 with NGINX Instance Manager with NGINX plus | 25 | |~~`centos7.6_controller`~~ | ~~Centos 7.6 with NGINX Plus and Controller agent~~ | 26 | |`centos8` | Centos 8 with NGINX Plus | 27 | |`rhel7` | Red Hat (Universal Base) 7 (Latest) with NGINX Plus | 28 | |`rhel7_nap` | Red Hat (Universal Base) 7 with NGINX App Protect | 29 | |`rhel8` | Red Hat (Universal Base) 8 with NGINX Plus | 30 | |`rhel8_nim` | Red Hat (Universal Base) 8 with NGINX Instance Manager with NGINX plus | 31 | |`debian9` | Debian 9 with NGINX Plus | 32 | |`debian9_nap` | Debian 9 with NGINX NGINX App Protect | 33 | |~~`debian9_controller`~~ | ~~Debian 9 with NGINX Plus and Controller agent~~ | 34 | |`debian10` | Debian 10 with NGINX Plus | 35 | |`debian10_nap` | Debian 10 with NGINX App Protect | 36 | |`debian10_nim` | Debian 10 with NGINX Instance Manager with NGINX plus | 37 | |`oracle7` | Oracle Linux 7 (Latest) with NGINX Plus | 38 | |`ubuntu18.04` | Ubuntu 18.04 with NGINX Plus | 39 | |~~`ubuntu18.04_controller`~~ | ~~Ubuntu 18.04 with NGINX Plus and Controller agent~~ | 40 | |`ubuntu18.04_crossplane` | Ubuntu 18.04 with NGINX Plus and Crossplane | 41 | |`ubuntu18.04_nap` | Ubuntu 18.04 with NGINX App Protect | 42 | |`ubuntu20.04` | Ubuntu 20.04 with NGINX Plus | 43 | |`ubuntu20.04_nim` | Ubuntu 20.04 with NGINX Instance Manager with NGINX plus | 44 | 45 | ## Build NGINX Plus Docker container using script 46 | 47 | 1. Prepare your NGINX license files in the correct build directories: 48 | * **For NGINX Plus and NGINX App Protect:** Copy your `nginx-repo.crt` and `nginx-repo.key` into [`etc/ssl/nginx`](./NGINX-PLUS/ssl/nginx) directory 49 | * **For NGINX Instance Manager and NGINX App Protect:** Copy your `nginx-repo.crt` and `nginx-repo.key` into [`etc/ssl/nginx`](./NGINX-PLUS/ssl/nginx) directory, **Additionally**, Copy your `NGINX-Instance-Manager.lic` (may be named differently) into the `/etc/nginx-manager/` directory. It is referenced by the `license:` option in the `/etc/nginx-manager/nginx-manager.conf` file, and has already been set in the [file](./NIM/etc/nginx-manager/nginx-manager.conf) provided in this repo 50 | 51 | 2. Build an image from your Dockerfile: 52 | ```bash 53 | # ./build-nginx-plus.sh [Build-name] 54 | $ ./build-nginx-plus.sh ubuntu18.04_nap 55 | ``` 56 | 57 | 3. See the Docker images available 58 | ```bash 59 | # NGINX PLUS images are named nginx-plus-[build] 60 | $ docker images | grep nginx-plus 61 | # NGINX App Protect images are named nginx-app-protect-[build] 62 | $ docker images | grep nginx-app-protect 63 | # NGINX Instance Manager images are named nginx-nim-[build] 64 | $ docker images | grep nginx-nim 65 | # NGINX PLUS with Controller Agent images are named nginx-agent-[build] 66 | $ docker images | grep nginx-agent 67 | ``` 68 | ## Build NGINX Plus Docker container Manually 69 | 70 | 1. Prepare your NGINX license files in the correct build directories: 71 | * **For NGINX Plus and NGINX App Protect:** Copy your `nginx-repo.crt` and `nginx-repo.key` into [`etc/ssl/nginx`](./NGINX-PLUS/ssl/nginx) directory 72 | * **For NGINX Instance Manager and NGINX App Protect:** Copy your `nginx-repo.crt` and `nginx-repo.key` into [`etc/ssl/nginx`](./NGINX-PLUS/ssl/nginx) directory, **Additionally**, Copy your `NGINX-Instance-Manager.lic` (may be named differently) into the `/etc/nginx-manager/` directory. It is referenced by the `license:` option in the `/etc/nginx-manager/nginx-manager.conf` file, and has already been set in the [file](./NIM/etc/nginx-manager/nginx-manager.conf) provided in this repo 73 | 2. Copy the desired [`Dockerfile`](./Dockerfiles) into the correct build folder: 74 | * [`NGINX-PLUS`](./NGINX-Plus) - NGINX Plus only 75 | * [`NAP`](./NAP) - NGINX App Protect 76 | * [`NIM`](./NIM) - NGINX Instance Manager with NGINX Plus 77 | 2. Build an image from your Dockerfile: 78 | ```bash 79 | # Run command from the folder containing the `Dockerfile` 80 | # docker build -t [docker_image_name] . 81 | $ docker build -t nginx-plus . 82 | ``` 83 | 84 | ## Run the Container 85 | 86 | 1. Start the container, e.g.: 87 | ```bash 88 | # e.g. NGINX Plus, NGINX App Protect 89 | # Start a new container and publish container ports 80, 443 and 8080 to the host 90 | # Where [docker_image_name] is found on the last step 91 | $ docker run -d -p 80:80 -p 443:443 -p 8080:8080 [docker_image_name] 92 | 93 | # e.g. NGINX Instance Manager 94 | # Start a new container and publish container ports 80, 443, 8080 and 10002 to the host 95 | # Where [docker_image_name] is found on the last step 96 | $ docker run -d -p 80:80 -p 443:443 -p 8080:8080 -p 10002:10002 [docker_image_name] 97 | ``` 98 | 99 | 2. **Optional**: Mount local volume: 100 | 101 | ```bash 102 | docker run -d \ 103 | -p 80:80 -p 443:443 \ 104 | -p 8080:8080 \ 105 | -v $PWD/etc/nginx:/etc/nginx [docker_image_name] 106 | ``` 107 | ## Useful Docker commands 108 | 109 | 110 | 1. To run commands in the docker container you first need to start a bash session inside the nginx container 111 | ```bash 112 | # get Docker IDs of running containers 113 | docker ps 114 | # Enter a Alpine Linux BusyBox shell 115 | sudo docker exec -i -t [CONTAINER ID] /bin/sh 116 | # OR 117 | # Enter a Linux Bash shell 118 | sudo docker exec -i -t [CONTAINER ID] /bin/bash 119 | ``` 120 | 121 | 2. To open logs 122 | ```bash 123 | # get Docker IDs of running containers 124 | docker ps 125 | # View and follow container logs 126 | sudo docker logs -f [CONTAINER ID] 127 | ``` 128 | 129 | ## TODO 130 | 131 | * See [todo](todo.md) 132 | -------------------------------------------------------------------------------- /build-nginx-plus.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | # Usage EXAMPLE: ./build-nginx-plus.sh ubuntu18.04 3 | distro="$(tr [A-Z] [a-z] <<< "$1")" # set to lowercase 4 | 5 | # Check Dockerfile type 6 | is_controller='_controller' 7 | is_nap='_nap' 8 | is_nim='_nim' 9 | 10 | # Set build directory 11 | build_dir='' 12 | 13 | # Optional: Pull Git changes 14 | # git pull --no-edit 15 | 16 | # 17 | # Build Controller Agent Docker container 18 | # 19 | if grep -q "$is_controller" <<< "$distro"; then 20 | # Set build directory 21 | build_dir='./CONTROLLER-AGENT' 22 | 23 | # remove Dockerfile here (if exists) 24 | rm $build_dir/Dockerfile || true 25 | 26 | # copy desired Dockerfile 27 | cp Dockerfiles/$distro/Dockerfile $build_dir 28 | 29 | # Build and tag it as "nginx-agent-[distro]" 30 | docker build -t nginx-agent-$distro $build_dir --pull --no-cache # No caching 31 | 32 | # Show all docker containers build with names containing "nginx-plus-" 33 | printf "\n" 34 | printf "Nginx Plus with Controller Agent containers built:" 35 | printf "\n" 36 | docker images | grep nginx-agent 37 | # 38 | # Build NGINX App Protect Docker container 39 | # 40 | elif grep -q "$is_nap" <<< "$distro"; then 41 | # Set build directory 42 | build_dir='./NAP' 43 | 44 | # remove Dockerfile here (if exists) 45 | rm $build_dir/Dockerfile || true 46 | 47 | # copy desired Dockerfile 48 | cp Dockerfiles/$distro/Dockerfile $build_dir 49 | 50 | # Build and tag it as "nginx-app-protect-[distro]" 51 | docker build -t nginx-app-protect-$distro $build_dir --pull --no-cache # No caching 52 | 53 | # Show all docker containers build with names containing "nginx-plus-" 54 | printf "\n" 55 | printf "Nginx App Protect containers built:" 56 | printf "\n" 57 | docker images | grep nginx-app-protect 58 | # 59 | # Build NGINX Instance Manager ("NIM") Docker container 60 | # 61 | elif grep -q "$is_nim" <<< "$distro"; then 62 | # Set build directory 63 | build_dir='./NIM' 64 | 65 | # remove Dockerfile here (if exists) 66 | rm $build_dir/Dockerfile || true 67 | 68 | # copy desired Dockerfile 69 | cp Dockerfiles/$distro/Dockerfile $build_dir 70 | 71 | # Build and tag it as "nginx-nim-protect-[distro]" 72 | docker build -t nginx-nim-$distro $build_dir --pull --no-cache # No caching 73 | 74 | # Show all docker containers build with names containing "nginx-plus-" 75 | printf "\n" 76 | printf "Nginx Instance Manager (NIM) containers built:" 77 | printf "\n" 78 | docker images | grep nginx-nim 79 | # 80 | # Build NGINX Plus Docker container 81 | # 82 | else 83 | # Set build directory 84 | build_dir='./NGINX-PLUS' 85 | 86 | # remove Dockerfile here (if exists) 87 | rm $build_dir/Dockerfile || true 88 | 89 | # copy desired Dockerfile 90 | cp Dockerfiles/$distro/Dockerfile $build_dir 91 | 92 | # Build and tag it as "nginx-plus-[distro]" 93 | docker build -t nginx-plus-$distro $build_dir --pull --no-cache # No caching 94 | 95 | # Show all docker containers build with names containing "nginx-plus-" 96 | printf "\n" 97 | printf "Nginx Plus containers built:" 98 | printf "\n" 99 | docker images | grep nginx-plus 100 | fi 101 | 102 | # remove Dockerfile from the build directory (if exists) 103 | rm $build_dir/Dockerfile || true -------------------------------------------------------------------------------- /ci-build.sh: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | # Tested on ubuntu 18.04 3 | # Generating random number between $FPORT and $EPORT for port binding 4 | FPORT=1025; 5 | EPORT=9999; 6 | RANDHTTP=$(( ( RANDOM % $FPORT ) + $EPORT )) 7 | RANDSSL=$(( ( RANDOM % $FPORT ) + $EPORT )) 8 | RANDDASH=$(( ( RANDOM % $FPORT ) + $EPORT )) 9 | # Name of the Docker container provided in ARG $1 10 | NAME=$1 11 | 12 | check_port_availability () { 13 | 14 | HTTP_PORT_CHECK=$1 15 | SSL_PORT_CHECK=$2 16 | DASH_PORT_CHECK=$3 17 | 18 | if [ $HTTP_PORT_CHECK -eq $SSL_PORT_CHECK ] || [ $HTTP_PORT_CHECK -eq $DASH_PORT_CHECK ] || [ $SSL_PORT_CHECK -eq $DASH_PORT_CHECK ]; then 19 | printf "\n\nRandom Port Collision...Randomizing HTTP Port!\n\n" 20 | RANDHTTP=$(( ( RANDOM % $FPORT ) + $EPORT )) # Randomizing port 21 | exit 22 | fi 23 | 24 | if [ $SSL_PORT_CHECK -eq $DASH_PORT_CHECK ]; then 25 | printf "\n\nRandom Port Collision...Randomizing HTTP Port!\n\n" 26 | RANDSSL=$(( ( RANDOM % $FPORT ) + $EPORT )) # Randomizing port 27 | exit 28 | fi 29 | 30 | for USED_PORT in $( netstat -ltn | sed -rne '/^tcp/{/:\>/d;s/.*:([0-9]+)\>.*/\1/p}' | sort -n | uniq ); do 31 | if [ $HTTP_PORT_CHECK -eq $USED_PORT ]; then 32 | printf "\n\n$HTTP_PORT_CHECK conflicts with open port: $USED_PORT...Randomizing HTTP Port!\n\n" 33 | RANDHTTP=$(( ( RANDOM % $FPORT ) + $EPORT )) 34 | exit 35 | elif [ $SSL_PORT_CHECK -eq $USED_PORT ]; then 36 | printf "\n\n$SSL_PORT_CHECK conflicts with open port: $USED_PORT...Randomizing HTTPS Port!\n\n" 37 | RANDSSL=$(( ( RANDOM % $FPORT ) + $EPORT )) # Randomizing port 38 | exit 39 | elif [ $DASH_PORT_CHECK -eq $USED_PORT ]; then 40 | printf "\n\n$DASH_PORT_CHECK conflicts with open port: $USED_PORT...Randomizing Dashboard/API Port!\n\n" 41 | RANDDASH=$(( ( RANDOM % $FPORT ) + $EPORT )) # Randomizing port 42 | exit 43 | fi 44 | done 45 | 46 | return 47 | } 48 | 49 | port_sanity=$(check_port_availability $RANDHTTP $RANDSSL $RANDDASH) 50 | 51 | # Port check and randomize 52 | # Loop until all ports are random 53 | if [ -z "$port_sanity" ]; then 54 | printf "\nWe will run the container with these randomly assigned ports:\nHTTP port $RANDHTTP\nHTTPS port $RANDSSL\nDashboard port $RANDDASH\n\n" 55 | else 56 | port_sanity=$(check_port_availability $RANDHTTP $RANDSSL $RANDDASH) 57 | fi 58 | 59 | # Run container 60 | # Make sure this Container is not running 61 | printf "Make sure a Container with the designated name is not running..." 62 | OUTPUT="$(docker stop $NAME)" 63 | if echo "$OUTPUT" | grep -c "No such container"; then 64 | echo "A container with name, $NAME, was stopped. Good to proceed.." 65 | else 66 | echo "No container with name, $NAME, exists. Good to proceed.." 67 | 68 | fi 69 | 70 | printf "\nGoing to run:\ndocker run -d -p $RANDHTTP:80 -p $RANDSSL:443 -p $RANDDASH:8080 -v '$(pwd)/test/etc/nginx/conf.d:/etc/nginx/conf.d' --name $NAME $NAME\n\n" 71 | docker run -d -p $RANDHTTP:80 -p $RANDSSL:443 -p $RANDDASH:8080 -v "$(pwd)/etc/nginx/conf.d:/etc/nginx/conf.d" --name $NAME $NAME 72 | exit -------------------------------------------------------------------------------- /test/etc/nginx/conf.d/status_api.conf: -------------------------------------------------------------------------------- 1 | # This sample NGINX Plus configuration enables the NGINX Plus API, for live 2 | # activity monitoring and the built-in dashboard, dynamic configuration of 3 | # upstream groups, and key-value stores. Keep in mind that any features 4 | # added to the API in future NGINX Plus releases will be enabled 5 | # automatically by this file. 6 | # Created in May 2018 by NGINX, Inc. for NGINX Plus R14 and later. 7 | 8 | # Documentation: 9 | # https://docs.nginx.com/nginx/admin-guide/monitoring/live-activity-monitoring/ 10 | # https://www.nginx.com/blog/live-activity-monitoring-nginx-plus-3-simple-steps 11 | 12 | # To conform with the conventional configuration scheme, place this file in 13 | # the /etc/nginx/conf.d directory and add an 'include' directive that 14 | # references it in the main configuration file, /etc/nginx/nginx.conf, 15 | # either by name or with a wildcard expression. Then validate and reload 16 | # the configuration, for example with this command: 17 | # 18 | # nginx -t && nginx -s reload 19 | 20 | # Note that additional directives are required in other parts of the 21 | # configuration: 22 | # 23 | # For metrics to be gathered for an HTTP or TCP/UDP virtual server, you must 24 | # include the 'status_zone' directive in its 'server' block. See: 25 | # http://nginx.org/r/status_zone 26 | # 27 | # Similarly, for metrics to be gathered for an upstream server group, you 28 | # must include the 'zone' directive in the 'upstream' block. See: 29 | # http://nginx.org/r/zone 30 | # 31 | # For more information and instructions, see: 32 | # https://docs.nginx.com/nginx/admin-guide/monitoring/live-activity-monitoring#status_data 33 | 34 | # We strongly recommend that you restrict access to the NGINX Plus API so 35 | # that only authorized users can view metrics and configuration, change 36 | # configuration, or both. Here are a few options: 37 | # 38 | # (1) Configure your firewall to limit access to port 8080. 39 | # 40 | # (2) Use SSL/TLS client certificates. See: 41 | # https://docs.nginx.com/nginx/admin-guide/security-controls/terminating-ssl-http/ 42 | # 43 | # (3) Enable HTTP Basic authentication (RFC 7617) by uncommenting the 44 | # 'auth_basic*' directives in the 'server' block below. You can add users 45 | # with an htpasswd generator, which is readily available, or reuse an 46 | # existing htpasswd file (from an Apache HTTP Server, for example). See: 47 | # http://nginx.org/en/docs/http/ngx_http_auth_basic_module.html 48 | # 49 | # (4) Enable access from a defined network and disable it from all others, 50 | # by uncommenting the 'allow' and 'deny' directives in the 'server' block 51 | # below and specifying the appropriate network ranges. See: 52 | # http://nginx.org/en/docs/http/ngx_http_access_module.html 53 | # 54 | # You can create further restrictions on write operations, to distinguish 55 | # between users with read permission and those who can change configuration. 56 | # Uncomment the sample 'limit_except' directive in the 'location api' 57 | # block below. In addition to the HTTP Basic authentication shown, other 58 | # authentication schemes are supported. See: 59 | # http://nginx.org/r/limit_except 60 | 61 | server { 62 | # Conventional port for the NGINX Plus API is 8080 63 | listen 8080; 64 | 65 | # Uncomment to use HTTP Basic authentication; see (3) above 66 | #auth_basic "NGINX Plus API"; 67 | #auth_basic_user_file /etc/nginx/users; 68 | 69 | # Uncomment to use permissions based on IP address; see (4) above 70 | #allow 10.0.0.0/8; 71 | #deny all; 72 | 73 | # Conventional location for accessing the NGINX Plus API 74 | location /api/ { 75 | # Enable in read-write mode 76 | api write=on; 77 | 78 | # Uncomment to further restrict write permissions; see note above 79 | #limit_except GET { 80 | #auth_basic "NGINX Plus API"; 81 | #auth_basic_user_file /etc/nginx/admins; 82 | #} 83 | } 84 | 85 | # Conventional location of the NGINX Plus dashboard 86 | location = /dashboard.html { 87 | root /usr/share/nginx/html; 88 | } 89 | 90 | # Redirect requests for "/" to "/dashboard.html" 91 | location / { 92 | return 301 /dashboard.html; 93 | } 94 | 95 | # Redirect requests for pre-R14 dashboard 96 | location /status.html { 97 | return 301 /dashboard.html; 98 | } 99 | } 100 | 101 | # vim: syntax=nginx -------------------------------------------------------------------------------- /test/etc/nginx/conf.d/stub_status.conf: -------------------------------------------------------------------------------- 1 | # ngx_http_stub_status_module (Available in NGINX F/OSS) 2 | # provides Basic Status information http://nginx.org/en/docs/http/ngx_http_stub_status_module.html 3 | 4 | server { 5 | listen 127.0.0.1:80; 6 | server_name 127.0.0.1; 7 | location /nginx_status { 8 | stub_status on; 9 | allow 127.0.0.1; 10 | deny all; 11 | } 12 | } 13 | 14 | # vim: syntax=nginx -------------------------------------------------------------------------------- /test/etc/nginx/nginx.conf: -------------------------------------------------------------------------------- 1 | #user nobody; 2 | #user nginx; 3 | # user daemon is the default; use root with transparent proxy_bind 4 | user root; 5 | worker_processes auto; 6 | 7 | ## Load NGINX Plus Dyanamic Modules ## 8 | # See: https://docs.nginx.com/nginx/admin-guide/dynamic-modules/dynamic-modules/ 9 | # # ModSecurity dynamic module 10 | # load_module modules/ngx_http_modsecurity_module.so; 11 | # # Nginx javascript 12 | # # Prometheus exporter NJS (njs http module required) 13 | # load_module modules/ngx_http_js_module.so; # njs http 14 | # load_module modules/ngx_stream_js_module.so; # njs stream 15 | # # GeoIP 16 | # load_module modules/ngx_http_geoip_module.so; # GeoIP http 17 | # load_module modules/ngx_stream_geoip_module.so; # GeoIP stream 18 | # # GeoIP2 19 | # load_module modules/ngx_http_geoip2_module.so; # GeoIP2 http 20 | # load_module modules/ngx_stream_geoip2_module.so;# GeoIP2 stream 21 | # # Brotli compression 22 | # load_module modules/ngx_http_brotli_filter_module.so; 23 | # load_module modules/ngx_http_brotli_static_module.so; 24 | # # cookie flag 25 | # load_module modules/ngx_http_cookie_flag_filter_module.so; 26 | # # Headers-More 27 | # load_module modules/ngx_http_headers_more_filter_module.so; 28 | # # encrypted session 29 | # load_module modules/ndk_http_module.so; 30 | # load_module modules/ngx_http_encrypted_session_module.so; 31 | # # headers-more 32 | # load_module modules/ngx_http_headers_more_filter_module.so; 33 | # # Image-Filter 34 | # load_module modules/ngx_http_image_filter_module.so; 35 | # # Lua (NDK + lua) 36 | # load_module modules/ndk_http_module.so; 37 | # load_module modules/ngx_http_lua_module.so; 38 | # # OpenTracing 39 | # load_module modules/ngx_http_opentracing_module.so; 40 | # # Phusion Passenger 41 | # load_module modules/ngx_http_passenger_module.so; 42 | # # Perl 43 | # load_module modules/ngx_http_perl_module.so; 44 | # # RTMP 45 | # load_module modules/ngx_rtmp_module.so; 46 | # # set-misc (NDK + set-misc) 47 | # load_module modules/ndk_http_module.so; 48 | # load_module modules/ngx_http_set_misc_module.so; 49 | # # HTTP Substitutions Filter 50 | # load_module modules/ngx_http_subs_filter_module.so; 51 | # # XSLT 52 | # load_module modules/ngx_http_xslt_module.so; 53 | 54 | error_log /var/log/nginx/error.log notice; 55 | 56 | pid /var/run/nginx.pid; 57 | 58 | events { 59 | worker_connections 1024; 60 | } 61 | 62 | http { 63 | include /etc/nginx/mime.types; 64 | default_type application/octet-stream; 65 | 66 | log_format main '$remote_addr - $remote_user [$time_local] "$request" ' 67 | '$status $body_bytes_sent "$http_referer" ' 68 | '"$http_user_agent" "$http_x_forwarded_for"'; 69 | 70 | # NGINX Plus Additional NGINX Metrics 71 | log_format main_ext '$remote_addr - $remote_user [$time_local] "$request" ' 72 | '$status $body_bytes_sent "$http_referer" "$http2" ' 73 | '"$http_user_agent" "$http_x_forwarded_for" ' 74 | '"$host" sn="$server_name" ' 75 | 'rt=$request_time ' 76 | 'ua="$upstream_addr" us="$upstream_status" ' 77 | 'ut="$upstream_response_time" ul="$upstream_response_length" ' 78 | 'cs=$upstream_cache_status' ; 79 | 80 | access_log /var/log/nginx/access.log main; # Default 81 | # access_log /var/log/nginx/access.log main_ext; # NGINX Plus Additional NGINX Metrics 82 | 83 | sendfile on; 84 | #tcp_nopush on; 85 | 86 | keepalive_timeout 65; 87 | 88 | gzip on; 89 | 90 | # Include Local sub files 91 | include /etc/nginx/conf.d/*.conf; 92 | 93 | } 94 | 95 | # TCP/UDP proxy and load balancing block 96 | 97 | stream { 98 | # Include Local sub files 99 | include /etc/nginx/stream.conf.d/*.conf; 100 | } 101 | 102 | # vim: syntax=nginx -------------------------------------------------------------------------------- /todo.md: -------------------------------------------------------------------------------- 1 | # TODO 2 | 3 | Build and run NGINX Plus Docker container with NGINX Controller Agent 4 | 5 | The Controller Agent can be deployed in a Docker environment to monitor and / or 6 | configure NGINX processes inside Docker containers. The agent can collect most 7 | of the metrics. 8 | 9 | The "agent-inside-the-container" is currently the only mode of operation. In 10 | other words, the agent should be running in the same container as the NGINX 11 | process being managed / monitored. 12 | 13 | 1. Copy and paste your `nginx-repo.crt` and `nginx-repo.key` into `etc/ssl/nginx` directory 14 | 15 | 2. Build an image from your Dockerfile: 16 | ```bash 17 | # Run command from the folder containing the `Dockerfile` 18 | $ docker build --build-arg CONTROLLER_URL=https://:8443/1.4 --build-arg API_KEY='abcdefxxxxxx' -t nginx-agent . 19 | ``` 20 | 3. Start the Nginx Plus container, e.g.: 21 | ```bash 22 | # Start a new container and publish container ports 80, 443 and 8080 to the host 23 | $ docker run -d -p 80:80 -p 443:443 -p 8080:8080 nginx-agent 24 | ``` 25 | 26 | **For more information, please refer to our [Controller Dockerfile repository](https://github.com/nginxinc/docker-nginx-controller).** 27 | 28 | 29 | ## Gitlab CICD builds 30 | 31 | We can use Gitlab CI Pipelines to automate our docker builds and store in the Gitlab 32 | private container registry: 33 | 34 | ### Requirements 35 | 36 | 1. A build server ([Gitlab Runner](https://docs.gitlab.com/ee/ci/runners/README.html)) with docker and [Crossplane](https://github.com/nginxinc/crossplane) installed 37 | 2. [Gitlab repository mirroring](https://docs.gitlab.com/ee/user/project/repository/repository_mirroring.html) to [this repo](https://github.com/armsultan/nginx-plus-dockerfiles) with the [Gitlab Container Registry](https://docs.gitlab.com/ee/user/packages/container_registry/) for your project enabled 38 | 3. [Gitlab CICD]((https://docs.gitlab.com/ee/ci/quick_start/)) continuous integration service 39 | 40 | ### Instructions 41 | 1. Place the following files in the directories of your build server 42 | * Retrieve your NGINX Plus Key and Certificate from the NGINX [customer portal](https://cs.nginx.com/) or from an activated evaluation, and copy the `nginx-repo.crt` and `nginx-repo.crt` files into `etc/ssl/nginx/` 43 | 2. Automate a [CICD pipeline using gitlab](https://docs.gitlab.com/ee/ci/pipelines.html). A example gitlab CI/CD pipeline file (`.gitlab-ci.yml`) is provided. 44 | 3. Modify the `Dockerfile` as necessary, e.g. To install addtional NGINX Plus [Dynamic modules](https://docs.nginx.com/nginx/admin-guide/dynamic-modules/dynamic-modules/). Place your own NGINX Plus configurations into `etc/nginx/`, including files in sub directories: i.e. `etc/nginx/conf.d` and `etc/nginx/stream.conf.d` 45 | --------------------------------------------------------------------------------