├── .editorconfig
├── docker-entrypoint.sh
├── config
    ├── logrotate
    ├── nginx.conf
    └── nginx.vh.default.conf
├── .github
    └── workflows
    │   └── push.yml
└── Dockerfile


/.editorconfig:
--------------------------------------------------------------------------------
1 | [Dockerfile]
2 | indent_style = space
3 | indent_size = 4
4 | trim_trailing_whitespace = true
5 | insert_final_newline = true
6 | 


--------------------------------------------------------------------------------
/docker-entrypoint.sh:
--------------------------------------------------------------------------------
 1 | #!/bin/sh
 2 | set -e
 3 | 
 4 | if [ ! -z "$ENABLE_CRONTAB" ]; then
 5 | 	crond -f &
 6 | fi
 7 | 
 8 | # first arg is `-f` or `--some-option`
 9 | if [ "${1#-}" != "$1" ]; then
10 | 	set -- nginx "$@"
11 | fi
12 | 
13 | exec "$@"
14 | 


--------------------------------------------------------------------------------
/config/logrotate:
--------------------------------------------------------------------------------
 1 | /var/log/nginx/*.log {
 2 |     daily
 3 |     dateext
 4 |     missingok
 5 |     rotate 33
 6 |     compress
 7 |     delaycompress
 8 |     notifempty
 9 |     sharedscripts
10 |     postrotate
11 |         if [ -f /var/run/nginx.pid ]; then
12 |             kill -USR1 `cat /var/run/nginx.pid`
13 |         fi
14 |     endscript
15 | }
16 | 


--------------------------------------------------------------------------------
/.github/workflows/push.yml:
--------------------------------------------------------------------------------
 1 | name: Docker Build
 2 | 
 3 | on: [push]
 4 | 
 5 | jobs:
 6 |   build:
 7 |     runs-on: ubuntu-latest
 8 |     steps:
 9 |     - uses: actions/checkout@v1
10 |     - uses: jerray/publish-docker-action@master
11 |       with:
12 |         username: metowolf
13 |         password: ${{ secrets.DOCKER_TOKEN }}
14 |         repository: metowolf/nginx
15 |         auto_tag: true
16 | 


--------------------------------------------------------------------------------
/config/nginx.conf:
--------------------------------------------------------------------------------
 1 | 
 2 | user  nginx;
 3 | worker_processes  auto;
 4 | 
 5 | error_log  /var/log/nginx/error.log warn;
 6 | pid        /var/run/nginx.pid;
 7 | 
 8 | 
 9 | events {
10 |     worker_connections  1024;
11 | }
12 | 
13 | 
14 | http {
15 |     include       /etc/nginx/mime.types;
16 |     default_type  application/octet-stream;
17 | 
18 |     log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
19 |                       '$status $body_bytes_sent "$http_referer" '
20 |                       '"$http_user_agent" "$http_x_forwarded_for"';
21 | 
22 |     access_log  /var/log/nginx/access.log  main;
23 | 
24 |     sendfile        on;
25 |     #tcp_nopush     on;
26 | 
27 |     keepalive_timeout  65;
28 | 
29 |     #gzip  on;
30 | 
31 |     include /etc/nginx/conf.d/*.conf;
32 | }
33 | 


--------------------------------------------------------------------------------
/config/nginx.vh.default.conf:
--------------------------------------------------------------------------------
 1 | server {
 2 |     listen       80;
 3 |     server_name  localhost;
 4 | 
 5 |     #charset koi8-r;
 6 |     #access_log  /var/log/nginx/host.access.log  main;
 7 | 
 8 |     location / {
 9 |         root   /usr/share/nginx/html;
10 |         index  index.html index.htm;
11 |     }
12 | 
13 |     #error_page  404              /404.html;
14 | 
15 |     # redirect server error pages to the static page /50x.html
16 |     #
17 |     error_page   500 502 503 504  /50x.html;
18 |     location = /50x.html {
19 |         root   /usr/share/nginx/html;
20 |     }
21 | 
22 |     # proxy the PHP scripts to Apache listening on 127.0.0.1:80
23 |     #
24 |     #location ~ \.php$ {
25 |     #    proxy_pass   http://127.0.0.1;
26 |     #}
27 | 
28 |     # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
29 |     #
30 |     #location ~ \.php$ {
31 |     #    root           html;
32 |     #    fastcgi_pass   127.0.0.1:9000;
33 |     #    fastcgi_index  index.php;
34 |     #    fastcgi_param  SCRIPT_FILENAME  /scripts$fastcgi_script_name;
35 |     #    include        fastcgi_params;
36 |     #}
37 | 
38 |     # deny access to .htaccess files, if Apache's document root
39 |     # concurs with nginx's one
40 |     #
41 |     #location ~ /\.ht {
42 |     #    deny  all;
43 |     #}
44 | }
45 | 


--------------------------------------------------------------------------------
/Dockerfile:
--------------------------------------------------------------------------------
  1 | FROM rust:1.43-alpine as builder
  2 | 
  3 | LABEL maintainer="metowolf <i@i-meto.com>"
  4 | 
  5 | ARG NGINX_VERSION=1.19.0
  6 | # ARG OPENSSL_VERSION=1.1.1d
  7 | 
  8 | RUN set -ex \
  9 |     && apk upgrade \
 10 |     && apk add --no-cache \
 11 |         build-base \
 12 |         openssl-dev \
 13 |         pcre-dev \
 14 |         zlib-dev \
 15 |         linux-headers \
 16 |         curl \
 17 |         gnupg \
 18 |         libxslt-dev \
 19 |         gd-dev \
 20 |         geoip-dev \
 21 |         git \
 22 |         gettext \
 23 |         patch \
 24 |         cmake \
 25 |         go \
 26 |     && curl -fSL https://nginx.org/download/nginx-$NGINX_VERSION.tar.gz -o nginx.tar.gz \
 27 |     && curl -fSL https://nginx.org/download/nginx-$NGINX_VERSION.tar.gz.asc -o nginx.tar.gz.asc \
 28 |     && export GNUPGHOME="$(mktemp -d)"; \
 29 |         for key in \
 30 |             B0F4253373F8F6F510D42178520A9993A1C052F8 \
 31 |         ; do \
 32 |             gpg --batch --keyserver hkp://keyserver.ubuntu.com:80 --keyserver-options timeout=10 --recv-keys "$key" || \
 33 |             gpg --batch --keyserver hkp://ipv4.pool.sks-keyservers.net --keyserver-options timeout=10 --recv-keys "$key" || \
 34 |             gpg --batch --keyserver hkp://pgp.mit.edu:80 --keyserver-options timeout=10 --recv-keys "$key" ; \
 35 |         done \
 36 |     && gpg --batch --verify nginx.tar.gz.asc nginx.tar.gz \
 37 |     && mkdir -p /usr/src \
 38 |     && tar -zxC /usr/src -f nginx.tar.gz \
 39 |     && rm nginx.tar.gz
 40 | 
 41 | RUN set -ex \
 42 |     && cd /usr/src/nginx-$NGINX_VERSION \
 43 |     \
 44 |     # Brotli
 45 |     && git clone https://github.com/eustas/ngx_brotli.git --depth=1 \
 46 |     && (cd ngx_brotli; git submodule update --init) \
 47 |     \
 48 |     # cf-zlib
 49 |     && git clone https://github.com/cloudflare/zlib.git --depth 1 \
 50 |     && (cd zlib; make -f Makefile.in distclean) \
 51 |     \
 52 |     # Quiche
 53 |     && git clone https://github.com/cloudflare/quiche --depth=1 \
 54 |     && (cd quiche; git submodule update --init) \
 55 |     && patch -p01 --ignore-whitespace < ./quiche/extras/nginx/nginx-1.16.patch \
 56 |     \
 57 |     # OpenSSL
 58 |     # && curl -fSL https://www.openssl.org/source/openssl-${OPENSSL_VERSION}.tar.gz -o openssl-${OPENSSL_VERSION}.tar.gz \
 59 |     # && tar -xzf openssl-${OPENSSL_VERSION}.tar.gz \
 60 |     \
 61 |     # Sticky
 62 |     && mkdir nginx-sticky-module-ng \
 63 |     && curl -fSL https://bitbucket.org/nginx-goodies/nginx-sticky-module-ng/get/master.tar.gz -o nginx-sticky-module-ng.tar.gz \
 64 |     && tar -zxC nginx-sticky-module-ng -f nginx-sticky-module-ng.tar.gz --strip 1 \
 65 |     \
 66 |     # headers-more-nginx
 67 |     && git clone https://github.com/openresty/headers-more-nginx-module.git --depth 1
 68 | 
 69 | RUN cd /usr/src/nginx-$NGINX_VERSION \
 70 |     && ./configure \
 71 |         --prefix=/etc/nginx \
 72 |         --sbin-path=/usr/sbin/nginx \
 73 |         --modules-path=/usr/lib/nginx/modules \
 74 |         --conf-path=/etc/nginx/nginx.conf \
 75 |         --error-log-path=/var/log/nginx/error.log \
 76 |         --http-log-path=/var/log/nginx/access.log \
 77 |         --pid-path=/var/run/nginx.pid \
 78 |         --lock-path=/var/run/nginx.lock \
 79 |         --http-client-body-temp-path=/var/cache/nginx/client_temp \
 80 |         --http-proxy-temp-path=/var/cache/nginx/proxy_temp \
 81 |         --http-fastcgi-temp-path=/var/cache/nginx/fastcgi_temp \
 82 |         --http-uwsgi-temp-path=/var/cache/nginx/uwsgi_temp \
 83 |         --http-scgi-temp-path=/var/cache/nginx/scgi_temp \
 84 |         --user=nginx \
 85 |         --group=nginx \
 86 |         --with-http_ssl_module \
 87 |         --with-http_realip_module \
 88 |         --with-http_addition_module \
 89 |         --with-http_sub_module \
 90 |         --with-http_dav_module \
 91 |         --with-http_flv_module \
 92 |         --with-http_mp4_module \
 93 |         --with-http_gunzip_module \
 94 |         --with-http_gzip_static_module \
 95 |         --with-http_random_index_module \
 96 |         --with-http_secure_link_module \
 97 |         --with-http_stub_status_module \
 98 |         --with-http_auth_request_module \
 99 |         --with-http_xslt_module \
100 |         --with-http_image_filter_module \
101 |         --with-http_geoip_module \
102 |         --with-threads \
103 |         --with-stream \
104 |         --with-stream_ssl_module \
105 |         --with-stream_ssl_preread_module \
106 |         --with-stream_realip_module \
107 |         --with-stream_geoip_module \
108 |         --with-http_slice_module \
109 |         --with-mail \
110 |         --with-mail_ssl_module \
111 |         --with-compat \
112 |         --with-file-aio \
113 |         --with-http_v2_module \
114 |         --with-http_v3_module \
115 |         --with-zlib=/usr/src/nginx-${NGINX_VERSION}/zlib \
116 |         --add-module=/usr/src/nginx-${NGINX_VERSION}/ngx_brotli \
117 |         --add-module=/usr/src/nginx-${NGINX_VERSION}/nginx-sticky-module-ng \
118 |         --add-module=/usr/src/nginx-${NGINX_VERSION}/headers-more-nginx-module \
119 |         --with-openssl=/usr/src/nginx-${NGINX_VERSION}/quiche/deps/boringssl \
120 |         --with-quiche=/usr/src/nginx-${NGINX_VERSION}/quiche \
121 |     && make -j$(getconf _NPROCESSORS_ONLN) \
122 |     && make install \
123 |     && rm -rf /etc/nginx/html/ \
124 |     && mkdir /etc/nginx/conf.d/ \
125 |     && mkdir -p /usr/share/nginx/html/ \
126 |     && install -m644 html/index.html /usr/share/nginx/html/ \
127 |     && install -m644 html/50x.html /usr/share/nginx/html/ \
128 |     && ln -s ../../usr/lib/nginx/modules /etc/nginx/modules \
129 |     && strip /usr/sbin/nginx* \
130 |     && nginx -V
131 | 
132 | COPY config/nginx.conf /etc/nginx/nginx.conf
133 | COPY config/nginx.vh.default.conf /etc/nginx/conf.d/default.conf
134 | COPY config/logrotate /etc/nginx/logrotate
135 | 
136 | 
137 | FROM alpine:3.12
138 | 
139 | LABEL maintainer="metowolf <i@i-meto.com>"
140 | 
141 | COPY --from=builder /etc/nginx /etc/nginx
142 | COPY --from=builder /usr/sbin/nginx /usr/sbin/nginx
143 | COPY --from=builder /usr/bin/envsubst /usr/local/bin/envsubst
144 | COPY --from=builder /usr/share/nginx /usr/share/nginx
145 | 
146 | RUN set -ex \
147 |     && runDeps="$( \
148 |     scanelf --needed --nobanner --format '%n#p' --recursive /usr/ \
149 |         | tr ',' '\n' \
150 |         | sort -u \
151 |         | awk 'system("[ -e /usr/lib/" $1 " ]") == 0 { next } { print "so:" $1 }' \
152 |     )" \
153 |     && apk --no-cache add $runDeps \
154 |         tzdata \
155 |         logrotate \
156 |     && sed -i -e 's:/var/log/messages {}:# /var/log/messages {}:' /etc/logrotate.conf \
157 |     && echo '1 0 * * * /usr/sbin/logrotate /etc/logrotate.conf -f' > /var/spool/cron/crontabs/root \
158 |     && addgroup -S nginx \
159 |     && adduser -D -S -h /var/cache/nginx -s /sbin/nologin -G nginx nginx \
160 |     && mkdir -p /var/log/nginx \
161 |     && ln -sf /dev/stdout /var/log/nginx/access.log \
162 |     && ln -sf /dev/stderr /var/log/nginx/error.log \
163 |     && mv /etc/nginx/logrotate /etc/logrotate.d/nginx \
164 |     && chmod 755 /etc/logrotate.d/nginx
165 | 
166 | COPY docker-entrypoint.sh /usr/local/bin/
167 | ENTRYPOINT ["docker-entrypoint.sh"]
168 | 
169 | EXPOSE 80 443
170 | STOPSIGNAL SIGTERM
171 | 
172 | CMD ["nginx", "-g", "daemon off;"]
173 | 


--------------------------------------------------------------------------------