diff --git a/scripts/dockerfiles/nginx/Dockerfile b/scripts/dockerfiles/nginx/Dockerfile index 53da15731..caf6b283b 100644 --- a/scripts/dockerfiles/nginx/Dockerfile +++ b/scripts/dockerfiles/nginx/Dockerfile @@ -1,23 +1,183 @@ -# Ability to add sticky sessions using any parameters -FROM openresty/openresty:buster as builder -workdir /work -ADD https://github.com/openresty/lua-resty-balancer/archive/refs/heads/master.tar.gz . -RUN apt update && \ - apt install gcc make -y && \ - tar -xf master.tar.gz && \ - cd lua-resty-balancer-master && \ - make +# Dockerfile - alpine +# https://github.com/openresty/docker-openresty + +ARG RESTY_IMAGE_BASE="alpine" +ARG RESTY_IMAGE_TAG="3.16" + +FROM ${RESTY_IMAGE_BASE}:${RESTY_IMAGE_TAG} + +LABEL maintainer="Evan Wies " + +# Docker Build Arguments +ARG RESTY_IMAGE_BASE="alpine" +ARG RESTY_IMAGE_TAG="3.16" +ARG RESTY_VERSION="1.21.4.1" +ARG RESTY_OPENSSL_VERSION="1.1.1p" +ARG RESTY_OPENSSL_PATCH_VERSION="1.1.1f" +ARG RESTY_OPENSSL_URL_BASE="https://www.openssl.org/source" +ARG RESTY_PCRE_VERSION="8.45" +ARG RESTY_PCRE_BUILD_OPTIONS="--enable-jit" +ARG RESTY_PCRE_SHA256="4e6ce03e0336e8b4a3d6c2b70b1c5e18590a5673a98186da90d4f33c23defc09" +ARG RESTY_J="1" +ARG RESTY_CONFIG_OPTIONS="\ + --with-compat \ + --with-file-aio \ + --with-http_addition_module \ + --with-http_auth_request_module \ + --with-http_dav_module \ + --with-http_flv_module \ + --with-http_geoip_module=dynamic \ + --with-http_gunzip_module \ + --with-http_gzip_static_module \ + --with-http_image_filter_module=dynamic \ + --with-http_mp4_module \ + --with-http_random_index_module \ + --with-http_realip_module \ + --with-http_secure_link_module \ + --with-http_slice_module \ + --with-http_ssl_module \ + --with-http_stub_status_module \ + --with-http_sub_module \ + --with-http_v2_module \ + --with-http_xslt_module=dynamic \ + --with-ipv6 \ + --with-mail \ + --with-mail_ssl_module \ + --with-md5-asm \ + --with-sha1-asm \ + --with-stream \ + --with-stream_ssl_module \ + --with-threads \ + " +ARG RESTY_CONFIG_OPTIONS_MORE="" +ARG RESTY_LUAJIT_OPTIONS="--with-luajit-xcflags='-DLUAJIT_NUMMODE=2 -DLUAJIT_ENABLE_LUA52COMPAT'" +ARG RESTY_PCRE_OPTIONS="--with-pcre-jit" + +ARG RESTY_ADD_PACKAGE_BUILDDEPS="" +ARG RESTY_ADD_PACKAGE_RUNDEPS="" +ARG RESTY_EVAL_PRE_CONFIGURE="" +ARG RESTY_EVAL_POST_MAKE="" + +# These are not intended to be user-specified +ARG _RESTY_CONFIG_DEPS="--with-pcre \ + --with-cc-opt='-DNGX_LUA_ABORT_AT_PANIC -I/usr/local/openresty/pcre/include -I/usr/local/openresty/openssl/include' \ + --with-ld-opt='-L/usr/local/openresty/pcre/lib -L/usr/local/openresty/openssl/lib -Wl,-rpath,/usr/local/openresty/pcre/lib:/usr/local/openresty/openssl/lib' \ + " + +LABEL resty_image_base="${RESTY_IMAGE_BASE}" +LABEL resty_image_tag="${RESTY_IMAGE_TAG}" +LABEL resty_version="${RESTY_VERSION}" +LABEL resty_openssl_version="${RESTY_OPENSSL_VERSION}" +LABEL resty_openssl_patch_version="${RESTY_OPENSSL_PATCH_VERSION}" +LABEL resty_openssl_url_base="${RESTY_OPENSSL_URL_BASE}" +LABEL resty_pcre_version="${RESTY_PCRE_VERSION}" +LABEL resty_pcre_build_options="${RESTY_PCRE_BUILD_OPTIONS}" +LABEL resty_pcre_sha256="${RESTY_PCRE_SHA256}" +LABEL resty_config_options="${RESTY_CONFIG_OPTIONS}" +LABEL resty_config_options_more="${RESTY_CONFIG_OPTIONS_MORE}" +LABEL resty_config_deps="${_RESTY_CONFIG_DEPS}" +LABEL resty_add_package_builddeps="${RESTY_ADD_PACKAGE_BUILDDEPS}" +LABEL resty_add_package_rundeps="${RESTY_ADD_PACKAGE_RUNDEPS}" +LABEL resty_eval_pre_configure="${RESTY_EVAL_PRE_CONFIGURE}" +LABEL resty_eval_post_make="${RESTY_EVAL_POST_MAKE}" +LABEL resty_luajit_options="${RESTY_LUAJIT_OPTIONS}" +LABEL resty_pcre_options="${RESTY_PCRE_OPTIONS}" + +RUN apk add --no-cache --virtual .build-deps \ + build-base \ + coreutils \ + curl \ + gd-dev \ + geoip-dev \ + libxslt-dev \ + linux-headers \ + make \ + perl-dev \ + readline-dev \ + zlib-dev \ + ${RESTY_ADD_PACKAGE_BUILDDEPS} \ + && apk add --no-cache \ + gd \ + geoip \ + libgcc \ + libxslt \ + zlib \ + ${RESTY_ADD_PACKAGE_RUNDEPS} \ + && cd /tmp \ + && if [ -n "${RESTY_EVAL_PRE_CONFIGURE}" ]; then eval $(echo ${RESTY_EVAL_PRE_CONFIGURE}); fi \ + && cd /tmp \ + && curl -fSL "${RESTY_OPENSSL_URL_BASE}/openssl-${RESTY_OPENSSL_VERSION}.tar.gz" -o openssl-${RESTY_OPENSSL_VERSION}.tar.gz \ + && tar xzf openssl-${RESTY_OPENSSL_VERSION}.tar.gz \ + && cd openssl-${RESTY_OPENSSL_VERSION} \ + && if [ $(echo ${RESTY_OPENSSL_VERSION} | cut -c 1-5) = "1.1.1" ] ; then \ + echo 'patching OpenSSL 1.1.1 for OpenResty' \ + && curl -s https://raw.githubusercontent.com/openresty/openresty/master/patches/openssl-${RESTY_OPENSSL_PATCH_VERSION}-sess_set_get_cb_yield.patch | patch -p1 ; \ + fi \ + && if [ $(echo ${RESTY_OPENSSL_VERSION} | cut -c 1-5) = "1.1.0" ] ; then \ + echo 'patching OpenSSL 1.1.0 for OpenResty' \ + && curl -s https://raw.githubusercontent.com/openresty/openresty/ed328977028c3ec3033bc25873ee360056e247cd/patches/openssl-1.1.0j-parallel_build_fix.patch | patch -p1 \ + && curl -s https://raw.githubusercontent.com/openresty/openresty/master/patches/openssl-${RESTY_OPENSSL_PATCH_VERSION}-sess_set_get_cb_yield.patch | patch -p1 ; \ + fi \ + && ./config \ + no-threads shared zlib -g \ + enable-ssl3 enable-ssl3-method \ + --prefix=/usr/local/openresty/openssl \ + --libdir=lib \ + -Wl,-rpath,/usr/local/openresty/openssl/lib \ + && make -j${RESTY_J} \ + && make -j${RESTY_J} install_sw \ + && cd /tmp \ + && curl -fSL https://downloads.sourceforge.net/project/pcre/pcre/${RESTY_PCRE_VERSION}/pcre-${RESTY_PCRE_VERSION}.tar.gz -o pcre-${RESTY_PCRE_VERSION}.tar.gz \ + && echo "${RESTY_PCRE_SHA256} pcre-${RESTY_PCRE_VERSION}.tar.gz" | shasum -a 256 --check \ + && tar xzf pcre-${RESTY_PCRE_VERSION}.tar.gz \ + && cd /tmp/pcre-${RESTY_PCRE_VERSION} \ + && ./configure \ + --prefix=/usr/local/openresty/pcre \ + --disable-cpp \ + --enable-utf \ + --enable-unicode-properties \ + ${RESTY_PCRE_BUILD_OPTIONS} \ + && make -j${RESTY_J} \ + && make -j${RESTY_J} install \ + && cd /tmp \ + && curl -fSL https://openresty.org/download/openresty-${RESTY_VERSION}.tar.gz -o openresty-${RESTY_VERSION}.tar.gz \ + && tar xzf openresty-${RESTY_VERSION}.tar.gz \ + && cd /tmp/openresty-${RESTY_VERSION} \ + && eval ./configure -j${RESTY_J} ${_RESTY_CONFIG_DEPS} ${RESTY_CONFIG_OPTIONS} ${RESTY_CONFIG_OPTIONS_MORE} ${RESTY_LUAJIT_OPTIONS} ${RESTY_PCRE_OPTIONS} \ + && make -j${RESTY_J} \ + && make -j${RESTY_J} install \ + && cd /tmp \ + && if [ -n "${RESTY_EVAL_POST_MAKE}" ]; then eval $(echo ${RESTY_EVAL_POST_MAKE}); fi \ + && rm -rf \ + openssl-${RESTY_OPENSSL_VERSION}.tar.gz openssl-${RESTY_OPENSSL_VERSION} \ + pcre-${RESTY_PCRE_VERSION}.tar.gz pcre-${RESTY_PCRE_VERSION} \ + openresty-${RESTY_VERSION}.tar.gz openresty-${RESTY_VERSION} \ + && apk del .build-deps \ + && mkdir -p /var/run/openresty \ + && ln -sf /dev/stdout /usr/local/openresty/nginx/logs/access.log \ + && ln -sf /dev/stderr /usr/local/openresty/nginx/logs/error.log + +# Add additional binaries into PATH for convenience +ENV PATH=$PATH:/usr/local/openresty/luajit/bin:/usr/local/openresty/nginx/sbin:/usr/local/openresty/bin + +# Copy nginx configuration files +COPY nginx.conf /usr/local/openresty/nginx/conf/nginx.conf +COPY nginx.vh.default.conf /etc/nginx/conf.d/default.conf + +CMD ["/usr/local/openresty/bin/openresty", "-g", "daemon off;"] + +# Use SIGQUIT instead of default SIGTERM to cleanly drain requests +# See https://github.com/openresty/docker-openresty/blob/master/README.md#tips--pitfalls +STOPSIGNAL SIGQUIT -FROM openresty/openresty:buster +# Openreplay Custom configs +RUN apk upgrade busybox --no-cache --repository=http://dl-cdn.alpinelinux.org/alpine/edge/main # Adding prometheus monitoring support ADD https://raw.githubusercontent.com/knyar/nginx-lua-prometheus/master/prometheus.lua /usr/local/openresty/lualib/ ADD https://raw.githubusercontent.com/knyar/nginx-lua-prometheus/master/prometheus_keys.lua /usr/local/openresty/lualib/ ADD https://raw.githubusercontent.com/knyar/nginx-lua-prometheus/master/prometheus_resty_counter.lua /usr/local/openresty/lualib/ -COPY --from=builder /work/lua-resty-balancer-master/*.so /usr/local/openresty/lualib/lua-resty-chash/ -COPY --from=builder /work/lua-resty-balancer-master/lib /usr/local/openresty/lualib/lua-resty-chash/lib/ - RUN chmod 0644 /usr/local/openresty/lualib/*.lua # Enabling monitoring on port 9145 diff --git a/scripts/dockerfiles/nginx/nginx.vh.default.conf b/scripts/dockerfiles/nginx/nginx.vh.default.conf new file mode 100644 index 000000000..3ad957225 --- /dev/null +++ b/scripts/dockerfiles/nginx/nginx.vh.default.conf @@ -0,0 +1,58 @@ +# nginx.vh.default.conf -- docker-openresty +# +# This file is installed to: +# `/etc/nginx/conf.d/default.conf` +# +# It tracks the `server` section of the upstream OpenResty's `nginx.conf`. +# +# This config (and any other configs in `etc/nginx/conf.d/`) is loaded by +# default by the `include` directive in `/usr/local/openresty/nginx/conf/nginx.conf`. +# +# See https://github.com/openresty/docker-openresty/blob/master/README.md#nginx-config-files +# + + +server { + listen 80; + server_name localhost; + + #charset koi8-r; + #access_log /var/log/nginx/host.access.log main; + + location / { + root /usr/local/openresty/nginx/html; + index index.html index.htm; + } + + #error_page 404 /404.html; + + # redirect server error pages to the static page /50x.html + # + error_page 500 502 503 504 /50x.html; + location = /50x.html { + root /usr/local/openresty/nginx/html; + } + + # proxy the PHP scripts to Apache listening on 127.0.0.1:80 + # + #location ~ \.php$ { + # proxy_pass http://127.0.0.1; + #} + + # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000 + # + #location ~ \.php$ { + # root /usr/local/openresty/nginx/html; + # fastcgi_pass 127.0.0.1:9000; + # fastcgi_index index.php; + # fastcgi_param SCRIPT_FILENAME /scripts$fastcgi_script_name; + # include fastcgi_params; + #} + + # deny access to .htaccess files, if Apache's document root + # concurs with nginx's one + # + #location ~ /\.ht { + # deny all; + #} +}