forked from nginxinc/docker-nginx-controller
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Dockerfile
69 lines (57 loc) · 2.32 KB
/
Dockerfile
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
FROM centos:7
LABEL maintainer="NGINX Controller Engineering"
# e.g '1234567890'
ARG API_KEY
ENV ENV_CONTROLLER_API_KEY=$API_KEY
# e.g https://<fqdn>:8443/1.4
ARG CONTROLLER_URL
ENV ENV_CONTROLLER_URL=$CONTROLLER_URL
# e.g True or False
ARG STORE_UUID=False
ENV ENV_CONTROLLER_STORE_UUID=$STORE_UUID
# e.g Instance location already defined in Controller
ARG LOCATION
ENV ENV_CONTROLLER_LOCATION=$LOCATION
# Download certificate (nginx-repo.crt) and key (nginx-repo.key) from the customer portal (https://cs.nginx.com)
# and copy to the build context
COPY nginx-repo.* /etc/ssl/nginx/
COPY nginx.conf /etc/nginx/
COPY custom_log_format.json /etc/nginx/
# Install NGINX Plus
RUN set -ex \
&& yum -y update && yum -y upgrade \
&& yum -y install curl sudo vim procps ca-certificates gnupg wget binutils net-tools \
&& \
NGINX_GPGKEY=573BFD6B3D8FBC641079A6ABABF5BD827BD9BF62; \
found=''; \
for server in \
ha.pool.sks-keyservers.net \
hkp://keyserver.ubuntu.com:80 \
hkp://p80.pool.sks-keyservers.net:80 \
pgp.mit.edu \
; do \
echo "Fetching GPG key $NGINX_GPGKEY from $server"; \
gpg --keyserver "$server" --recv-keys "0x$NGINX_GPGKEY" && found=yes && break; \
done; \
test -z "$found" && echo >&2 "error: failed to fetch GPG key $NGINX_GPGKEY" && exit 1; \
wget -P /etc/yum.repos.d https://cs.nginx.com/static/files/dependencies.repo &&\
wget -P /etc/yum.repos.d https://cs.nginx.com/static/files/nginx-plus-7.4.repo \
# NGINX Javascript module needed for APIM
&& yum update && yum -y install nginx-plus nginx-plus-module-njs app-protect \
# Install Controller Agent
&& curl -k -sS -L ${CONTROLLER_URL}/install/controller/ > install.sh \
&& sed -i 's/^assume_yes=""/assume_yes="-y"/' install.sh \
# TODO: remove once launching agent using `service` has been handled in the install script
&& sed -i '/^# Unconditionally stop the agent service/,$d' install.sh \
&& sh ./install.sh -y \
# cleanup sensitive nginx-plus data
&& rm /etc/ssl/nginx/nginx-repo.* \
&& rm /etc/yum.repos.d/nginx-plus-7.4.repo \
&& gpg --batch --delete-keys "$NGINX_GPGKEY"
# Forward request logs to Docker log collector
RUN ln -sf /dev/stdout /var/log/nginx-controller/agent.log \
&& ln -sf /dev/stderr /var/log/nginx/error.log
COPY ./entrypoint.sh /
EXPOSE 80
STOPSIGNAL SIGTERM
ENTRYPOINT ["sh", "/entrypoint.sh"]