forked from fholzer/docker-nginx-brotli
-
Notifications
You must be signed in to change notification settings - Fork 54
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Merge branch 'master' into ssl-dhparam-fix
- Loading branch information
Showing
6 changed files
with
62 additions
and
15 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,9 +1,15 @@ | ||
FROM alpine:3.12 | ||
|
||
ARG NGINX_VERSION=1.19.2 | ||
ARG NGINX_VERSION=1.19.3 | ||
|
||
# https://github.com/google/ngx_brotli | ||
ARG NGX_BROTLI_COMMIT=25f86f0bac1101b6512135eac5f93c49c63609e3 | ||
|
||
# https://github.com/vision5/ngx_devel_kit/releases | ||
# https://hub.docker.com/r/firesh/nginx-lua/dockerfile | ||
ARG NGX_DEVEL_KIT_VERSION=0.3.1 | ||
|
||
# https://github.com/openresty/luajit2/releases | ||
ARG LUA_NGINX_MODULE_VERSION=0.10.14 | ||
|
||
ARG CONFIG="\ | ||
--prefix=/etc/nginx \ | ||
--sbin-path=/usr/sbin/nginx \ | ||
|
@@ -49,6 +55,9 @@ ARG CONFIG="\ | |
--with-file-aio \ | ||
--with-http_v2_module \ | ||
--add-module=/usr/src/ngx_brotli \ | ||
--with-ld-opt="-Wl,-rpath,/usr/lib" \ | ||
--add-module=/tmp/ngx_devel_kit-${NGX_DEVEL_KIT_VERSION} \ | ||
--add-module=/tmp/lua-nginx-module-${LUA_NGINX_MODULE_VERSION} \ | ||
" | ||
|
||
FROM alpine:3.12 | ||
|
@@ -57,6 +66,8 @@ LABEL maintainer="NGINX Docker Maintainers <[email protected]>" | |
ARG NGINX_VERSION | ||
ARG NGX_BROTLI_COMMIT | ||
ARG CONFIG | ||
ARG NGX_DEVEL_KIT_VERSION | ||
ARG LUA_NGINX_MODULE_VERSION | ||
|
||
RUN \ | ||
apk add --no-cache --virtual .build-deps \ | ||
|
@@ -72,6 +83,8 @@ RUN \ | |
libxslt-dev \ | ||
gd-dev \ | ||
geoip-dev \ | ||
luajit \ | ||
luajit-dev \ | ||
&& apk add --no-cache --virtual .brotli-build-deps \ | ||
autoconf \ | ||
libtool \ | ||
|
@@ -83,8 +96,14 @@ RUN \ | |
COPY nginx.pub /tmp/nginx.pub | ||
|
||
RUN \ | ||
echo "Compiling nginx $NGINX_VERSION with brotli $NGX_BROTLI_COMMIT" \ | ||
&& mkdir -p /usr/src/ngx_brotli \ | ||
echo "Fetcing lua-nginx-module $LUA_NGINX_MODULE_VERSION and nginx devel kit $NGX_DEVEL_KIT_VERSION ..." \ | ||
&& curl -fSL https://github.com/simpl/ngx_devel_kit/archive/v${NGX_DEVEL_KIT_VERSION}.tar.gz -o /tmp/ndk.tar.gz \ | ||
&& tar -xvf /tmp/ndk.tar.gz -C /tmp \ | ||
&& curl -fSL https://github.com/openresty/lua-nginx-module/archive/v${LUA_NGINX_MODULE_VERSION}.tar.gz -o /tmp/lua-nginx.tar.gz \ | ||
&& tar -xvf /tmp/lua-nginx.tar.gz -C /tmp | ||
|
||
RUN \ | ||
mkdir -p /usr/src/ngx_brotli \ | ||
&& cd /usr/src/ngx_brotli \ | ||
&& git init \ | ||
&& git remote add origin https://github.com/google/ngx_brotli.git \ | ||
|
@@ -102,7 +121,10 @@ RUN \ | |
&& tar -zxC /usr/src -f nginx.tar.gz | ||
|
||
RUN \ | ||
cd /usr/src/nginx-$NGINX_VERSION \ | ||
export LUAJIT_LIB=/usr/lib \ | ||
&& export LUAJIT_INC=/usr/include/luajit-2.1 \ | ||
&& echo "Compiling nginx $NGINX_VERSION with brotli $NGX_BROTLI_COMMIT and lua nginx module v$LUA_NGINX_MODULE_VERSION ..." \ | ||
&& cd /usr/src/nginx-$NGINX_VERSION \ | ||
&& ./configure $CONFIG --with-debug \ | ||
&& make -j$(getconf _NPROCESSORS_ONLN) \ | ||
&& mv objs/nginx objs/nginx-debug \ | ||
|
@@ -147,6 +169,8 @@ RUN \ | |
|
||
FROM alpine:3.12 | ||
ARG NGINX_VERSION | ||
ARG NGX_BROTLI_COMMIT | ||
ARG LUA_NGINX_MODULE_VERSION | ||
|
||
COPY --from=0 /tmp/runDeps.txt /tmp/runDeps.txt | ||
COPY --from=0 /etc/nginx /etc/nginx | ||
|
@@ -171,6 +195,10 @@ RUN \ | |
COPY nginx.conf /etc/nginx/nginx.conf | ||
COPY ssl_common.conf /etc/nginx/conf.d/ssl_common.conf | ||
|
||
ENV NGINX_VERSION $NGINX_VERSION | ||
ENV NGX_BROTLI_COMMIT $NGX_BROTLI_COMMIT | ||
ENV LUA_NGINX_MODULE_VERSION $LUA_NGINX_MODULE_VERSION | ||
|
||
EXPOSE 80 443 | ||
|
||
STOPSIGNAL SIGTERM | ||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,30 +1,35 @@ | ||
# What is this? | ||
## What is this? | ||
This project is based on Alpine Linux, the official nginx image and an nginx module that provides static and dynamic brotli compression. [Brotli](https://github.com/google/brotli) and the [nginx brotli module ](https://github.com/google/ngx_brotli) are built by Google. | ||
|
||
# How to use this image | ||
## How to use this image | ||
As this project is based on the official [nginx image](https://hub.docker.com/_/nginx/) look for instructions there. In addition to the standard configuration directives, you'll be able to use the brotli module specific ones, see [here for official documentation](https://github.com/google/ngx_brotli#configuration-directives) | ||
|
||
``` | ||
docker pull macbre/nginx-brotli:1.19.2 | ||
docker pull macbre/nginx-brotli:1.19.3 | ||
``` | ||
|
||
# What's inside | ||
## What's inside | ||
|
||
``` | ||
$ docker run -it macbre/nginx-brotli nginx -V | ||
nginx version: nginx/1.19.2 | ||
nginx version: nginx/1.19.3 | ||
built by gcc 9.3.0 (Alpine 9.3.0) | ||
built with OpenSSL 1.1.1g 21 Apr 2020 | ||
TLS SNI support enabled | ||
configure arguments: --prefix=/etc/nginx --sbin-path=/usr/sbin/nginx --modules-path=/usr/lib/nginx/modules --conf-path=/etc/nginx/nginx.conf --error-log-path=/var/log/nginx/error.log --http-log-path=/var/log/nginx/access.log --pid-path=/var/run/nginx.pid --lock-path=/var/run/nginx.lock --http-client-body-temp-path=/var/cache/nginx/client_temp --http-proxy-temp-path=/var/cache/nginx/proxy_temp --http-fastcgi-temp-path=/var/cache/nginx/fastcgi_temp --http-uwsgi-temp-path=/var/cache/nginx/uwsgi_temp --http-scgi-temp-path=/var/cache/nginx/scgi_temp --user=nginx --group=nginx --with-http_ssl_module --with-http_realip_module --with-http_addition_module --with-http_sub_module --with-http_dav_module --with-http_flv_module --with-http_mp4_module --with-http_gunzip_module --with-http_gzip_static_module --with-http_random_index_module --with-http_secure_link_module --with-http_stub_status_module --with-http_auth_request_module --with-http_xslt_module=dynamic --with-http_image_filter_module=dynamic --with-http_geoip_module=dynamic --with-http_perl_module=dynamic --with-threads --with-stream --with-stream_ssl_module --with-stream_ssl_preread_module --with-stream_realip_module --with-stream_geoip_module=dynamic --with-http_slice_module --with-mail --with-mail_ssl_module --with-compat --with-file-aio --with-http_v2_module --add-module=/usr/src/ngx_brotli | ||
configure arguments: --prefix=/etc/nginx --sbin-path=/usr/sbin/nginx --modules-path=/usr/lib/nginx/modules --conf-path=/etc/nginx/nginx.conf --error-log-path=/var/log/nginx/error.log --http-log-path=/var/log/nginx/access.log --pid-path=/var/run/nginx.pid --lock-path=/var/run/nginx.lock --http-client-body-temp-path=/var/cache/nginx/client_temp --http-proxy-temp-path=/var/cache/nginx/proxy_temp --http-fastcgi-temp-path=/var/cache/nginx/fastcgi_temp --http-uwsgi-temp-path=/var/cache/nginx/uwsgi_temp --http-scgi-temp-path=/var/cache/nginx/scgi_temp --user=nginx --group=nginx --with-http_ssl_module --with-http_realip_module --with-http_addition_module --with-http_sub_module --with-http_dav_module --with-http_flv_module --with-http_mp4_module --with-http_gunzip_module --with-http_gzip_static_module --with-http_random_index_module --with-http_secure_link_module --with-http_stub_status_module --with-http_auth_request_module --with-http_xslt_module=dynamic --with-http_image_filter_module=dynamic --with-http_geoip_module=dynamic --with-threads --with-stream --with-stream_ssl_module --with-stream_ssl_preread_module --with-stream_realip_module --with-stream_geoip_module=dynamic --with-http_slice_module --with-mail --with-mail_ssl_module --with-compat --with-file-aio --with-http_v2_module --add-module=/usr/src/ngx_brotli --with-ld-opt=-Wl,-rpath,/usr/lib --add-module=/tmp/ngx_devel_kit-0.3.1 --add-module=/tmp/lua-nginx-module-0.10.14 | ||
``` | ||
|
||
> [nginx release notes](https://nginx.org/en/CHANGES) | ||
# SSL Grade A+ handling | ||
## SSL Grade A+ handling | ||
|
||
Please refer to [Mozilla's SSL Configuration Generator](https://ssl-config.mozilla.org/). This image has `https://ssl-config.mozilla.org/ffdhe2048.txt` DH parameters for DHE ciphers fetched and stored in `/etc/ssl/dhparam.pem`: | ||
|
||
``` | ||
ssl_dhparam /etc/ssl/dhparam.pem; | ||
``` | ||
|
||
## nginx config files includes | ||
|
||
* `.conf` files mounted in `/etc/nginx/main.d` will be included in the `main` nginx context (e.g. you can call [`env` directive](http://nginx.org/en/docs/ngx_core_module.html#env) there) | ||
* `.conf` files mounted in `/etc/nginx/conf.d` will be included in the `http` nginx context |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1 @@ | ||
env FOO; |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters