Spaces:
Running
Running
| # | |
| # NOTE: THIS DOCKERFILE IS GENERATED VIA "update.sh" | |
| # | |
| # PLEASE DO NOT EDIT IT DIRECTLY. | |
| # | |
| FROM nginx:1.24.0-alpine-slim | |
| ENV NJS_VERSION 0.8.0 | |
| RUN set -x \ | |
| && apkArch="$(cat /etc/apk/arch)" \ | |
| && nginxPackages=" \ | |
| nginx=${NGINX_VERSION}-r${PKG_RELEASE} \ | |
| nginx-module-xslt=${NGINX_VERSION}-r${PKG_RELEASE} \ | |
| nginx-module-geoip=${NGINX_VERSION}-r${PKG_RELEASE} \ | |
| nginx-module-image-filter=${NGINX_VERSION}-r${PKG_RELEASE} \ | |
| nginx-module-njs=${NGINX_VERSION}.${NJS_VERSION}-r${PKG_RELEASE} \ | |
| " \ | |
| # install prerequisites for public key and pkg-oss checks | |
| && apk add --no-cache --virtual .checksum-deps \ | |
| openssl \ | |
| && case "$apkArch" in \ | |
| x86_64|aarch64) \ | |
| # arches officially built by upstream | |
| set -x \ | |
| && KEY_SHA512="e09fa32f0a0eab2b879ccbbc4d0e4fb9751486eedda75e35fac65802cc9faa266425edf83e261137a2f4d16281ce2c1a5f4502930fe75154723da014214f0655" \ | |
| && wget -O /tmp/nginx_signing.rsa.pub https://nginx.org/keys/nginx_signing.rsa.pub \ | |
| && if echo "$KEY_SHA512 */tmp/nginx_signing.rsa.pub" | sha512sum -c -; then \ | |
| echo "key verification succeeded!"; \ | |
| mv /tmp/nginx_signing.rsa.pub /etc/apk/keys/; \ | |
| else \ | |
| echo "key verification failed!"; \ | |
| exit 1; \ | |
| fi \ | |
| && apk add -X "https://nginx.org/packages/alpine/v$(egrep -o '^[0-9]+\.[0-9]+' /etc/alpine-release)/main" --no-cache $nginxPackages \ | |
| ;; \ | |
| *) \ | |
| # we're on an architecture upstream doesn't officially build for | |
| # let's build binaries from the published packaging sources | |
| set -x \ | |
| && tempDir="$(mktemp -d)" \ | |
| && chown nobody:nobody $tempDir \ | |
| && apk add --no-cache --virtual .build-deps \ | |
| gcc \ | |
| libc-dev \ | |
| make \ | |
| openssl-dev \ | |
| pcre2-dev \ | |
| zlib-dev \ | |
| linux-headers \ | |
| libxslt-dev \ | |
| gd-dev \ | |
| geoip-dev \ | |
| libedit-dev \ | |
| bash \ | |
| alpine-sdk \ | |
| findutils \ | |
| && su nobody -s /bin/sh -c " \ | |
| export HOME=${tempDir} \ | |
| && cd ${tempDir} \ | |
| && curl -f -O https://hg.nginx.org/pkg-oss/archive/e5d85b3424bb.tar.gz \ | |
| && PKGOSSCHECKSUM=\"4f33347bf05e7d7dd42a52b6e7af7ec21e3ed71df05a8ec16dd1228425f04e4318d88b1340370ccb6ad02cde590fc102094ddffbb1fc86d2085295a43f02f67b *e5d85b3424bb.tar.gz\" \ | |
| && if [ \"\$(openssl sha512 -r e5d85b3424bb.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then \ | |
| echo \"pkg-oss tarball checksum verification succeeded!\"; \ | |
| else \ | |
| echo \"pkg-oss tarball checksum verification failed!\"; \ | |
| exit 1; \ | |
| fi \ | |
| && tar xzvf e5d85b3424bb.tar.gz \ | |
| && cd pkg-oss-e5d85b3424bb \ | |
| && cd alpine \ | |
| && make module-geoip module-image-filter module-njs module-xslt \ | |
| && apk index -o ${tempDir}/packages/alpine/${apkArch}/APKINDEX.tar.gz ${tempDir}/packages/alpine/${apkArch}/*.apk \ | |
| && abuild-sign -k ${tempDir}/.abuild/abuild-key.rsa ${tempDir}/packages/alpine/${apkArch}/APKINDEX.tar.gz \ | |
| " \ | |
| && cp ${tempDir}/.abuild/abuild-key.rsa.pub /etc/apk/keys/ \ | |
| && apk del --no-network .build-deps \ | |
| && apk add -X ${tempDir}/packages/alpine/ --no-cache $nginxPackages \ | |
| ;; \ | |
| esac \ | |
| # remove checksum deps | |
| && apk del --no-network .checksum-deps \ | |
| # if we have leftovers from building, let's purge them (including extra, unnecessary build deps) | |
| && if [ -n "$tempDir" ]; then rm -rf "$tempDir"; fi \ | |
| && if [ -f "/etc/apk/keys/abuild-key.rsa.pub" ]; then rm -f /etc/apk/keys/abuild-key.rsa.pub; fi \ | |
| && if [ -f "/etc/apk/keys/nginx_signing.rsa.pub" ]; then rm -f /etc/apk/keys/nginx_signing.rsa.pub; fi \ | |
| # Bring in curl and ca-certificates to make registering on DNS SD easier | |
| && apk add --no-cache curl ca-certificates | |
| ADD default.conf /etc/nginx/conf.d/default.conf | |
| ADD html /usr/share/nginx/html | |
| RUN chmod 777 /var/cache/nginx \ | |
| && chmod 777 /var/run |