Commit 24e4a303 authored by Elouan Martinet's avatar Elouan Martinet
Browse files

Add selbuild image

parent 280561a1
Pipeline #313 failed with stage
in 12 minutes and 31 seconds
......@@ -43,3 +43,10 @@ official-alpine:
- master
script:
- sh "${CI_PROJECT_DIR}/kaniko.sh" official/alpine
selfbuild:
stage: build
only:
- master
script:
- sh "${CI_PROJECT_DIR}/kaniko.sh" selfbuild
......@@ -47,6 +47,11 @@ These images are built from [Docker Hub's debian](https://hub.docker.com/_/debia
Note that APT is configured to do not install recommended packages by default.
## Self build
This image is built from [Docker Hub's alpine](https://hub.docker.com/_/alpine) image using a self-build of nginx-mainline.
* `registry.ewd.app/common/nginx:selfbuild`
## License
Soon.
FROM alpine as downloader
RUN apk --no-cache add \
curl \
tar \
gnupg \
coreutils \
jq \
&& addgroup -S download \
&& adduser -S download -G download
USER download
COPY ./selfbuild/download.sh /
ARG NGINX_GPG_KEY=B0F4253373F8F6F510D42178520A9993A1C052F8
ARG NGX_ECHO_VERSION=0.62
ARG NGX_ECHO_SHA512SUM=240896b1c559a71ca6ca87136d8535edd25b1d65ebb80d46080ad41c09ed1cec9737828f9efe260782294d660cea66cf402f4e75bba3fed26f3a94de0ae2f89b
ARG NGX_HEADERS_MORE_VERSION=0.33
ARG NGX_HEADERS_MORE_SHA512SUM=13165b1b8d4be281b8bd2404fa48d456013d560bace094c81da08a35dc6a4f025a809a3ae3a42be6bbf67abbcbe41e0730aba06f905220f3baeb01e1192a7d37
RUN sh /download.sh
FROM alpine as builder
RUN apk --no-cache add \
clang \
llvm \
compiler-rt \
compiler-rt-static \
lld \
musl-dev \
make \
linux-headers \
pcre-dev \
zlib-dev \
openssl-dev \
geoip-dev \
&& addgroup -S build \
&& adduser -S build -G build
USER build
COPY ./selfbuild/build.sh /
COPY --from=downloader --chown=build:build /home/download/extracted /home/build/base
RUN sh /build.sh
FROM alpine
RUN apk --no-cache add \
ca-certificates \
gettext \
curl \
pcre \
zlib \
geoip \
&& addgroup -S nginx \
&& adduser -S nginx -G nginx
COPY ./common/etc/nginx /etc/nginx
RUN mkdir -p \
/var/lib/nginx/client-body \
/var/lib/nginx/proxy \
/var/lib/nginx/fastcgi \
/var/lib/nginx/scgi \
/var/lib/nginx/uwsgi \
/var/www \
&& chown -R nginx: \
/etc/nginx \
/var/lib/nginx \
/var/www
COPY ./common/entrypoint.sh /
RUN chmod +x /entrypoint.sh
COPY --from=builder /home/build/base/nginx/objs/nginx /usr/bin/nginx
RUN chown root: /usr/bin/nginx
USER nginx
STOPSIGNAL SIGQUIT
ENTRYPOINT ["/entrypoint.sh"]
CMD ["nginx", "-g", "daemon off;"]
#!/bin/sh
set -xe
cd ~/base
cd nginx
export CC="clang -fuse-ld=lld --rtlib=compiler-rt"
export LD="$CC"
./configure \
--prefix=/etc/nginx \
--conf-path=/etc/nginx/nginx.conf \
--sbin-path=/usr/bin/nginx \
--pid-path=/var/lib/nginx/nginx.pid \
--lock-path=/var/lib/nginx/nginx.lock \
--http-log-path=stdout \
--error-log-path=stderr \
--http-client-body-temp-path=/var/lib/nginx/client-body \
--http-proxy-temp-path=/var/lib/nginx/proxy \
--http-fastcgi-temp-path=/var/lib/nginx/fastcgi \
--http-scgi-temp-path=/var/lib/nginx/scgi \
--http-uwsgi-temp-path=/var/lib/nginx/uwsgi \
--with-cc-opt='-Wno-unused-command-line-argument -Wno-error=sign-compare -O2 -fno-plt -Wp,-D_FORTIFY_SOURCE=2 -fstack-clash-protection -fcf-protection' \
--with-ld-opt='-Wl,-O1,--sort-common,--as-needed,-z,relro,-z,now' \
--with-compat \
--with-file-aio \
--with-pcre-jit \
--with-stream \
--with-threads \
--with-http_addition_module \
--with-http_auth_request_module \
--with-http_dav_module \
--with-http_degradation_module \
--with-http_flv_module \
--with-http_geoip_module \
--with-http_gunzip_module \
--with-http_gzip_static_module \
--with-http_mp4_module \
--with-http_random_index_module \
--with-http_realip_module \
--with-http_secure_link_module \
--with-http_slice_module \
--with-http_ssl_module \
--with-http_stub_status_module \
--with-http_sub_module \
--with-http_v2_module \
--with-stream_geoip_module \
--with-stream_realip_module \
--with-stream_ssl_module \
--with-stream_ssl_preread_module \
--add-module=../ngx-echo \
--add-module=../ngx-headers-more
make
#!/bin/sh
set -xe
mkdir -p ~/downloads ~/extracted
cd ~/downloads
require_vars() {
while [ -n "$1" ]; do
eval "if [ -z \"\${$1}\" ]; then
echo '$1 must be set.'
exit 1
fi"
shift
done
}
download() {
output="$1.$2"
curl -L -o "${output}" "$3"
if [ -f "$5" ]; then
gpg --verify "$5" "${output}"
else
echo "$5 ${output}" | sha512sum -c
fi
tar xf "${output}"
rm "${output}"
mv "$4" ~/extracted/"$1"
}
if [ -z "${NGINX_VERSION}" ]; then
NGINX_VERSION="$(curl -H 'Accept: application/vnd.github.v3+json' https://api.github.com/repos/nginx/nginx/git/refs/tags | jq -r '.[].ref' | grep -Eo '[0-9]+\.[0-9]+\.[0-9]+$' | sort -V | tail -n 1)"
fi
require_vars \
NGINX_VERSION \
NGINX_GPG_KEY \
NGX_ECHO_VERSION \
NGX_ECHO_SHA512SUM \
NGX_HEADERS_MORE_VERSION \
NGX_HEADERS_MORE_SHA512SUM
nginx_url="https://nginx.org/download/nginx-${NGINX_VERSION}.tar.gz"
curl -L -o nginx.tar.gz.asc "${nginx_url}".asc
gpg --keyserver hkps://keyserver.ubuntu.com --recv-keys "${NGINX_GPG_KEY}"
download nginx tar.gz "${nginx_url}" "nginx-${NGINX_VERSION}" nginx.tar.gz.asc
download ngx-echo tar.gz "https://github.com/openresty/echo-nginx-module/archive/refs/tags/v${NGX_ECHO_VERSION}.tar.gz" "echo-nginx-module-${NGX_ECHO_VERSION}" "${NGX_ECHO_SHA512SUM}"
download ngx-headers-more tar.gz "https://github.com/openresty/headers-more-nginx-module/archive/refs/tags/v${NGX_HEADERS_MORE_VERSION}.tar.gz" "headers-more-nginx-module-${NGX_HEADERS_MORE_VERSION}" "${NGX_HEADERS_MORE_SHA512SUM}"
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment