From 36ccf751cb575018270fdb3c3c59294725b59a15 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?G=C3=B6kay=20G=C3=BCrcan?= Date: Fri, 30 Aug 2024 18:05:19 +0200 Subject: [PATCH] feat: multi-stage builds (#48) --- .dockerignore | 5 ++++ .github/workflows/dockerimage.yml | 22 +++++++-------- Dockerfile | 28 ++++++++++++------- README.md | 4 +-- .../nginx/conf.optional.d/more_headers.conf | 1 + docker/etc/nginx/nginx.conf | 1 + 6 files changed, 38 insertions(+), 23 deletions(-) create mode 100644 .dockerignore diff --git a/.dockerignore b/.dockerignore new file mode 100644 index 0000000..d11c6e6 --- /dev/null +++ b/.dockerignore @@ -0,0 +1,5 @@ +.github/ +.dockerignore +.editorconfig +LICENSE +README.md diff --git a/.github/workflows/dockerimage.yml b/.github/workflows/dockerimage.yml index fceb709..7101707 100644 --- a/.github/workflows/dockerimage.yml +++ b/.github/workflows/dockerimage.yml @@ -25,16 +25,7 @@ jobs: - id: checkout name: Checkout - uses: actions/checkout@v3 - - - id: login - name: Login to Docker Hub - uses: docker/login-action@v2 - if: | - github.ref == 'refs/heads/main' - with: - username: ${{ secrets.DOCKER_USERNAME }} - password: ${{ secrets.DOCKER_PASSWORD }} + uses: actions/checkout@v4 - id: build name: Build image @@ -48,10 +39,19 @@ jobs: docker volume create usr-share-geoip docker run --rm --name geoipupdate -v usr-share-geoip:/usr/share/GeoIP -e GEOIPUPDATE_FREQUENCY=0 -e GEOIPUPDATE_ACCOUNT_ID='${{ secrets.GEOIPUPDATE_ACCOUNT_ID }}' -e GEOIPUPDATE_LICENSE_KEY='${{ secrets.GEOIPUPDATE_LICENSE_KEY }}' -e GEOIPUPDATE_EDITION_IDS='GeoLite2-City GeoLite2-Country' maxmindinc/geoipupdate docker run --rm --name nginx gokaygurcan/nginx nginx -V + + - id: login + name: Login to Docker Hub + uses: docker/login-action@v3 + if: | + github.ref == 'refs/heads/main' + with: + username: ${{ secrets.DOCKER_USERNAME }} + password: ${{ secrets.DOCKER_PASSWORD }} - id: push name: Push to Docker Registry - uses: docker/build-push-action@v3 + uses: docker/build-push-action@v6 if: | github.ref == 'refs/heads/main' with: diff --git a/Dockerfile b/Dockerfile index 7721b17..7f26dd9 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,17 +1,15 @@ # gokaygurcan/dockerfile-nginx -FROM gokaygurcan/ubuntu:latest - -# metadata +FROM gokaygurcan/ubuntu:latest as build-nginx LABEL maintainer "Gökay Gürcan " ARG DEBIAN_FRONTEND=noninteractive ENV USR_SRC=/usr/src \ USR_SRC_NGINX=/usr/src/nginx \ USR_SRC_NGINX_MODS=/usr/src/nginx/modules \ - NGINX_VERSION=1.27.0 \ + NGINX_VERSION=1.27.1 \ OPENSSL_VERSION=3.3.1 \ - LIBMAXMINDDB_VERSION=1.10.0 + LIBMAXMINDDB_VERSION=1.11.0 USER root @@ -98,6 +96,7 @@ RUN set -ex && \ mv eustas-ngx_brotli-* brotli && \ cd ${USR_SRC_NGINX_MODS}/brotli/deps && \ rm -rf ./brotli && \ + # google/brotli aria2c -q https://github.com/google/brotli/tarball/master && \ tar -xzf google-brotli-*.tar.gz && \ rm google-brotli-*.tar.gz && \ @@ -107,10 +106,9 @@ RUN set -ex && \ aria2c -q https://github.com/aperezdc/ngx-fancyindex/tarball/master && \ tar -xzf aperezdc-ngx-fancyindex-*.tar.gz && \ rm aperezdc-ngx-fancyindex-*.tar.gz && \ - mv aperezdc-ngx-fancyindex-* fancyindex - + mv aperezdc-ngx-fancyindex-* fancyindex && \ # compile nginx -RUN cd ${USR_SRC_NGINX} && \ + cd ${USR_SRC_NGINX} && \ sh ./configure \ --conf-path=/etc/nginx/nginx.conf \ --sbin-path=/usr/sbin/nginx \ @@ -159,6 +157,8 @@ RUN cd ${USR_SRC_NGINX} && \ make && \ make install && \ echo "✓" | tee /usr/local/nginx/html/index.html && \ + # Diffie-Hellman + openssl dhparam -dsaparam -out /etc/nginx/dhparam.pem 4096 && \ # clean up rm /etc/nginx/*.default && \ apt-get autoclean -yqq && \ @@ -171,13 +171,21 @@ RUN cd ${USR_SRC_NGINX} && \ ln -sf /dev/stdout /var/log/nginx/access.log && \ ln -sf /dev/stderr /var/log/nginx/error.log +# FROM ubuntu:noble +FROM gokaygurcan/ubuntu:latest +LABEL maintainer "Gökay Gürcan " + +COPY --from=build-nginx /etc/nginx /etc/nginx +COPY --from=build-nginx /usr/local/nginx /usr/local/nginx +COPY --from=build-nginx /var/log/nginx /var/log/nginx +COPY --from=build-nginx /usr/sbin/nginx /usr/sbin/nginx + WORKDIR /etc/nginx # copy configs from docker folder COPY docker / -# Diffie-Hellman -RUN openssl dhparam -dsaparam -out /etc/nginx/dhparam.pem 4096 +ENV PATH "${PATH}:/usr/sbin/nginx" EXPOSE 80/tcp 443/tcp diff --git a/README.md b/README.md index 928132f..718a282 100644 --- a/README.md +++ b/README.md @@ -10,9 +10,9 @@ | Variable | Version | | -------------------- | ---------------------- | -| NGINX_VERSION | 1.27.0 | +| NGINX_VERSION | 1.27.1 | | OPENSSL_VERSION | 3.3.1 | -| LIBMAXMINDDB_VERSION | 1.10.0 | +| LIBMAXMINDDB_VERSION | 1.11.0 | ## Additional packages diff --git a/docker/etc/nginx/conf.optional.d/more_headers.conf b/docker/etc/nginx/conf.optional.d/more_headers.conf index 2f75f61..25bc060 100644 --- a/docker/etc/nginx/conf.optional.d/more_headers.conf +++ b/docker/etc/nginx/conf.optional.d/more_headers.conf @@ -1 +1,2 @@ more_set_headers "Server: Unknown"; +more_set_headers "X-Powered-By: gokaygurcan/nginx"; diff --git a/docker/etc/nginx/nginx.conf b/docker/etc/nginx/nginx.conf index 3cbe699..5874967 100644 --- a/docker/etc/nginx/nginx.conf +++ b/docker/etc/nginx/nginx.conf @@ -57,5 +57,6 @@ http { # include configs include /etc/nginx/conf.d/*.conf; + # include /etc/nginx/conf.optional.d/*.conf; include /etc/nginx/sites-enabled/**/*; }