Restructured docker images heirarchy

Author: jc21

.jenkins/Jenkinsfile

@@ -28,9 +28,12 @@ pipeline {
 					}
 					steps {
 						script {
-							env.BASE_TAG                = 'latest'
-							env.BUILDX_PUSH_TAGS        = "-t docker.io/nginxproxymanager/${IMAGE}:${BASE_TAG}"
-							env.BUILDX_PUSH_TAGS_NODE   = "-t docker.io/nginxproxymanager/${IMAGE}:node"
+							env.BASE_TAG                       = 'latest'
+							env.BUILDX_PUSH_TAGS               = "-t docker.io/nginxproxymanager/${IMAGE}:${BASE_TAG}"
+							env.BUILDX_PUSH_TAGS_ACMESH        = "-t docker.io/nginxproxymanager/${IMAGE}:acmesh"
+							env.BUILDX_PUSH_TAGS_CERTBOT       = "-t docker.io/nginxproxymanager/${IMAGE}:certbot"
+							env.BUILDX_PUSH_TAGS_ACMESH_GOLANG = "-t docker.io/nginxproxymanager/${IMAGE}:acmesh-golang"
+							env.BUILDX_PUSH_TAGS_CERTBOT_NODE  = "-t docker.io/nginxproxymanager/${IMAGE}:certbot-node"
 						}
 					}
 				}
@@ -43,15 +46,20 @@ pipeline {
 					steps {
 						script {
 							// Defaults to the Branch name, which is applies to all branches AND pr's
-							env.BASE_TAG                = "github-${BRANCH_LOWER}"
-							env.BUILDX_PUSH_TAGS        = "-t docker.io/nginxproxymanager/${IMAGE}:${BASE_TAG}"
-							env.BUILDX_PUSH_TAGS_NODE   = "${BUILDX_PUSH_TAGS}-node"
+							env.BASE_TAG                       = "github-${BRANCH_LOWER}"
+							env.ACMESH_BASE_TAG                = "github-${BRANCH_LOWER}-acmesh"
+							env.CERTBOT_BASE_TAG               = "github-${BRANCH_LOWER}-certbot"
+							env.BUILDX_PUSH_TAGS               = "-t docker.io/nginxproxymanager/${IMAGE}:${BASE_TAG}"
+							env.BUILDX_PUSH_TAGS_ACMESH        = "${BUILDX_PUSH_TAGS}-acmesh"
+							env.BUILDX_PUSH_TAGS_CERTBOT       = "${BUILDX_PUSH_TAGS}-certbot"
+							env.BUILDX_PUSH_TAGS_ACMESH_GOLANG = "${BUILDX_PUSH_TAGS}-acmesh-golang"
+							env.BUILDX_PUSH_TAGS_CERTBOT_NODE  = "${BUILDX_PUSH_TAGS}-certbot-node"
 						}
 					}
 				}
 			}
 		}
-		stage('Base Build') {
+		stage('Base') {
 			environment {
 				BUILDX_NAME = "${IMAGE}_${GIT_BRANCH}_base"
 			}
@@ -62,18 +70,27 @@ pipeline {
 				}
 			}
 		}
-		stage('Other Builds') {
-			parallel {
-				stage('Node') {
-					environment {
-						BUILDX_NAME = "${IMAGE}_${GIT_BRANCH}_node"
-					}
-					steps {
-						withCredentials([usernamePassword(credentialsId: 'jc21-dockerhub', passwordVariable: 'DOCKER_PASS', usernameVariable: 'DOCKER_USER')]) {
-							sh 'docker login -u "${DOCKER_USER}" -p "${DOCKER_PASS}"'
-							sh "./scripts/buildx --push -f docker/Dockerfile.node ${BUILDX_PUSH_TAGS_NODE}"
-						}
-					}
+		stage('Acme Clients') {
+			environment {
+				BUILDX_NAME = "${IMAGE}_${GIT_BRANCH}_node"
+			}
+			steps {
+				withCredentials([usernamePassword(credentialsId: 'jc21-dockerhub', passwordVariable: 'DOCKER_PASS', usernameVariable: 'DOCKER_USER')]) {
+					sh 'docker login -u "${DOCKER_USER}" -p "${DOCKER_PASS}"'
+					sh "./scripts/buildx --push -f docker/Dockerfile.acmesh ${BUILDX_PUSH_TAGS_ACMESH}"
+					sh "./scripts/buildx --push -f docker/Dockerfile.certbot ${BUILDX_PUSH_TAGS_CERTBOT}"
+				}
+			}
+		}
+		stage('Dev Tools') {
+			environment {
+				BUILDX_NAME = "${IMAGE}_${GIT_BRANCH}_node"
+			}
+			steps {
+				withCredentials([usernamePassword(credentialsId: 'jc21-dockerhub', passwordVariable: 'DOCKER_PASS', usernameVariable: 'DOCKER_USER')]) {
+					sh 'docker login -u "${DOCKER_USER}" -p "${DOCKER_PASS}"'
+					sh "./scripts/buildx --push -f docker/Dockerfile.acmesh-golang ${BUILDX_PUSH_TAGS_ACMESH_GOLANG}"
+					sh "./scripts/buildx --push -f docker/Dockerfile.certbot-node ${BUILDX_PUSH_TAGS_CERTBOT_NODE}"
 				}
 			}
 		}

README.md

@@ -17,14 +17,29 @@
 
 This is a base image for use in other images. See Dockerfile for build steps.
 
-The following is compiled/installed:
+The following images are built:
 
+**latest**
 - OpenResty
 - Lua
+
+**certbot**
+- Certbot
+- Python3 and pip
+
+**acmesh** _(used in Nginx Proxy Manager v3)_
+- Acme.sh
+
+**certbot-node** _(used in Nginx Proxy Manager v2)_
 - Certbot
 - Python3 and pip
+- Nodejs
+
+**acmesh-golang** _(development for Nginx Proxy Manager v3)_
+- Acme.sh
+- Golang
 
-The following architectures are supported:
+The following architectures are supported for all images:
 
 - amd64
 - arm/v7
@@ -33,7 +48,7 @@ The following architectures are supported:
 ### Usage:
 
 ```
-FROM nginxproxymanager/nginx-full
+FROM nginxproxymanager/nginx-full:latest
 
 ...
 ```

docker/Dockerfile

@@ -1,45 +1,3 @@
-#############
-# Certbot Builder
-#############
-
-FROM debian:buster-slim as certbotbuilder
-
-SHELL ["/bin/bash", "-o", "pipefail", "-c"]
-
-RUN apt-get update
-RUN apt-get install -y \
-	build-essential \
-	curl \
-	libaugeas0 \
-	python3 \
-	python3-dev \
-	libffi-dev \
-	libssl-dev \
-	python3-venv \
-	ca-certificates
-
-ENV SSL_CERT_FILE=/etc/ssl/certs/ca-certificates.crt
-
-# Yes, python compilation requires rust.
-RUN curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sh -s -- -y
-ENV PATH="/root/.cargo/bin:$PATH"
-
-# It's all about pip now.
-RUN python3 -m venv /opt/certbot/
-ENV PATH="/opt/certbot/bin:$PATH"
-
-RUN curl -L 'https://bootstrap.pypa.io/get-pip.py' | python3
-
-# Handle an extremely specific issue when building the cryptography package for
-# 32-bit architectures within QEMU running on a 64-bit host
-# Special thanks to https://github.com/JonasAlfredsson/docker-nginx-certbot
-RUN if [ "$(getconf LONG_BIT)" = "32" ]; then \
-	pip3 install --no-cache-dir -U cryptography==3.3.2; \
-	fi
-
-RUN pip install --no-cache-dir cffi certbot \
-	&& pip install tldextract
-
 #############
 # Nginx Builder
 #############
@@ -83,26 +41,25 @@ SHELL ["/bin/bash", "-o", "pipefail", "-c"]
 ARG TARGETPLATFORM
 RUN echo "Base: debian:buster-slim, ${TARGETPLATFORM:-linux/amd64}" > /built-for-arch
 
-# OpenResty uses LuaJIT which has a dependency on GCC
+# OpenResty uses LuaJIT which has a dependency on GCC
 RUN apt-get update \
 	&& apt-get install -y --no-install-recommends \
 	apache2-utils \
 	ca-certificates \
 	curl \
 	figlet \
+	jq \
 	libncurses6 \
 	libpcre3 \
 	libreadline7 \
 	openssl \
 	perl \
-	python3 \
-	python3-distutils \
-	python3-venv \
 	tzdata \
 	unzip \
 	zlib1g \
 	&& apt-get clean \
-	&& rm -rf /var/lib/apt/lists/*
+	&& rm -rf /var/lib/apt/lists/* \
+	&& rm -rf /var/cache/* /var/log/* /tmp/* /var/lib/dpkg/status-old
 
 COPY ./files/.bashrc /root/.bashrc
 
@@ -115,44 +72,25 @@ COPY ./scripts/install-lua /tmp/install-lua
 COPY --from=nginxbuilder /tmp/openresty /tmp/openresty
 COPY ./scripts/install-openresty /tmp/install-openresty
 
-ENV SSL_CERT_FILE=/etc/ssl/certs/ca-certificates.crt
-
-# Copy certbot
-COPY --from=certbotbuilder /opt/certbot /opt/certbot
-RUN curl -L 'https://bootstrap.pypa.io/get-pip.py' | python3 \
-	&& python3 -m venv /opt/certbot/ \
-	&& ln -s /opt/certbot/bin/certbot /usr/bin/certbot
-
 ARG OPENRESTY_VERSION
-ENV OPENRESTY_VERSION=${OPENRESTY_VERSION} \
-	CERT_HOME='/data/acme.sh/' \
-	PATH="/opt/certbot/bin:$PATH"
+ENV SSL_CERT_FILE=/etc/ssl/certs/ca-certificates.crt \
+	OPENRESTY_VERSION=${OPENRESTY_VERSION}
 
-# Install openresty, lua
+# Install openresty, lua, then clean up file system
 RUN apt-get update \
-	&& apt-get install -y \
-	gcc \
-	make \
-	socat \
-	git \
+	&& apt-get install -y gcc make socat git \
 	&& /tmp/install-lua \
 	&& /tmp/install-openresty \
-	&& rm -f /tmp/install-lua \
-	&& rm -f /tmp/install-openresty \
 	&& apt-get remove -y make gcc git \
 	&& apt-get autoremove -y \
 	&& apt-get clean \
-	&& rm -rf /var/lib/apt/lists/*
-
-# acme.sh
-RUN mkdir -p /data/acme.sh \
-	&& curl -o /bin/acme.sh 'https://raw.githubusercontent.com/acmesh-official/acme.sh/master/acme.sh' \
-	&& chmod +x /bin/acme.sh
+	&& rm -rf /var/lib/apt/lists/* \
+	&& rm -rf /var/cache/* /var/log/* /tmp/* /var/lib/dpkg/status-old
 
 LABEL org.label-schema.schema-version="1.0" \
 	org.label-schema.license="MIT" \
 	org.label-schema.name="nginx-full" \
 	org.label-schema.description="A base image for use by Nginx Proxy Manager" \
-	org.label-schema.url="https://github.com/jc21/docker-nginx-full" \
-	org.label-schema.vcs-url="https://github.com/jc21/docker-nginx-full.git" \
-	org.label-schema.cmd="docker run --rm -ti jc21/nginx-full:latest"
+	org.label-schema.url="https://github.com/nginxproxymanager/docker-nginx-full" \
+	org.label-schema.vcs-url="https://github.com/nginxproxymanager/docker-nginx-full.git" \
+	org.label-schema.cmd="docker run --rm -ti nginxproxymanager/nginx-full:latest"

docker/Dockerfile.acmesh

@@ -0,0 +1,14 @@
+FROM nginxproxymanager/nginx-full:${BASE_TAG:-latest}
+LABEL maintainer="Jamie Curnow <[email protected]>"
+
+ARG TARGETPLATFORM
+RUN echo "Acme.sh: nginxproxymanager/nginx-full:${BASE_TAG:-latest}, ${TARGETPLATFORM:-linux/amd64}" >> /built-for-arch
+
+ENV CURL_CA_BUNDLE=/etc/ssl/certs/ca-certificates.crt
+
+# acme.sh
+RUN mkdir -p /data/acme.sh \
+	&& curl -o /bin/acme.sh 'https://raw.githubusercontent.com/acmesh-official/acme.sh/master/acme.sh' \
+	&& chmod +x /bin/acme.sh
+
+LABEL org.label-schema.cmd="docker run --rm -ti nginxproxymanager/nginx-full:acmesh"

docker/Dockerfile.acmesh-golang

@@ -0,0 +1,29 @@
+FROM golang:latest as go
+FROM nginxproxymanager/nginx-full:${ACMESH_BASE_TAG:-acmesh}
+LABEL maintainer="Jamie Curnow <[email protected]>"
+
+ARG TARGETPLATFORM
+RUN echo "Golang: nginxproxymanager/nginx-full:${BASE_TAG:-acmesh}, ${TARGETPLATFORM:-linux/amd64}" >> /built-for-arch
+
+RUN apt-get update \
+	&& apt-get install -y wget gcc g++ make git sqlite3 jq \
+	&& apt-get clean \
+	&& rm -rf /var/lib/apt/lists/*
+
+# copy go from golang
+COPY --from=go /usr/local/go /usr/local/go
+
+ENV GOPATH=/opt/go PATH="/usr/local/go/bin:$PATH:/opt/go/bin"
+RUN mkdir -p "$GOPATH/src" "$GOPATH/bin" \
+	&& chmod -R 777 "$GOPATH" \
+	&& echo "====> ${TARGETPLATFORM}: $(go version)"
+
+WORKDIR /root
+
+# Gotools
+RUN if [ "$TARGETPLATFORM" == "" ] || [ "$TARGETPLATFORM" == "linux/amd64" ]; then cd /usr && wget -O- -nv https://raw.githubusercontent.com/golangci/golangci-lint/master/install.sh | sh -s v1.39.0; fi
+RUN go get -u github.com/kyoh86/richgo \
+	&& go get -u github.com/sonatype-nexus-community/nancy \
+	&& rm -rf /root/.cache/go-build
+
+LABEL org.label-schema.cmd="docker run --rm -ti nginxproxymanager/nginx-full:acmesh-golang"

docker/Dockerfile.certbot

@@ -0,0 +1,68 @@
+#############
+# Certbot Builder
+#############
+
+FROM debian:buster-slim as certbotbuilder
+
+SHELL ["/bin/bash", "-o", "pipefail", "-c"]
+
+RUN apt-get update
+RUN apt-get install -y \
+	build-essential \
+	curl \
+	libaugeas0 \
+	python3 \
+	python3-dev \
+	libffi-dev \
+	libssl-dev \
+	python3-venv \
+	ca-certificates
+
+ENV SSL_CERT_FILE=/etc/ssl/certs/ca-certificates.crt
+
+# Yes, python compilation requires rust.
+RUN curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sh -s -- -y
+ENV PATH="/root/.cargo/bin:$PATH"
+
+# It's all about pip now.
+RUN python3 -m venv /opt/certbot/
+ENV PATH="/opt/certbot/bin:$PATH"
+
+RUN curl -L 'https://bootstrap.pypa.io/get-pip.py' | python3
+
+# Handle an extremely specific issue when building the cryptography package for
+# 32-bit architectures within QEMU running on a 64-bit host
+# Special thanks to https://github.com/JonasAlfredsson/docker-nginx-certbot
+RUN if [ "$(getconf LONG_BIT)" = "32" ]; then \
+	pip3 install --no-cache-dir -U cryptography==3.3.2; \
+	fi
+
+RUN pip install --no-cache-dir cffi certbot \
+	&& pip install tldextract
+
+#############
+# Final Image
+#############
+
+FROM nginxproxymanager/nginx-full:${BASE_TAG:-latest}
+LABEL maintainer="Jamie Curnow <[email protected]>"
+
+ARG TARGETPLATFORM
+RUN echo "Certbot: nginxproxymanager/nginx-full:${BASE_TAG:-latest}, ${TARGETPLATFORM:-linux/amd64}" >> /built-for-arch
+
+# OpenResty uses LuaJIT which has a dependency on GCC
+RUN apt-get update \
+	&& apt-get install -y --no-install-recommends \
+	python3 \
+	python3-distutils \
+	python3-venv \
+	&& apt-get clean \
+	&& rm -rf /var/lib/apt/lists/*
+
+# Copy certbot
+COPY --from=certbotbuilder /opt/certbot /opt/certbot
+RUN curl -L 'https://bootstrap.pypa.io/get-pip.py' | python3 \
+	&& python3 -m venv /opt/certbot/ \
+	&& ln -s /opt/certbot/bin/certbot /usr/bin/certbot
+
+LABEL org.label-schema.cmd="docker run --rm -ti nginxproxymanager/nginx-full:certbot"

docker/Dockerfile.node renamed to docker/Dockerfile.certbot-node

@@ -1,8 +1,8 @@
-FROM nginxproxymanager/nginx-full:${BASE_TAG:-latest}
+FROM nginxproxymanager/nginx-full:${CERTBOT_BASE_TAG:-certbot}
 LABEL maintainer="Jamie Curnow <[email protected]>"
 
 ARG TARGETPLATFORM
-RUN echo "Node: jc21/nginx-full:${BASE_TAG:-latest}, ${TARGETPLATFORM:-linux/amd64}" >> /built-for-arch
+RUN echo "Node: nginxproxymanager/nginx-full:${BASE_TAG:-certbot}, ${TARGETPLATFORM:-linux/amd64}" >> /built-for-arch
 
 ENV CURL_CA_BUNDLE=/etc/ssl/certs/ca-certificates.crt
 
@@ -17,3 +17,5 @@ RUN curl -fsSL https://deb.nodesource.com/setup_16.x | bash - \
 COPY ./files/test.js /tmp/test.js
 RUN node /tmp/test.js \
 	&& rm -f /tmp/test.js
+
+LABEL org.label-schema.cmd="docker run --rm -ti nginxproxymanager/nginx-full:certbot-node"