Install and build openssl

Updated golang to 1.19.7

Author: jc21

.jenkins/Jenkinsfile

@@ -19,6 +19,7 @@ pipeline {
 		CROWDSEC_OPENRESTY_BOUNCER_VERSION = '0.1.7'
 		LUA_VERSION       = '5.1.5'
 		LUAROCKS_VERSION  = '3.3.1'
+		OPENSSL_VERSION   = '1.1.1t'
 	}
 	stages {
 		stage('Environment') {

docker/Dockerfile

@@ -2,11 +2,12 @@
 # Nginx Builder
 #############
 
-FROM debian:buster-slim as nginxbuilder
+FROM debian:bullseye-slim as nginxbuilder
 
 ARG OPENRESTY_VERSION
 ARG LUA_VERSION
 ARG LUAROCKS_VERSION
+ARG OPENSSL_VERSION
 
 RUN apt-get update \
 	&& apt-get install -y \
@@ -16,7 +17,7 @@ RUN apt-get update \
 	libpcre3-dev \
 	libreadline-dev \
 	libssl-dev \
-	openssl unzip \
+	unzip \
 	wget \
 	zlib1g-dev \
 	git
@@ -25,21 +26,23 @@ RUN apt-get update \
 COPY ./scripts/build-lua /tmp/build-lua
 RUN /tmp/build-lua
 
-# Nginx build
+# Build packages
+COPY ./scripts/install-openssl /tmp/install-openssl
+RUN /tmp/install-openssl
 COPY ./scripts/build-openresty /tmp/build-openresty
 RUN /tmp/build-openresty
 
 #############
 # Final Image
 #############
 
-FROM debian:buster-slim
+FROM debian:bullseye-slim
 LABEL maintainer="Jamie Curnow <[email protected]>"
 
 SHELL ["/bin/bash", "-o", "pipefail", "-c"]
 
 ARG TARGETPLATFORM
-RUN echo "Base: debian:buster-slim, ${TARGETPLATFORM:-linux/amd64}" > /built-for-arch
+RUN echo "Base: debian:bullseye-slim, ${TARGETPLATFORM:-linux/amd64}" > /built-for-arch
 
 # OpenResty uses LuaJIT which has a dependency on GCC
 RUN apt-get update \
@@ -48,11 +51,13 @@ RUN apt-get update \
 	ca-certificates \
 	curl \
 	figlet \
+	gcc \
 	jq \
 	libncurses6 \
 	libpcre3 \
-	libreadline7 \
-	openssl \
+	libreadline8 \
+	libc6-dev \
+	make \
 	perl \
 	tzdata \
 	unzip \
@@ -66,6 +71,11 @@ RUN apt-get update \
 
 COPY ./files/.bashrc /root/.bashrc
 
+# build and install openssl
+ARG OPENSSL_VERSION
+COPY ./scripts/install-openssl /tmp/install-openssl
+RUN /tmp/install-openssl
+
 # Copy lua and luarocks builds from first image
 COPY --from=nginxbuilder /tmp/lua /tmp/lua
 COPY --from=nginxbuilder /tmp/luarocks /tmp/luarocks
@@ -80,16 +90,17 @@ COPY ./scripts/install-crowdsec_openresty_bouncer /tmp/install-crowdsec_openrest
 
 ARG OPENRESTY_VERSION
 ARG CROWDSEC_OPENRESTY_BOUNCER_VERSION
+
 ENV SSL_CERT_FILE=/etc/ssl/certs/ca-certificates.crt \
 	OPENRESTY_VERSION=${OPENRESTY_VERSION} \
+	OPENSSL_VERSION=${OPENSSL_VERSION} \
 	CROWDSEC_OPENRESTY_BOUNCER_VERSION=${CROWDSEC_OPENRESTY_BOUNCER_VERSION}
 
 # Install openresty, lua, then clean up file system
 RUN apt-get update \
-	&& apt-get install -y gcc make socat git \
 	&& /tmp/install-lua \
 	&& /tmp/install-openresty \
-	&& apt-get remove -y make gcc git wget gettext \
+	&& apt-get remove -y make gcc git wget gettext libc6-dev \
 	&& apt-get autoremove -y \
 	&& apt-get clean \
 	&& rm -rf /var/lib/apt/lists/* \

docker/Dockerfile.acmesh-golang

@@ -1,4 +1,4 @@
-FROM golang:1.19.6 as go
+FROM golang:1.19.7 as go
 FROM nginxproxymanager/nginx-full:${ACMESH_BASE_TAG:-acmesh}
 LABEL maintainer="Jamie Curnow <[email protected]>"
 

docker/Dockerfile.certbot

@@ -2,7 +2,7 @@
 # Certbot Builder
 #############
 
-FROM debian:buster-slim as certbotbuilder
+FROM debian:bullseye-slim as certbotbuilder
 
 SHELL ["/bin/bash", "-o", "pipefail", "-c"]
 

local-build.sh

@@ -19,13 +19,15 @@ docker buildx build \
 	--platform linux/amd64,linux/arm64,linux/arm/7 \
 	--progress plain \
 	--pull \
+	--no-cache \
 	--build-arg BASE_TAG \
 	--build-arg ACMESH_BASE_TAG \
 	--build-arg CERTBOT_BASE_TAG \
 	--build-arg OPENRESTY_VERSION \
 	--build-arg LUA_VERSION \
 	--build-arg LUAROCKS_VERSION \
 	--build-arg CROWDSEC_OPENRESTY_BOUNCER_VERSION \
+	--build-arg OPENSSL_VERSION \
 	$@ \
 	.
 

scripts/buildx

@@ -0,0 +1,35 @@
+#!/bin/bash -e
+
+BLUE='\E[1;34m'
+CYAN='\E[1;36m'
+YELLOW='\E[1;33m'
+GREEN='\E[1;32m'
+RESET='\E[0m'
+
+echo -e "${BLUE}❯ ${CYAN}Building and installing openssl ${YELLOW}${OPENSSL_VERSION}...${RESET}"
+
+# remove previously installed openssl
+if test -f "/usr/bin/openssl"; then
+	apt-get update
+	apt-get remove -y opensssl || true
+	apt-get clean
+	rm -rf /var/lib/apt/lists/* /var/cache/*
+fi
+
+cd /tmp
+wget "https://www.openssl.org/source/openssl-${OPENSSL_VERSION}.tar.gz"
+tar -xzf "openssl-${OPENSSL_VERSION}.tar.gz"
+mv "/tmp/openssl-${OPENSSL_VERSION}" /tmp/openssl
+cd /tmp/openssl
+
+./config
+make test
+make install
+rm -rf /usr/bin/openssl
+ln -s /usr/local/bin/openssl /usr/bin/openssl
+ldconfig
+
+cd /tmp
+rm -rf /tmp/openssl /usr/local/share/docker/openssl
+
+echo -e "${BLUE}❯ ${GREEN}openssl install completed: ${YELLOW}$(openssl version)${RESET}"

scripts/install-openssl

@@ -0,0 +1,28 @@
+#!/bin/bash -e
+
+BLUE='\E[1;34m'
+GREEN='\E[1;32m'
+RESET='\E[0m'
+
+DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
+cd "${DIR}/.."
+
+export BASE_TAG=latest
+export OPENRESTY_VERSION=1.19.3.1
+export LUA_VERSION=5.1.5
+export LUAROCKS_VERSION=3.3.1
+export OPENSSL_VERSION=1.1.1t
+
+docker build \
+	--pull \
+	--no-cache \
+	--build-arg BASE_TAG \
+	--build-arg OPENRESTY_VERSION \
+	--build-arg LUA_VERSION \
+	--build-arg LUAROCKS_VERSION \
+	--build-arg OPENSSL_VERSION \
+	-t nginx-full:dev \
+	-f docker/Dockerfile \
+	.
+
+echo -e "${BLUE}❯ ${GREEN}Build Complete${RESET}"

scripts/localbuild

@@ -0,0 +1,14 @@
+#!/bin/bash -e
+
+DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
+cd "${DIR}/.."
+
+export IMAGE=nginx-full
+export BASE_TAG=latest
+export OPENRESTY_VERSION=1.19.3.1
+export LUA_VERSION=5.1.5
+export LUAROCKS_VERSION=3.3.1
+export OPENSSL_VERSION=1.1.1t
+
+#./scripts/buildx --push -f docker/Dockerfile -t docker.io/nginxproxymanager/${IMAGE}:${BASE_TAG}
+./scripts/buildx --push -f docker/Dockerfile -t docker.io/nginxproxymanager/${IMAGE}:latest