Skip to content

Commit 5160862

Browse files
pdabelf5pdabelf5
committed
remove unused opentracing steps
1 parent 7a968e5 commit 5160862

File tree

1 file changed

+14
-39
lines changed

1 file changed

+14
-39
lines changed

build/Dockerfile

Lines changed: 14 additions & 39 deletions
Original file line numberDiff line numberDiff line change
@@ -183,18 +183,15 @@ ENV NGINX_VERSION=${NGINX_PLUS_VERSION}
183183

184184
RUN --mount=type=secret,id=nginx-repo.crt,dst=/etc/apk/cert.pem,mode=0644 \
185185
--mount=type=secret,id=nginx-repo.key,dst=/etc/apk/cert.key,mode=0644 \
186-
--mount=type=bind,from=alpine-opentracing-lib,target=/tmp/ot/ \
187186
--mount=type=bind,from=nginx-files,src=nginx_signing.rsa.pub,target=/etc/apk/keys/nginx_signing.rsa.pub \
188187
--mount=type=bind,from=nginx-files,src=user_agent,target=/tmp/user_agent \
189188
--mount=type=bind,from=nginx-files,src=agent.sh,target=/usr/local/bin/agent.sh \
190189
--mount=type=bind,from=nginx-files,src=tracking.info,target=/tmp/nginx/reporting/tracking.info \
191190
export $(cat /tmp/user_agent) \
192191
&& printf "%s\n" "https://${PACKAGE_REPO}/plus/${NGINX_PLUS_VERSION}/alpine/v$(grep -E -o '^[0-9]+\.[0-9]+' /etc/alpine-release)/main" >> /etc/apk/repositories \
193192
&& printf "%s\n" "https://${PACKAGE_REPO}/nginx-agentv3/alpine/v$(grep -E -o '^[0-9]+\.[0-9]+' /etc/alpine-release)/main" >> /etc/apk/repositories \
194-
&& apk add --no-cache nginx-plus nginx-plus-module-njs nginx-plus-module-opentracing nginx-plus-module-fips-check nginx-agent libcap libcurl \
195-
&& cp -av /tmp/ot/usr/local/lib/libjaegertracing*so* /tmp/ot/usr/local/lib/libzipkin*so* /tmp/ot/usr/local/lib/libdd*so* /tmp/ot/usr/local/lib/libyaml*so* /usr/local/lib/ \
193+
&& apk add --no-cache nginx-plus nginx-plus-module-njs nginx-plus-module-fips-check nginx-agent libcurl \
196194
&& mkdir -p /etc/nginx/reporting/ && cp -av /tmp/nginx/reporting/tracking.info /etc/nginx/reporting/tracking.info \
197-
&& ldconfig /usr/local/lib/ \
198195
&& agent.sh \
199196
&& sed -i -e '/nginx.com/d' /etc/apk/repositories
200197

@@ -217,15 +214,13 @@ RUN --mount=type=bind,from=alpine-fips-3.21,target=/tmp/fips/ \
217214
############################################# Base image for Alpine with NGINX Plus, App Protect WAF and FIPS #############################################
218215
FROM alpine:3.19@sha256:e5d0aea7f7d2954678a9a6269ca2d06e06591881161961ea59e974dff3f12377 AS alpine-plus-nap-fips
219216
ARG NGINX_PLUS_VERSION
220-
ARG NGINX_PLUS_VERSION
221217
ARG PACKAGE_REPO
222218

223219
ENV NGINX_VERSION=${NGINX_PLUS_VERSION}
224220

225221
RUN --mount=type=bind,from=alpine-fips-3.19,target=/tmp/fips/ \
226222
--mount=type=secret,id=nginx-repo.crt,dst=/etc/apk/cert.pem,mode=0644 \
227223
--mount=type=secret,id=nginx-repo.key,dst=/etc/apk/cert.key,mode=0644 \
228-
--mount=type=bind,from=alpine-opentracing-lib,target=/tmp/ot/ \
229224
--mount=type=bind,from=nginx-files,src=app-protect-security-updates.rsa.pub,target=/etc/apk/keys/app-protect-security-updates.rsa.pub \
230225
--mount=type=bind,from=nginx-files,src=nginx_signing.rsa.pub,target=/etc/apk/keys/nginx_signing.rsa.pub \
231226
--mount=type=bind,from=nginx-files,src=agent.sh,target=/usr/local/bin/agent.sh \
@@ -235,16 +230,14 @@ RUN --mount=type=bind,from=alpine-fips-3.19,target=/tmp/fips/ \
235230
&& printf "%s\n" "https://${PACKAGE_REPO}/app-protect/${NGINX_PLUS_VERSION}/alpine/v$(grep -E -o '^[0-9]+\.[0-9]+' /etc/alpine-release)/main" >> /etc/apk/repositories \
236231
&& printf "%s\n" "https://pkgs.nginx.com/app-protect-security-updates/alpine/v$(grep -E -o '^[0-9]+\.[0-9]+' /etc/alpine-release)/main" >> /etc/apk/repositories \
237232
&& printf "%s\n" "https://${PACKAGE_REPO}/nginx-agent/alpine/v$(grep -E -o '^[0-9]+\.[0-9]+' /etc/alpine-release)/main" >> /etc/apk/repositories \
238-
&& apk add --no-cache libcap-utils libcurl nginx-plus nginx-plus-module-njs nginx-plus-module-opentracing nginx-plus-module-fips-check \
233+
&& apk add --no-cache libcurl nginx-plus nginx-plus-module-njs nginx-plus-module-fips-check \
239234
&& apk add --no-cache nginx-agent \
240235
&& mkdir -p /usr/ssl \
241236
&& cp -av /tmp/fips/usr/lib/ossl-modules/fips.so /usr/lib/ossl-modules/fips.so \
242237
&& cp -av /tmp/fips/usr/ssl/fipsmodule.cnf /usr/ssl/fipsmodule.cnf \
243238
&& cp -av /tmp/fips/etc/ssl/openssl.cnf /etc/ssl/openssl.cnf \
244-
&& cp -av /tmp/ot/usr/local/lib/libjaegertracing*so* /tmp/ot/usr/local/lib/libzipkin*so* /tmp/ot/usr/local/lib/libdd*so* /tmp/ot/usr/local/lib/libyaml*so* /usr/local/lib/ \
245239
&& mkdir -p /etc/nginx/reporting/ \
246240
&& cp -av /tmp/nginx/reporting/tracking.info /etc/nginx/reporting/tracking.info \
247-
&& ldconfig /usr/local/lib/ \
248241
&& apk add --no-cache app-protect app-protect-attack-signatures app-protect-threat-campaigns \
249242
&& sed -i -e '/nginx.com/d' /etc/apk/repositories \
250243
&& nap-waf.sh \
@@ -254,33 +247,29 @@ RUN --mount=type=bind,from=alpine-fips-3.19,target=/tmp/fips/ \
254247
############################################# Base image for Alpine with NGINX Plus, App Protect WAFv5 and FIPS #############################################
255248
FROM alpine:3.19@sha256:e5d0aea7f7d2954678a9a6269ca2d06e06591881161961ea59e974dff3f12377 AS alpine-plus-nap-v5-fips
256249
ARG NGINX_PLUS_VERSION
257-
ARG NGINX_PLUS_VERSION
258250
ARG PACKAGE_REPO
259251

260252
ENV NGINX_VERSION=${NGINX_PLUS_VERSION}
261253

262254
RUN --mount=type=bind,from=alpine-fips-3.19,target=/tmp/fips/ \
263255
--mount=type=secret,id=nginx-repo.crt,dst=/etc/apk/cert.pem,mode=0644 \
264256
--mount=type=secret,id=nginx-repo.key,dst=/etc/apk/cert.key,mode=0644 \
265-
--mount=type=bind,from=alpine-opentracing-lib,target=/tmp/ot/ \
266257
--mount=type=bind,from=nginx-files,src=nginx_signing.rsa.pub,target=/etc/apk/keys/nginx_signing.rsa.pub \
267258
--mount=type=bind,from=nginx-files,src=agent.sh,target=/usr/local/bin/agent.sh \
268259
--mount=type=bind,from=nginx-files,src=nap-waf.sh,target=/usr/local/bin/nap-waf.sh \
269260
--mount=type=bind,from=nginx-files,src=tracking.info,target=/tmp/nginx/reporting/tracking.info \
270261
printf "%s\n" "https://${PACKAGE_REPO}/plus/${NGINX_PLUS_VERSION}/alpine/v$(grep -E -o '^[0-9]+\.[0-9]+' /etc/alpine-release)/main" >> /etc/apk/repositories \
271262
&& printf "%s\n" "https://${PACKAGE_REPO}/app-protect-x-plus/alpine/v$(grep -E -o '^[0-9]+\.[0-9]+' /etc/alpine-release)/main" >> /etc/apk/repositories \
272263
&& printf "%s\n" "https://${PACKAGE_REPO}/nginx-agent/alpine/v$(grep -E -o '^[0-9]+\.[0-9]+' /etc/alpine-release)/main" >> /etc/apk/repositories \
273-
&& apk add --no-cache libcap-utils libcurl nginx-plus nginx-plus-module-njs nginx-plus-module-opentracing nginx-plus-module-fips-check \
264+
&& apk add --no-cache libcurl nginx-plus nginx-plus-module-njs nginx-plus-module-fips-check \
274265
&& apk add --no-cache nginx-agent \
275266
&& mkdir -p /usr/ssl \
276267
&& cp -av /tmp/fips/usr/lib/ossl-modules/fips.so /usr/lib/ossl-modules/fips.so \
277268
&& cp -av /tmp/fips/usr/ssl/fipsmodule.cnf /usr/ssl/fipsmodule.cnf \
278269
&& cp -av /tmp/fips/etc/ssl/openssl.cnf /etc/ssl/openssl.cnf \
279-
&& cp -av /tmp/ot/usr/local/lib/libjaegertracing*so* /tmp/ot/usr/local/lib/libzipkin*so* /tmp/ot/usr/local/lib/libdd*so* /tmp/ot/usr/local/lib/libyaml*so* /usr/local/lib/ \
280270
&& mkdir -p /etc/nginx/reporting/ \
281271
&& cp -av /tmp/nginx/reporting/tracking.info /etc/nginx/reporting/tracking.info \
282-
&& ldconfig /usr/local/lib/ \
283-
&& apk add --no-cache app-protect-module-plus~=33.5.264 \
272+
&& apk add --no-cache app-protect-module-plus~=34.5.342 \
284273
&& sed -i -e '/nginx.com/d' /etc/apk/repositories \
285274
&& nap-waf.sh \
286275
agent.sh
@@ -296,17 +285,19 @@ SHELL ["/bin/bash", "-o", "pipefail", "-c"]
296285
RUN --mount=type=secret,id=nginx-repo.crt,dst=/etc/ssl/nginx/nginx-repo.crt,mode=0644 \
297286
--mount=type=secret,id=nginx-repo.key,dst=/etc/ssl/nginx/nginx-repo.key,mode=0644 \
298287
--mount=type=bind,from=nginx-files,src=nginx_signing.key,target=/tmp/nginx_signing.key \
288+
--mount=type=bind,from=nginx-files,src=app-protect-security-updates.key,target=/tmp/app-protect-security-updates.key \
299289
--mount=type=bind,from=nginx-files,src=90pkgs-nginx,target=/etc/apt/apt.conf.d/90pkgs-nginx \
300290
--mount=type=bind,from=nginx-files,src=debian-plus-12.sources,target=/tmp/nginx-plus.sources \
301291
--mount=type=bind,from=nginx-files,src=tracking.info,target=/tmp/nginx/reporting/tracking.info \
302292
apt-get update \
303-
&& apt-get install --no-install-recommends --no-install-suggests -y gpg ca-certificates libcap2-bin libcurl4 \
293+
&& apt-get install --no-install-recommends --no-install-suggests -y gpg ca-certificates libcurl4 \
304294
&& groupadd --system --gid 101 nginx \
305295
&& useradd --system --gid nginx --no-create-home --home-dir /nonexistent --comment "nginx user" --shell /bin/false --uid 101 nginx \
306296
&& gpg --dearmor -o /usr/share/keyrings/nginx-archive-keyring.gpg /tmp/nginx_signing.key \
297+
&& gpg --dearmor -o /usr/share/keyrings/app-protect-archive-keyring.gpg /tmp/app-protect-security-updates.key \
307298
&& cp /tmp/nginx-plus.sources /etc/apt/sources.list.d/nginx-plus.sources \
308299
&& apt-get update \
309-
&& apt-get install --no-install-recommends --no-install-suggests -y nginx-plus nginx-plus-module-njs nginx-plus-module-opentracing nginx-plus-module-fips-check \
300+
&& apt-get install --no-install-recommends --no-install-suggests -y nginx-plus nginx-plus-module-njs nginx-plus-module-fips-check \
310301
&& apt-get purge --auto-remove -y gpg \
311302
&& mkdir -p /etc/nginx/reporting/ \
312303
&& cp -av /tmp/nginx/reporting/tracking.info /etc/nginx/reporting/tracking.info \
@@ -341,23 +332,15 @@ ENV NGINX_VERSION=${NGINX_PLUS_VERSION}
341332

342333
RUN --mount=type=secret,id=nginx-repo.crt,dst=/etc/ssl/nginx/nginx-repo.crt,mode=0644 \
343334
--mount=type=secret,id=nginx-repo.key,dst=/etc/ssl/nginx/nginx-repo.key,mode=0644 \
344-
--mount=type=bind,from=opentracing-lib,target=/tmp/ot/ \
345-
--mount=type=bind,from=nginx-files,src=nginx_signing.key,target=/tmp/nginx_signing.key \
346-
--mount=type=bind,from=nginx-files,src=app-protect-security-updates.key,target=/tmp/app-protect-security-updates.key \
347335
--mount=type=bind,from=nginx-files,src=90pkgs-nginx,target=/etc/apt/apt.conf.d/90pkgs-nginx \
348336
--mount=type=bind,from=nginx-files,src=nap-waf-12.sources,target=/tmp/app-protect.sources \
349337
--mount=type=bind,from=nginx-files,src=nap-dos-12.sources,target=/tmp/app-protect-dos.sources \
350338
--mount=type=bind,from=nginx-files,src=debian-agent-12.sources,target=/tmp/nginx-agent.sources \
351339
--mount=type=bind,from=nginx-files,src=agent.sh,target=/usr/local/bin/agent.sh \
352340
--mount=type=bind,from=nginx-files,src=nap-waf.sh,target=/usr/local/bin/nap-waf.sh \
353341
--mount=type=bind,from=nginx-files,src=nap-dos.sh,target=/usr/local/bin/nap-dos.sh \
354-
--mount=type=bind,from=nginx-files,src=tracking.info,target=/tmp/nginx/reporting/tracking.info \
355-
mkdir -p /etc/nginx/reporting/ && cp -av /tmp/nginx/reporting/tracking.info /etc/nginx/reporting/tracking.info \
356-
&& if [ -z "${NAP_MODULES##*waf*}" ]; then \
357-
apt-get update \
358-
&& apt-get install --no-install-recommends --no-install-suggests -y gpg \
359-
&& gpg --dearmor -o /usr/share/keyrings/app-protect-archive-keyring.gpg /tmp/app-protect-security-updates.key \
360-
&& cp /tmp/app-protect.sources /etc/apt/sources.list.d/app-protect.sources \
342+
if [ -z "${NAP_MODULES##*waf*}" ]; then \
343+
cp /tmp/app-protect.sources /etc/apt/sources.list.d/app-protect.sources \
361344
&& cp /tmp/nginx-agent.sources /etc/apt/sources.list.d/nginx-agent.sources \
362345
&& apt-get update \
363346
&& apt-get install --no-install-recommends --no-install-suggests -y app-protect app-protect-attack-signatures app-protect-threat-campaigns nginx-agent \
@@ -376,7 +359,6 @@ RUN --mount=type=secret,id=nginx-repo.crt,dst=/etc/ssl/nginx/nginx-repo.crt,mode
376359

377360
############################################# Base image for Debian with NGINX Plus and App Protect WAFv5 #############################################
378361
FROM debian-plus-only AS debian-plus-nap-v5
379-
ARG NAP_MODULES
380362
ARG NGINX_PLUS_VERSION
381363

382364
ENV NGINX_VERSION=${NGINX_PLUS_VERSION}
@@ -388,13 +370,9 @@ RUN --mount=type=secret,id=nginx-repo.crt,dst=/etc/ssl/nginx/nginx-repo.crt,mode
388370
--mount=type=bind,from=nginx-files,src=agent.sh,target=/usr/local/bin/agent.sh \
389371
--mount=type=bind,from=nginx-files,src=nap-waf.sh,target=/usr/local/bin/nap-waf.sh \
390372
--mount=type=bind,from=nginx-files,src=debian-agent-12.sources,target=/etc/apt/sources.list.d/nginx-agent.sources \
391-
--mount=type=bind,from=nginx-files,src=tracking.info,target=/tmp/nginx/reporting/tracking.info \
392-
mkdir -p /etc/nginx/reporting/ && cp -av /tmp/nginx/reporting/tracking.info /etc/nginx/reporting/tracking.info \
393-
&& apt-get update \
394-
&& apt-get install --no-install-recommends --no-install-suggests -y gpg \
395-
nginx-agent app-protect-module-plus=33+5.264* nginx-plus-module-appprotect=33+5.264* app-protect-plugin=6.9.0* \
373+
apt-get update \
374+
nginx-agent app-protect-module-plus=34+5.342* nginx-plus-module-appprotect=34+5.342* app-protect-plugin=6.12.0* \
396375
&& nap-waf.sh \
397-
&& apt-get purge --auto-remove -y gpg \
398376
&& agent.sh
399377

400378

@@ -470,7 +448,6 @@ RUN --mount=type=secret,id=nginx-repo.crt,dst=/etc/ssl/nginx/nginx-repo.crt,mode
470448

471449
############################################# Base image for UBI with NGINX Plus and App Protect WAFv5 #############################################
472450
FROM ubi-minimal AS ubi-9-plus-nap-v5
473-
ARG NAP_MODULES
474451

475452
RUN --mount=type=secret,id=nginx-repo.crt,dst=/etc/ssl/nginx/nginx-repo.crt,mode=0644 \
476453
--mount=type=secret,id=nginx-repo.key,dst=/etc/ssl/nginx/nginx-repo.key,mode=0644 \
@@ -489,15 +466,14 @@ RUN --mount=type=secret,id=nginx-repo.crt,dst=/etc/ssl/nginx/nginx-repo.crt,mode
489466
&& microdnf --nodocs install -y nginx-plus nginx-plus-module-njs nginx-plus-module-fips-check \
490467
&& source /tmp/rhel_license \
491468
&& microdnf --nodocs install -y ca-certificates shadow-utils subscription-manager \
492-
&& microdnf --nodocs install -y nginx-agent app-protect-module-plus-33+5.264* \
469+
&& microdnf --nodocs install -y nginx-agent app-protect-module-plus-34+5.342* \
493470
&& nap-waf.sh \
494471
&& ubi-clean.sh \
495472
&& agent.sh
496473

497474

498475
############################################# Base image for UBI8 with NGINX Plus and App Protect WAF #############################################
499476
FROM redhat/ubi8@sha256:8bd1b6306f8164de7fb0974031a0f903bd3ab3e6bcab835854d3d9a1a74ea5db AS ubi-8-plus-nap
500-
ARG NAP_MODULES
501477
ARG NGINX_PLUS_VERSION
502478

503479
ENV NGINX_VERSION=${NGINX_PLUS_VERSION}
@@ -534,7 +510,6 @@ RUN --mount=type=secret,id=nginx-repo.crt,dst=/etc/ssl/nginx/nginx-repo.crt,mode
534510

535511
############################################# Base image for UBI8 with NGINX Plus and App Protect WAFv5 #############################################
536512
FROM redhat/ubi8@sha256:8bd1b6306f8164de7fb0974031a0f903bd3ab3e6bcab835854d3d9a1a74ea5db AS ubi-8-plus-nap-v5
537-
ARG NAP_MODULES
538513
ARG NGINX_PLUS_VERSION
539514

540515
ENV NGINX_VERSION=${NGINX_PLUS_VERSION}
@@ -556,7 +531,7 @@ RUN --mount=type=secret,id=nginx-repo.crt,dst=/etc/ssl/nginx/nginx-repo.crt,mode
556531
&& useradd --system --gid nginx --no-create-home --home-dir /nonexistent --comment "nginx user" --shell /bin/false --uid 101 nginx \
557532
&& rpm --import /tmp/nginx_signing.key \
558533
&& dnf --nodocs install -y nginx-plus nginx-plus-module-njs nginx-plus-module-fips-check nginx-agent \
559-
&& dnf --nodocs install -y app-protect-module-plus-33+5.264* \
534+
&& dnf --nodocs install -y app-protect-module-plus-34+5.342* \
560535
&& nap-waf.sh \
561536
&& agent.sh \
562537
&& dnf clean all

0 commit comments

Comments
 (0)