Skip to content

Commit d9155b2

Browse files
shaun-nxshaun-nx
committed
Set permissions on required directories. Update lables
1 parent 048c38c commit d9155b2

File tree

2 files changed

+19
-22
lines changed

2 files changed

+19
-22
lines changed

build/ubi/Dockerfile.nginx

Lines changed: 8 additions & 12 deletions
Original file line numberDiff line numberDiff line change
@@ -6,19 +6,17 @@ ADD --link --chown=101:1001 https://nginx.org/keys/nginx_signing.key nginx_signi
66
ADD --link --chown=101:1001 build/ubi/repos/nginx.repo nginx.repo
77
ADD --link --chown=101:1001 build/ubi/repos/agent.repo agent.repo
88

9-
FROM redhat/ubi9-minimal:9.6 AS ubi-minimal
10-
119
FROM ghcr.io/nginx/dependencies/nginx-ubi:ubi9@sha256:01a32246761b9bbe47a6a29bcd8ca6e9b6e331b3bdfa372d8987b622276f7025 AS ubi9-packages
1210

13-
FROM ubi-minimal AS ubi-nginx
11+
FROM redhat/ubi9-minimal:9.6 AS ubi-nginx
1412

1513
# renovate: datasource=github-tags depName=nginx/agent
1614
ARG NGINX_AGENT_VERSION=v3.3.1
1715
ARG NJS_DIR
1816
ARG NGINX_CONF_DIR
1917
ARG BUILD_AGENT
2018

21-
LABEL name="F5 NGINX Gateway Fabric NGINX" \
19+
LABEL name="F5 NGINX Gateway Fabric NGINX OSS" \
2220
maintainer="[email protected]" \
2321
vendor="F5 NGINX" \
2422
summary="NGINX Gateway Fabric" \
@@ -29,7 +27,7 @@ LABEL name="F5 NGINX Gateway Fabric NGINX" \
2927

3028
COPY --link --chown=101:1001 LICENSE /licenses/
3129

32-
# Install NGINX with OTEL support using the same approach as NGINX IC
30+
# Install NGINX with packages
3331
RUN --mount=type=bind,from=nginx-files,src=nginx_signing.key,target=/tmp/nginx_signing.key \
3432
--mount=type=bind,from=nginx-files,src=nginx.repo,target=/etc/yum.repos.d/nginx.repo \
3533
--mount=type=bind,from=nginx-files,src=agent.repo,target=/etc/yum.repos.d/agent.repo \
@@ -54,20 +52,18 @@ RUN mkdir -p /usr/lib/nginx/modules /var/run/nginx /usr/lib64/nginx/modules \
5452
# Forward request and error logs to docker log collector
5553
&& ln -sf /dev/stdout /var/log/nginx/access.log \
5654
&& ln -sf /dev/stderr /var/log/nginx/error.log \
57-
&& mv /usr/lib64/nginx/modules/ngx_* /usr/lib/nginx/modules/ \
58-
# Set proper permissions for nginx user
59-
&& chown -R 101:1001 /etc/nginx /var/cache/nginx /var/log/nginx /var/run/nginx
55+
&& mv /usr/lib64/nginx/modules/ngx_* /usr/lib/nginx/modules/
56+
57+
# Set proper permissions for nginx user
58+
RUN chown -R 101:1001 /etc/nginx /var/cache/nginx
6059

6160
# Copy configuration files and scripts
6261
COPY build/entrypoint.sh /agent/entrypoint.sh
63-
COPY ${NJS_DIR}/httpmatches.js /usr/lib/nginx/modules/njs/httpmatches.js
62+
COPY ${NJS_DIR}/ /usr/lib/nginx/modules/njs/
6463
COPY ${NGINX_CONF_DIR}/nginx.conf /etc/nginx/nginx.conf
6564
COPY ${NGINX_CONF_DIR}/grpc-error-locations.conf /etc/nginx/grpc-error-locations.conf
6665
COPY ${NGINX_CONF_DIR}/grpc-error-pages.conf /etc/nginx/grpc-error-pages.conf
6766

68-
# Set executable permissions
69-
RUN chmod +x /agent/entrypoint.sh && chown 101:1001 /agent/entrypoint.sh
70-
7167
# Switch to non-root user
7268
USER 101:1001
7369

build/ubi/Dockerfile.nginxplus

Lines changed: 11 additions & 10 deletions
Original file line numberDiff line numberDiff line change
@@ -6,11 +6,9 @@ ADD --link --chown=101:1001 https://cs.nginx.com/static/files/plus-9.repo nginx-
66
ADD --link --chown=101:1001 https://nginx.org/keys/nginx_signing.key nginx_signing.key
77
ADD --link --chown=101:1001 build/ubi/repos/agent.repo agent.repo
88

9-
FROM redhat/ubi9-minimal:9.6 AS ubi-minimal
10-
119
FROM ghcr.io/nginx/dependencies/nginx-ubi:ubi9@sha256:01a32246761b9bbe47a6a29bcd8ca6e9b6e331b3bdfa372d8987b622276f7025 AS ubi9-packages
1210

13-
FROM ubi-minimal AS ubi-nginx-plus
11+
FROM redhat/ubi9-minimal:9.6 AS ubi-nginx-plus
1412

1513
ARG NGINX_PLUS_VERSION=R35
1614

@@ -52,6 +50,7 @@ RUN --mount=type=bind,from=nginx-files,src=nginx-plus.repo,target=/etc/yum.repos
5250
# Install nginx-agent
5351
&& microdnf --nodocs install -y nginx-agent-${NGINX_AGENT_VERSION#v}* \
5452
# Clean up
53+
# && microdnf remove -y shadow-utils subscription-manager \
5554
&& microdnf clean all \
5655
&& rm -rf /var/cache/yum
5756

@@ -60,20 +59,22 @@ RUN mkdir -p /usr/lib/nginx/modules /var/run/nginx /usr/lib64/nginx/modules \
6059
# Forward request and error logs to docker log collector
6160
&& ln -sf /dev/stdout /var/log/nginx/access.log \
6261
&& ln -sf /dev/stderr /var/log/nginx/error.log \
63-
&& mv /usr/lib64/nginx/modules/ngx_* /usr/lib/nginx/modules/ \
64-
# Set proper permissions for nginx user
65-
&& chown -R 101:1001 /etc/nginx /var/cache/nginx /var/log/nginx /var/run/nginx
62+
&& mv /usr/lib64/nginx/modules/ngx_* /usr/lib/nginx/modules/
63+
64+
# Copy default html files to a writable location
65+
RUN mkdir -p /etc/nginx/html \
66+
&& cp /usr/share/nginx/html/* /etc/nginx/html/
67+
68+
# Set proper permissions for nginx user
69+
RUN chown -R 101:1001 /etc/nginx /var/cache/nginx
6670

6771
# Copy configuration files and scripts
6872
COPY build/entrypoint.sh /agent/entrypoint.sh
69-
COPY ${NJS_DIR}/httpmatches.js /usr/lib/nginx/modules/njs/httpmatches.js
73+
COPY ${NJS_DIR}/ /usr/lib/nginx/modules/njs/
7074
COPY ${NGINX_CONF_DIR}/nginx.conf /etc/nginx/nginx.conf
7175
COPY ${NGINX_CONF_DIR}/grpc-error-locations.conf /etc/nginx/grpc-error-locations.conf
7276
COPY ${NGINX_CONF_DIR}/grpc-error-pages.conf /etc/nginx/grpc-error-pages.conf
7377

74-
# Set executable permissions
75-
RUN chmod +x /agent/entrypoint.sh && chown 101:1001 /agent/entrypoint.sh
76-
7778
# Switch to non-root user
7879
USER 101:1001
7980

0 commit comments

Comments
 (0)