|
1 | 1 | FROM nginx:1.25.5@sha256:a484819eb60211f5299034ac80f6a681b06f89e65866ce91f356ed7c72af059c
|
2 | 2 |
|
3 |
| -ENV NGINX_VERSION 1.25.5 |
| 3 | +# NJS env vars |
4 | 4 | ENV NJS_VERSION 0.8.4
|
5 | 5 | ENV NJS_RELEASE 3~bookworm
|
6 | 6 |
|
| 7 | +# Proxy cache env vars |
7 | 8 | ENV PROXY_CACHE_MAX_SIZE "10g"
|
8 | 9 | ENV PROXY_CACHE_INACTIVE "60m"
|
9 | 10 | ENV PROXY_CACHE_SLICE_SIZE "1m"
|
10 | 11 | ENV PROXY_CACHE_VALID_OK "1h"
|
11 | 12 | ENV PROXY_CACHE_VALID_NOTFOUND "1m"
|
12 | 13 | ENV PROXY_CACHE_VALID_FORBIDDEN "30s"
|
| 14 | + |
| 15 | +# CORS env vars |
13 | 16 | ENV CORS_ENABLED 0
|
14 | 17 | ENV CORS_ALLOW_PRIVATE_NETWORK_ACCESS ""
|
| 18 | + |
| 19 | +# S3 proxy env vars |
15 | 20 | ENV DIRECTORY_LISTING_PATH_PREFIX ""
|
16 | 21 | ENV STRIP_LEADING_DIRECTORY_PATH ""
|
17 | 22 | ENV PREFIX_LEADING_DIRECTORY_PATH ""
|
18 | 23 |
|
19 | 24 | # We modify the nginx base image by:
|
20 |
| -# 1. Adding configuration files needed for proxying private S3 buckets |
21 |
| -# 2. Adding a directory for proxied objects to be stored |
22 |
| -# 3. Replacing the entrypoint script with a modified version that explicitly |
23 |
| -# sets resolvers. |
24 |
| -# 4. Explicitly install the version of njs coded in the environment variable |
25 |
| -# above. |
| 25 | +# 1. Explicitly install the version of njs coded in the environment variable above. |
| 26 | +# 2. Adding configuration files needed for proxying private S3 buckets |
| 27 | +# 3. Adding a directory for proxied objects to be stored |
| 28 | +# 4. Replacing the entrypoint script with a modified version that explicitly sets resolvers. |
| 29 | + |
| 30 | +RUN set -x \ |
| 31 | + && apt-get update \ |
| 32 | + && apt-get install --no-install-recommends --no-install-suggests -y gnupg1 ca-certificates \ |
| 33 | + && \ |
| 34 | + NGINX_GPGKEY=573BFD6B3D8FBC641079A6ABABF5BD827BD9BF62; \ |
| 35 | + NGINX_GPGKEY_PATH=/etc/apt/keyrings/nginx-archive-keyring.gpg; \ |
| 36 | + export GNUPGHOME="$(mktemp -d)"; \ |
| 37 | + found=''; \ |
| 38 | + for server in \ |
| 39 | + hkp://keyserver.ubuntu.com:80 \ |
| 40 | + pgp.mit.edu \ |
| 41 | + ; do \ |
| 42 | + echo "Fetching GPG key $NGINX_GPGKEY from $server"; \ |
| 43 | + gpg1 --keyserver "$server" --keyserver-options timeout=10 --recv-keys "$NGINX_GPGKEY" && found=yes && break; \ |
| 44 | + done; \ |
| 45 | + test -z "$found" && echo >&2 "error: failed to fetch GPG key $NGINX_GPGKEY" && exit 1; \ |
| 46 | + gpg1 --export "$NGINX_GPGKEY" > "$NGINX_GPGKEY_PATH" ; \ |
| 47 | + rm -rf "$GNUPGHOME"; \ |
| 48 | + apt-get remove --purge --auto-remove -y gnupg1 && rm -rf /var/lib/apt/lists/*; \ |
| 49 | + echo "deb [signed-by=/etc/apt/keyrings/nginx-archive-keyring.gpg] https://nginx.org/packages/mainline/debian/ $(echo $PKG_RELEASE | cut -f2 -d~) nginx" >> /etc/apt/sources.list.d/nginx.list; \ |
| 50 | + apt-get update \ |
| 51 | + && apt-get install --no-install-recommends --no-install-suggests -y \ |
| 52 | + libedit2 \ |
| 53 | + nginx-module-njs=${NGINX_VERSION}+${NJS_VERSION}-${NJS_RELEASE} \ |
| 54 | + && apt-get remove --purge --auto-remove -y && rm -rf /var/lib/apt/lists/* /etc/apt/sources.list.d/nginx.list |
26 | 55 |
|
27 | 56 | COPY common/etc /etc
|
| 57 | +COPY oss/etc /etc |
28 | 58 | COPY common/docker-entrypoint.sh /docker-entrypoint.sh
|
29 | 59 | COPY common/docker-entrypoint.d /docker-entrypoint.d/
|
30 |
| -COPY oss/etc /etc |
31 |
| - |
32 |
| -RUN set -eux \ |
33 |
| - export DEBIAN_FRONTEND=noninteractive; \ |
34 |
| - mkdir -p /var/cache/nginx/s3_proxy; \ |
35 |
| - chown nginx:nginx /var/cache/nginx/s3_proxy; \ |
36 |
| - chmod -R -v +x /docker-entrypoint.sh /docker-entrypoint.d/*.sh; \ |
37 |
| - echo "deb [signed-by=/etc/apt/keyrings/nginx-archive-keyring.gpg] https://nginx.org/packages/mainline/debian/ $(echo $PKG_RELEASE | cut -f2 -d~) nginx" >> /etc/apt/sources.list.d/nginx.list; \ |
38 |
| - apt-get update; \ |
39 |
| - apt-get install --no-install-recommends --no-install-suggests --yes \ |
40 |
| - curl \ |
41 |
| - libedit2 \ |
42 |
| - nginx-module-njs=${NGINX_VERSION}+${NJS_VERSION}-${NJS_RELEASE}; \ |
43 |
| - apt-get remove --purge --auto-remove --yes; \ |
44 |
| - rm -rf /var/lib/apt/lists/* /etc/apt/sources.list.d/nginx.list |
45 | 60 |
|
| 61 | +RUN mkdir -p /var/cache/nginx/s3_proxy \ |
| 62 | + && chown nginx:nginx /var/cache/nginx/s3_proxy \ |
| 63 | + && chmod -R -v +x /docker-entrypoint.sh /docker-entrypoint.d/*.sh; |
0 commit comments