Dockerfile.edge

FROM alpine

ENV _nginx=nginx-1.19.2 \
    _openssl=openssl-1.1.1g \
    _image=aquaron/anle:edge

ARG BUILD_DATE

LABEL maintainer="docker@aquaron.com" \
 org.label-schema.build-date=$BUILD_DATE \
 org.label-schema.docker.cmd="docker run -v $PWD:/data -p 80:80 -p 443:443 -h anle -d aquaron/anle" \
 org.label-schema.description="Nginx build on Alpine with Certbot to use as a reverse proxy." \
 org.label-schema.name="nginx" \
 org.label-schema.url="https://nginx.org" \
 org.label-schema.vcs-url="https://github.com/aquaron/anle" \
 org.label-schema.vendor="aquaron" \
 org.label-schema.version="1.1"

COPY data /data-default

RUN GPG_KEYS=B0F4253373F8F6F510D42178520A9993A1C052F8 \
 _openssl_uri=https://www.openssl.org/source/${_openssl}.tar.gz \
 _nginx_uri=http://nginx.org/download/${_nginx}.tar.gz \

 && apk add -q --no-cache --virtual .build-deps \
    gcc libc-dev make pcre-dev zlib-dev linux-headers curl gnupg libxslt-dev gd-dev wget \
 && ln -s /data-default/bin/runme.sh /usr/bin \
 && ln -s /data-default/bin/bash-prompt /root/.profile \
 && mkdir -p /var/cache/nginx \
 && addgroup -g 101 nginx; adduser -DHS -G nginx -u 100 nginx \
 && curl -fSL ${_nginx_uri} -o nginx.tar.gz \
 && curl -fSL ${_nginx_uri}.asc  -o nginx.tar.gz.asc \
 && export GNUPGHOME="$(mktemp -d)" \
 && found=''; \
    for server in \
        pgp.mit.edu \
        hkp://keyserver.ubuntu.com:80 \
        hkp://p80.pool.sks-keyservers.net:80 \
        ha.pool.sks-keyservers.net \
    ; do \
        echo "Fetching GPG key $GPG_KEYS from $server"; \
        gpg --keyserver "$server" --keyserver-options timeout=10 --recv-keys "$GPG_KEYS" && found=yes && break; \
    done; \
    test -z "$found" && echo >&2 "error: failed to fetch GPG key $GPG_KEYS" && exit 1; \
    gpg --batch --verify nginx.tar.gz.asc nginx.tar.gz \
 && rm -rf "$GNUPGHOME" nginx.tar.gz.asc \
 && mkdir -p /usr/src \
 && tar -zxC /usr/src -f nginx.tar.gz \
 && rm nginx.tar.gz \
 && cd /usr/src/${_nginx} \
 && wget ${_openssl_uri} -O - | tar xz \
 && ./configure \
   --prefix=/var/lib/nginx \
   --sbin-path=/usr/sbin/nginx \
   --modules-path=/usr/lib/nginx/modules \
   --conf-path=/etc/nginx/nginx.conf \
   --pid-path=/run/nginx/nginx.pid \
   --lock-path=/run/nginx/nginx.lock \
   --http-client-body-temp-path=/var/cache/nginx/client_body \
   --http-proxy-temp-path=/var/cache/nginx/proxy \
   --http-fastcgi-temp-path=/var/cache/nginx/fastcgi \
   --http-uwsgi-temp-path=/var/cache/nginx/uwsgi \
   --http-scgi-temp-path=/var/cache/nginx/scgi \
   --user=nginx \
   --group=nginx \
   --with-threads \
   --with-file-aio \
   --with-http_ssl_module \
   --with-http_v2_module \
   --with-http_realip_module \
   --with-http_addition_module \
   --with-http_sub_module \
   --with-http_dav_module \
   --with-http_flv_module \
   --with-http_mp4_module \
   --with-http_gunzip_module \
   --with-http_gzip_static_module \
   --with-http_auth_request_module \
   --with-http_random_index_module \
   --with-http_secure_link_module \
   --with-http_slice_module \
   --with-stream_ssl_module \
   --with-openssl=${_openssl} \
   --with-openssl-opt=enable-tls1_3 \
 && make -j$(getconf _NPROCESSORS_ONLN) \
 && make install \
 && rm -rf /etc/nginx/html/ \
 && mkdir -p /usr/share/nginx/html/ \
 && install -m644 html/index.html /usr/share/nginx/html/ \
 && strip /usr/sbin/nginx* \
 && rm -rf /usr/src/${_nginx} \
 && apk add -q --no-cache --virtual .gettext gettext \
 && mv /usr/bin/envsubst /tmp/ \
 && runDeps="$( \
    scanelf --needed --nobanner /usr/sbin/nginx /tmp/envsubst \
            | awk '{ gsub(/,/, "\nso:", $2); print "so:" $2 }' \
            | sort -u \
            | xargs -r apk info --installed \
            | sort -u \
    )" \
 && apk add -q --no-cache --virtual .nginx-rundeps $runDeps \
 && apk del -q --no-cache .build-deps \
 && apk del -q --no-cache .gettext \
 && mv /tmp/envsubst /usr/local/bin/ 

VOLUME /data
ENTRYPOINT [ "runme.sh" ]
CMD [ "daemon" ]