basecamp
diff --git a/‎.github/workflows/main.yml
-36 b/‎.github/workflows/main.yml
-36
diff --git a/‎README.md
+161-54 b/‎README.md
+161-54
diff --git a/‎docker-build.sh
+2-2 b/‎docker-build.sh
+2-2
diff --git a/‎docs/logo-lua.png
15.9 KB b/‎docs/logo-lua.png
15.9 KB
diff --git a/‎docs/logo-nginx.png
21 KB b/‎docs/logo-nginx.png
21 KB
diff --git a/‎nginx/1.17.10/alpine/3.10.5/Dockerfile
+21-5 b/‎nginx/1.17.10/alpine/3.10.5/Dockerfile
+21-5
diff --git a/‎nginx/1.17.10/alpine/3.11.6/Dockerfile
+21-5 b/‎nginx/1.17.10/alpine/3.11.6/Dockerfile
+21-5
diff --git a/‎nginx/1.17.10/alpine/3.12.0/Dockerfile
+21-5 b/‎nginx/1.17.10/alpine/3.12.0/Dockerfile
+21-5
@@ -24,12 +24,6 @@ jobs:
       - name: Test images
         run: ./test/test.sh alpine
 
-      - name: Security Check
-        run: |
-            npm install -g snyk
-            snyk auth $SNYK_AUTH_TOKEN
-            ./test/security.sh alpine
-
       - name: Log into registry
         run: echo "${{ secrets.DOCKER_HUB_TOKEN }}" | docker login  -u ${{ github.actor }} --password-stdin
         if: github.ref == 'refs/heads/master'
@@ -49,12 +43,6 @@ jobs:
       - name: Test images
         run: ./test/test.sh amazonlinux
 
-      - name: Security Check
-        run: |
-            npm install -g snyk
-            snyk auth $SNYK_AUTH_TOKEN
-            ./test/security.sh amazonlinux
-
       - name: Log into registry
         run: echo "${{ secrets.DOCKER_HUB_TOKEN }}" | docker login  -u ${{ github.actor }} --password-stdin
         if: github.ref == 'refs/heads/master'
@@ -74,12 +62,6 @@ jobs:
       - name: Test images
         run: ./test/test.sh centos
 
-      - name: Security Check
-        run: |
-            npm install -g snyk
-            snyk auth $SNYK_AUTH_TOKEN
-            ./test/security.sh centos
-
       - name: Log into registry
         run: echo "${{ secrets.DOCKER_HUB_TOKEN }}" | docker login  -u ${{ github.actor }} --password-stdin
         if: github.ref == 'refs/heads/master'
@@ -99,12 +81,6 @@ jobs:
       - name: Test images
         run: ./test/test.sh debian
 
-      - name: Security Check
-        run: |
-            npm install -g snyk
-            snyk auth $SNYK_AUTH_TOKEN
-            ./test/security.sh debian
-
       - name: Log into registry
         run: echo "${{ secrets.DOCKER_HUB_TOKEN }}" | docker login  -u ${{ github.actor }} --password-stdin
         if: github.ref == 'refs/heads/master'
@@ -124,12 +100,6 @@ jobs:
       - name: Test images
         run: ./test/test.sh fedora
 
-      - name: Security Check
-        run: |
-            npm install -g snyk
-            snyk auth $SNYK_AUTH_TOKEN
-            ./test/security.sh fedora
-
       - name: Log into registry
         run: echo "${{ secrets.DOCKER_HUB_TOKEN }}" | docker login  -u ${{ github.actor }} --password-stdin
         if: github.ref == 'refs/heads/master'
@@ -149,12 +119,6 @@ jobs:
       - name: Test images
         run: ./test/test.sh ubuntu
 
-      - name: Security Check
-        run: |
-            npm install -g snyk
-            snyk auth $SNYK_AUTH_TOKEN
-            ./test/security.sh ubuntu
-
       - name: Log into registry
         run: echo "${{ secrets.DOCKER_HUB_TOKEN }}" | docker login  -u ${{ github.actor }} --password-stdin
         if: github.ref == 'refs/heads/master'
 
@@ -41,13 +41,13 @@ function build() {
     if [ "$OS_TAGS" == "1" ]; then
         TAGS="$TAGS -t fabiocicerchia/nginx-lua:$MINOR-$OS"
         TAGS="$TAGS -t fabiocicerchia/nginx-lua:$PATCH-$OS"
-        TAGS="$TAGS -t fabiocicerchia/nginx-lua:$MINOR-$OS$OS_VER"
     fi
+    TAGS="$TAGS -t fabiocicerchia/nginx-lua:$MINOR-$OS$OS_VER"
 
     BUILD_DATE=$(date +%Y%m%d%H%M%S)
     BUILD_VERSION=$(date +%s)
     VCS_REF=$(git rev-parse --short HEAD)
-    docker build \
+    time docker build \
         --build-arg BUILD_DATE=$BUILD_DATE \
         --build-arg BUILD_VERSION=$BUILD_VERSION \
         --build-arg VCS_REF=$VCS_REF \
 
@@ -1,6 +1,5 @@
 FROM alpine:3.10.5
 
-MAINTAINER Fabio Cicerchia <[email protected]>
 LABEL maintainer="[email protected]"
 
 ARG BUILD_DATE
@@ -40,6 +39,9 @@ ENV VER_NGINX 1.17.10
 # The NDK is now considered to be stable.
 ENV VER_NGX_DEVEL_KIT 0.3.1
 
+# https://github.com/Yelp/dumb-init
+ENV VER_DUMBINIT 1.2.2
+
 ENV LUAJIT_LIB /usr/local/lib
 ENV LUAJIT_INC /usr/local/include/luajit-2.1
 ENV LD_LIBRARY_PATH /usr/local/lib/:$LD_LIBRARY_PATH
@@ -49,7 +51,7 @@ RUN set -x \
    && apk add --no-cache \
       geoip-dev \
       openssl-dev \
-      pcre3-dev \
+      pcre-dev \
       zlib-dev \
    && apk add --no-cache --virtual .build-deps \
       curl \
@@ -92,8 +94,8 @@ RUN set -x \
 # NGINX
 # ##############################################################################
 # create nginx user/group first, to be consistent throughout docker variants
-   && addgroup -g 1001 -S nginx \
-   && adduser -S -D -H -u 1001 -h /var/cache/nginx -s /sbin/nologin -G nginx -g nginx nginx \
+   && addgroup -g 32548 -S nginx \
+   && adduser -S -D -H -u 32548 -h /var/cache/nginx -s /sbin/nologin -G nginx -g nginx nginx \
 # we're on an architecture upstream doesn't officially build for
 # let's build binaries from the published packaging sources
       && apk add --no-cache --virtual .nginx-build-deps \
@@ -110,7 +112,7 @@ RUN set -x \
             make \
             mercurial \
             openssl-dev \
-            pcre3-dev \
+            pcre-dev \
             perl-dev \
             zlib-dev \
       && curl -Lo /nginx.tar.gz https://nginx.org/download/nginx-${VER_NGINX}.tar.gz \
@@ -177,6 +179,16 @@ RUN set -x \
 # forward request and error logs to docker log collector
    && ln -sf /dev/stdout /var/log/nginx/access.log \
    && ln -sf /dev/stderr /var/log/nginx/error.log \
+# UID & GID
+# ##############################################################################
+   && chown -R 32548:32548 \
+      /etc/nginx \
+      /lua-nginx-module-${VER_LUA_NGINX_MODULE} \
+      /ngx_devel_kit-${VER_NGX_DEVEL_KIT} \
+      /var/log/nginx \
+# dumb-init
+# ##############################################################################
+   && apk add dumb-init \
 # Cleanup
 # ##############################################################################
    && rm -rf /lua-nginx-module-${VER_LUA_NGINX_MODULE} \
@@ -189,9 +201,13 @@ RUN set -x \
 
 HEALTHCHECK --interval=30s --timeout=3s CMD curl --fail http://localhost/ || exit 1
 
+USER nginx
+
 EXPOSE 80
 EXPOSE 443
 
 STOPSIGNAL SIGTERM
 
+ENTRYPOINT ["dumb-init"]
+
 CMD ["nginx", "-g", "daemon off;"]
@@ -1,6 +1,5 @@
 FROM alpine:3.11.6
 
-MAINTAINER Fabio Cicerchia <[email protected]>
 LABEL maintainer="[email protected]"
 
 ARG BUILD_DATE
@@ -40,6 +39,9 @@ ENV VER_NGINX 1.17.10
 # The NDK is now considered to be stable.
 ENV VER_NGX_DEVEL_KIT 0.3.1
 
+# https://github.com/Yelp/dumb-init
+ENV VER_DUMBINIT 1.2.2
+
 ENV LUAJIT_LIB /usr/local/lib
 ENV LUAJIT_INC /usr/local/include/luajit-2.1
 ENV LD_LIBRARY_PATH /usr/local/lib/:$LD_LIBRARY_PATH
@@ -49,7 +51,7 @@ RUN set -x \
    && apk add --no-cache \
       geoip-dev \
       openssl-dev \
-      pcre3-dev \
+      pcre-dev \
       zlib-dev \
    && apk add --no-cache --virtual .build-deps \
       curl \
@@ -92,8 +94,8 @@ RUN set -x \
 # NGINX
 # ##############################################################################
 # create nginx user/group first, to be consistent throughout docker variants
-   && addgroup -g 1001 -S nginx \
-   && adduser -S -D -H -u 1001 -h /var/cache/nginx -s /sbin/nologin -G nginx -g nginx nginx \
+   && addgroup -g 32548 -S nginx \
+   && adduser -S -D -H -u 32548 -h /var/cache/nginx -s /sbin/nologin -G nginx -g nginx nginx \
 # we're on an architecture upstream doesn't officially build for
 # let's build binaries from the published packaging sources
       && apk add --no-cache --virtual .nginx-build-deps \
@@ -110,7 +112,7 @@ RUN set -x \
             make \
             mercurial \
             openssl-dev \
-            pcre3-dev \
+            pcre-dev \
             perl-dev \
             zlib-dev \
       && curl -Lo /nginx.tar.gz https://nginx.org/download/nginx-${VER_NGINX}.tar.gz \
@@ -177,6 +179,16 @@ RUN set -x \
 # forward request and error logs to docker log collector
    && ln -sf /dev/stdout /var/log/nginx/access.log \
    && ln -sf /dev/stderr /var/log/nginx/error.log \
+# UID & GID
+# ##############################################################################
+   && chown -R 32548:32548 \
+      /etc/nginx \
+      /lua-nginx-module-${VER_LUA_NGINX_MODULE} \
+      /ngx_devel_kit-${VER_NGX_DEVEL_KIT} \
+      /var/log/nginx \
+# dumb-init
+# ##############################################################################
+   && apk add dumb-init \
 # Cleanup
 # ##############################################################################
    && rm -rf /lua-nginx-module-${VER_LUA_NGINX_MODULE} \
@@ -189,9 +201,13 @@ RUN set -x \
 
 HEALTHCHECK --interval=30s --timeout=3s CMD curl --fail http://localhost/ || exit 1
 
+USER nginx
+
 EXPOSE 80
 EXPOSE 443
 
 STOPSIGNAL SIGTERM
 
+ENTRYPOINT ["dumb-init"]
+
 CMD ["nginx", "-g", "daemon off;"]
@@ -1,6 +1,5 @@
 FROM alpine:3.12.0
 
-MAINTAINER Fabio Cicerchia <[email protected]>
 LABEL maintainer="[email protected]"
 
 ARG BUILD_DATE
@@ -40,6 +39,9 @@ ENV VER_NGINX 1.17.10
 # The NDK is now considered to be stable.
 ENV VER_NGX_DEVEL_KIT 0.3.1
 
+# https://github.com/Yelp/dumb-init
+ENV VER_DUMBINIT 1.2.2
+
 ENV LUAJIT_LIB /usr/local/lib
 ENV LUAJIT_INC /usr/local/include/luajit-2.1
 ENV LD_LIBRARY_PATH /usr/local/lib/:$LD_LIBRARY_PATH
@@ -49,7 +51,7 @@ RUN set -x \
    && apk add --no-cache \
       geoip-dev \
       openssl-dev \
-      pcre3-dev \
+      pcre-dev \
       zlib-dev \
    && apk add --no-cache --virtual .build-deps \
       curl \
@@ -92,8 +94,8 @@ RUN set -x \
 # NGINX
 # ##############################################################################
 # create nginx user/group first, to be consistent throughout docker variants
-   && addgroup -g 1001 -S nginx \
-   && adduser -S -D -H -u 1001 -h /var/cache/nginx -s /sbin/nologin -G nginx -g nginx nginx \
+   && addgroup -g 32548 -S nginx \
+   && adduser -S -D -H -u 32548 -h /var/cache/nginx -s /sbin/nologin -G nginx -g nginx nginx \
 # we're on an architecture upstream doesn't officially build for
 # let's build binaries from the published packaging sources
       && apk add --no-cache --virtual .nginx-build-deps \
@@ -110,7 +112,7 @@ RUN set -x \
             make \
             mercurial \
             openssl-dev \
-            pcre3-dev \
+            pcre-dev \
             perl-dev \
             zlib-dev \
       && curl -Lo /nginx.tar.gz https://nginx.org/download/nginx-${VER_NGINX}.tar.gz \
@@ -177,6 +179,16 @@ RUN set -x \
 # forward request and error logs to docker log collector
    && ln -sf /dev/stdout /var/log/nginx/access.log \
    && ln -sf /dev/stderr /var/log/nginx/error.log \
+# UID & GID
+# ##############################################################################
+   && chown -R 32548:32548 \
+      /etc/nginx \
+      /lua-nginx-module-${VER_LUA_NGINX_MODULE} \
+      /ngx_devel_kit-${VER_NGX_DEVEL_KIT} \
+      /var/log/nginx \
+# dumb-init
+# ##############################################################################
+   && apk add dumb-init \
 # Cleanup
 # ##############################################################################
    && rm -rf /lua-nginx-module-${VER_LUA_NGINX_MODULE} \
@@ -189,9 +201,13 @@ RUN set -x \
 
 HEALTHCHECK --interval=30s --timeout=3s CMD curl --fail http://localhost/ || exit 1
 
+USER nginx
+
 EXPOSE 80
 EXPOSE 443
 
 STOPSIGNAL SIGTERM
 
+ENTRYPOINT ["dumb-init"]
+
 CMD ["nginx", "-g", "daemon off;"]