Merge pull request #19 from nginxinc/docker-alpine-nginx-amplify

Alpine based Dockerfile

Author: gdzien

Alpine/Dockerfile

@@ -0,0 +1,183 @@
+FROM alpine:3.8
+
+LABEL maintainer="NGINX Docker Maintainers <[email protected]>"
+
+ENV NGINX_VERSION 1.14.2
+
+RUN GPG_KEYS=B0F4253373F8F6F510D42178520A9993A1C052F8 \
+	&& CONFIG="\
+		--prefix=/etc/nginx \
+		--sbin-path=/usr/sbin/nginx \
+		--modules-path=/usr/lib/nginx/modules \
+		--conf-path=/etc/nginx/nginx.conf \
+		--error-log-path=/var/log/nginx/error.log \
+		--http-log-path=/var/log/nginx/access.log \
+		--pid-path=/var/run/nginx.pid \
+		--lock-path=/var/run/nginx.lock \
+		--http-client-body-temp-path=/var/cache/nginx/client_temp \
+		--http-proxy-temp-path=/var/cache/nginx/proxy_temp \
+		--http-fastcgi-temp-path=/var/cache/nginx/fastcgi_temp \
+		--http-uwsgi-temp-path=/var/cache/nginx/uwsgi_temp \
+		--http-scgi-temp-path=/var/cache/nginx/scgi_temp \
+		--user=nginx \
+		--group=nginx \
+		--with-http_ssl_module \
+		--with-http_realip_module \
+		--with-http_addition_module \
+		--with-http_sub_module \
+		--with-http_dav_module \
+		--with-http_flv_module \
+		--with-http_mp4_module \
+		--with-http_gunzip_module \
+		--with-http_gzip_static_module \
+		--with-http_random_index_module \
+		--with-http_secure_link_module \
+		--with-http_stub_status_module \
+		--with-http_auth_request_module \
+		--with-http_xslt_module=dynamic \
+		--with-http_image_filter_module=dynamic \
+		--with-http_geoip_module=dynamic \
+		--with-threads \
+		--with-stream \
+		--with-stream_ssl_module \
+		--with-stream_ssl_preread_module \
+		--with-stream_realip_module \
+		--with-stream_geoip_module=dynamic \
+		--with-http_slice_module \
+		--with-mail \
+		--with-mail_ssl_module \
+		--with-compat \
+		--with-file-aio \
+		--with-http_v2_module \
+	" \
+	&& addgroup -S nginx \
+	&& adduser -D -S -h /var/cache/nginx -s /sbin/nologin -G nginx nginx \
+	&& apk add --no-cache --virtual .build-deps \
+		gcc \
+		libc-dev \
+		make \
+		openssl-dev \
+		pcre-dev \
+		zlib-dev \
+		linux-headers \
+		curl \
+		gnupg1 \
+		libxslt-dev \
+		gd-dev \
+		geoip-dev \
+	&& curl -fSL https://nginx.org/download/nginx-$NGINX_VERSION.tar.gz -o nginx.tar.gz \
+	&& curl -fSL https://nginx.org/download/nginx-$NGINX_VERSION.tar.gz.asc  -o nginx.tar.gz.asc \
+	&& export GNUPGHOME="$(mktemp -d)" \
+	&& found=''; \
+	for server in \
+		ha.pool.sks-keyservers.net \
+		hkp://keyserver.ubuntu.com:80 \
+		hkp://p80.pool.sks-keyservers.net:80 \
+		pgp.mit.edu \
+	; do \
+		echo "Fetching GPG key $GPG_KEYS from $server"; \
+		gpg --keyserver "$server" --keyserver-options timeout=10 --recv-keys "$GPG_KEYS" && found=yes && break; \
+	done; \
+	test -z "$found" && echo >&2 "error: failed to fetch GPG key $GPG_KEYS" && exit 1; \
+	gpg --batch --verify nginx.tar.gz.asc nginx.tar.gz \
+	&& rm -rf "$GNUPGHOME" nginx.tar.gz.asc \
+	&& mkdir -p /usr/src \
+	&& tar -zxC /usr/src -f nginx.tar.gz \
+	&& rm nginx.tar.gz \
+	&& cd /usr/src/nginx-$NGINX_VERSION \
+	&& ./configure $CONFIG --with-debug \
+	&& make -j$(getconf _NPROCESSORS_ONLN) \
+	&& mv objs/nginx objs/nginx-debug \
+	&& mv objs/ngx_http_xslt_filter_module.so objs/ngx_http_xslt_filter_module-debug.so \
+	&& mv objs/ngx_http_image_filter_module.so objs/ngx_http_image_filter_module-debug.so \
+	&& mv objs/ngx_http_geoip_module.so objs/ngx_http_geoip_module-debug.so \
+	&& mv objs/ngx_stream_geoip_module.so objs/ngx_stream_geoip_module-debug.so \
+	&& ./configure $CONFIG \
+	&& make -j$(getconf _NPROCESSORS_ONLN) \
+	&& make install \
+	&& rm -rf /etc/nginx/html/ \
+	&& mkdir /etc/nginx/conf.d/ \
+	&& mkdir -p /usr/share/nginx/html/ \
+	&& install -m644 html/index.html /usr/share/nginx/html/ \
+	&& install -m644 html/50x.html /usr/share/nginx/html/ \
+	&& install -m755 objs/nginx-debug /usr/sbin/nginx-debug \
+	&& install -m755 objs/ngx_http_xslt_filter_module-debug.so /usr/lib/nginx/modules/ngx_http_xslt_filter_module-debug.so \
+	&& install -m755 objs/ngx_http_image_filter_module-debug.so /usr/lib/nginx/modules/ngx_http_image_filter_module-debug.so \
+	&& install -m755 objs/ngx_http_geoip_module-debug.so /usr/lib/nginx/modules/ngx_http_geoip_module-debug.so \
+	&& install -m755 objs/ngx_stream_geoip_module-debug.so /usr/lib/nginx/modules/ngx_stream_geoip_module-debug.so \
+	&& ln -s ../../usr/lib/nginx/modules /etc/nginx/modules \
+	&& strip /usr/sbin/nginx* \
+	&& strip /usr/lib/nginx/modules/*.so \
+	&& rm -rf /usr/src/nginx-$NGINX_VERSION \
+        \
+	# Bring in gettext so we can get `envsubst`, then throw
+	# the rest away. To do this, we need to install `gettext`
+	# then move `envsubst` out of the way so `gettext` can
+	# be deleted completely, then move `envsubst` back.
+	&& apk add --no-cache --virtual .gettext gettext \
+	&& mv /usr/bin/envsubst /tmp/ \
+	\
+	&& runDeps="$( \
+		scanelf --needed --nobanner --format '%n#p' /usr/sbin/nginx /usr/lib/nginx/modules/*.so /tmp/envsubst \
+			| tr ',' '\n' \
+			| sort -u \
+			| awk 'system("[ -e /usr/local/lib/" $1 " ]") == 0 { next } { print "so:" $1 }' \
+	)" \
+	&& apk add --no-cache --virtual .nginx-rundeps $runDeps \
+	&& apk del .build-deps \
+	&& apk del .gettext \
+	&& mv /tmp/envsubst /usr/local/bin/ \
+	\
+	# Bring in tzdata so users could set the timezones through the environment
+	# variables
+	&& apk add --no-cache tzdata \
+	\
+        ### Amplify specific section starts here
+        # make sure log files are agent-readable
+        && touch /var/log/nginx/access.log \
+        && touch /var/log/nginx/error.log \
+        \
+        # Install packages required by agent
+        && apk add --no-cache python \ 
+        procps \
+        util-linux \
+        py-pip \
+        \
+        # install packages required for agent build
+        && apk add --no-cache --virtual .amplify\
+        python-dev \
+        build-base \
+        git \
+        linux-headers \
+        && cd / \
+        \
+        # clone latest agent from repository and build it
+        && git clone https://github.com/nginxinc/nginx-amplify-agent \
+        && cd nginx-amplify-agent/ \
+        && pip install --no-cache-dir -r packages/nginx-amplify-agent/requirements.txt \
+        && python setup.py install \
+        \
+        # make sure agent log exists
+        && mkdir -p /var/log/amplify-agent \
+        && touch /var/log/amplify-agent/agent.log \
+        \
+        # create agent config file
+        && cp /etc/amplify-agent/agent.conf.default /etc/amplify-agent/agent.conf \
+        \
+        # Cleanup
+        && cd .. \
+        && rm -Rf nginx-amplify-agent/ \
+        && find /usr/lib/python2.7 -name \*\.pyo -exec rm {} \; \
+        && find /usr/lib/python2.7 -name \*\.pyc -exec rm {} \; \
+        && apk del .amplify 
+
+COPY ./entrypoint.sh /entrypoint.sh
+COPY conf/nginx.conf /etc/nginx/nginx.conf
+COPY conf/nginx.vh.default.conf /etc/nginx/conf.d/default.conf
+COPY conf/stub_status.conf /etc/nginx/conf.d/stub_status.conf
+
+EXPOSE 80
+
+STOPSIGNAL SIGTERM
+
+ENTRYPOINT ["/entrypoint.sh"]

Alpine/conf/nginx.conf

@@ -0,0 +1,42 @@
+
+user  nginx;
+worker_processes  1;
+
+error_log  /var/log/nginx/error.log warn;
+pid        /var/run/nginx.pid;
+
+
+events {
+    worker_connections  1024;
+}
+
+
+http {
+    include       /etc/nginx/mime.types;
+    default_type  application/octet-stream;
+
+    log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
+                      '$status $body_bytes_sent "$http_referer" '
+                      '"$http_user_agent" "$http_x_forwarded_for"';
+
+    log_format  main_ext  '$remote_addr - $remote_user [$time_local] "$request" '
+                      '$status $body_bytes_sent "$http_referer" '
+                      '"$http_user_agent" "$http_x_forwarded_for" '
+                      '"$host" sn="$server_name" '
+                      'rt=$request_time '
+                      'ua="$upstream_addr" us="$upstream_status" '
+                      'ut="$upstream_response_time" ul="$upstream_response_length" '
+                      'cs=$upstream_cache_status' ;
+
+    access_log  /var/log/nginx/access.log  main_ext;
+    error_log  /var/log/nginx/error.log warn;
+
+    sendfile        on;
+    #tcp_nopush     on;
+
+    keepalive_timeout  65;
+
+    #gzip  on;
+
+    include /etc/nginx/conf.d/*.conf;
+}

Alpine/conf/nginx.vh.default.conf

@@ -0,0 +1,45 @@
+server {
+    listen       80;
+    server_name  localhost;
+
+    #charset koi8-r;
+    #access_log  /var/log/nginx/host.access.log  main;
+
+    location / {
+        root   /usr/share/nginx/html;
+        index  index.html index.htm;
+    }
+
+    #error_page  404              /404.html;
+
+    # redirect server error pages to the static page /50x.html
+    #
+    error_page   500 502 503 504  /50x.html;
+    location = /50x.html {
+        root   /usr/share/nginx/html;
+    }
+
+    # proxy the PHP scripts to Apache listening on 127.0.0.1:80
+    #
+    #location ~ \.php$ {
+    #    proxy_pass   http://127.0.0.1;
+    #}
+
+    # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
+    #
+    #location ~ \.php$ {
+    #    root           html;
+    #    fastcgi_pass   127.0.0.1:9000;
+    #    fastcgi_index  index.php;
+    #    fastcgi_param  SCRIPT_FILENAME  /scripts$fastcgi_script_name;
+    #    include        fastcgi_params;
+    #}
+
+    # deny access to .htaccess files, if Apache's document root
+    # concurs with nginx's one
+    #
+    #location ~ /\.ht {
+    #    deny  all;
+    #}
+}
+

Alpine/conf/stub_status.conf

@@ -0,0 +1,10 @@
+server {
+        root /usr/share/nginx/html;
+        listen 127.0.0.1:80;
+        server_name 127.0.0.1;
+        location /nginx_status {
+            stub_status on;
+            allow 127.0.0.1;
+            deny all;
+        }
+    }

Alpine/entrypoint.sh

@@ -0,0 +1,77 @@
+#!/bin/sh
+#
+# This script launches nginx and the NGINX Amplify Agent.
+#
+# Unless already baked in the image, a real API_KEY is required for the
+# NGINX Amplify Agent to be able to connect to the backend.
+#
+# If AMPLIFY_IMAGENAME is set, the script will use it to generate
+# the 'imagename' to put in the /etc/amplify-agent/agent.conf
+#
+# If several instances use the same imagename, the metrics will
+# be aggregated into a single object in Amplify. Otherwise NGINX Amplify
+# will create separate objects for monitoring (an object per instance).
+#
+
+# Variables
+agent_conf_file="/etc/amplify-agent/agent.conf"
+agent_log_file="/var/log/amplify-agent/agent.log"
+nginx_status_conf="/etc/nginx/conf.d/stub_status.conf"
+api_key=""
+amplify_imagename=""
+
+# Launch nginx
+echo "starting nginx ..."
+nginx -g "daemon off;" &
+
+nginx_pid=$!
+
+test -n "${API_KEY}" && \
+    api_key=${API_KEY}
+
+test -n "${AMPLIFY_IMAGENAME}" && \
+    amplify_imagename=${AMPLIFY_IMAGENAME}
+
+if [ -n "${api_key}" -o -n "${amplify_imagename}" ]; then
+    echo "updating ${agent_conf_file} ..."
+
+    if [ ! -f "${agent_conf_file}" ]; then
+	test -f "${agent_conf_file}.default" && \
+	cp -p "${agent_conf_file}.default" "${agent_conf_file}" || \
+	{ echo "no ${agent_conf_file}.default found! exiting."; exit 1; }
+    fi
+
+    test -n "${api_key}" && \
+    echo " ---> using api_key = ${api_key}" && \
+    sh -c "sed -i.old -e 's/api_key.*$/api_key = $api_key/' \
+	${agent_conf_file}"
+
+    test -n "${amplify_imagename}" && \
+    echo " ---> using imagename = ${amplify_imagename}" && \
+    sh -c "sed -i.old -e 's/imagename.*$/imagename = $amplify_imagename/' \
+	${agent_conf_file}"
+
+    test -f "${agent_conf_file}" && \
+    chmod 644 ${agent_conf_file} && \
+    chown nginx ${agent_conf_file} > /dev/null 2>&1
+
+    test -f "${nginx_status_conf}" && \
+    chmod 644 ${nginx_status_conf} && \
+    chown nginx ${nginx_status_conf} > /dev/null 2>&1
+fi
+
+if ! grep '^api_key.*=[ ]*[[:alnum:]].*' ${agent_conf_file} > /dev/null 2>&1; then
+    echo "no api_key found in ${agent_conf_file}! exiting."
+fi
+
+echo "starting amplify-agent ..."
+nginx-amplify-agent.py start --config=/etc/amplify-agent/agent.conf > /dev/null 2>&1 < /dev/null
+
+if [ $? != 0 ]; then
+    echo "couldn't start the agent, please check ${agent_log_file}"
+    exit 1
+fi
+
+wait ${nginx_pid}
+
+echo "nginx master process has stopped, exiting."