-
Notifications
You must be signed in to change notification settings - Fork 26
/
Dockerfile
60 lines (54 loc) · 2.2 KB
/
Dockerfile
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
FROM behance/docker-base:5.0.1-ubuntu-20.04
# Use in multi-phase builds, when an init process requests for the container to gracefully exit, so that it may be committed
# Used with alternative CMD (worker.sh), leverages supervisor to maintain long-running processes
#
# NGINX_VERSION is the MAJOR.MINOR.PATCH version available from upstream
# providers (https://launchpad.net/~ondrej/+archive/ubuntu/nginx) at the time
# of the build
ENV CONTAINER_ROLE=web \
CONTAINER_PORT=8080 \
CONF_NGINX_SITE="/etc/nginx/sites-available/default" \
CONF_NGINX_SERVER="/etc/nginx/nginx.conf" \
NGINX_VERSION="1.22.0" \
NOT_ROOT_USER=www-data \
S6_KILL_FINISH_MAXTIME=55000
# Using a non-privileged port to prevent having to use setcap internally
EXPOSE ${CONTAINER_PORT}
# - Update security packages, plus ca-certificates required for https
# - Install pre-reqs
# - Install latest nginx (development PPA is actually mainline development)
# - Perform cleanup, ensure unnecessary packages are removed
RUN /bin/bash -e /security_updates.sh && \
apt-get install --no-install-recommends -yqq \
software-properties-common \
&& \
add-apt-repository ppa:ondrej/nginx -y && \
apt-get update -yqq && \
apt-get install -yqq --no-install-recommends \
nginx-light=${NGINX_VERSION}-* \
ca-certificates \
libnginx-mod-brotli=${NGINX_VERSION}-* \
&& \
apt-get remove --purge -yq \
manpages \
manpages-dev \
man-db \
patch \
make \
unattended-upgrades \
python* \
&& \
/bin/bash -e /clean.sh
# Overlay the root filesystem from this repo
COPY --chown=www-data ./container/root /
# Set nginx to listen on defined port
# NOTE: order of operations is important, new config had to already installed from repo (above)
# - Make temp directory for .nginx runtime files
# - Fix woff mime type support
# Set permissions to allow image to be run under a non root user
RUN sed -i "s/listen [0-9]*;/listen ${CONTAINER_PORT};/" $CONF_NGINX_SITE && \
mkdir /tmp/.nginx && \
/bin/bash -e /scripts/fix_woff_support.sh && \
/bin/bash -e /scripts/set_permissions.sh
RUN goss -g /tests/ubuntu/nginx.goss.yaml validate && \
/aufs_hack.sh