forked from behance/docker-nginx
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathDockerfile
51 lines (44 loc) · 1.62 KB
/
Dockerfile
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
FROM behance/docker-base:1.4
MAINTAINER Bryan Latten <[email protected]>
ENV CONTAINER_ROLE=web \
CONTAINER_PORT=8080 \
CONF_NGINX_SITE="/etc/nginx/sites-available/default" \
CONF_NGINX_SERVER="/etc/nginx/nginx.conf" \
NOT_ROOT_USER=www-data
# Using a non-privileged port to prevent having to use setcap internally
EXPOSE ${CONTAINER_PORT}
# - Update security packages, only
RUN /bin/bash -e /security_updates.sh && \
# Install pre-reqs \
apt-get install --no-install-recommends -yqq \
software-properties-common \
&& \
# Install latest nginx (development PPA is actually mainline development) \
add-apt-repository ppa:nginx/development -y && \
apt-get update -yqq && \
apt-get install -yqq --no-install-recommends \
nginx \
&& \
# Perform cleanup, ensure unnecessary packages are removed \
apt-get remove --purge -yq \
manpages \
manpages-dev \
man-db \
patch \
make \
unattended-upgrades \
python* \
&& \
/bin/bash -e /clean.sh
# Overlay the root filesystem from this repo
COPY ./container/root /
# Set nginx to listen on defined port
# NOTE: order of operations is important, new config had to already installed from repo (above)
RUN sed -i "s/listen [0-9]*;/listen ${CONTAINER_PORT};/" $CONF_NGINX_SITE && \
# Make temp directory for .nginx runtime files \
mkdir /tmp/.nginx
RUN goss -g /tests/nginx/base.goss.yaml validate && \
/aufs_hack.sh
# NOTE: intentionally NOT using s6 init as the entrypoint
# This would prevent container debugging if any of those service crash
CMD ["/bin/bash", "/run.sh"]