diff --git a/mainline/alpine-perl/Dockerfile b/mainline/alpine-perl/Dockerfile
index 4c299989ccaa54e3d384a1bb50c205560cd450b3..4b86721dc0fb08d89175ddb0bc47ed2784b4df72 100644
--- a/mainline/alpine-perl/Dockerfile
+++ b/mainline/alpine-perl/Dockerfile
@@ -3,146 +3,110 @@ FROM alpine:3.9
LABEL maintainer="NGINX Docker Maintainers <docker-maint@nginx.com>"
ENV NGINX_VERSION 1.15.9
+ENV NJS_VERSION 1.15.9.0.2.8
+ENV PKG_RELEASE 1
-RUN GPG_KEYS=B0F4253373F8F6F510D42178520A9993A1C052F8 \
- && CONFIG="\
- --prefix=/etc/nginx \
- --sbin-path=/usr/sbin/nginx \
- --modules-path=/usr/lib/nginx/modules \
- --conf-path=/etc/nginx/nginx.conf \
- --error-log-path=/var/log/nginx/error.log \
- --http-log-path=/var/log/nginx/access.log \
- --pid-path=/var/run/nginx.pid \
- --lock-path=/var/run/nginx.lock \
- --http-client-body-temp-path=/var/cache/nginx/client_temp \
- --http-proxy-temp-path=/var/cache/nginx/proxy_temp \
- --http-fastcgi-temp-path=/var/cache/nginx/fastcgi_temp \
- --http-uwsgi-temp-path=/var/cache/nginx/uwsgi_temp \
- --http-scgi-temp-path=/var/cache/nginx/scgi_temp \
- --user=nginx \
- --group=nginx \
- --with-http_ssl_module \
- --with-http_realip_module \
- --with-http_addition_module \
- --with-http_sub_module \
- --with-http_dav_module \
- --with-http_flv_module \
- --with-http_mp4_module \
- --with-http_gunzip_module \
- --with-http_gzip_static_module \
- --with-http_random_index_module \
- --with-http_secure_link_module \
- --with-http_stub_status_module \
- --with-http_auth_request_module \
- --with-http_xslt_module=dynamic \
- --with-http_image_filter_module=dynamic \
- --with-http_geoip_module=dynamic \
- --with-http_perl_module=dynamic \
- --with-threads \
- --with-stream \
- --with-stream_ssl_module \
- --with-stream_ssl_preread_module \
- --with-stream_realip_module \
- --with-stream_geoip_module=dynamic \
- --with-http_slice_module \
- --with-mail \
- --with-mail_ssl_module \
- --with-compat \
- --with-file-aio \
- --with-http_v2_module \
- " \
- && addgroup -S nginx \
- && adduser -D -S -h /var/cache/nginx -s /sbin/nologin -G nginx nginx \
- && apk add --no-cache --virtual .build-deps \
- gcc \
- libc-dev \
- make \
- openssl-dev \
- pcre-dev \
- zlib-dev \
- linux-headers \
- curl \
- gnupg1 \
- libxslt-dev \
- gd-dev \
- geoip-dev \
- perl-dev \
- && curl -fSL https://nginx.org/download/nginx-$NGINX_VERSION.tar.gz -o nginx.tar.gz \
- && curl -fSL https://nginx.org/download/nginx-$NGINX_VERSION.tar.gz.asc -o nginx.tar.gz.asc \
- && export GNUPGHOME="$(mktemp -d)" \
- && found=''; \
- for server in \
- ha.pool.sks-keyservers.net \
- hkp://keyserver.ubuntu.com:80 \
- hkp://p80.pool.sks-keyservers.net:80 \
- pgp.mit.edu \
- ; do \
- echo "Fetching GPG key $GPG_KEYS from $server"; \
- gpg --keyserver "$server" --keyserver-options timeout=10 --recv-keys "$GPG_KEYS" && found=yes && break; \
- done; \
- test -z "$found" && echo >&2 "error: failed to fetch GPG key $GPG_KEYS" && exit 1; \
- gpg --batch --verify nginx.tar.gz.asc nginx.tar.gz \
- && rm -rf "$GNUPGHOME" nginx.tar.gz.asc \
- && mkdir -p /usr/src \
- && tar -zxC /usr/src -f nginx.tar.gz \
- && rm nginx.tar.gz \
- && cd /usr/src/nginx-$NGINX_VERSION \
- && ./configure $CONFIG --with-debug \
- && make -j$(getconf _NPROCESSORS_ONLN) \
- && mv objs/nginx objs/nginx-debug \
- && mv objs/ngx_http_xslt_filter_module.so objs/ngx_http_xslt_filter_module-debug.so \
- && mv objs/ngx_http_image_filter_module.so objs/ngx_http_image_filter_module-debug.so \
- && mv objs/ngx_http_geoip_module.so objs/ngx_http_geoip_module-debug.so \
- && mv objs/ngx_http_perl_module.so objs/ngx_http_perl_module-debug.so \
- && mv objs/ngx_stream_geoip_module.so objs/ngx_stream_geoip_module-debug.so \
- && ./configure $CONFIG \
- && make -j$(getconf _NPROCESSORS_ONLN) \
- && make install \
- && rm -rf /etc/nginx/html/ \
- && mkdir /etc/nginx/conf.d/ \
- && mkdir -p /usr/share/nginx/html/ \
- && install -m644 html/index.html /usr/share/nginx/html/ \
- && install -m644 html/50x.html /usr/share/nginx/html/ \
- && install -m755 objs/nginx-debug /usr/sbin/nginx-debug \
- && install -m755 objs/ngx_http_xslt_filter_module-debug.so /usr/lib/nginx/modules/ngx_http_xslt_filter_module-debug.so \
- && install -m755 objs/ngx_http_image_filter_module-debug.so /usr/lib/nginx/modules/ngx_http_image_filter_module-debug.so \
- && install -m755 objs/ngx_http_geoip_module-debug.so /usr/lib/nginx/modules/ngx_http_geoip_module-debug.so \
- && install -m755 objs/ngx_http_perl_module-debug.so /usr/lib/nginx/modules/ngx_http_perl_module-debug.so \
- && install -m755 objs/ngx_stream_geoip_module-debug.so /usr/lib/nginx/modules/ngx_stream_geoip_module-debug.so \
- && ln -s ../../usr/lib/nginx/modules /etc/nginx/modules \
- && strip /usr/sbin/nginx* \
- && strip /usr/lib/nginx/modules/*.so \
- && rm -rf /usr/src/nginx-$NGINX_VERSION \
- \
- # Bring in gettext so we can get `envsubst`, then throw
- # the rest away. To do this, we need to install `gettext`
- # then move `envsubst` out of the way so `gettext` can
- # be deleted completely, then move `envsubst` back.
- && apk add --no-cache --virtual .gettext gettext \
- && mv /usr/bin/envsubst /tmp/ \
- \
- && runDeps="$( \
- scanelf --needed --nobanner /usr/sbin/nginx /usr/lib/nginx/modules/*.so /tmp/envsubst \
- | awk '{ gsub(/,/, "\nso:", $2); print "so:" $2 }' \
- | sort -u \
- | xargs -r apk info --installed \
- | sort -u \
- )" \
- && apk add --no-cache --virtual .nginx-rundeps $runDeps \
- && apk del .build-deps \
- && apk del .gettext \
- && mv /tmp/envsubst /usr/local/bin/ \
- \
- # Bring in tzdata so users could set the timezones through the environment
- # variables
- && apk add --no-cache tzdata \
- \
- # forward request and error logs to docker log collector
- && ln -sf /dev/stdout /var/log/nginx/access.log \
- && ln -sf /dev/stderr /var/log/nginx/error.log
-
-COPY nginx.conf /etc/nginx/nginx.conf
-COPY nginx.vh.default.conf /etc/nginx/conf.d/default.conf
+RUN set -x \
+ && apkArch="$(cat /etc/apk/arch)" \
+ && nginxPackages=" \
+ nginx=${NGINX_VERSION}-r${PKG_RELEASE} \
+ nginx-module-xslt=${NGINX_VERSION}-r${PKG_RELEASE} \
+ nginx-module-geoip=${NGINX_VERSION}-r${PKG_RELEASE} \
+ nginx-module-image-filter=${NGINX_VERSION}-r${PKG_RELEASE} \
+ nginx-module-perl=${NGINX_VERSION}-r${PKG_RELEASE} \
+ nginx-module-njs=${NJS_VERSION}-r${PKG_RELEASE} \
+ " \
+ && case "$apkArch" in \
+ x86_64) \
+# arches officially built by upstream
+ set -x \
+ && KEY_SHA512="e7fa8303923d9b95db37a77ad46c68fd4755ff935d0a534d26eba83de193c76166c68bfe7f65471bf8881004ef4aa6df3e34689c305662750c0172fca5d8552a *stdin" \
+ && apk add --no-cache --virtual .cert-deps \
+ openssl curl ca-certificates \
+ && curl -o /tmp/nginx_signing.rsa.pub https://nginx.org/keys/nginx_signing.rsa.pub \
+ && if [ "$(openssl rsa -pubin -in /tmp/nginx_signing.rsa.pub -text -noout | openssl sha512 -r)" = "$KEY_SHA512" ]; then \
+ echo "key verification succeeded!"; \
+ mv /tmp/nginx_signing.rsa.pub /etc/apk/keys/; \
+ else \
+ echo "key verification failed!"; \
+ exit 1; \
+ fi \
+ && printf "%s%s%s\n" \
+ "http://nginx.org/packages/mainline/alpine/v" \
+ `egrep -o '^[0-9]+\.[0-9]+' /etc/alpine-release` \
+ "/main" \
+ | tee -a /etc/apk/repositories \
+ && apk del .cert-deps \
+ ;; \
+ *) \
+# we're on an architecture upstream doesn't officially build for
+# let's build binaries from the published packaging sources
+ set -x \
+ && tempDir="$(mktemp -d)" \
+ && chown nobody:nobody $tempDir \
+ && apk add --no-cache --virtual .build-deps \
+ gcc \
+ libc-dev \
+ make \
+ openssl-dev \
+ pcre-dev \
+ zlib-dev \
+ linux-headers \
+ libxslt-dev \
+ gd-dev \
+ geoip-dev \
+ perl-dev \
+ libedit-dev \
+ mercurial \
+ bash \
+ alpine-sdk \
+ findutils \
+ && su - nobody -s /bin/sh -c " \
+ export HOME=${tempDir} \
+ && cd ${tempDir} \
+ && hg clone https://hg.nginx.org/pkg-oss \
+ && cd pkg-oss \
+ && hg up ${NGINX_VERSION}-${PKG_RELEASE} \
+ && cd alpine \
+ && make all \
+ && apk index -o ${tempDir}/packages/alpine/${apkArch}/APKINDEX.tar.gz ${tempDir}/packages/alpine/${apkArch}/*.apk \
+ && abuild-sign -k ${tempDir}/.abuild/abuild-key.rsa ${tempDir}/packages/alpine/${apkArch}/APKINDEX.tar.gz \
+ " \
+ && echo "${tempDir}/packages/alpine/" >> /etc/apk/repositories \
+ && cp ${tempDir}/.abuild/abuild-key.rsa.pub /etc/apk/keys/ \
+ && apk del .build-deps \
+ ;; \
+ esac \
+ && apk add --no-cache $nginxPackages \
+# if we have leftovers from building, let's purge them (including extra, unnecessary build deps)
+ && if [ -n "$tempDir" ]; then rm -rf "$tempDir"; fi \
+ && if [ -n "/etc/apk/keys/abuild-key.rsa.pub" ]; then rm -f /etc/apk/keys/abuild-key.rsa.pub; fi \
+ && if [ -n "/etc/apk/keys/nginx_signing.rsa.pub" ]; then rm -f /etc/apk/keys/nginx_signing.rsa.pub; fi \
+# remove the last line with the packages repos in the repositories file
+ && sed -i '$ d' /etc/apk/repositories \
+# Bring in gettext so we can get `envsubst`, then throw
+# the rest away. To do this, we need to install `gettext`
+# then move `envsubst` out of the way so `gettext` can
+# be deleted completely, then move `envsubst` back.
+ && apk add --no-cache --virtual .gettext gettext \
+ && mv /usr/bin/envsubst /tmp/ \
+ \
+ && runDeps="$( \
+ scanelf --needed --nobanner /tmp/envsubst \
+ | awk '{ gsub(/,/, "\nso:", $2); print "so:" $2 }' \
+ | sort -u \
+ | xargs -r apk info --installed \
+ | sort -u \
+ )" \
+ && apk add --no-cache $runDeps \
+ && apk del .gettext \
+ && mv /tmp/envsubst /usr/local/bin/ \
+# Bring in tzdata so users could set the timezones through the environment
+# variables
+ && apk add --no-cache tzdata \
+# forward request and error logs to docker log collector
+ && ln -sf /dev/stdout /var/log/nginx/access.log \
+ && ln -sf /dev/stderr /var/log/nginx/error.log
EXPOSE 80
diff --git a/mainline/alpine-perl/nginx.conf b/mainline/alpine-perl/nginx.conf
deleted file mode 100644
index e4bad8dbc50c959b34975ac78088239d74f0055b..0000000000000000000000000000000000000000
--- a/mainline/alpine-perl/nginx.conf
+++ /dev/null
@@ -1,32 +0,0 @@
-
-user nginx;
-worker_processes 1;
-
-error_log /var/log/nginx/error.log warn;
-pid /var/run/nginx.pid;
-
-
-events {
- worker_connections 1024;
-}
-
-
-http {
- include /etc/nginx/mime.types;
- default_type application/octet-stream;
-
- log_format main '$remote_addr - $remote_user [$time_local] "$request" '
- '$status $body_bytes_sent "$http_referer" '
- '"$http_user_agent" "$http_x_forwarded_for"';
-
- access_log /var/log/nginx/access.log main;
-
- sendfile on;
- #tcp_nopush on;
-
- keepalive_timeout 65;
-
- #gzip on;
-
- include /etc/nginx/conf.d/*.conf;
-}
diff --git a/mainline/alpine-perl/nginx.vh.default.conf b/mainline/alpine-perl/nginx.vh.default.conf
deleted file mode 100644
index 299c622a730bf2cc1ab7fb9f39815d16edfed18d..0000000000000000000000000000000000000000
--- a/mainline/alpine-perl/nginx.vh.default.conf
+++ /dev/null
@@ -1,45 +0,0 @@
-server {
- listen 80;
- server_name localhost;
-
- #charset koi8-r;
- #access_log /var/log/nginx/host.access.log main;
-
- location / {
- root /usr/share/nginx/html;
- index index.html index.htm;
- }
-
- #error_page 404 /404.html;
-
- # redirect server error pages to the static page /50x.html
- #
- error_page 500 502 503 504 /50x.html;
- location = /50x.html {
- root /usr/share/nginx/html;
- }
-
- # proxy the PHP scripts to Apache listening on 127.0.0.1:80
- #
- #location ~ \.php$ {
- # proxy_pass http://127.0.0.1;
- #}
-
- # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
- #
- #location ~ \.php$ {
- # root html;
- # fastcgi_pass 127.0.0.1:9000;
- # fastcgi_index index.php;
- # fastcgi_param SCRIPT_FILENAME /scripts$fastcgi_script_name;
- # include fastcgi_params;
- #}
-
- # deny access to .htaccess files, if Apache's document root
- # concurs with nginx's one
- #
- #location ~ /\.ht {
- # deny all;
- #}
-}
-
diff --git a/mainline/alpine/Dockerfile b/mainline/alpine/Dockerfile
index ea42632a13a8707284af25f2fe2570aa3f03910d..f450dc18a723099f049c86842cb3ab1937b64779 100644
--- a/mainline/alpine/Dockerfile
+++ b/mainline/alpine/Dockerfile
@@ -3,141 +3,109 @@ FROM alpine:3.9
LABEL maintainer="NGINX Docker Maintainers <docker-maint@nginx.com>"
ENV NGINX_VERSION 1.15.9
+ENV NJS_VERSION 1.15.9.0.2.8
+ENV PKG_RELEASE 1
-RUN GPG_KEYS=B0F4253373F8F6F510D42178520A9993A1C052F8 \
- && CONFIG="\
- --prefix=/etc/nginx \
- --sbin-path=/usr/sbin/nginx \
- --modules-path=/usr/lib/nginx/modules \
- --conf-path=/etc/nginx/nginx.conf \
- --error-log-path=/var/log/nginx/error.log \
- --http-log-path=/var/log/nginx/access.log \
- --pid-path=/var/run/nginx.pid \
- --lock-path=/var/run/nginx.lock \
- --http-client-body-temp-path=/var/cache/nginx/client_temp \
- --http-proxy-temp-path=/var/cache/nginx/proxy_temp \
- --http-fastcgi-temp-path=/var/cache/nginx/fastcgi_temp \
- --http-uwsgi-temp-path=/var/cache/nginx/uwsgi_temp \
- --http-scgi-temp-path=/var/cache/nginx/scgi_temp \
- --user=nginx \
- --group=nginx \
- --with-http_ssl_module \
- --with-http_realip_module \
- --with-http_addition_module \
- --with-http_sub_module \
- --with-http_dav_module \
- --with-http_flv_module \
- --with-http_mp4_module \
- --with-http_gunzip_module \
- --with-http_gzip_static_module \
- --with-http_random_index_module \
- --with-http_secure_link_module \
- --with-http_stub_status_module \
- --with-http_auth_request_module \
- --with-http_xslt_module=dynamic \
- --with-http_image_filter_module=dynamic \
- --with-http_geoip_module=dynamic \
- --with-threads \
- --with-stream \
- --with-stream_ssl_module \
- --with-stream_ssl_preread_module \
- --with-stream_realip_module \
- --with-stream_geoip_module=dynamic \
- --with-http_slice_module \
- --with-mail \
- --with-mail_ssl_module \
- --with-compat \
- --with-file-aio \
- --with-http_v2_module \
- " \
- && addgroup -S nginx \
- && adduser -D -S -h /var/cache/nginx -s /sbin/nologin -G nginx nginx \
- && apk add --no-cache --virtual .build-deps \
- gcc \
- libc-dev \
- make \
- openssl-dev \
- pcre-dev \
- zlib-dev \
- linux-headers \
- curl \
- gnupg1 \
- libxslt-dev \
- gd-dev \
- geoip-dev \
- && curl -fSL https://nginx.org/download/nginx-$NGINX_VERSION.tar.gz -o nginx.tar.gz \
- && curl -fSL https://nginx.org/download/nginx-$NGINX_VERSION.tar.gz.asc -o nginx.tar.gz.asc \
- && export GNUPGHOME="$(mktemp -d)" \
- && found=''; \
- for server in \
- ha.pool.sks-keyservers.net \
- hkp://keyserver.ubuntu.com:80 \
- hkp://p80.pool.sks-keyservers.net:80 \
- pgp.mit.edu \
- ; do \
- echo "Fetching GPG key $GPG_KEYS from $server"; \
- gpg --keyserver "$server" --keyserver-options timeout=10 --recv-keys "$GPG_KEYS" && found=yes && break; \
- done; \
- test -z "$found" && echo >&2 "error: failed to fetch GPG key $GPG_KEYS" && exit 1; \
- gpg --batch --verify nginx.tar.gz.asc nginx.tar.gz \
- && rm -rf "$GNUPGHOME" nginx.tar.gz.asc \
- && mkdir -p /usr/src \
- && tar -zxC /usr/src -f nginx.tar.gz \
- && rm nginx.tar.gz \
- && cd /usr/src/nginx-$NGINX_VERSION \
- && ./configure $CONFIG --with-debug \
- && make -j$(getconf _NPROCESSORS_ONLN) \
- && mv objs/nginx objs/nginx-debug \
- && mv objs/ngx_http_xslt_filter_module.so objs/ngx_http_xslt_filter_module-debug.so \
- && mv objs/ngx_http_image_filter_module.so objs/ngx_http_image_filter_module-debug.so \
- && mv objs/ngx_http_geoip_module.so objs/ngx_http_geoip_module-debug.so \
- && mv objs/ngx_stream_geoip_module.so objs/ngx_stream_geoip_module-debug.so \
- && ./configure $CONFIG \
- && make -j$(getconf _NPROCESSORS_ONLN) \
- && make install \
- && rm -rf /etc/nginx/html/ \
- && mkdir /etc/nginx/conf.d/ \
- && mkdir -p /usr/share/nginx/html/ \
- && install -m644 html/index.html /usr/share/nginx/html/ \
- && install -m644 html/50x.html /usr/share/nginx/html/ \
- && install -m755 objs/nginx-debug /usr/sbin/nginx-debug \
- && install -m755 objs/ngx_http_xslt_filter_module-debug.so /usr/lib/nginx/modules/ngx_http_xslt_filter_module-debug.so \
- && install -m755 objs/ngx_http_image_filter_module-debug.so /usr/lib/nginx/modules/ngx_http_image_filter_module-debug.so \
- && install -m755 objs/ngx_http_geoip_module-debug.so /usr/lib/nginx/modules/ngx_http_geoip_module-debug.so \
- && install -m755 objs/ngx_stream_geoip_module-debug.so /usr/lib/nginx/modules/ngx_stream_geoip_module-debug.so \
- && ln -s ../../usr/lib/nginx/modules /etc/nginx/modules \
- && strip /usr/sbin/nginx* \
- && strip /usr/lib/nginx/modules/*.so \
- && rm -rf /usr/src/nginx-$NGINX_VERSION \
- \
- # Bring in gettext so we can get `envsubst`, then throw
- # the rest away. To do this, we need to install `gettext`
- # then move `envsubst` out of the way so `gettext` can
- # be deleted completely, then move `envsubst` back.
- && apk add --no-cache --virtual .gettext gettext \
- && mv /usr/bin/envsubst /tmp/ \
- \
- && runDeps="$( \
- scanelf --needed --nobanner --format '%n#p' /usr/sbin/nginx /usr/lib/nginx/modules/*.so /tmp/envsubst \
- | tr ',' '\n' \
- | sort -u \
- | awk 'system("[ -e /usr/local/lib/" $1 " ]") == 0 { next } { print "so:" $1 }' \
- )" \
- && apk add --no-cache --virtual .nginx-rundeps $runDeps \
- && apk del .build-deps \
- && apk del .gettext \
- && mv /tmp/envsubst /usr/local/bin/ \
- \
- # Bring in tzdata so users could set the timezones through the environment
- # variables
- && apk add --no-cache tzdata \
- \
- # forward request and error logs to docker log collector
- && ln -sf /dev/stdout /var/log/nginx/access.log \
- && ln -sf /dev/stderr /var/log/nginx/error.log
-
-COPY nginx.conf /etc/nginx/nginx.conf
-COPY nginx.vh.default.conf /etc/nginx/conf.d/default.conf
+RUN set -x \
+ && apkArch="$(cat /etc/apk/arch)" \
+ && nginxPackages=" \
+ nginx=${NGINX_VERSION}-r${PKG_RELEASE} \
+ nginx-module-xslt=${NGINX_VERSION}-r${PKG_RELEASE} \
+ nginx-module-geoip=${NGINX_VERSION}-r${PKG_RELEASE} \
+ nginx-module-image-filter=${NGINX_VERSION}-r${PKG_RELEASE} \
+ nginx-module-njs=${NJS_VERSION}-r${PKG_RELEASE} \
+ " \
+ && case "$apkArch" in \
+ x86_64) \
+# arches officially built by upstream
+ set -x \
+ && KEY_SHA512="e7fa8303923d9b95db37a77ad46c68fd4755ff935d0a534d26eba83de193c76166c68bfe7f65471bf8881004ef4aa6df3e34689c305662750c0172fca5d8552a *stdin" \
+ && apk add --no-cache --virtual .cert-deps \
+ openssl curl ca-certificates \
+ && curl -o /tmp/nginx_signing.rsa.pub https://nginx.org/keys/nginx_signing.rsa.pub \
+ && if [ "$(openssl rsa -pubin -in /tmp/nginx_signing.rsa.pub -text -noout | openssl sha512 -r)" = "$KEY_SHA512" ]; then \
+ echo "key verification succeeded!"; \
+ mv /tmp/nginx_signing.rsa.pub /etc/apk/keys/; \
+ else \
+ echo "key verification failed!"; \
+ exit 1; \
+ fi \
+ && printf "%s%s%s\n" \
+ "http://nginx.org/packages/mainline/alpine/v" \
+ `egrep -o '^[0-9]+\.[0-9]+' /etc/alpine-release` \
+ "/main" \
+ | tee -a /etc/apk/repositories \
+ && apk del .cert-deps \
+ ;; \
+ *) \
+# we're on an architecture upstream doesn't officially build for
+# let's build binaries from the published packaging sources
+ set -x \
+ && tempDir="$(mktemp -d)" \
+ && chown nobody:nobody $tempDir \
+ && apk add --no-cache --virtual .build-deps \
+ gcc \
+ libc-dev \
+ make \
+ openssl-dev \
+ pcre-dev \
+ zlib-dev \
+ linux-headers \
+ libxslt-dev \
+ gd-dev \
+ geoip-dev \
+ perl-dev \
+ libedit-dev \
+ mercurial \
+ bash \
+ alpine-sdk \
+ findutils \
+ && su - nobody -s /bin/sh -c " \
+ export HOME=${tempDir} \
+ && cd ${tempDir} \
+ && hg clone https://hg.nginx.org/pkg-oss \
+ && cd pkg-oss \
+ && hg up ${NGINX_VERSION}-${PKG_RELEASE} \
+ && cd alpine \
+ && make all \
+ && apk index -o ${tempDir}/packages/alpine/${apkArch}/APKINDEX.tar.gz ${tempDir}/packages/alpine/${apkArch}/*.apk \
+ && abuild-sign -k ${tempDir}/.abuild/abuild-key.rsa ${tempDir}/packages/alpine/${apkArch}/APKINDEX.tar.gz \
+ " \
+ && echo "${tempDir}/packages/alpine/" >> /etc/apk/repositories \
+ && cp ${tempDir}/.abuild/abuild-key.rsa.pub /etc/apk/keys/ \
+ && apk del .build-deps \
+ ;; \
+ esac \
+ && apk add --no-cache $nginxPackages \
+# if we have leftovers from building, let's purge them (including extra, unnecessary build deps)
+ && if [ -n "$tempDir" ]; then rm -rf "$tempDir"; fi \
+ && if [ -n "/etc/apk/keys/abuild-key.rsa.pub" ]; then rm -f /etc/apk/keys/abuild-key.rsa.pub; fi \
+ && if [ -n "/etc/apk/keys/nginx_signing.rsa.pub" ]; then rm -f /etc/apk/keys/nginx_signing.rsa.pub; fi \
+# remove the last line with the packages repos in the repositories file
+ && sed -i '$ d' /etc/apk/repositories \
+# Bring in gettext so we can get `envsubst`, then throw
+# the rest away. To do this, we need to install `gettext`
+# then move `envsubst` out of the way so `gettext` can
+# be deleted completely, then move `envsubst` back.
+ && apk add --no-cache --virtual .gettext gettext \
+ && mv /usr/bin/envsubst /tmp/ \
+ \
+ && runDeps="$( \
+ scanelf --needed --nobanner /tmp/envsubst \
+ | awk '{ gsub(/,/, "\nso:", $2); print "so:" $2 }' \
+ | sort -u \
+ | xargs -r apk info --installed \
+ | sort -u \
+ )" \
+ && apk add --no-cache $runDeps \
+ && apk del .gettext \
+ && mv /tmp/envsubst /usr/local/bin/ \
+# Bring in tzdata so users could set the timezones through the environment
+# variables
+ && apk add --no-cache tzdata \
+# forward request and error logs to docker log collector
+ && ln -sf /dev/stdout /var/log/nginx/access.log \
+ && ln -sf /dev/stderr /var/log/nginx/error.log
EXPOSE 80
diff --git a/mainline/alpine/nginx.conf b/mainline/alpine/nginx.conf
deleted file mode 100644
index e4bad8dbc50c959b34975ac78088239d74f0055b..0000000000000000000000000000000000000000
--- a/mainline/alpine/nginx.conf
+++ /dev/null
@@ -1,32 +0,0 @@
-
-user nginx;
-worker_processes 1;
-
-error_log /var/log/nginx/error.log warn;
-pid /var/run/nginx.pid;
-
-
-events {
- worker_connections 1024;
-}
-
-
-http {
- include /etc/nginx/mime.types;
- default_type application/octet-stream;
-
- log_format main '$remote_addr - $remote_user [$time_local] "$request" '
- '$status $body_bytes_sent "$http_referer" '
- '"$http_user_agent" "$http_x_forwarded_for"';
-
- access_log /var/log/nginx/access.log main;
-
- sendfile on;
- #tcp_nopush on;
-
- keepalive_timeout 65;
-
- #gzip on;
-
- include /etc/nginx/conf.d/*.conf;
-}
diff --git a/mainline/alpine/nginx.vh.default.conf b/mainline/alpine/nginx.vh.default.conf
deleted file mode 100644
index 299c622a730bf2cc1ab7fb9f39815d16edfed18d..0000000000000000000000000000000000000000
--- a/mainline/alpine/nginx.vh.default.conf
+++ /dev/null
@@ -1,45 +0,0 @@
-server {
- listen 80;
- server_name localhost;
-
- #charset koi8-r;
- #access_log /var/log/nginx/host.access.log main;
-
- location / {
- root /usr/share/nginx/html;
- index index.html index.htm;
- }
-
- #error_page 404 /404.html;
-
- # redirect server error pages to the static page /50x.html
- #
- error_page 500 502 503 504 /50x.html;
- location = /50x.html {
- root /usr/share/nginx/html;
- }
-
- # proxy the PHP scripts to Apache listening on 127.0.0.1:80
- #
- #location ~ \.php$ {
- # proxy_pass http://127.0.0.1;
- #}
-
- # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
- #
- #location ~ \.php$ {
- # root html;
- # fastcgi_pass 127.0.0.1:9000;
- # fastcgi_index index.php;
- # fastcgi_param SCRIPT_FILENAME /scripts$fastcgi_script_name;
- # include fastcgi_params;
- #}
-
- # deny access to .htaccess files, if Apache's document root
- # concurs with nginx's one
- #
- #location ~ /\.ht {
- # deny all;
- #}
-}
-
diff --git a/stable/alpine-perl/Dockerfile b/stable/alpine-perl/Dockerfile
index c952e56c5a6a1e1b598fe10482f56c0b545c8bb7..6a3ec93c184cd6ce71624d6fbb14e9d003bcbe79 100644
--- a/stable/alpine-perl/Dockerfile
+++ b/stable/alpine-perl/Dockerfile
@@ -3,146 +3,112 @@ FROM alpine:3.9
LABEL maintainer="NGINX Docker Maintainers <docker-maint@nginx.com>"
ENV NGINX_VERSION 1.14.2
+ENV NJS_VERSION 1.14.2.0.2.7
+ENV PKG_RELEASE 1
-RUN GPG_KEYS=B0F4253373F8F6F510D42178520A9993A1C052F8 \
- && CONFIG="\
- --prefix=/etc/nginx \
- --sbin-path=/usr/sbin/nginx \
- --modules-path=/usr/lib/nginx/modules \
- --conf-path=/etc/nginx/nginx.conf \
- --error-log-path=/var/log/nginx/error.log \
- --http-log-path=/var/log/nginx/access.log \
- --pid-path=/var/run/nginx.pid \
- --lock-path=/var/run/nginx.lock \
- --http-client-body-temp-path=/var/cache/nginx/client_temp \
- --http-proxy-temp-path=/var/cache/nginx/proxy_temp \
- --http-fastcgi-temp-path=/var/cache/nginx/fastcgi_temp \
- --http-uwsgi-temp-path=/var/cache/nginx/uwsgi_temp \
- --http-scgi-temp-path=/var/cache/nginx/scgi_temp \
- --user=nginx \
- --group=nginx \
- --with-http_ssl_module \
- --with-http_realip_module \
- --with-http_addition_module \
- --with-http_sub_module \
- --with-http_dav_module \
- --with-http_flv_module \
- --with-http_mp4_module \
- --with-http_gunzip_module \
- --with-http_gzip_static_module \
- --with-http_random_index_module \
- --with-http_secure_link_module \
- --with-http_stub_status_module \
- --with-http_auth_request_module \
- --with-http_xslt_module=dynamic \
- --with-http_image_filter_module=dynamic \
- --with-http_geoip_module=dynamic \
- --with-http_perl_module=dynamic \
- --with-threads \
- --with-stream \
- --with-stream_ssl_module \
- --with-stream_ssl_preread_module \
- --with-stream_realip_module \
- --with-stream_geoip_module=dynamic \
- --with-http_slice_module \
- --with-mail \
- --with-mail_ssl_module \
- --with-compat \
- --with-file-aio \
- --with-http_v2_module \
- " \
- && addgroup -S nginx \
- && adduser -D -S -h /var/cache/nginx -s /sbin/nologin -G nginx nginx \
- && apk add --no-cache --virtual .build-deps \
- gcc \
- libc-dev \
- make \
- openssl-dev \
- pcre-dev \
- zlib-dev \
- linux-headers \
- curl \
- gnupg1 \
- libxslt-dev \
- gd-dev \
- geoip-dev \
- perl-dev \
- && curl -fSL https://nginx.org/download/nginx-$NGINX_VERSION.tar.gz -o nginx.tar.gz \
- && curl -fSL https://nginx.org/download/nginx-$NGINX_VERSION.tar.gz.asc -o nginx.tar.gz.asc \
- && export GNUPGHOME="$(mktemp -d)" \
- && found=''; \
- for server in \
- ha.pool.sks-keyservers.net \
- hkp://keyserver.ubuntu.com:80 \
- hkp://p80.pool.sks-keyservers.net:80 \
- pgp.mit.edu \
- ; do \
- echo "Fetching GPG key $GPG_KEYS from $server"; \
- gpg --keyserver "$server" --keyserver-options timeout=10 --recv-keys "$GPG_KEYS" && found=yes && break; \
- done; \
- test -z "$found" && echo >&2 "error: failed to fetch GPG key $GPG_KEYS" && exit 1; \
- gpg --batch --verify nginx.tar.gz.asc nginx.tar.gz \
- && rm -rf "$GNUPGHOME" nginx.tar.gz.asc \
- && mkdir -p /usr/src \
- && tar -zxC /usr/src -f nginx.tar.gz \
- && rm nginx.tar.gz \
- && cd /usr/src/nginx-$NGINX_VERSION \
- && ./configure $CONFIG --with-debug \
- && make -j$(getconf _NPROCESSORS_ONLN) \
- && mv objs/nginx objs/nginx-debug \
- && mv objs/ngx_http_xslt_filter_module.so objs/ngx_http_xslt_filter_module-debug.so \
- && mv objs/ngx_http_image_filter_module.so objs/ngx_http_image_filter_module-debug.so \
- && mv objs/ngx_http_geoip_module.so objs/ngx_http_geoip_module-debug.so \
- && mv objs/ngx_http_perl_module.so objs/ngx_http_perl_module-debug.so \
- && mv objs/ngx_stream_geoip_module.so objs/ngx_stream_geoip_module-debug.so \
- && ./configure $CONFIG \
- && make -j$(getconf _NPROCESSORS_ONLN) \
- && make install \
- && rm -rf /etc/nginx/html/ \
- && mkdir /etc/nginx/conf.d/ \
- && mkdir -p /usr/share/nginx/html/ \
- && install -m644 html/index.html /usr/share/nginx/html/ \
- && install -m644 html/50x.html /usr/share/nginx/html/ \
- && install -m755 objs/nginx-debug /usr/sbin/nginx-debug \
- && install -m755 objs/ngx_http_xslt_filter_module-debug.so /usr/lib/nginx/modules/ngx_http_xslt_filter_module-debug.so \
- && install -m755 objs/ngx_http_image_filter_module-debug.so /usr/lib/nginx/modules/ngx_http_image_filter_module-debug.so \
- && install -m755 objs/ngx_http_geoip_module-debug.so /usr/lib/nginx/modules/ngx_http_geoip_module-debug.so \
- && install -m755 objs/ngx_http_perl_module-debug.so /usr/lib/nginx/modules/ngx_http_perl_module-debug.so \
- && install -m755 objs/ngx_stream_geoip_module-debug.so /usr/lib/nginx/modules/ngx_stream_geoip_module-debug.so \
- && ln -s ../../usr/lib/nginx/modules /etc/nginx/modules \
- && strip /usr/sbin/nginx* \
- && strip /usr/lib/nginx/modules/*.so \
- && rm -rf /usr/src/nginx-$NGINX_VERSION \
- \
- # Bring in gettext so we can get `envsubst`, then throw
- # the rest away. To do this, we need to install `gettext`
- # then move `envsubst` out of the way so `gettext` can
- # be deleted completely, then move `envsubst` back.
- && apk add --no-cache --virtual .gettext gettext \
- && mv /usr/bin/envsubst /tmp/ \
- \
- && runDeps="$( \
- scanelf --needed --nobanner /usr/sbin/nginx /usr/lib/nginx/modules/*.so /tmp/envsubst \
- | awk '{ gsub(/,/, "\nso:", $2); print "so:" $2 }' \
- | sort -u \
- | xargs -r apk info --installed \
- | sort -u \
- )" \
- && apk add --no-cache --virtual .nginx-rundeps $runDeps \
- && apk del .build-deps \
- && apk del .gettext \
- && mv /tmp/envsubst /usr/local/bin/ \
- \
- # Bring in tzdata so users could set the timezones through the environment
- # variables
- && apk add --no-cache tzdata \
- \
- # forward request and error logs to docker log collector
- && ln -sf /dev/stdout /var/log/nginx/access.log \
- && ln -sf /dev/stderr /var/log/nginx/error.log
-
-COPY nginx.conf /etc/nginx/nginx.conf
-COPY nginx.vh.default.conf /etc/nginx/conf.d/default.conf
+RUN set -x \
+ && apkArch="$(cat /etc/apk/arch)" \
+ && nginxPackages=" \
+ nginx=${NGINX_VERSION}-r${PKG_RELEASE} \
+ nginx-module-xslt=${NGINX_VERSION}-r${PKG_RELEASE} \
+ nginx-module-geoip=${NGINX_VERSION}-r${PKG_RELEASE} \
+ nginx-module-image-filter=${NGINX_VERSION}-r${PKG_RELEASE} \
+ nginx-module-perl=${NGINX_VERSION}-r${PKG_RELEASE} \
+ nginx-module-njs=${NJS_VERSION}-r${PKG_RELEASE} \
+ " \
+ && case "$apkArch" in \
+ x86_64) \
+# arches officially built by upstream
+ set -x \
+ && KEY_SHA512="e7fa8303923d9b95db37a77ad46c68fd4755ff935d0a534d26eba83de193c76166c68bfe7f65471bf8881004ef4aa6df3e34689c305662750c0172fca5d8552a *stdin" \
+ && apk add --no-cache --virtual .cert-deps \
+ openssl curl ca-certificates \
+ && curl -o /tmp/nginx_signing.rsa.pub https://nginx.org/keys/nginx_signing.rsa.pub \
+ && if [ "$(openssl rsa -pubin -in /tmp/nginx_signing.rsa.pub -text -noout | openssl sha512 -r)" = "$KEY_SHA512" ]; then \
+ echo "key verification succeeded!"; \
+ mv /tmp/nginx_signing.rsa.pub /etc/apk/keys/; \
+ else \
+ echo "key verification failed!"; \
+ exit 1; \
+ fi \
+ && printf "%s%s%s\n" \
+ "http://nginx.org/packages/alpine/v" \
+ `egrep -o '^[0-9]+\.[0-9]+' /etc/alpine-release` \
+ "/main" \
+ | tee -a /etc/apk/repositories \
+ && apk del .cert-deps \
+ ;; \
+ *) \
+# we're on an architecture upstream doesn't officially build for
+# let's build binaries from the published packaging sources
+ set -x \
+ && tempDir="$(mktemp -d)" \
+ && chown nobody:nobody $tempDir \
+ && apk add --no-cache --virtual .build-deps \
+ gcc \
+ libc-dev \
+ make \
+ openssl-dev \
+ pcre-dev \
+ zlib-dev \
+ linux-headers \
+ libxslt-dev \
+ gd-dev \
+ geoip-dev \
+ perl-dev \
+ libedit-dev \
+ mercurial \
+ bash \
+ alpine-sdk \
+ findutils \
+ && su - nobody -s /bin/sh -c " \
+ export HOME=${tempDir} \
+ && cd ${tempDir} \
+ && hg clone https://hg.nginx.org/pkg-oss \
+ && cd pkg-oss \
+# fixme: needs to check out a tag on the next 1.14 release
+ && hg up stable-1.14 \
+ && echo hg up ${NGINX_VERSION}-${PKG_RELEASE} \
+ && cd alpine \
+ && make all \
+ && apk index -o ${tempDir}/packages/alpine/${apkArch}/APKINDEX.tar.gz ${tempDir}/packages/alpine/${apkArch}/*.apk \
+ && abuild-sign -k ${tempDir}/.abuild/abuild-key.rsa ${tempDir}/packages/alpine/${apkArch}/APKINDEX.tar.gz \
+ " \
+ && echo "${tempDir}/packages/alpine/" >> /etc/apk/repositories \
+ && cp ${tempDir}/.abuild/abuild-key.rsa.pub /etc/apk/keys/ \
+ && apk del .build-deps \
+ ;; \
+ esac \
+ && apk add --no-cache $nginxPackages \
+# if we have leftovers from building, let's purge them (including extra, unnecessary build deps)
+ && if [ -n "$tempDir" ]; then rm -rf "$tempDir"; fi \
+ && if [ -n "/etc/apk/keys/abuild-key.rsa.pub" ]; then rm -f /etc/apk/keys/abuild-key.rsa.pub; fi \
+ && if [ -n "/etc/apk/keys/nginx_signing.rsa.pub" ]; then rm -f /etc/apk/keys/nginx_signing.rsa.pub; fi \
+# remove the last line with the packages repos in the repositories file
+ && sed -i '$ d' /etc/apk/repositories \
+# Bring in gettext so we can get `envsubst`, then throw
+# the rest away. To do this, we need to install `gettext`
+# then move `envsubst` out of the way so `gettext` can
+# be deleted completely, then move `envsubst` back.
+ && apk add --no-cache --virtual .gettext gettext \
+ && mv /usr/bin/envsubst /tmp/ \
+ \
+ && runDeps="$( \
+ scanelf --needed --nobanner /tmp/envsubst \
+ | awk '{ gsub(/,/, "\nso:", $2); print "so:" $2 }' \
+ | sort -u \
+ | xargs -r apk info --installed \
+ | sort -u \
+ )" \
+ && apk add --no-cache $runDeps \
+ && apk del .gettext \
+ && mv /tmp/envsubst /usr/local/bin/ \
+# Bring in tzdata so users could set the timezones through the environment
+# variables
+ && apk add --no-cache tzdata \
+# forward request and error logs to docker log collector
+ && ln -sf /dev/stdout /var/log/nginx/access.log \
+ && ln -sf /dev/stderr /var/log/nginx/error.log
EXPOSE 80
diff --git a/stable/alpine-perl/nginx.conf b/stable/alpine-perl/nginx.conf
deleted file mode 100644
index e4bad8dbc50c959b34975ac78088239d74f0055b..0000000000000000000000000000000000000000
--- a/stable/alpine-perl/nginx.conf
+++ /dev/null
@@ -1,32 +0,0 @@
-
-user nginx;
-worker_processes 1;
-
-error_log /var/log/nginx/error.log warn;
-pid /var/run/nginx.pid;
-
-
-events {
- worker_connections 1024;
-}
-
-
-http {
- include /etc/nginx/mime.types;
- default_type application/octet-stream;
-
- log_format main '$remote_addr - $remote_user [$time_local] "$request" '
- '$status $body_bytes_sent "$http_referer" '
- '"$http_user_agent" "$http_x_forwarded_for"';
-
- access_log /var/log/nginx/access.log main;
-
- sendfile on;
- #tcp_nopush on;
-
- keepalive_timeout 65;
-
- #gzip on;
-
- include /etc/nginx/conf.d/*.conf;
-}
diff --git a/stable/alpine-perl/nginx.vh.default.conf b/stable/alpine-perl/nginx.vh.default.conf
deleted file mode 100644
index 299c622a730bf2cc1ab7fb9f39815d16edfed18d..0000000000000000000000000000000000000000
--- a/stable/alpine-perl/nginx.vh.default.conf
+++ /dev/null
@@ -1,45 +0,0 @@
-server {
- listen 80;
- server_name localhost;
-
- #charset koi8-r;
- #access_log /var/log/nginx/host.access.log main;
-
- location / {
- root /usr/share/nginx/html;
- index index.html index.htm;
- }
-
- #error_page 404 /404.html;
-
- # redirect server error pages to the static page /50x.html
- #
- error_page 500 502 503 504 /50x.html;
- location = /50x.html {
- root /usr/share/nginx/html;
- }
-
- # proxy the PHP scripts to Apache listening on 127.0.0.1:80
- #
- #location ~ \.php$ {
- # proxy_pass http://127.0.0.1;
- #}
-
- # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
- #
- #location ~ \.php$ {
- # root html;
- # fastcgi_pass 127.0.0.1:9000;
- # fastcgi_index index.php;
- # fastcgi_param SCRIPT_FILENAME /scripts$fastcgi_script_name;
- # include fastcgi_params;
- #}
-
- # deny access to .htaccess files, if Apache's document root
- # concurs with nginx's one
- #
- #location ~ /\.ht {
- # deny all;
- #}
-}
-
diff --git a/stable/alpine/Dockerfile b/stable/alpine/Dockerfile
index 7a7ded45bc66c1cb65d9c94b40d4370e87dbe909..4c760c6e592a220e17be4d44c3fff7cd309037bd 100644
--- a/stable/alpine/Dockerfile
+++ b/stable/alpine/Dockerfile
@@ -3,141 +3,111 @@ FROM alpine:3.9
LABEL maintainer="NGINX Docker Maintainers <docker-maint@nginx.com>"
ENV NGINX_VERSION 1.14.2
+ENV NJS_VERSION 1.14.2.0.2.7
+ENV PKG_RELEASE 1
-RUN GPG_KEYS=B0F4253373F8F6F510D42178520A9993A1C052F8 \
- && CONFIG="\
- --prefix=/etc/nginx \
- --sbin-path=/usr/sbin/nginx \
- --modules-path=/usr/lib/nginx/modules \
- --conf-path=/etc/nginx/nginx.conf \
- --error-log-path=/var/log/nginx/error.log \
- --http-log-path=/var/log/nginx/access.log \
- --pid-path=/var/run/nginx.pid \
- --lock-path=/var/run/nginx.lock \
- --http-client-body-temp-path=/var/cache/nginx/client_temp \
- --http-proxy-temp-path=/var/cache/nginx/proxy_temp \
- --http-fastcgi-temp-path=/var/cache/nginx/fastcgi_temp \
- --http-uwsgi-temp-path=/var/cache/nginx/uwsgi_temp \
- --http-scgi-temp-path=/var/cache/nginx/scgi_temp \
- --user=nginx \
- --group=nginx \
- --with-http_ssl_module \
- --with-http_realip_module \
- --with-http_addition_module \
- --with-http_sub_module \
- --with-http_dav_module \
- --with-http_flv_module \
- --with-http_mp4_module \
- --with-http_gunzip_module \
- --with-http_gzip_static_module \
- --with-http_random_index_module \
- --with-http_secure_link_module \
- --with-http_stub_status_module \
- --with-http_auth_request_module \
- --with-http_xslt_module=dynamic \
- --with-http_image_filter_module=dynamic \
- --with-http_geoip_module=dynamic \
- --with-threads \
- --with-stream \
- --with-stream_ssl_module \
- --with-stream_ssl_preread_module \
- --with-stream_realip_module \
- --with-stream_geoip_module=dynamic \
- --with-http_slice_module \
- --with-mail \
- --with-mail_ssl_module \
- --with-compat \
- --with-file-aio \
- --with-http_v2_module \
- " \
- && addgroup -S nginx \
- && adduser -D -S -h /var/cache/nginx -s /sbin/nologin -G nginx nginx \
- && apk add --no-cache --virtual .build-deps \
- gcc \
- libc-dev \
- make \
- openssl-dev \
- pcre-dev \
- zlib-dev \
- linux-headers \
- curl \
- gnupg1 \
- libxslt-dev \
- gd-dev \
- geoip-dev \
- && curl -fSL https://nginx.org/download/nginx-$NGINX_VERSION.tar.gz -o nginx.tar.gz \
- && curl -fSL https://nginx.org/download/nginx-$NGINX_VERSION.tar.gz.asc -o nginx.tar.gz.asc \
- && export GNUPGHOME="$(mktemp -d)" \
- && found=''; \
- for server in \
- ha.pool.sks-keyservers.net \
- hkp://keyserver.ubuntu.com:80 \
- hkp://p80.pool.sks-keyservers.net:80 \
- pgp.mit.edu \
- ; do \
- echo "Fetching GPG key $GPG_KEYS from $server"; \
- gpg --keyserver "$server" --keyserver-options timeout=10 --recv-keys "$GPG_KEYS" && found=yes && break; \
- done; \
- test -z "$found" && echo >&2 "error: failed to fetch GPG key $GPG_KEYS" && exit 1; \
- gpg --batch --verify nginx.tar.gz.asc nginx.tar.gz \
- && rm -rf "$GNUPGHOME" nginx.tar.gz.asc \
- && mkdir -p /usr/src \
- && tar -zxC /usr/src -f nginx.tar.gz \
- && rm nginx.tar.gz \
- && cd /usr/src/nginx-$NGINX_VERSION \
- && ./configure $CONFIG --with-debug \
- && make -j$(getconf _NPROCESSORS_ONLN) \
- && mv objs/nginx objs/nginx-debug \
- && mv objs/ngx_http_xslt_filter_module.so objs/ngx_http_xslt_filter_module-debug.so \
- && mv objs/ngx_http_image_filter_module.so objs/ngx_http_image_filter_module-debug.so \
- && mv objs/ngx_http_geoip_module.so objs/ngx_http_geoip_module-debug.so \
- && mv objs/ngx_stream_geoip_module.so objs/ngx_stream_geoip_module-debug.so \
- && ./configure $CONFIG \
- && make -j$(getconf _NPROCESSORS_ONLN) \
- && make install \
- && rm -rf /etc/nginx/html/ \
- && mkdir /etc/nginx/conf.d/ \
- && mkdir -p /usr/share/nginx/html/ \
- && install -m644 html/index.html /usr/share/nginx/html/ \
- && install -m644 html/50x.html /usr/share/nginx/html/ \
- && install -m755 objs/nginx-debug /usr/sbin/nginx-debug \
- && install -m755 objs/ngx_http_xslt_filter_module-debug.so /usr/lib/nginx/modules/ngx_http_xslt_filter_module-debug.so \
- && install -m755 objs/ngx_http_image_filter_module-debug.so /usr/lib/nginx/modules/ngx_http_image_filter_module-debug.so \
- && install -m755 objs/ngx_http_geoip_module-debug.so /usr/lib/nginx/modules/ngx_http_geoip_module-debug.so \
- && install -m755 objs/ngx_stream_geoip_module-debug.so /usr/lib/nginx/modules/ngx_stream_geoip_module-debug.so \
- && ln -s ../../usr/lib/nginx/modules /etc/nginx/modules \
- && strip /usr/sbin/nginx* \
- && strip /usr/lib/nginx/modules/*.so \
- && rm -rf /usr/src/nginx-$NGINX_VERSION \
- \
- # Bring in gettext so we can get `envsubst`, then throw
- # the rest away. To do this, we need to install `gettext`
- # then move `envsubst` out of the way so `gettext` can
- # be deleted completely, then move `envsubst` back.
- && apk add --no-cache --virtual .gettext gettext \
- && mv /usr/bin/envsubst /tmp/ \
- \
- && runDeps="$( \
- scanelf --needed --nobanner --format '%n#p' /usr/sbin/nginx /usr/lib/nginx/modules/*.so /tmp/envsubst \
- | tr ',' '\n' \
- | sort -u \
- | awk 'system("[ -e /usr/local/lib/" $1 " ]") == 0 { next } { print "so:" $1 }' \
- )" \
- && apk add --no-cache --virtual .nginx-rundeps $runDeps \
- && apk del .build-deps \
- && apk del .gettext \
- && mv /tmp/envsubst /usr/local/bin/ \
- \
- # Bring in tzdata so users could set the timezones through the environment
- # variables
- && apk add --no-cache tzdata \
- \
- # forward request and error logs to docker log collector
- && ln -sf /dev/stdout /var/log/nginx/access.log \
- && ln -sf /dev/stderr /var/log/nginx/error.log
-
-COPY nginx.conf /etc/nginx/nginx.conf
-COPY nginx.vh.default.conf /etc/nginx/conf.d/default.conf
+RUN set -x \
+ && apkArch="$(cat /etc/apk/arch)" \
+ && nginxPackages=" \
+ nginx=${NGINX_VERSION}-r${PKG_RELEASE} \
+ nginx-module-xslt=${NGINX_VERSION}-r${PKG_RELEASE} \
+ nginx-module-geoip=${NGINX_VERSION}-r${PKG_RELEASE} \
+ nginx-module-image-filter=${NGINX_VERSION}-r${PKG_RELEASE} \
+ nginx-module-njs=${NJS_VERSION}-r${PKG_RELEASE} \
+ " \
+ && case "$apkArch" in \
+ x86_64) \
+# arches officially built by upstream
+ set -x \
+ && KEY_SHA512="e7fa8303923d9b95db37a77ad46c68fd4755ff935d0a534d26eba83de193c76166c68bfe7f65471bf8881004ef4aa6df3e34689c305662750c0172fca5d8552a *stdin" \
+ && apk add --no-cache --virtual .cert-deps \
+ openssl curl ca-certificates \
+ && curl -o /tmp/nginx_signing.rsa.pub https://nginx.org/keys/nginx_signing.rsa.pub \
+ && if [ "$(openssl rsa -pubin -in /tmp/nginx_signing.rsa.pub -text -noout | openssl sha512 -r)" = "$KEY_SHA512" ]; then \
+ echo "key verification succeeded!"; \
+ mv /tmp/nginx_signing.rsa.pub /etc/apk/keys/; \
+ else \
+ echo "key verification failed!"; \
+ exit 1; \
+ fi \
+ && printf "%s%s%s\n" \
+ "http://nginx.org/packages/alpine/v" \
+ `egrep -o '^[0-9]+\.[0-9]+' /etc/alpine-release` \
+ "/main" \
+ | tee -a /etc/apk/repositories \
+ && apk del .cert-deps \
+ ;; \
+ *) \
+# we're on an architecture upstream doesn't officially build for
+# let's build binaries from the published packaging sources
+ set -x \
+ && tempDir="$(mktemp -d)" \
+ && chown nobody:nobody $tempDir \
+ && apk add --no-cache --virtual .build-deps \
+ gcc \
+ libc-dev \
+ make \
+ openssl-dev \
+ pcre-dev \
+ zlib-dev \
+ linux-headers \
+ libxslt-dev \
+ gd-dev \
+ geoip-dev \
+ perl-dev \
+ libedit-dev \
+ mercurial \
+ bash \
+ alpine-sdk \
+ findutils \
+ && su - nobody -s /bin/sh -c " \
+ export HOME=${tempDir} \
+ && cd ${tempDir} \
+ && hg clone https://hg.nginx.org/pkg-oss \
+ && cd pkg-oss \
+# fixme: needs to check out a tag on the next 1.14 release
+ && hg up stable-1.14 \
+ && echo hg up ${NGINX_VERSION}-${PKG_RELEASE} \
+ && cd alpine \
+ && make all \
+ && apk index -o ${tempDir}/packages/alpine/${apkArch}/APKINDEX.tar.gz ${tempDir}/packages/alpine/${apkArch}/*.apk \
+ && abuild-sign -k ${tempDir}/.abuild/abuild-key.rsa ${tempDir}/packages/alpine/${apkArch}/APKINDEX.tar.gz \
+ " \
+ && echo "${tempDir}/packages/alpine/" >> /etc/apk/repositories \
+ && cp ${tempDir}/.abuild/abuild-key.rsa.pub /etc/apk/keys/ \
+ && apk del .build-deps \
+ ;; \
+ esac \
+ && apk add --no-cache $nginxPackages \
+# if we have leftovers from building, let's purge them (including extra, unnecessary build deps)
+ && if [ -n "$tempDir" ]; then rm -rf "$tempDir"; fi \
+ && if [ -n "/etc/apk/keys/abuild-key.rsa.pub" ]; then rm -f /etc/apk/keys/abuild-key.rsa.pub; fi \
+ && if [ -n "/etc/apk/keys/nginx_signing.rsa.pub" ]; then rm -f /etc/apk/keys/nginx_signing.rsa.pub; fi \
+# remove the last line with the packages repos in the repositories file
+ && sed -i '$ d' /etc/apk/repositories \
+# Bring in gettext so we can get `envsubst`, then throw
+# the rest away. To do this, we need to install `gettext`
+# then move `envsubst` out of the way so `gettext` can
+# be deleted completely, then move `envsubst` back.
+ && apk add --no-cache --virtual .gettext gettext \
+ && mv /usr/bin/envsubst /tmp/ \
+ \
+ && runDeps="$( \
+ scanelf --needed --nobanner /tmp/envsubst \
+ | awk '{ gsub(/,/, "\nso:", $2); print "so:" $2 }' \
+ | sort -u \
+ | xargs -r apk info --installed \
+ | sort -u \
+ )" \
+ && apk add --no-cache $runDeps \
+ && apk del .gettext \
+ && mv /tmp/envsubst /usr/local/bin/ \
+# Bring in tzdata so users could set the timezones through the environment
+# variables
+ && apk add --no-cache tzdata \
+# forward request and error logs to docker log collector
+ && ln -sf /dev/stdout /var/log/nginx/access.log \
+ && ln -sf /dev/stderr /var/log/nginx/error.log
EXPOSE 80
diff --git a/stable/alpine/nginx.conf b/stable/alpine/nginx.conf
deleted file mode 100644
index e4bad8dbc50c959b34975ac78088239d74f0055b..0000000000000000000000000000000000000000
--- a/stable/alpine/nginx.conf
+++ /dev/null
@@ -1,32 +0,0 @@
-
-user nginx;
-worker_processes 1;
-
-error_log /var/log/nginx/error.log warn;
-pid /var/run/nginx.pid;
-
-
-events {
- worker_connections 1024;
-}
-
-
-http {
- include /etc/nginx/mime.types;
- default_type application/octet-stream;
-
- log_format main '$remote_addr - $remote_user [$time_local] "$request" '
- '$status $body_bytes_sent "$http_referer" '
- '"$http_user_agent" "$http_x_forwarded_for"';
-
- access_log /var/log/nginx/access.log main;
-
- sendfile on;
- #tcp_nopush on;
-
- keepalive_timeout 65;
-
- #gzip on;
-
- include /etc/nginx/conf.d/*.conf;
-}
diff --git a/stable/alpine/nginx.vh.default.conf b/stable/alpine/nginx.vh.default.conf
deleted file mode 100644
index 299c622a730bf2cc1ab7fb9f39815d16edfed18d..0000000000000000000000000000000000000000
--- a/stable/alpine/nginx.vh.default.conf
+++ /dev/null
@@ -1,45 +0,0 @@
-server {
- listen 80;
- server_name localhost;
-
- #charset koi8-r;
- #access_log /var/log/nginx/host.access.log main;
-
- location / {
- root /usr/share/nginx/html;
- index index.html index.htm;
- }
-
- #error_page 404 /404.html;
-
- # redirect server error pages to the static page /50x.html
- #
- error_page 500 502 503 504 /50x.html;
- location = /50x.html {
- root /usr/share/nginx/html;
- }
-
- # proxy the PHP scripts to Apache listening on 127.0.0.1:80
- #
- #location ~ \.php$ {
- # proxy_pass http://127.0.0.1;
- #}
-
- # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
- #
- #location ~ \.php$ {
- # root html;
- # fastcgi_pass 127.0.0.1:9000;
- # fastcgi_index index.php;
- # fastcgi_param SCRIPT_FILENAME /scripts$fastcgi_script_name;
- # include fastcgi_params;
- #}
-
- # deny access to .htaccess files, if Apache's document root
- # concurs with nginx's one
- #
- #location ~ /\.ht {
- # deny all;
- #}
-}
-