125 lines
4.6 KiB
Docker
125 lines
4.6 KiB
Docker
FROM centos:7
|
|
MAINTAINER Andrey Arapov <andrey.arapov@nixaid.com>
|
|
|
|
WORKDIR /root
|
|
|
|
RUN yum -y install epel-release && \
|
|
yum -y update && \
|
|
yum -y install make gcc pcre-devel zlib-devel \
|
|
inotify-tools \
|
|
glibc-static perl
|
|
|
|
# Compile runit and socklog
|
|
# Deps: glibc-static
|
|
ENV RUNIT_NAME "runit-2.1.2"
|
|
ENV RUNIT_HASH "6fd0160cb0cf1207de4e66754b6d39750cff14bb0aa66ab49490992c0c47ba18"
|
|
ENV SOCKLOG_NAME "socklog-2.1.0"
|
|
ENV SOCKLOG_HASH "aa869a787ee004da4e5509b5a0031bcc17a4ab4ac650c2ce8d4e488123acb455"
|
|
|
|
RUN pushd /opt && \
|
|
curl -#L -o $RUNIT_NAME.tar.gz http://smarden.org/runit/$RUNIT_NAME.tar.gz && \
|
|
sha256sum $RUNIT_NAME.tar.gz |grep -qw $RUNIT_HASH && \
|
|
tar xf $RUNIT_NAME.tar.gz && \
|
|
rm -f $RUNIT_NAME.tar.gz && \
|
|
pushd admin/$RUNIT_NAME && \
|
|
package/install && \
|
|
package/install-man && \
|
|
popd && \
|
|
curl -#L -o $SOCKLOG_NAME.tar.gz http://smarden.org/socklog/$SOCKLOG_NAME.tar.gz && \
|
|
sha256sum $SOCKLOG_NAME.tar.gz |grep -qw $SOCKLOG_HASH && \
|
|
tar xf $SOCKLOG_NAME.tar.gz && \
|
|
rm -f $SOCKLOG_NAME.tar.gz && \
|
|
pushd admin/$SOCKLOG_NAME && \
|
|
package/install && \
|
|
package/install-man && \
|
|
popd && \
|
|
popd
|
|
|
|
|
|
# runit-docker - painlessly use Runit in Docker containers
|
|
RUN curl -#L -o runit-docker.tar.gz https://github.com/pixers/runit-docker/archive/master.tar.gz && \
|
|
tar xf runit-docker.tar.gz && \
|
|
cd runit-docker-master/ && \
|
|
make && \
|
|
make install && \
|
|
sed -i 's;runsvdir;runsvdir -P;g' /sbin/runit-docker
|
|
|
|
|
|
# Global variables
|
|
ENV GPG_KEY_SERVER "pgp.mit.edu"
|
|
|
|
|
|
# Obtain the OpenSSL
|
|
# Deps: perl
|
|
ENV OPENSSL_NAME "openssl-1.0.2h"
|
|
ENV OPENSSL_GPGKEY_FP "8657ABB260F056B1E5190839D9C4D26D0E604491"
|
|
|
|
RUN curl -#L -o $OPENSSL_NAME.tar.gz https://www.openssl.org/source/$OPENSSL_NAME.tar.gz && \
|
|
curl -#L -o $OPENSSL_NAME.tar.gz.asc https://www.openssl.org/source/$OPENSSL_NAME.tar.gz.asc && \
|
|
gpg2 --keyserver $GPG_KEY_SERVER --recv-key $OPENSSL_GPGKEY_FP && \
|
|
gpg2 -v $OPENSSL_NAME.tar.gz.asc && \
|
|
tar xf $OPENSSL_NAME.tar.gz && \
|
|
rm -f $OPENSSL_NAME.tar.gz
|
|
|
|
|
|
# Compile nginx
|
|
# Deps: make gcc openssl-devel(* custom now!) pcre-devel zlib-devel
|
|
ENV NGINX_NAME "nginx-1.10.1"
|
|
ENV NGINX_GPGKEY_FP "B0F4253373F8F6F510D42178520A9993A1C052F8"
|
|
|
|
RUN curl -#L -o $NGINX_NAME.tar.gz https://nginx.org/download/$NGINX_NAME.tar.gz && \
|
|
curl -#L -o $NGINX_NAME.tar.gz.asc https://nginx.org/download/$NGINX_NAME.tar.gz.asc && \
|
|
gpg2 --keyserver $GPG_KEY_SERVER --recv-keys $NGINX_GPGKEY_FP && \
|
|
gpg2 -v $NGINX_NAME.tar.gz.asc && \
|
|
tar xf $NGINX_NAME.tar.gz && \
|
|
rm -f $NGINX_NAME.tar.gz && \
|
|
pushd $NGINX_NAME && \
|
|
./configure --prefix=/usr/share/nginx \
|
|
--sbin-path=/usr/sbin/nginx \
|
|
--conf-path=/etc/nginx/nginx.conf \
|
|
--error-log-path=/var/log/nginx/error.log \
|
|
--http-log-path=/var/log/nginx/access.log \
|
|
--http-client-body-temp-path=/var/lib/nginx/tmp/client_body \
|
|
--http-proxy-temp-path=/var/lib/nginx/tmp/proxy \
|
|
--http-fastcgi-temp-path=/var/lib/nginx/tmp/fastcgi \
|
|
--http-uwsgi-temp-path=/var/lib/nginx/tmp/uwsgi \
|
|
--http-scgi-temp-path=/var/lib/nginx/tmp/scgi \
|
|
--pid-path=/run/nginx.pid \
|
|
--lock-path=/run/lock/subsys/nginx \
|
|
--user=nginx \
|
|
--group=nginx \
|
|
--with-http_ssl_module \
|
|
--with-openssl=../$OPENSSL_NAME \
|
|
--with-openssl-opt="-fPIC" \
|
|
--with-http_v2_module \
|
|
--with-file-aio \
|
|
--with-ipv6 \
|
|
--with-ld-opt="-pie -Wl,-z,relro,-z,now -Wl,--as-needed" \
|
|
--with-cc-opt="-O2 \
|
|
-fPIC \
|
|
-fstack-protector-all \
|
|
--param=ssp-buffer-size=4 \
|
|
-Wformat -Werror=format-security \
|
|
-Wp,-D_FORTIFY_SOURCE=2" && \
|
|
make -j$(nproc) && \
|
|
make install && \
|
|
popd && \
|
|
rm -rf $NGINX_NAME $OPENSSL_NAME
|
|
|
|
|
|
RUN useradd -u 1000 -d /var/lib/nginx -s /sbin/nologin nginx && \
|
|
mkdir -m=0700 -p /etc/nginx/conf.d \
|
|
/var/lib/nginx/tmp/client_body \
|
|
/var/lib/nginx/tmp/fastcgi_temp \
|
|
/var/lib/nginx/tmp/proxy_temp \
|
|
/var/lib/nginx/tmp/scgi_temp \
|
|
/var/lib/nginx/tmp/uwsgi_temp && \
|
|
chown -Rh nginx:root /var/lib/nginx
|
|
|
|
|
|
COPY nginx.conf /etc/nginx/nginx.conf
|
|
COPY service /etc/service/
|
|
RUN chmod +x -- /etc/service/*/run
|
|
|
|
ENTRYPOINT ["/sbin/runit-docker"]
|