nginx: introduced another variant: alpine-slim and updated to 1.23.3.

[thresheek]

alpine-slim is currently only enabled for mainline images. Will propagate to stable when there is a new release.

Refs:

• Could we remove curl from nginx images (again)? nginxinc/docker-nginx#681
• Remove curl and wget from the container. nginxinc/docker-nginx-unprivileged#63

[thresheek]

Supersedes #13392

[github-actions]

Diff for 971d6eb:

diff --git a/_bashbrew-cat b/_bashbrew-cat
index 92c8522..7bb5a0a 100644
--- a/_bashbrew-cat
+++ b/_bashbrew-cat
@@ -21,22 +21,27 @@ Architectures: amd64, arm32v5, arm32v7, arm64v8, i386, mips64le, ppc64le, s390x
 GitCommit: fef51235521d1cdf8b05d8cb1378a526d2abf421
 Directory: stable/debian-perl
 
-Tags: 1.23.2, mainline, 1, 1.23, latest
+Tags: 1.23.3, mainline, 1, 1.23, latest
 Architectures: amd64, arm32v5, arm32v7, arm64v8, i386, mips64le, ppc64le, s390x
-GitCommit: fef51235521d1cdf8b05d8cb1378a526d2abf421
+GitCommit: 5ce65c3efd395ee2d82d32670f233140e92dba99
 Directory: mainline/debian
 
-Tags: 1.23.2-alpine, mainline-alpine, 1-alpine, 1.23-alpine, alpine
+Tags: 1.23.3-alpine-slim, mainline-alpine-slim, 1-alpine-slim, 1.23-alpine-slim, alpine-slim
 Architectures: amd64, arm32v6, arm32v7, arm64v8, i386, ppc64le, s390x
-GitCommit: fef51235521d1cdf8b05d8cb1378a526d2abf421
+GitCommit: 5ce65c3efd395ee2d82d32670f233140e92dba99
+Directory: mainline/alpine-slim
+
+Tags: 1.23.3-perl, mainline-perl, 1-perl, 1.23-perl, perl
+Architectures: amd64, arm32v5, arm32v7, arm64v8, i386, mips64le, ppc64le, s390x
+GitCommit: 5ce65c3efd395ee2d82d32670f233140e92dba99
+Directory: mainline/debian-perl
+
+Tags: 1.23.3-alpine, mainline-alpine, 1-alpine, 1.23-alpine, alpine
+Architectures: amd64, arm32v6, arm32v7, arm64v8, i386, ppc64le, s390x
+GitCommit: 5ce65c3efd395ee2d82d32670f233140e92dba99
 Directory: mainline/alpine
 
-Tags: 1.23.2-alpine-perl, mainline-alpine-perl, 1-alpine-perl, 1.23-alpine-perl, alpine-perl
+Tags: 1.23.3-alpine-perl, mainline-alpine-perl, 1-alpine-perl, 1.23-alpine-perl, alpine-perl
 Architectures: amd64, arm32v6, arm32v7, arm64v8, i386, ppc64le, s390x
-GitCommit: fef51235521d1cdf8b05d8cb1378a526d2abf421
+GitCommit: 5ce65c3efd395ee2d82d32670f233140e92dba99
 Directory: mainline/alpine-perl
-
-Tags: 1.23.2-perl, mainline-perl, 1-perl, 1.23-perl, perl
-Architectures: amd64, arm32v5, arm32v7, arm64v8, i386, mips64le, ppc64le, s390x
-GitCommit: fef51235521d1cdf8b05d8cb1378a526d2abf421
-Directory: mainline/debian-perl
diff --git a/_bashbrew-list b/_bashbrew-list
index 8c428db..7db67a1 100644
--- a/_bashbrew-list
+++ b/_bashbrew-list
@@ -1,6 +1,7 @@
 nginx:1
 nginx:1-alpine
 nginx:1-alpine-perl
+nginx:1-alpine-slim
 nginx:1-perl
 nginx:1.22
 nginx:1.22-alpine
@@ -13,17 +14,21 @@ nginx:1.22.1-perl
 nginx:1.23
 nginx:1.23-alpine
 nginx:1.23-alpine-perl
+nginx:1.23-alpine-slim
 nginx:1.23-perl
-nginx:1.23.2
-nginx:1.23.2-alpine
-nginx:1.23.2-alpine-perl
-nginx:1.23.2-perl
+nginx:1.23.3
+nginx:1.23.3-alpine
+nginx:1.23.3-alpine-perl
+nginx:1.23.3-alpine-slim
+nginx:1.23.3-perl
 nginx:alpine
 nginx:alpine-perl
+nginx:alpine-slim
 nginx:latest
 nginx:mainline
 nginx:mainline-alpine
 nginx:mainline-alpine-perl
+nginx:mainline-alpine-slim
 nginx:mainline-perl
 nginx:perl
 nginx:stable
diff --git a/nginx_alpine-perl/Dockerfile b/nginx_alpine-perl/Dockerfile
index 0308d51..4cc786d 100644
--- a/nginx_alpine-perl/Dockerfile
+++ b/nginx_alpine-perl/Dockerfile
@@ -3,18 +3,9 @@
 #
 # PLEASE DO NOT EDIT IT DIRECTLY.
 #
-FROM alpine:3.16
-
-LABEL maintainer="NGINX Docker Maintainers <docker-maint@nginx.com>"
-
-ENV NGINX_VERSION 1.23.2
-ENV NJS_VERSION   0.7.7
-ENV PKG_RELEASE   1
+FROM nginx:1.23.3-alpine
 
 RUN set -x \
-# create nginx user/group first, to be consistent throughout docker variants
-    && addgroup -g 101 -S nginx \
-    && adduser -S -D -H -u 101 -h /var/cache/nginx -s /sbin/nologin -G nginx -g nginx nginx \
     && apkArch="$(cat /etc/apk/arch)" \
     && nginxPackages=" \
         nginx=${NGINX_VERSION}-r${PKG_RELEASE} \
@@ -31,9 +22,9 @@ RUN set -x \
         x86_64|aarch64) \
 # arches officially built by upstream
             set -x \
-            && KEY_SHA512="e7fa8303923d9b95db37a77ad46c68fd4755ff935d0a534d26eba83de193c76166c68bfe7f65471bf8881004ef4aa6df3e34689c305662750c0172fca5d8552a *stdin" \
+            && KEY_SHA512="e09fa32f0a0eab2b879ccbbc4d0e4fb9751486eedda75e35fac65802cc9faa266425edf83e261137a2f4d16281ce2c1a5f4502930fe75154723da014214f0655" \
             && wget -O /tmp/nginx_signing.rsa.pub https://nginx.org/keys/nginx_signing.rsa.pub \
-            && if [ "$(openssl rsa -pubin -in /tmp/nginx_signing.rsa.pub -text -noout | openssl sha512 -r)" = "$KEY_SHA512" ]; then \
+            && if echo "$KEY_SHA512 */tmp/nginx_signing.rsa.pub" | sha512sum -c -; then \
                 echo "key verification succeeded!"; \
                 mv /tmp/nginx_signing.rsa.pub /etc/apk/keys/; \
             else \
@@ -56,11 +47,7 @@ RUN set -x \
                 pcre2-dev \
                 zlib-dev \
                 linux-headers \
-                libxslt-dev \
-                gd-dev \
-                geoip-dev \
                 perl-dev \
-                libedit-dev \
                 bash \
                 alpine-sdk \
                 findutils \
@@ -68,7 +55,7 @@ RUN set -x \
                 export HOME=${tempDir} \
                 && cd ${tempDir} \
                 && curl -f -O https://hg.nginx.org/pkg-oss/archive/${NGINX_VERSION}-${PKG_RELEASE}.tar.gz \
-                && PKGOSSCHECKSUM=\"98d244d5dea3f0c49692843b1857e21dc7353e749f9ff8a526036a3beeea299e156183b6a98070ffc68a23d191e1f24c577d7ea874f8cc27ce01f4dc832658b6 *${NGINX_VERSION}-${PKG_RELEASE}.tar.gz\" \
+                && PKGOSSCHECKSUM=\"52a80f6c3b3914462f8a0b2fbadea950bcd79c1bd528386aff4c28d5a80c6920d783575a061a47b60fea800eef66bf5a0178a137ea51c37277fe9c2779715990 *${NGINX_VERSION}-${PKG_RELEASE}.tar.gz\" \
                 && if [ \"\$(openssl sha512 -r ${NGINX_VERSION}-${PKG_RELEASE}.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then \
                     echo \"pkg-oss tarball checksum verification succeeded!\"; \
                 else \
@@ -78,7 +65,7 @@ RUN set -x \
                 && tar xzvf ${NGINX_VERSION}-${PKG_RELEASE}.tar.gz \
                 && cd pkg-oss-${NGINX_VERSION}-${PKG_RELEASE} \
                 && cd alpine \
-                && make all \
+                && make module-perl \
                 && apk index -o ${tempDir}/packages/alpine/${apkArch}/APKINDEX.tar.gz ${tempDir}/packages/alpine/${apkArch}/*.apk \
                 && abuild-sign -k ${tempDir}/.abuild/abuild-key.rsa ${tempDir}/packages/alpine/${apkArch}/APKINDEX.tar.gz \
                 " \
@@ -92,43 +79,4 @@ RUN set -x \
 # if we have leftovers from building, let's purge them (including extra, unnecessary build deps)
     && if [ -n "$tempDir" ]; then rm -rf "$tempDir"; fi \
     && if [ -n "/etc/apk/keys/abuild-key.rsa.pub" ]; then rm -f /etc/apk/keys/abuild-key.rsa.pub; fi \
-    && if [ -n "/etc/apk/keys/nginx_signing.rsa.pub" ]; then rm -f /etc/apk/keys/nginx_signing.rsa.pub; fi \
-# Bring in gettext so we can get `envsubst`, then throw
-# the rest away. To do this, we need to install `gettext`
-# then move `envsubst` out of the way so `gettext` can
-# be deleted completely, then move `envsubst` back.
-    && apk add --no-cache --virtual .gettext gettext \
-    && mv /usr/bin/envsubst /tmp/ \
-    \
-    && runDeps="$( \
-        scanelf --needed --nobanner /tmp/envsubst \
-            | awk '{ gsub(/,/, "\nso:", $2); print "so:" $2 }' \
-            | sort -u \
-            | xargs -r apk info --installed \
-            | sort -u \
-    )" \
-    && apk add --no-cache $runDeps \
-    && apk del .gettext \
-    && mv /tmp/envsubst /usr/local/bin/ \
-# Bring in tzdata so users could set the timezones through the environment
-# variables
-    && apk add --no-cache tzdata \
-# Bring in curl and ca-certificates to make registering on DNS SD easier
-    && apk add --no-cache curl ca-certificates \
-# forward request and error logs to docker log collector
-    && ln -sf /dev/stdout /var/log/nginx/access.log \
-    && ln -sf /dev/stderr /var/log/nginx/error.log \
-# create a docker-entrypoint.d directory
-    && mkdir /docker-entrypoint.d
-
-COPY docker-entrypoint.sh /
-COPY 10-listen-on-ipv6-by-default.sh /docker-entrypoint.d
-COPY 20-envsubst-on-templates.sh /docker-entrypoint.d
-COPY 30-tune-worker-processes.sh /docker-entrypoint.d
-ENTRYPOINT ["/docker-entrypoint.sh"]
-
-EXPOSE 80
-
-STOPSIGNAL SIGQUIT
-
-CMD ["nginx", "-g", "daemon off;"]
+    && if [ -n "/etc/apk/keys/nginx_signing.rsa.pub" ]; then rm -f /etc/apk/keys/nginx_signing.rsa.pub; fi
diff --git a/nginx_alpine-perl/10-listen-on-ipv6-by-default.sh b/nginx_alpine-slim/10-listen-on-ipv6-by-default.sh
similarity index 100%
rename from nginx_alpine-perl/10-listen-on-ipv6-by-default.sh
rename to nginx_alpine-slim/10-listen-on-ipv6-by-default.sh
diff --git a/nginx_alpine-perl/20-envsubst-on-templates.sh b/nginx_alpine-slim/20-envsubst-on-templates.sh
similarity index 100%
rename from nginx_alpine-perl/20-envsubst-on-templates.sh
rename to nginx_alpine-slim/20-envsubst-on-templates.sh
diff --git a/nginx_alpine-perl/30-tune-worker-processes.sh b/nginx_alpine-slim/30-tune-worker-processes.sh
similarity index 100%
rename from nginx_alpine-perl/30-tune-worker-processes.sh
rename to nginx_alpine-slim/30-tune-worker-processes.sh
diff --git a/nginx_alpine/Dockerfile b/nginx_alpine-slim/Dockerfile
similarity index 81%
copy from nginx_alpine/Dockerfile
copy to nginx_alpine-slim/Dockerfile
index 7aebcf8..89ad641 100644
--- a/nginx_alpine/Dockerfile
+++ b/nginx_alpine-slim/Dockerfile
@@ -3,12 +3,11 @@
 #
 # PLEASE DO NOT EDIT IT DIRECTLY.
 #
-FROM alpine:3.16
+FROM alpine:3.17
 
 LABEL maintainer="NGINX Docker Maintainers <docker-maint@nginx.com>"
 
-ENV NGINX_VERSION 1.23.2
-ENV NJS_VERSION   0.7.7
+ENV NGINX_VERSION 1.23.3
 ENV PKG_RELEASE   1
 
 RUN set -x \
@@ -18,10 +17,6 @@ RUN set -x \
     && apkArch="$(cat /etc/apk/arch)" \
     && nginxPackages=" \
         nginx=${NGINX_VERSION}-r${PKG_RELEASE} \
-        nginx-module-xslt=${NGINX_VERSION}-r${PKG_RELEASE} \
-        nginx-module-geoip=${NGINX_VERSION}-r${PKG_RELEASE} \
-        nginx-module-image-filter=${NGINX_VERSION}-r${PKG_RELEASE} \
-        nginx-module-njs=${NGINX_VERSION}.${NJS_VERSION}-r${PKG_RELEASE} \
     " \
 # install prerequisites for public key and pkg-oss checks
     && apk add --no-cache --virtual .checksum-deps \
@@ -30,9 +25,9 @@ RUN set -x \
         x86_64|aarch64) \
 # arches officially built by upstream
             set -x \
-            && KEY_SHA512="e7fa8303923d9b95db37a77ad46c68fd4755ff935d0a534d26eba83de193c76166c68bfe7f65471bf8881004ef4aa6df3e34689c305662750c0172fca5d8552a *stdin" \
+            && KEY_SHA512="e09fa32f0a0eab2b879ccbbc4d0e4fb9751486eedda75e35fac65802cc9faa266425edf83e261137a2f4d16281ce2c1a5f4502930fe75154723da014214f0655" \
             && wget -O /tmp/nginx_signing.rsa.pub https://nginx.org/keys/nginx_signing.rsa.pub \
-            && if [ "$(openssl rsa -pubin -in /tmp/nginx_signing.rsa.pub -text -noout | openssl sha512 -r)" = "$KEY_SHA512" ]; then \
+            && if echo "$KEY_SHA512 */tmp/nginx_signing.rsa.pub" | sha512sum -c -; then \
                 echo "key verification succeeded!"; \
                 mv /tmp/nginx_signing.rsa.pub /etc/apk/keys/; \
             else \
@@ -55,11 +50,6 @@ RUN set -x \
                 pcre2-dev \
                 zlib-dev \
                 linux-headers \
-                libxslt-dev \
-                gd-dev \
-                geoip-dev \
-                perl-dev \
-                libedit-dev \
                 bash \
                 alpine-sdk \
                 findutils \
@@ -67,7 +57,7 @@ RUN set -x \
                 export HOME=${tempDir} \
                 && cd ${tempDir} \
                 && curl -f -O https://hg.nginx.org/pkg-oss/archive/${NGINX_VERSION}-${PKG_RELEASE}.tar.gz \
-                && PKGOSSCHECKSUM=\"98d244d5dea3f0c49692843b1857e21dc7353e749f9ff8a526036a3beeea299e156183b6a98070ffc68a23d191e1f24c577d7ea874f8cc27ce01f4dc832658b6 *${NGINX_VERSION}-${PKG_RELEASE}.tar.gz\" \
+                && PKGOSSCHECKSUM=\"52a80f6c3b3914462f8a0b2fbadea950bcd79c1bd528386aff4c28d5a80c6920d783575a061a47b60fea800eef66bf5a0178a137ea51c37277fe9c2779715990 *${NGINX_VERSION}-${PKG_RELEASE}.tar.gz\" \
                 && if [ \"\$(openssl sha512 -r ${NGINX_VERSION}-${PKG_RELEASE}.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then \
                     echo \"pkg-oss tarball checksum verification succeeded!\"; \
                 else \
@@ -77,7 +67,7 @@ RUN set -x \
                 && tar xzvf ${NGINX_VERSION}-${PKG_RELEASE}.tar.gz \
                 && cd pkg-oss-${NGINX_VERSION}-${PKG_RELEASE} \
                 && cd alpine \
-                && make all \
+                && make base \
                 && apk index -o ${tempDir}/packages/alpine/${apkArch}/APKINDEX.tar.gz ${tempDir}/packages/alpine/${apkArch}/*.apk \
                 && abuild-sign -k ${tempDir}/.abuild/abuild-key.rsa ${tempDir}/packages/alpine/${apkArch}/APKINDEX.tar.gz \
                 " \
@@ -112,8 +102,6 @@ RUN set -x \
 # Bring in tzdata so users could set the timezones through the environment
 # variables
     && apk add --no-cache tzdata \
-# Bring in curl and ca-certificates to make registering on DNS SD easier
-    && apk add --no-cache curl ca-certificates \
 # forward request and error logs to docker log collector
     && ln -sf /dev/stdout /var/log/nginx/access.log \
     && ln -sf /dev/stderr /var/log/nginx/error.log \
diff --git a/nginx_alpine-perl/docker-entrypoint.sh b/nginx_alpine-slim/docker-entrypoint.sh
similarity index 100%
rename from nginx_alpine-perl/docker-entrypoint.sh
rename to nginx_alpine-slim/docker-entrypoint.sh
diff --git a/nginx_alpine/10-listen-on-ipv6-by-default.sh b/nginx_alpine/10-listen-on-ipv6-by-default.sh
deleted file mode 100755
index b265586..0000000
diff --git a/nginx_alpine/20-envsubst-on-templates.sh b/nginx_alpine/20-envsubst-on-templates.sh
deleted file mode 100755
index d0398b1..0000000
diff --git a/nginx_alpine/30-tune-worker-processes.sh b/nginx_alpine/30-tune-worker-processes.sh
deleted file mode 100755
index 9aa42e9..0000000
diff --git a/nginx_alpine/Dockerfile b/nginx_alpine/Dockerfile
index 7aebcf8..68eacfd 100644
--- a/nginx_alpine/Dockerfile
+++ b/nginx_alpine/Dockerfile
@@ -3,18 +3,11 @@
 #
 # PLEASE DO NOT EDIT IT DIRECTLY.
 #
-FROM alpine:3.16
+FROM nginx:1.23.3-alpine-slim
 
-LABEL maintainer="NGINX Docker Maintainers <docker-maint@nginx.com>"
-
-ENV NGINX_VERSION 1.23.2
-ENV NJS_VERSION   0.7.7
-ENV PKG_RELEASE   1
+ENV NJS_VERSION   0.7.9
 
 RUN set -x \
-# create nginx user/group first, to be consistent throughout docker variants
-    && addgroup -g 101 -S nginx \
-    && adduser -S -D -H -u 101 -h /var/cache/nginx -s /sbin/nologin -G nginx -g nginx nginx \
     && apkArch="$(cat /etc/apk/arch)" \
     && nginxPackages=" \
         nginx=${NGINX_VERSION}-r${PKG_RELEASE} \
@@ -30,9 +23,9 @@ RUN set -x \
         x86_64|aarch64) \
 # arches officially built by upstream
             set -x \
-            && KEY_SHA512="e7fa8303923d9b95db37a77ad46c68fd4755ff935d0a534d26eba83de193c76166c68bfe7f65471bf8881004ef4aa6df3e34689c305662750c0172fca5d8552a *stdin" \
+            && KEY_SHA512="e09fa32f0a0eab2b879ccbbc4d0e4fb9751486eedda75e35fac65802cc9faa266425edf83e261137a2f4d16281ce2c1a5f4502930fe75154723da014214f0655" \
             && wget -O /tmp/nginx_signing.rsa.pub https://nginx.org/keys/nginx_signing.rsa.pub \
-            && if [ "$(openssl rsa -pubin -in /tmp/nginx_signing.rsa.pub -text -noout | openssl sha512 -r)" = "$KEY_SHA512" ]; then \
+            && if echo "$KEY_SHA512 */tmp/nginx_signing.rsa.pub" | sha512sum -c -; then \
                 echo "key verification succeeded!"; \
                 mv /tmp/nginx_signing.rsa.pub /etc/apk/keys/; \
             else \
@@ -58,7 +51,6 @@ RUN set -x \
                 libxslt-dev \
                 gd-dev \
                 geoip-dev \
-                perl-dev \
                 libedit-dev \
                 bash \
                 alpine-sdk \
@@ -67,7 +59,7 @@ RUN set -x \
                 export HOME=${tempDir} \
                 && cd ${tempDir} \
                 && curl -f -O https://hg.nginx.org/pkg-oss/archive/${NGINX_VERSION}-${PKG_RELEASE}.tar.gz \
-                && PKGOSSCHECKSUM=\"98d244d5dea3f0c49692843b1857e21dc7353e749f9ff8a526036a3beeea299e156183b6a98070ffc68a23d191e1f24c577d7ea874f8cc27ce01f4dc832658b6 *${NGINX_VERSION}-${PKG_RELEASE}.tar.gz\" \
+                && PKGOSSCHECKSUM=\"52a80f6c3b3914462f8a0b2fbadea950bcd79c1bd528386aff4c28d5a80c6920d783575a061a47b60fea800eef66bf5a0178a137ea51c37277fe9c2779715990 *${NGINX_VERSION}-${PKG_RELEASE}.tar.gz\" \
                 && if [ \"\$(openssl sha512 -r ${NGINX_VERSION}-${PKG_RELEASE}.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then \
                     echo \"pkg-oss tarball checksum verification succeeded!\"; \
                 else \
@@ -77,7 +69,7 @@ RUN set -x \
                 && tar xzvf ${NGINX_VERSION}-${PKG_RELEASE}.tar.gz \
                 && cd pkg-oss-${NGINX_VERSION}-${PKG_RELEASE} \
                 && cd alpine \
-                && make all \
+                && make module-geoip module-image-filter module-njs module-xslt \
                 && apk index -o ${tempDir}/packages/alpine/${apkArch}/APKINDEX.tar.gz ${tempDir}/packages/alpine/${apkArch}/*.apk \
                 && abuild-sign -k ${tempDir}/.abuild/abuild-key.rsa ${tempDir}/packages/alpine/${apkArch}/APKINDEX.tar.gz \
                 " \
@@ -92,42 +84,5 @@ RUN set -x \
     && if [ -n "$tempDir" ]; then rm -rf "$tempDir"; fi \
     && if [ -n "/etc/apk/keys/abuild-key.rsa.pub" ]; then rm -f /etc/apk/keys/abuild-key.rsa.pub; fi \
     && if [ -n "/etc/apk/keys/nginx_signing.rsa.pub" ]; then rm -f /etc/apk/keys/nginx_signing.rsa.pub; fi \
-# Bring in gettext so we can get `envsubst`, then throw
-# the rest away. To do this, we need to install `gettext`
-# then move `envsubst` out of the way so `gettext` can
-# be deleted completely, then move `envsubst` back.
-    && apk add --no-cache --virtual .gettext gettext \
-    && mv /usr/bin/envsubst /tmp/ \
-    \
-    && runDeps="$( \
-        scanelf --needed --nobanner /tmp/envsubst \
-            | awk '{ gsub(/,/, "\nso:", $2); print "so:" $2 }' \
-            | sort -u \
-            | xargs -r apk info --installed \
-            | sort -u \
-    )" \
-    && apk add --no-cache $runDeps \
-    && apk del .gettext \
-    && mv /tmp/envsubst /usr/local/bin/ \
-# Bring in tzdata so users could set the timezones through the environment
-# variables
-    && apk add --no-cache tzdata \
 # Bring in curl and ca-certificates to make registering on DNS SD easier
-    && apk add --no-cache curl ca-certificates \
-# forward request and error logs to docker log collector
-    && ln -sf /dev/stdout /var/log/nginx/access.log \
-    && ln -sf /dev/stderr /var/log/nginx/error.log \
-# create a docker-entrypoint.d directory
-    && mkdir /docker-entrypoint.d
-
-COPY docker-entrypoint.sh /
-COPY 10-listen-on-ipv6-by-default.sh /docker-entrypoint.d
-COPY 20-envsubst-on-templates.sh /docker-entrypoint.d
-COPY 30-tune-worker-processes.sh /docker-entrypoint.d
-ENTRYPOINT ["/docker-entrypoint.sh"]
-
-EXPOSE 80
-
-STOPSIGNAL SIGQUIT
-
-CMD ["nginx", "-g", "daemon off;"]
+    && apk add --no-cache curl ca-certificates
diff --git a/nginx_alpine/docker-entrypoint.sh b/nginx_alpine/docker-entrypoint.sh
deleted file mode 100755
index e201fe6..0000000
diff --git a/nginx_latest/Dockerfile b/nginx_latest/Dockerfile
index cd819d0..01bcfd2 100644
--- a/nginx_latest/Dockerfile
+++ b/nginx_latest/Dockerfile
@@ -7,8 +7,8 @@ FROM debian:bullseye-slim
 
 LABEL maintainer="NGINX Docker Maintainers <docker-maint@nginx.com>"
 
-ENV NGINX_VERSION   1.23.2
-ENV NJS_VERSION     0.7.7
+ENV NGINX_VERSION   1.23.3
+ENV NJS_VERSION     0.7.9
 ENV PKG_RELEASE     1~bullseye
 
 RUN set -x \
diff --git a/nginx_perl/10-listen-on-ipv6-by-default.sh b/nginx_perl/10-listen-on-ipv6-by-default.sh
deleted file mode 100755
index b265586..0000000
diff --git a/nginx_perl/20-envsubst-on-templates.sh b/nginx_perl/20-envsubst-on-templates.sh
deleted file mode 100755
index d0398b1..0000000
diff --git a/nginx_perl/30-tune-worker-processes.sh b/nginx_perl/30-tune-worker-processes.sh
deleted file mode 100755
index 9aa42e9..0000000
diff --git a/nginx_perl/Dockerfile b/nginx_perl/Dockerfile
index 913ee5f..0f671d7 100644
--- a/nginx_perl/Dockerfile
+++ b/nginx_perl/Dockerfile
@@ -3,18 +3,9 @@
 #
 # PLEASE DO NOT EDIT IT DIRECTLY.
 #
-FROM debian:bullseye-slim
-
-LABEL maintainer="NGINX Docker Maintainers <docker-maint@nginx.com>"
-
-ENV NGINX_VERSION   1.23.2
-ENV NJS_VERSION     0.7.7
-ENV PKG_RELEASE     1~bullseye
+FROM nginx:1.23.3
 
 RUN set -x \
-# create nginx user/group first, to be consistent throughout docker variants
-    && addgroup --system --gid 101 nginx \
-    && adduser --system --disabled-login --ingroup nginx --no-create-home --home /nonexistent --gecos "nginx user" --shell /bin/false --uid 101 nginx \
     && apt-get update \
     && apt-get install --no-install-recommends --no-install-suggests -y gnupg1 ca-certificates \
     && \
@@ -59,11 +50,11 @@ RUN set -x \
             \
 # build .deb files from upstream's source packages (which are verified by apt-get)
             && apt-get update \
-            && apt-get build-dep -y $nginxPackages \
+            && apt-get build-dep -y nginx-module-perl=${NGINX_VERSION}-${PKG_RELEASE} \
             && ( \
                 cd "$tempDir" \
                 && DEB_BUILD_OPTIONS="nocheck parallel=$(nproc)" \
-                    apt-get source --compile $nginxPackages \
+                    apt-get source --compile nginx-module-perl=${NGINX_VERSION}-${PKG_RELEASE} \
             ) \
 # we don't remove APT lists here because they get re-downloaded and removed later
             \
@@ -95,21 +86,4 @@ RUN set -x \
     && if [ -n "$tempDir" ]; then \
         apt-get purge -y --auto-remove \
         && rm -rf "$tempDir" /etc/apt/sources.list.d/temp.list; \
-    fi \
-# forward request and error logs to docker log collector
-    && ln -sf /dev/stdout /var/log/nginx/access.log \
-    && ln -sf /dev/stderr /var/log/nginx/error.log \
-# create a docker-entrypoint.d directory
-    && mkdir /docker-entrypoint.d
-
-COPY docker-entrypoint.sh /
-COPY 10-listen-on-ipv6-by-default.sh /docker-entrypoint.d
-COPY 20-envsubst-on-templates.sh /docker-entrypoint.d
-COPY 30-tune-worker-processes.sh /docker-entrypoint.d
-ENTRYPOINT ["/docker-entrypoint.sh"]
-
-EXPOSE 80
-
-STOPSIGNAL SIGQUIT
-
-CMD ["nginx", "-g", "daemon off;"]
+    fi
diff --git a/nginx_perl/docker-entrypoint.sh b/nginx_perl/docker-entrypoint.sh
deleted file mode 100755
index e201fe6..0000000

Relevant Maintainers:

• nginx: @nginxinc

[sambernet]

Awesome! 🎉 🚀
Thanks to everybody that was involved in moving this forward, especially to @thresheek, @tianon and @yosifkit 💪 👍