1+ FROM debian:bullseye-slim
2+
3+ LABEL maintainer="NGINX Docker Maintainers <docker-maint@nginx.com>"
4+
5+ # Define NGINX versions for NGINX Plus and NGINX Plus modules
6+ # Uncomment this block and the versioned nginxPackages block in the main RUN
7+ # instruction to install a specific release
8+ # ENV NGINX_VERSION 29
9+ # ENV NJS_VERSION 0.7.12
10+ # ENV PKG_RELEASE 1~bullseye
11+
12+ # Download certificate and key from the customer portal (https://account.f5.com)
13+ # and copy to the build context
14+ RUN --mount=type=secret,id=nginx-crt,dst=nginx-repo.crt \
15+ --mount=type=secret,id=nginx-key,dst=nginx-repo.key \
16+ set -x \
17+ # Create nginx user/group first, to be consistent throughout Docker variants
18+ && addgroup --system --gid 101 nginx \
19+ && adduser --system --disabled-login --ingroup nginx --no-create-home --home /nonexistent --gecos "nginx user" --shell /bin/false --uid 101 nginx \
20+ && apt-get update \
21+ && apt-get install --no-install-recommends --no-install-suggests -y \
22+ ca-certificates \
23+ gnupg1 \
24+ lsb-release \
25+ && \
26+ NGINX_GPGKEY=573BFD6B3D8FBC641079A6ABABF5BD827BD9BF62; \
27+ NGINX_GPGKEY_PATH=/usr/share/keyrings/nginx-archive-keyring.gpg; \
28+ export GNUPGHOME="$(mktemp -d)"; \
29+ found=''; \
30+ for server in \
31+ hkp://keyserver.ubuntu.com:80 \
32+ pgp.mit.edu \
33+ ; do \
34+ echo "Fetching GPG key $NGINX_GPGKEY from $server"; \
35+ gpg1 --keyserver "$server" --keyserver-options timeout=10 --recv-keys "$NGINX_GPGKEY" && found=yes && break; \
36+ done; \
37+ test -z "$found" && echo >&2 "error: failed to fetch GPG key $NGINX_GPGKEY" && exit 1; \
38+ gpg1 --export "$NGINX_GPGKEY" > "$NGINX_GPGKEY_PATH" ; \
39+ rm -rf "$GNUPGHOME"; \
40+ apt-get remove --purge --auto-remove -y gnupg1 && rm -rf /var/lib/apt/lists/* \
41+ # Install the latest release of NGINX Plus and/or NGINX Plus modules
42+ # Uncomment individual modules if necessary
43+ # Use versioned packages over defaults to specify a release
44+ && nginxPackages=" \
45+ nginx-plus \
46+ # nginx-plus=${NGINX_VERSION}-${PKG_RELEASE} \
47+ # nginx-plus-module-xslt \
48+ # nginx-plus-module-xslt=${NGINX_VERSION}-${PKG_RELEASE} \
49+ # nginx-plus-module-geoip \
50+ # nginx-plus-module-geoip=${NGINX_VERSION}-${PKG_RELEASE} \
51+ # nginx-plus-module-image-filter \
52+ # nginx-plus-module-image-filter=${NGINX_VERSION}-${PKG_RELEASE} \
53+ # nginx-plus-module-perl \
54+ # nginx-plus-module-perl=${NGINX_VERSION}-${PKG_RELEASE} \
55+ # nginx-plus-module-njs \
56+ # nginx-plus-module-njs=${NGINX_VERSION}+${NJS_VERSION}-${PKG_RELEASE} \
57+ " \
58+ && echo "Acquire::https::pkgs.nginx.com::Verify-Peer \"true\";" > /etc/apt/apt.conf.d/90nginx \
59+ && echo "Acquire::https::pkgs.nginx.com::Verify-Host \"true\";" >> /etc/apt/apt.conf.d/90nginx \
60+ && echo "Acquire::https::pkgs.nginx.com::SslCert \"/etc/ssl/nginx/nginx-repo.crt\";" >> /etc/apt/apt.conf.d/90nginx \
61+ && echo "Acquire::https::pkgs.nginx.com::SslKey \"/etc/ssl/nginx/nginx-repo.key\";" >> /etc/apt/apt.conf.d/90nginx \
62+ && printf "deb [signed-by=/usr/share/keyrings/nginx-archive-keyring.gpg] https://pkgs.nginx.com/plus/debian `lsb_release -cs` nginx-plus\n" > /etc/apt/sources.list.d/nginx-plus.list \
63+ && mkdir -p /etc/ssl/nginx \
64+ && cat nginx-repo.crt > /etc/ssl/nginx/nginx-repo.crt \
65+ && cat nginx-repo.key > /etc/ssl/nginx/nginx-repo.key \
66+ && apt-get update \
67+ && apt-get install --no-install-recommends --no-install-suggests -y \
68+ $nginxPackages \
69+ curl \
70+ gettext-base \
71+ && apt-get remove --purge -y lsb-release \
72+ && apt-get remove --purge --auto-remove -y && rm -rf /var/lib/apt/lists/* /etc/apt/sources.list.d/nginx-plus.list \
73+ && rm -rf /etc/apt/apt.conf.d/90nginx /etc/ssl/nginx \
74+ # Forward request logs to Docker log collector
75+ && ln -sf /dev/stdout /var/log/nginx/access.log \
76+ && ln -sf /dev/stderr /var/log/nginx/error.log
77+
78+ EXPOSE 80
79+
80+ STOPSIGNAL SIGQUIT
81+
82+ CMD ["nginx", "-g", "daemon off;"]
0 commit comments