90 lines
2.4 KiB
Docker
90 lines
2.4 KiB
Docker
FROM nginx
|
|
|
|
# set work dir
|
|
WORKDIR /etc/nginx/
|
|
|
|
# Set build shell to bash, default has has some issues sometimes
|
|
SHELL ["/bin/bash", "-c"]
|
|
|
|
# Update packges, remove nginx, default configs and install nginx-extras and other required packages
|
|
RUN apt-get update \
|
|
&& apt-get upgrade -y \
|
|
&& apt-get purge nginx -y \
|
|
&& rm -rvf /etc/default/nginx /etc/init.d/nginx /etc/init.d/nginx /etc/nginx/ \
|
|
&& apt-get install -y --no-install-recommends \
|
|
nginx-extras \
|
|
iputils-ping \
|
|
ca-certificates \
|
|
wget \
|
|
curl \
|
|
nano \
|
|
vim \
|
|
locales \
|
|
&& apt-get autoremove -y \
|
|
&& apt-get clean -y \
|
|
&& sed -i 's/^# \(set linenumbers\|set autoindent\)/\1/' /etc/nanorc
|
|
|
|
# Set environment variables and generate locale for locale
|
|
ENV LANG en_US.UTF-8
|
|
ENV LANGUAGE en_US:en
|
|
ENV LC_ALL en_US.UTF-8
|
|
RUN sed -i '/en_US.UTF-8/s/^# //g' /etc/locale.gen \
|
|
&& locale-gen
|
|
|
|
# Generate fake ssl to drop invalid connections and generate default configs
|
|
RUN mkdir -pv /etc/nginx/ssl/ \
|
|
&& echo -e "\n\n\n\n\n\n" | openssl req -x509 -nodes -days 36500 -newkey rsa:2048 -keyout /etc/nginx/ssl/drop.key -out /etc/nginx/ssl/drop.crt \
|
|
&& rm -v /etc/nginx/sites-enabled/default \
|
|
&& echo 'server { \
|
|
listen 80 default_server; \
|
|
listen [::]:80 default_server; \
|
|
listen 443 ssl default_server; \
|
|
listen [::]:443 ssl default_server; \
|
|
\
|
|
ssl_certificate /etc/nginx/ssl/drop.crt; \
|
|
ssl_certificate_key /etc/nginx/ssl/drop.key; \
|
|
\
|
|
return 444; \
|
|
}' > /etc/nginx/conf.d/drop.conf \
|
|
&& echo 'user www-data; \
|
|
worker_processes auto; \
|
|
pid /run/nginx.pid; \
|
|
error_log /dev/sdtout; \
|
|
include /etc/nginx/modules-enabled/*.conf; \
|
|
\
|
|
events { \
|
|
worker_connections 768; \
|
|
} \
|
|
\
|
|
http { \
|
|
sendfile on; \
|
|
tcp_nopush on; \
|
|
types_hash_max_size 2048; \
|
|
\
|
|
include /etc/nginx/mime.types; \
|
|
default_type application/octet-stream; \
|
|
\
|
|
ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3; \
|
|
ssl_prefer_server_ciphers on; \
|
|
\
|
|
access_log /dev/stdout; \
|
|
\
|
|
include /etc/nginx/conf.d/*.conf; \
|
|
include /etc/nginx/sites-enabled/*; \
|
|
}' \
|
|
> /etc/nginx/nginx.conf
|
|
|
|
|
|
|
|
# Install ngxtop
|
|
RUN apt-get -y --no-install-recommends install python-is-python3 pipx \
|
|
&& pipx install ngxtop \
|
|
&& rm -rf ~/.cache/ \
|
|
&& apt-get auto-remove -y \
|
|
&& apt-get clean -y
|
|
|
|
# clean up
|
|
RUN rm -rfv /var/lib/apt/lists /var/lib/dpkg/info /docker-entrypoint.d /docker-entrypoint.sh
|
|
ENTRYPOINT []
|
|
CMD ["nginx", "-g", "daemon off;"]
|