nginx

Paddy 2015-06-30 Parent:68478c1bddde

1:ac9c19126939 Go to Latest

nginx/Dockerfile

Make nginx kubernetes-ready. We had to update to use a ubuntu-based image to build nginx into, because (and I kid you not) alpine linux straight-up ignores your resolv.conf file, meaning any attempt to use it with kubernetes DNS is doomed to fail. Who thought this was a good idea? So we're using a bloated image instead. Oh well. We also are running a wrapper script instead of nginx directly, so we can inject the JWT_SECRET environment variable based on a kubernetes secret file. We define the secret file (using a placeholder secret, obvs) so that future-Paddy can remember what the hell it looks like, when he inevitably loses the file and needs to sin up a new cluster. Or whatever. Finally, we updated the token expiration error message to be in an errors array, as God (and our API conventions) intended.

Download raw file
View source Diff to previous Annotate
History
paddy@1 1 FROM ubuntu:trusty
paddy@1 2
paddy@1 3 RUN apt-get update \
paddy@1 4 && apt-get install -y --no-install-recommends \
paddy@1 5 curl perl make build-essential procps \
paddy@1 6 libreadline-dev libncurses5-dev libpcre3-dev libssl-dev \
paddy@1 7 && rm -rf /var/lib/apt/lists/*
paddy@0 8
paddy@0 9 ENV OPENRESTY_VERSION 1.7.10.1
paddy@0 10 ENV OPENRESTY_PREFIX /opt/secondbit
paddy@0 11 ENV NGINX_PREFIX /opt/secondbit/nginx
paddy@0 12 ENV VAR_PREFIX /var/nginx
paddy@0 13
paddy@0 14 # NginX prefix is automatically set by OpenResty to $OPENRESTY_PREFIX/nginx
paddy@0 15 # look for $ngx_prefix in https://github.com/openresty/ngx_openresty/blob/master/util/configure
paddy@0 16
paddy@0 17 ADD nginx-jwt.lua $OPENRESTY_PREFIX/lualib/nginx-jwt.lua
paddy@0 18 ADD jwt-lib/basexx.lua $OPENRESTY_PREFIX/lualib/basexx.lua
paddy@0 19 ADD jwt-lib/resty/hmac.lua $OPENRESTY_PREFIX/lualib/resty/hmac.lua
paddy@0 20 ADD jwt-lib/resty/jwt.lua $OPENRESTY_PREFIX/lualib/resty/jwt.lua
paddy@1 21 ADD wrapper.sh /bin/run.sh
paddy@0 22
paddy@1 23 RUN cd /root \
paddy@0 24 && echo "==> Downloading OpenResty..." \
paddy@0 25 && curl -sSL http://openresty.org/download/ngx_openresty-${OPENRESTY_VERSION}.tar.gz | tar -xvz \
paddy@1 26 && echo "==> Configuring OpenResty..." \
paddy@0 27 && cd ngx_openresty-* \
paddy@0 28 && readonly NPROC=$(grep -c ^processor /proc/cpuinfo 2>/dev/null || 1) \
paddy@0 29 && echo "using upto $NPROC threads" \
paddy@0 30 && ./configure \
paddy@0 31 --prefix=$OPENRESTY_PREFIX \
paddy@0 32 --http-client-body-temp-path=$VAR_PREFIX/client_body_temp \
paddy@0 33 --http-proxy-temp-path=$VAR_PREFIX/proxy_temp \
paddy@0 34 --http-log-path=$VAR_PREFIX/access.log \
paddy@0 35 --error-log-path=$VAR_PREFIX/error.log \
paddy@0 36 --pid-path=$VAR_PREFIX/nginx.pid \
paddy@0 37 --lock-path=$VAR_PREFIX/nginx.lock \
paddy@0 38 --with-luajit \
paddy@0 39 --with-pcre-jit \
paddy@0 40 --with-ipv6 \
paddy@0 41 --with-http_ssl_module \
paddy@0 42 --without-http_ssi_module \
paddy@0 43 --without-http_userid_module \
paddy@0 44 --without-http_fastcgi_module \
paddy@0 45 --without-http_uwsgi_module \
paddy@0 46 --without-http_scgi_module \
paddy@0 47 --without-http_memcached_module \
paddy@0 48 -j${NPROC} \
paddy@0 49 && echo "==> Building OpenResty..." \
paddy@0 50 && make -j${NPROC} \
paddy@0 51 && echo "==> Installing OpenResty..." \
paddy@0 52 && make install \
paddy@0 53 && echo "==> Finishing..." \
paddy@0 54 && ln -sf $NGINX_PREFIX/sbin/nginx /usr/local/bin/nginx \
paddy@0 55 && ln -sf $NGINX_PREFIX/sbin/nginx /usr/local/bin/openresty \
paddy@0 56 && ln -sf $OPENRESTY_PREFIX/bin/resty /usr/local/bin/resty \
paddy@0 57 && ln -sf $OPENRESTY_PREFIX/luajit/bin/luajit-* $OPENRESTY_PREFIX/luajit/bin/lua \
paddy@0 58 && ln -sf $OPENRESTY_PREFIX/luajit/bin/luajit-* /usr/local/bin/lua \
paddy@1 59 && rm -rf /root/ngx_openresty*
paddy@0 60
paddy@0 61 WORKDIR $NGINX_PREFIX/
paddy@0 62
paddy@0 63 ONBUILD RUN rm -rf conf/* html/*
paddy@0 64 ONBUILD COPY nginx $NGINX_PREFIX/
paddy@0 65
paddy@1 66 CMD ["run.sh"]