nginx

Paddy 2015-06-30 Parent:68478c1bddde

1:ac9c19126939 Go to Latest

nginx/Dockerfile

Make nginx kubernetes-ready. We had to update to use a ubuntu-based image to build nginx into, because (and I kid you not) alpine linux straight-up ignores your resolv.conf file, meaning any attempt to use it with kubernetes DNS is doomed to fail. Who thought this was a good idea? So we're using a bloated image instead. Oh well. We also are running a wrapper script instead of nginx directly, so we can inject the JWT_SECRET environment variable based on a kubernetes secret file. We define the secret file (using a placeholder secret, obvs) so that future-Paddy can remember what the hell it looks like, when he inevitably loses the file and needs to sin up a new cluster. Or whatever. Finally, we updated the token expiration error message to be in an errors array, as God (and our API conventions) intended.

Download raw file
View source Diff to previous Annotate
History 
     1.1 --- a/Dockerfile	Mon Jun 22 00:42:40 2015 -0400
     1.2 +++ b/Dockerfile	Tue Jun 30 00:27:03 2015 -0400
     1.3 @@ -1,4 +1,10 @@
     1.4 -FROM alpine:3.1
     1.5 +FROM ubuntu:trusty
     1.6 +
     1.7 +RUN apt-get update \
     1.8 + && apt-get install -y --no-install-recommends \
     1.9 +    curl perl make build-essential procps \
    1.10 +    libreadline-dev libncurses5-dev libpcre3-dev libssl-dev \
    1.11 + && rm -rf /var/lib/apt/lists/*
    1.12  
    1.13  ENV OPENRESTY_VERSION 1.7.10.1
    1.14  ENV OPENRESTY_PREFIX /opt/secondbit
    1.15 @@ -12,18 +18,13 @@
    1.16  ADD jwt-lib/basexx.lua $OPENRESTY_PREFIX/lualib/basexx.lua
    1.17  ADD jwt-lib/resty/hmac.lua $OPENRESTY_PREFIX/lualib/resty/hmac.lua
    1.18  ADD jwt-lib/resty/jwt.lua $OPENRESTY_PREFIX/lualib/resty/jwt.lua
    1.19 +ADD wrapper.sh /bin/run.sh
    1.20  
    1.21 -RUN echo "==> Installing dependencies..." \
    1.22 - && apk update \
    1.23 - && apk add make gcc musl-dev \
    1.24 -    pcre-dev openssl-dev zlib-dev ncurses-dev readline-dev \
    1.25 -    curl perl \
    1.26 - && mkdir -p /root/ngx_openresty \
    1.27 - && cd /root/ngx_openresty \
    1.28 +RUN cd /root \
    1.29   && echo "==> Downloading OpenResty..." \
    1.30   && curl -sSL http://openresty.org/download/ngx_openresty-${OPENRESTY_VERSION}.tar.gz | tar -xvz \
    1.31 + && echo "==> Configuring OpenResty..." \
    1.32   && cd ngx_openresty-* \
    1.33 - && echo "==> Configuring OpenResty..." \
    1.34   && readonly NPROC=$(grep -c ^processor /proc/cpuinfo 2>/dev/null || 1) \
    1.35   && echo "using upto $NPROC threads" \
    1.36   && ./configure \
    1.37 @@ -55,16 +56,11 @@
    1.38   && ln -sf $OPENRESTY_PREFIX/bin/resty /usr/local/bin/resty \
    1.39   && ln -sf $OPENRESTY_PREFIX/luajit/bin/luajit-* $OPENRESTY_PREFIX/luajit/bin/lua \
    1.40   && ln -sf $OPENRESTY_PREFIX/luajit/bin/luajit-* /usr/local/bin/lua \
    1.41 - && apk del \
    1.42 -    make gcc musl-dev pcre-dev openssl-dev zlib-dev ncurses-dev readline-dev curl perl \
    1.43 - && apk add \
    1.44 -    libpcrecpp libpcre16 libpcre32 openssl libssl1.0 pcre libgcc libstdc++ \
    1.45 - && rm -rf /var/cache/apk/* \
    1.46 - && rm -rf /root/ngx_openresty
    1.47 + && rm -rf /root/ngx_openresty*
    1.48  
    1.49  WORKDIR $NGINX_PREFIX/
    1.50  
    1.51  ONBUILD RUN rm -rf conf/* html/*
    1.52  ONBUILD COPY nginx $NGINX_PREFIX/
    1.53  
    1.54 -CMD ["nginx", "-g", "daemon off; error_log /dev/stderr info;"]
    1.55 +CMD ["run.sh"]