nginx

Paddy 2015-06-22 Child:ac9c19126939

0:68478c1bddde Go to Latest

nginx/Dockerfile

First basic pass at JWT auth. Mostly just a fork of https://github.com/ficusio/openresty, with a few twists: * We've narrowed down some of the configuration options, and we're passing more headers (essentially exposing all the data in the JWT as headers). * We no longer automatically return a 401 unauthorized if the JWT verification fails; we just don't assign it the headers. The consuming service can decide whether or not they want to accept the request. * We automatically fail the verification of a JWT if the token has expired in the last minute (or shouldn't be used for the next minute). If the token has expired, we return a 401 that our clients can catch and use a refresh token automatically from. If the token can't be used for another minute, we quietly just refuse to add auth headers to the request.

Download raw file
View source Diff to previous Annotate
History
1 FROM alpine:3.1
2
3 ENV OPENRESTY_VERSION 1.7.10.1
4 ENV OPENRESTY_PREFIX /opt/secondbit
5 ENV NGINX_PREFIX /opt/secondbit/nginx
6 ENV VAR_PREFIX /var/nginx
7
8 # NginX prefix is automatically set by OpenResty to $OPENRESTY_PREFIX/nginx
9 # look for $ngx_prefix in https://github.com/openresty/ngx_openresty/blob/master/util/configure
10
11 ADD nginx-jwt.lua $OPENRESTY_PREFIX/lualib/nginx-jwt.lua
12 ADD jwt-lib/basexx.lua $OPENRESTY_PREFIX/lualib/basexx.lua
13 ADD jwt-lib/resty/hmac.lua $OPENRESTY_PREFIX/lualib/resty/hmac.lua
14 ADD jwt-lib/resty/jwt.lua $OPENRESTY_PREFIX/lualib/resty/jwt.lua
15
16 RUN echo "==> Installing dependencies..." \
17 && apk update \
18 && apk add make gcc musl-dev \
19 pcre-dev openssl-dev zlib-dev ncurses-dev readline-dev \
20 curl perl \
21 && mkdir -p /root/ngx_openresty \
22 && cd /root/ngx_openresty \
23 && echo "==> Downloading OpenResty..." \
24 && curl -sSL http://openresty.org/download/ngx_openresty-${OPENRESTY_VERSION}.tar.gz | tar -xvz \
25 && cd ngx_openresty-* \
26 && echo "==> Configuring OpenResty..." \
27 && readonly NPROC=$(grep -c ^processor /proc/cpuinfo 2>/dev/null || 1) \
28 && echo "using upto $NPROC threads" \
29 && ./configure \
30 --prefix=$OPENRESTY_PREFIX \
31 --http-client-body-temp-path=$VAR_PREFIX/client_body_temp \
32 --http-proxy-temp-path=$VAR_PREFIX/proxy_temp \
33 --http-log-path=$VAR_PREFIX/access.log \
34 --error-log-path=$VAR_PREFIX/error.log \
35 --pid-path=$VAR_PREFIX/nginx.pid \
36 --lock-path=$VAR_PREFIX/nginx.lock \
37 --with-luajit \
38 --with-pcre-jit \
39 --with-ipv6 \
40 --with-http_ssl_module \
41 --without-http_ssi_module \
42 --without-http_userid_module \
43 --without-http_fastcgi_module \
44 --without-http_uwsgi_module \
45 --without-http_scgi_module \
46 --without-http_memcached_module \
47 -j${NPROC} \
48 && echo "==> Building OpenResty..." \
49 && make -j${NPROC} \
50 && echo "==> Installing OpenResty..." \
51 && make install \
52 && echo "==> Finishing..." \
53 && ln -sf $NGINX_PREFIX/sbin/nginx /usr/local/bin/nginx \
54 && ln -sf $NGINX_PREFIX/sbin/nginx /usr/local/bin/openresty \
55 && ln -sf $OPENRESTY_PREFIX/bin/resty /usr/local/bin/resty \
56 && ln -sf $OPENRESTY_PREFIX/luajit/bin/luajit-* $OPENRESTY_PREFIX/luajit/bin/lua \
57 && ln -sf $OPENRESTY_PREFIX/luajit/bin/luajit-* /usr/local/bin/lua \
58 && apk del \
59 make gcc musl-dev pcre-dev openssl-dev zlib-dev ncurses-dev readline-dev curl perl \
60 && apk add \
61 libpcrecpp libpcre16 libpcre32 openssl libssl1.0 pcre libgcc libstdc++ \
62 && rm -rf /var/cache/apk/* \
63 && rm -rf /root/ngx_openresty
64
65 WORKDIR $NGINX_PREFIX/
66
67 ONBUILD RUN rm -rf conf/* html/*
68 ONBUILD COPY nginx $NGINX_PREFIX/
69
70 CMD ["nginx", "-g", "daemon off; error_log /dev/stderr info;"]