nginx

Paddy 2015-06-30 Parent:68478c1bddde

1:ac9c19126939 Go to Latest

nginx/Dockerfile

Make nginx kubernetes-ready. We had to update to use a ubuntu-based image to build nginx into, because (and I kid you not) alpine linux straight-up ignores your resolv.conf file, meaning any attempt to use it with kubernetes DNS is doomed to fail. Who thought this was a good idea? So we're using a bloated image instead. Oh well. We also are running a wrapper script instead of nginx directly, so we can inject the JWT_SECRET environment variable based on a kubernetes secret file. We define the secret file (using a placeholder secret, obvs) so that future-Paddy can remember what the hell it looks like, when he inevitably loses the file and needs to sin up a new cluster. Or whatever. Finally, we updated the token expiration error message to be in an errors array, as God (and our API conventions) intended.

Download raw file
View source Diff to previous Annotate
History
1 FROM ubuntu:trusty
2
3 RUN apt-get update \
4 && apt-get install -y --no-install-recommends \
5 curl perl make build-essential procps \
6 libreadline-dev libncurses5-dev libpcre3-dev libssl-dev \
7 && rm -rf /var/lib/apt/lists/*
8
9 ENV OPENRESTY_VERSION 1.7.10.1
10 ENV OPENRESTY_PREFIX /opt/secondbit
11 ENV NGINX_PREFIX /opt/secondbit/nginx
12 ENV VAR_PREFIX /var/nginx
13
14 # NginX prefix is automatically set by OpenResty to $OPENRESTY_PREFIX/nginx
15 # look for $ngx_prefix in https://github.com/openresty/ngx_openresty/blob/master/util/configure
16
17 ADD nginx-jwt.lua $OPENRESTY_PREFIX/lualib/nginx-jwt.lua
18 ADD jwt-lib/basexx.lua $OPENRESTY_PREFIX/lualib/basexx.lua
19 ADD jwt-lib/resty/hmac.lua $OPENRESTY_PREFIX/lualib/resty/hmac.lua
20 ADD jwt-lib/resty/jwt.lua $OPENRESTY_PREFIX/lualib/resty/jwt.lua
21 ADD wrapper.sh /bin/run.sh
22
23 RUN cd /root \
24 && echo "==> Downloading OpenResty..." \
25 && curl -sSL http://openresty.org/download/ngx_openresty-${OPENRESTY_VERSION}.tar.gz | tar -xvz \
26 && echo "==> Configuring OpenResty..." \
27 && cd ngx_openresty-* \
28 && readonly NPROC=$(grep -c ^processor /proc/cpuinfo 2>/dev/null || 1) \
29 && echo "using upto $NPROC threads" \
30 && ./configure \
31 --prefix=$OPENRESTY_PREFIX \
32 --http-client-body-temp-path=$VAR_PREFIX/client_body_temp \
33 --http-proxy-temp-path=$VAR_PREFIX/proxy_temp \
34 --http-log-path=$VAR_PREFIX/access.log \
35 --error-log-path=$VAR_PREFIX/error.log \
36 --pid-path=$VAR_PREFIX/nginx.pid \
37 --lock-path=$VAR_PREFIX/nginx.lock \
38 --with-luajit \
39 --with-pcre-jit \
40 --with-ipv6 \
41 --with-http_ssl_module \
42 --without-http_ssi_module \
43 --without-http_userid_module \
44 --without-http_fastcgi_module \
45 --without-http_uwsgi_module \
46 --without-http_scgi_module \
47 --without-http_memcached_module \
48 -j${NPROC} \
49 && echo "==> Building OpenResty..." \
50 && make -j${NPROC} \
51 && echo "==> Installing OpenResty..." \
52 && make install \
53 && echo "==> Finishing..." \
54 && ln -sf $NGINX_PREFIX/sbin/nginx /usr/local/bin/nginx \
55 && ln -sf $NGINX_PREFIX/sbin/nginx /usr/local/bin/openresty \
56 && ln -sf $OPENRESTY_PREFIX/bin/resty /usr/local/bin/resty \
57 && ln -sf $OPENRESTY_PREFIX/luajit/bin/luajit-* $OPENRESTY_PREFIX/luajit/bin/lua \
58 && ln -sf $OPENRESTY_PREFIX/luajit/bin/luajit-* /usr/local/bin/lua \
59 && rm -rf /root/ngx_openresty*
60
61 WORKDIR $NGINX_PREFIX/
62
63 ONBUILD RUN rm -rf conf/* html/*
64 ONBUILD COPY nginx $NGINX_PREFIX/
65
66 CMD ["run.sh"]