# Based on https://github.com/nginxinc/docker-nginx/blob/6b055c4/modules/Dockerfile # Original license: # Copyright (C) 2011-2023 F5, Inc. # All rights reserved. # # Redistribution and use in source and binary forms, with or without # modification, are permitted provided that the following conditions # are met: # 1. Redistributions of source code must retain the above copyright # notice, this list of conditions and the following disclaimer. # 2. Redistributions in binary form must reproduce the above copyright # notice, this list of conditions and the following disclaimer in the # documentation and/or other materials provided with the distribution. # # THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND # ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE # IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE # ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE # FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL # DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS # OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) # HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT # LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY # OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF # SUCH DAMAGE. ARG UBUNTU_VERSION FROM --platform=linux/amd64 ubuntu:${UBUNTU_VERSION} AS builder # mainline version ENV NGINX_VERSION="1.29.0" ENV PKG_RELEASE="1~bullseye" ENV ENABLED_MODULES="brotli" SHELL ["/bin/bash", "-exo", "pipefail", "-c"] # nginx mainline repo RUN apt-get update && apt-get install -y curl gnupg2 ca-certificates lsb-release ubuntu-keyring \ && /bin/bash -c 'curl https://nginx.org/keys/nginx_signing.key | gpg --dearmor | tee /usr/share/keyrings/nginx-archive-keyring.gpg >/dev/null' \ && /bin/bash -c 'echo "deb [signed-by=/usr/share/keyrings/nginx-archive-keyring.gpg] http://nginx.org/packages/mainline/ubuntu `lsb_release -cs` nginx" | tee /etc/apt/sources.list.d/nginx.list' \ && /bin/bash -c 'echo -e "Package: *\nPin: origin nginx.org\nPin: release o=nginx\nPin-Priority: 900\n" | tee /etc/apt/preferences.d/99nginx' COPY ./ /modules/ RUN apt-get update \ && apt-get install -y --no-install-suggests --no-install-recommends \ patch make wget git devscripts debhelper dpkg-dev \ quilt lsb-release build-essential libxml2-utils xsltproc \ equivs git g++ libparse-recdescent-perl \ && XSLSCRIPT_SHA512="f7194c5198daeab9b3b0c3aebf006922c7df1d345d454bd8474489ff2eb6b4bf8e2ffe442489a45d1aab80da6ecebe0097759a1e12cc26b5f0613d05b7c09ffa *stdin" \ && wget -O /tmp/xslscript.pl https://raw.githubusercontent.com/nginx/xslscript/9204424259c343ca08a18a78915f40f28025e093/xslscript.pl \ && if [ "$(cat /tmp/xslscript.pl | openssl sha512 -r)" = "$XSLSCRIPT_SHA512" ]; then \ echo "XSLScript checksum verification succeeded!"; \ chmod +x /tmp/xslscript.pl; \ mv /tmp/xslscript.pl /usr/local/bin/; \ else \ echo "XSLScript checksum verification failed!"; \ exit 1; \ fi \ && git clone -b ${NGINX_VERSION}-${PKG_RELEASE%%~*} https://github.com/nginx/pkg-oss/ \ && cd pkg-oss \ && mkdir /tmp/packages \ && for module in $ENABLED_MODULES; do \ echo "Building $module for nginx-$NGINX_VERSION"; \ if [ -d /modules/$module ]; then \ echo "Building $module from user-supplied sources"; \ # check if module sources file is there and not empty if [ ! -s /modules/$module/source ]; then \ echo "No source file for $module in modules/$module/source, exiting"; \ exit 1; \ fi; \ # some modules require build dependencies if [ -f /modules/$module/build-deps ]; then \ echo "Installing $module build dependencies"; \ apt-get update && apt-get install -y --no-install-suggests --no-install-recommends $(cat /modules/$module/build-deps | xargs); \ fi; \ # if a module has a build dependency that is not in a distro, provide a # shell script to fetch/build/install those # note that shared libraries produced as a result of this script will # not be copied from the builder image to the main one so build static if [ -x /modules/$module/prebuild ]; then \ echo "Running prebuild script for $module"; \ /modules/$module/prebuild; \ fi; \ /pkg-oss/build_module.sh -v $NGINX_VERSION -f -y -o /tmp/packages -n $module $(cat /modules/$module/source); \ BUILT_MODULES="$BUILT_MODULES $(echo $module | tr '[A-Z]' '[a-z]' | tr -d '[/_\-\.\t ]')"; \ elif make -C /pkg-oss/debian list | grep -P "^$module\s+\d" > /dev/null; then \ echo "Building $module from pkg-oss sources"; \ cd /pkg-oss/debian; \ make rules-module-$module BASE_VERSION=$NGINX_VERSION NGINX_VERSION=$NGINX_VERSION; \ mk-build-deps --install --tool="apt-get -o Debug::pkgProblemResolver=yes --no-install-recommends --yes" debuild-module-$module/nginx-$NGINX_VERSION/debian/control; \ make module-$module BASE_VERSION=$NGINX_VERSION NGINX_VERSION=$NGINX_VERSION; \ find ../../ -maxdepth 1 -mindepth 1 -type f -name "*.deb" -exec mv -v {} /tmp/packages/ \;; \ BUILT_MODULES="$BUILT_MODULES $module"; \ else \ echo "Don't know how to build $module module, exiting"; \ exit 1; \ fi; \ done \ # remove debug packages && rm /tmp/packages/nginx-module-*-dbg_*.deb \ # download nginx && apt-get download nginx=${NGINX_VERSION}-* \ && mv ./nginx_*_amd64.deb /tmp/packages/ # export packages to host FROM scratch AS export-stage COPY --from=builder /tmp/packages .