-
Notifications
You must be signed in to change notification settings - Fork 2
Expand file tree
/
Copy pathstatic-nginx.unprivileged.Dockerfile
More file actions
64 lines (46 loc) · 2.45 KB
/
static-nginx.unprivileged.Dockerfile
File metadata and controls
64 lines (46 loc) · 2.45 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
# build: docker build --no-cache --progress=plain --target binary --build-arg NGINX_VERSION=1.28.0 -t tobi312/tools:static-nginx-unprivileged -f static-nginx.unprivileged.Dockerfile .
ARG NGINX_VERSION
FROM tobi312/tools:static-nginx${NGINX_VERSION:+-${NGINX_VERSION}} AS base
# based on image from https://github.com/Tob1as/docker-tools/blob/main/static-nginx.Dockerfile
LABEL org.opencontainers.image.title="Static NGINX"\
org.opencontainers.image.source="https://github.com/Tob1as/docker-tools/"
FROM alpine:latest AS build-unprivileged
LABEL org.opencontainers.image.title="Static NGINX"\
org.opencontainers.image.source="https://github.com/Tob1as/docker-tools/"
COPY --from=base /nginx /nginx
# for unprivileged change port (8080/8443) and set permissions
RUN sed -i -E 's/^(\s*#?\s*listen\s+)(\[::\]:)?80(\b[^0-9])/\1\28080\3/' /nginx/conf/conf.d/default.conf && \
sed -i -E 's/^(\s*#?\s*listen\s+)(\[::\]:)?443(\b[^0-9])/\1\28443\3/' /nginx/conf/conf.d/default.conf && \
chown -R 65534:65534 /nginx/
FROM scratch AS binary
ARG VCS_REF
ARG BUILD_DATE
ARG PCRE2_VERSION
ARG ZLIB_VERSION
ARG OPENSSL_VERSION
ARG NGINX_VERSION
LABEL org.opencontainers.image.title="Static NGINX" \
#org.opencontainers.image.vendor="" \
org.opencontainers.image.authors="Tobias Hargesheimer <docker@ison.ws>" \
org.opencontainers.image.version="${NGINX_VERSION}" \
org.opencontainers.image.created="${BUILD_DATE}" \
org.opencontainers.image.revision="${VCS_REF}" \
org.opencontainers.image.description="Static NGINX${NGINX_VERSION:+ ${NGINX_VERSION}} (unprivileged) build with pcre2${PCRE2_VERSION:+-${PCRE2_VERSION}}, zlib${ZLIB_VERSION:+-${ZLIB_VERSION}} and openssl${OPENSSL_VERSION:+-${OPENSSL_VERSION}}" \
org.opencontainers.image.documentation="https://github.com/Tob1as/docker-tools/" \
org.opencontainers.image.base.name="scratch" \
org.opencontainers.image.licenses="BSD-2-Clause license" \
org.opencontainers.image.url="https://hub.docker.com/r/tobi312/tools" \
org.opencontainers.image.source="https://github.com/Tob1as/docker-tools/"
COPY --from=build-unprivileged /etc/ssl/certs/ca-certificates.crt /etc/ssl/certs/ca-certificates.crt
COPY --from=build-unprivileged /nginx /nginx
COPY <<EOF /etc/passwd
nobody:x:65534:65534:nobody:/:/sbin/nologin
EOF
COPY <<EOF /etc/group
nogroup:x:65534:
EOF
STOPSIGNAL SIGQUIT
EXPOSE 8080
USER 65534
ENTRYPOINT ["/nginx/nginx"]
CMD ["-p", "/nginx", "-g", "daemon off;"]