Skip to content

Standard base #169

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 8 commits into from
Sep 22, 2022
Merged

Standard base #169

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
8 commits
Select commit Hold shift + click to select a range
6123952
Use standard nginx.conf from lsio alpine nginx base image
nemchik Oct 14, 2021
c9394cd
Keep /config volume consistently
nemchik Aug 21, 2022
2f4c1fe
remove workaround for authelia CVE-2021-32637
aptalca Aug 22, 2022
ea2d9b3
nginx conf tweaks
nemchik Aug 23, 2022
b2e05fe
fix wheel repo address
aptalca Aug 31, 2022
96f746d
Remove error_pages
nemchik Sep 1, 2022
f3f295a
Update 45-nginx
nemchik Sep 2, 2022
c6c9e02
Init authelia and ldap configs
nemchik Sep 8, 2022
File filter

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
117 changes: 66 additions & 51 deletions Dockerfile
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
FROM ghcr.io/linuxserver/baseimage-alpine-nginx:3.14
FROM ghcr.io/linuxserver/baseimage-alpine-nginx:3.15

# set version label
ARG BUILD_DATE
Expand Down Expand Up @@ -47,58 +47,60 @@ RUN \
nginx-mod-stream \
nginx-mod-stream-geoip2 \
nginx-vim \
php7-bcmath \
php7-bz2 \
php7-ctype \
php7-curl \
php7-dom \
php7-exif \
php7-ftp \
php7-gd \
php7-gmp \
php7-iconv \
php7-imap \
php7-intl \
php7-ldap \
php7-mcrypt \
php7-memcached \
php7-mysqli \
php7-mysqlnd \
php7-opcache \
php7-pdo_mysql \
php7-pdo_odbc \
php7-pdo_pgsql \
php7-pdo_sqlite \
php7-pear \
php7-pecl-apcu \
php7-pecl-mailparse \
php7-pecl-redis \
php7-pgsql \
php7-phar \
php7-posix \
php7-soap \
php7-sockets \
php7-sodium \
php7-sqlite3 \
php7-tokenizer \
php7-xml \
php7-xmlreader \
php7-xmlrpc \
php7-xsl \
php7-zip \
php8-bcmath \
php8-bz2 \
php8-ctype \
php8-curl \
php8-dom \
php8-exif \
php8-ftp \
php8-gd \
php8-gmp \
php8-iconv \
php8-imap \
php8-intl \
php8-ldap \
php8-mysqli \
php8-mysqlnd \
php8-opcache \
php8-pdo_mysql \
php8-pdo_odbc \
php8-pdo_pgsql \
php8-pdo_sqlite \
php8-pear \
php8-pecl-apcu \
php8-pecl-mailparse \
php8-pecl-mcrypt \
php8-pecl-memcached \
php8-pecl-redis \
php8-pgsql \
php8-phar \
php8-posix \
php8-soap \
php8-sockets \
php8-sodium \
php8-sqlite3 \
php8-tokenizer \
php8-xml \
php8-xmlreader \
php8-xsl \
php8-zip \
py3-cryptography \
py3-future \
py3-pip \
whois && \
apk add --no-cache \
--repository=http://dl-cdn.alpinelinux.org/alpine/edge/testing \
php8-pecl-xmlrpc && \
echo "**** install certbot plugins ****" && \
if [ -z ${CERTBOT_VERSION+x} ]; then \
CERTBOT="certbot"; \
else \
CERTBOT="certbot==${CERTBOT_VERSION}"; \
fi && \
pip3 install -U \
pip && \
pip3 install -U --find-links https://wheel-index.linuxserver.io/alpine/ \
pip wheel && \
pip install -U --find-links https://wheel-index.linuxserver.io/alpine-3.15/ \
${CERTBOT} \
certbot-dns-aliyun \
certbot-dns-azure \
Expand Down Expand Up @@ -135,6 +137,16 @@ RUN \
certbot-plugin-gandi \
cryptography \
requests && \
echo "**** enable OCSP stapling from base ****" && \
sed -i \
's|#ssl_stapling on;|ssl_stapling on;|' \
/defaults/nginx/ssl.conf.sample && \
sed -i \
's|#ssl_stapling_verify on;|ssl_stapling_verify on;|' \
/defaults/nginx/ssl.conf.sample && \
sed -i \
's|#ssl_trusted_certificate /config/keys/cert.crt;|ssl_trusted_certificate /config/keys/cert.crt;|' \
/defaults/nginx/ssl.conf.sample && \
echo "**** correct ip6tables legacy issue ****" && \
rm \
/sbin/ip6tables && \
Expand All @@ -143,20 +155,19 @@ RUN \
echo "**** remove unnecessary fail2ban filters ****" && \
rm \
/etc/fail2ban/jail.d/alpine-ssh.conf && \
echo "**** copy fail2ban default action and filter to /default ****" && \
echo "**** copy fail2ban default action and filter to /defaults ****" && \
mkdir -p /defaults/fail2ban && \
mv /etc/fail2ban/action.d /defaults/fail2ban/ && \
mv /etc/fail2ban/filter.d /defaults/fail2ban/ && \
echo "**** copy proxy confs to /default ****" && \
mkdir -p /defaults/proxy-confs && \
echo "**** copy proxy confs to /defaults ****" && \
mkdir -p \
/defaults/nginx/proxy-confs && \
curl -o \
/tmp/proxy.tar.gz -L \
/tmp/proxy-confs.tar.gz -L \
"https://github.com/linuxserver/reverse-proxy-confs/tarball/master" && \
tar xf \
/tmp/proxy.tar.gz -C \
/defaults/proxy-confs --strip-components=1 --exclude=linux*/.gitattributes --exclude=linux*/.github --exclude=linux*/.gitignore --exclude=linux*/LICENSE && \
echo "**** configure nginx ****" && \
rm -f /etc/nginx/http.d/default.conf && \
/tmp/proxy-confs.tar.gz -C \
/defaults/nginx/proxy-confs --strip-components=1 --exclude=linux*/.editorconfig --exclude=linux*/.gitattributes --exclude=linux*/.github --exclude=linux*/.gitignore --exclude=linux*/LICENSE && \
echo "**** cleanup ****" && \
apk del --purge \
build-dependencies && \
Expand All @@ -169,5 +180,9 @@ RUN \
/root/.cache \
/root/.cargo

# add local files
# copy local files
COPY root/ /

# ports and volumes
EXPOSE 80 443
VOLUME /config
117 changes: 66 additions & 51 deletions Dockerfile.aarch64
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
FROM ghcr.io/linuxserver/baseimage-alpine-nginx:arm64v8-3.14
FROM ghcr.io/linuxserver/baseimage-alpine-nginx:arm64v8-3.15

# set version label
ARG BUILD_DATE
Expand Down Expand Up @@ -47,58 +47,60 @@ RUN \
nginx-mod-stream \
nginx-mod-stream-geoip2 \
nginx-vim \
php7-bcmath \
php7-bz2 \
php7-ctype \
php7-curl \
php7-dom \
php7-exif \
php7-ftp \
php7-gd \
php7-gmp \
php7-iconv \
php7-imap \
php7-intl \
php7-ldap \
php7-mcrypt \
php7-memcached \
php7-mysqli \
php7-mysqlnd \
php7-opcache \
php7-pdo_mysql \
php7-pdo_odbc \
php7-pdo_pgsql \
php7-pdo_sqlite \
php7-pear \
php7-pecl-apcu \
php7-pecl-mailparse \
php7-pecl-redis \
php7-pgsql \
php7-phar \
php7-posix \
php7-soap \
php7-sockets \
php7-sodium \
php7-sqlite3 \
php7-tokenizer \
php7-xml \
php7-xmlreader \
php7-xmlrpc \
php7-xsl \
php7-zip \
php8-bcmath \
php8-bz2 \
php8-ctype \
php8-curl \
php8-dom \
php8-exif \
php8-ftp \
php8-gd \
php8-gmp \
php8-iconv \
php8-imap \
php8-intl \
php8-ldap \
php8-mysqli \
php8-mysqlnd \
php8-opcache \
php8-pdo_mysql \
php8-pdo_odbc \
php8-pdo_pgsql \
php8-pdo_sqlite \
php8-pear \
php8-pecl-apcu \
php8-pecl-mailparse \
php8-pecl-mcrypt \
php8-pecl-memcached \
php8-pecl-redis \
php8-pgsql \
php8-phar \
php8-posix \
php8-soap \
php8-sockets \
php8-sodium \
php8-sqlite3 \
php8-tokenizer \
php8-xml \
php8-xmlreader \
php8-xsl \
php8-zip \
py3-cryptography \
py3-future \
py3-pip \
whois && \
apk add --no-cache \
--repository=http://dl-cdn.alpinelinux.org/alpine/edge/testing \
php8-pecl-xmlrpc && \
echo "**** install certbot plugins ****" && \
if [ -z ${CERTBOT_VERSION+x} ]; then \
CERTBOT="certbot"; \
else \
CERTBOT="certbot==${CERTBOT_VERSION}"; \
fi && \
pip3 install -U \
pip && \
pip3 install -U --find-links https://wheel-index.linuxserver.io/alpine/ \
pip wheel && \
pip install -U --find-links https://wheel-index.linuxserver.io/alpine-3.15/ \
${CERTBOT} \
certbot-dns-aliyun \
certbot-dns-azure \
Expand Down Expand Up @@ -135,6 +137,16 @@ RUN \
certbot-plugin-gandi \
cryptography \
requests && \
echo "**** enable OCSP stapling from base ****" && \
sed -i \
's|#ssl_stapling on;|ssl_stapling on;|' \
/defaults/nginx/ssl.conf.sample && \
sed -i \
's|#ssl_stapling_verify on;|ssl_stapling_verify on;|' \
/defaults/nginx/ssl.conf.sample && \
sed -i \
's|#ssl_trusted_certificate /config/keys/cert.crt;|ssl_trusted_certificate /config/keys/cert.crt;|' \
/defaults/nginx/ssl.conf.sample && \
echo "**** correct ip6tables legacy issue ****" && \
rm \
/sbin/ip6tables && \
Expand All @@ -143,20 +155,19 @@ RUN \
echo "**** remove unnecessary fail2ban filters ****" && \
rm \
/etc/fail2ban/jail.d/alpine-ssh.conf && \
echo "**** copy fail2ban default action and filter to /default ****" && \
echo "**** copy fail2ban default action and filter to /defaults ****" && \
mkdir -p /defaults/fail2ban && \
mv /etc/fail2ban/action.d /defaults/fail2ban/ && \
mv /etc/fail2ban/filter.d /defaults/fail2ban/ && \
echo "**** copy proxy confs to /default ****" && \
mkdir -p /defaults/proxy-confs && \
echo "**** copy proxy confs to /defaults ****" && \
mkdir -p \
/defaults/nginx/proxy-confs && \
curl -o \
/tmp/proxy.tar.gz -L \
/tmp/proxy-confs.tar.gz -L \
"https://github.com/linuxserver/reverse-proxy-confs/tarball/master" && \
tar xf \
/tmp/proxy.tar.gz -C \
/defaults/proxy-confs --strip-components=1 --exclude=linux*/.gitattributes --exclude=linux*/.github --exclude=linux*/.gitignore --exclude=linux*/LICENSE && \
echo "**** configure nginx ****" && \
rm -f /etc/nginx/http.d/default.conf && \
/tmp/proxy-confs.tar.gz -C \
/defaults/nginx/proxy-confs --strip-components=1 --exclude=linux*/.editorconfig --exclude=linux*/.gitattributes --exclude=linux*/.github --exclude=linux*/.gitignore --exclude=linux*/LICENSE && \
echo "**** cleanup ****" && \
apk del --purge \
build-dependencies && \
Expand All @@ -169,5 +180,9 @@ RUN \
/root/.cache \
/root/.cargo

# add local files
# copy local files
COPY root/ /

# ports and volumes
EXPOSE 80 443
VOLUME /config
Loading