diff --git a/Dockerfile-alpine b/Dockerfile-alpine new file mode 100644 index 0000000..59e25f9 --- /dev/null +++ b/Dockerfile-alpine @@ -0,0 +1,46 @@ +FROM alpine:3.4 +MAINTAINER Bryan Latten + +# Use in multi-phase builds, when an init process requests for the container to gracefully exit, so that it may be committed +# Used with alternative CMD (worker.sh), leverages supervisor to maintain long-running processes +ENV SIGNAL_BUILD_STOP=99 \ + CONTAINER_ROLE=web \ + CONTAINER_PORT=8080 \ + CONF_NGINX_SITE="/etc/nginx/sites-available/default" \ + CONF_NGINX_SERVER="/etc/nginx/nginx.conf" \ + NOT_ROOT_USER=www-data \ + S6_BEHAVIOUR_IF_STAGE2_FAILS=2 \ + S6_KILL_FINISH_MAXTIME=5000 \ + S6_KILL_GRACETIME=3000 + +# Create an unprivileged user +RUN adduser -D -S -H $NOT_ROOT_USER + +RUN apk update && \ + apk add \ + sed \ + bash \ + grep \ + nginx \ + && \ + rm -rf /var/cache/apk/* + +# Overlay the root filesystem from this repo +COPY ./container/root / + +# Add S6 overlay build, to avoid having to build from source +RUN tar xzf /tmp/s6-overlay-amd64.tar.gz -C / && \ + rm /tmp/s6-overlay-amd64.tar.gz && \ + # Set nginx to listen on defined port \ + sed -i "s/listen [0-9]*;/listen ${CONTAINER_PORT};/" $CONF_NGINX_SITE && \ + # Fix permissions to run unprivileged + bash -c "chown www-data:www-data /var/{lib,log}/nginx -Rh" && \ + bash -c "chmod 0755 -R /var/{lib,log}/nginx" + + +# Using a non-privileged port to prevent having to use setcap internally +EXPOSE ${CONTAINER_PORT} + +# NOTE: intentionally NOT using s6 init as the entrypoint +# This would prevent container debugging if any of those service crash +CMD ["/bin/bash", "/run.sh"] diff --git a/README.md b/README.md index 4736c16..ff5c558 100644 --- a/README.md +++ b/README.md @@ -1,4 +1,10 @@ # docker-nginx + +https://hub.docker.com/r/behance/docker-nginx/tags/ + +Ubuntu used by default, Alpine builds also available tagged as `-alpine` + + Provides base OS, patches and stable nginx for quick and easy spinup. Integrates S6 process supervisor `only` for zombie reaping (as PID 1), boot coordination, and termination signal translation diff --git a/container/root/etc/nginx/nginx.conf b/container/root/etc/nginx/nginx.conf index ff810bb..c2e5f27 100644 --- a/container/root/etc/nginx/nginx.conf +++ b/container/root/etc/nginx/nginx.conf @@ -4,7 +4,7 @@ # at build time. # # For run-time replacements, ie, consuming environment vars, -# add to the run.d/nginx script +# add to the /etc/cont-init.d/nginx script ############################################################# # Only set when running with superuser permissions, otherwise causes a warning diff --git a/container/root/etc/nginx/sites-available/default b/container/root/etc/nginx/sites-available/default index 56a5532..f278d36 100644 --- a/container/root/etc/nginx/sites-available/default +++ b/container/root/etc/nginx/sites-available/default @@ -1,6 +1,8 @@ server { listen 8080; + root /var/www/html; + # Doesn't broadcast version level of server software server_tokens off; diff --git a/container/root/var/www/html/index.html b/container/root/var/www/html/index.html new file mode 100644 index 0000000..646777a --- /dev/null +++ b/container/root/var/www/html/index.html @@ -0,0 +1,28 @@ + + + +Welcome to nginx! + + + +

Welcome to nginx!

+

If you see this page, the nginx web server is successfully installed and +working. Further configuration is required.

+ +

For online documentation and support please refer to +nginx.org.
+Commercial support is available at +nginx.com.

+ +

Thank you for using nginx.

+ + + + +

It Works!

diff --git a/docker-compose.yml b/docker-compose.yml new file mode 100644 index 0000000..52540d9 --- /dev/null +++ b/docker-compose.yml @@ -0,0 +1,19 @@ +ubuntu: + build: . + ports: + - '8080:8080' + environment: + SERVER_LOG_MINIMAL: 1 + SERVER_APP_NAME: docker-test + S6_KILL_FINISH_MAXTIME: 1 + S6_KILL_GRACETIME: 1 +alpine: + build: . + dockerfile: Dockerfile-alpine + ports: + - '8081:8080' + environment: + SERVER_LOG_MINIMAL: 1 + SERVER_APP_NAME: docker-test + S6_KILL_FINISH_MAXTIME: 1 + S6_KILL_GRACETIME: 1