Skip to content
Permalink

Comparing changes

Choose two branches to see what’s changed or to start a new pull request. If you need to, you can also or learn more about diff comparisons.

Open a pull request

Create a new pull request by comparing changes across two branches. If you need to, you can also . Learn more about diff comparisons here.
base repository: ZoeyVid/nginx-quic
Failed to load repositories. Confirm that selected base ref is valid, then try again.
Loading
base: 347
Choose a base ref
...
head repository: ZoeyVid/nginx-quic
Failed to load repositories. Confirm that selected head ref is valid, then try again.
Loading
compare: latest
Choose a head ref
  • 20 commits
  • 5 files changed
  • 3 contributors

Commits on Oct 20, 2024

  1. Update dependency-updates.yml

    Signed-off-by: Zoey <zoey@z0ey.de>
    Zoey2936 authored Oct 20, 2024
    Copy the full SHA
    e83ae5c View commit details
  2. update nginx version to v0.1.30

    Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
    Zoey2936 committed Oct 20, 2024
    Copy the full SHA
    ea9d762 View commit details
  3. update lua-nginx-module version to v0.10.27

    Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
    Zoey2936 committed Oct 20, 2024
    Copy the full SHA
    67e62db View commit details

Commits on Oct 22, 2024

  1. update njs version to 0.8.7

    Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
    Zoey2936 committed Oct 22, 2024
    Copy the full SHA
    5698295 View commit details

Commits on Dec 2, 2024

  1. Update Dockerfile

    Signed-off-by: Zoey <zoey@z0ey.de>
    Zoey2936 authored Dec 2, 2024
    Copy the full SHA
    c821a07 View commit details

Commits on Dec 5, 2024

  1. Update python Docker tag to v3.13.1

    renovate[bot] authored and Zoey2936 committed Dec 5, 2024
    Copy the full SHA
    1150756 View commit details

Commits on Dec 6, 2024

  1. Update alpine Docker tag to v3.21.0

    renovate[bot] authored and Zoey2936 committed Dec 6, 2024
    Copy the full SHA
    3299bfa View commit details
  2. Update Dockerfile

    Signed-off-by: Zoey <zoey@z0ey.de>
    Zoey2936 authored Dec 6, 2024
    Copy the full SHA
    5459d55 View commit details

Commits on Dec 10, 2024

  1. update liboqs version to 0.12.0

    Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
    Zoey2936 committed Dec 10, 2024
    Copy the full SHA
    5bb7a4a View commit details
  2. update njs version to 0.8.8

    Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
    Zoey2936 committed Dec 10, 2024
    Copy the full SHA
    9c04de0 View commit details
  3. Update python.Dockerfile

    Signed-off-by: Zoey <zoey@z0ey.de>
    Zoey2936 authored Dec 10, 2024
    Copy the full SHA
    8859b25 View commit details
  4. Update alpine Docker tag to v3.21.0

    renovate[bot] authored and Zoey2936 committed Dec 10, 2024
    Copy the full SHA
    b3ec489 View commit details

Commits on Dec 14, 2024

  1. Update Dockerfile

    Signed-off-by: Zoey <zoey@z0ey.de>
    Zoey2936 authored Dec 14, 2024
    Copy the full SHA
    fdafd6b View commit details

Commits on Dec 24, 2024

  1. Update Dockerfile

    Signed-off-by: Zoey <zoey@z0ey.de>
    Zoey2936 authored Dec 24, 2024
    Copy the full SHA
    e150db0 View commit details

Commits on Jan 1, 2025

  1. Create requirements.txt

    Signed-off-by: Zoey <zoey@z0ey.de>
    Zoey2936 authored Jan 1, 2025
    Copy the full SHA
    01abd5d View commit details
  2. Update docker.yml

    Signed-off-by: Zoey <zoey@z0ey.de>
    Zoey2936 authored Jan 1, 2025
    Copy the full SHA
    a770305 View commit details
  3. Update python.Dockerfile

    Signed-off-by: Zoey <zoey@z0ey.de>
    Zoey2936 authored Jan 1, 2025
    Copy the full SHA
    14f3af0 View commit details

Commits on Jan 7, 2025

  1. Update Dockerfile

    Signed-off-by: Zoey <zoey@z0ey.de>
    Zoey2936 authored Jan 7, 2025
    Copy the full SHA
    09b67cc View commit details

Commits on Jan 8, 2025

  1. Update requirements.txt

    Signed-off-by: Zoey <zoey@z0ey.de>
    Zoey2936 authored Jan 8, 2025
    Copy the full SHA
    8f04214 View commit details
  2. Update alpine Docker tag to v3.21.2

    renovate[bot] authored and Zoey2936 committed Jan 8, 2025
    Copy the full SHA
    8ee6557 View commit details
Showing with 51 additions and 15 deletions.
  1. +18 −0 .github/workflows/dependency-updates.yml
  2. +2 −0 .github/workflows/docker.yml
  3. +21 −14 Dockerfile
  4. +9 −1 python.Dockerfile
  5. +1 −0 requirements.txt
18 changes: 18 additions & 0 deletions .github/workflows/dependency-updates.yml
Original file line number Diff line number Diff line change
@@ -19,6 +19,7 @@ jobs:
git ls-remote --tags https://github.com/freenginx/nginx \
| cut -d/ -f3 \
| sort -V \
| grep -v rc \
| tail -1
)"
sed -i "s|ARG NGINX_VER=.*|ARG NGINX_VER=$NGINX_VER|" Dockerfile
@@ -44,6 +45,7 @@ jobs:
git ls-remote --heads https://github.com/quictls/openssl openssl-*.*.*+quic \
| cut -d/ -f3 \
| sort -V \
| grep -v rc \
| tail -1
)"
sed -i "s|ARG OPENSSL_VER=.*|ARG OPENSSL_VER=$OPENSSL_VER|" Dockerfile
@@ -69,6 +71,7 @@ jobs:
git ls-remote --tags https://github.com/SpiderLabs/ModSecurity \
| cut -d/ -f3 \
| sort -V \
| grep -v rc \
| tail -1 \
| sed "s|\^{}||g"
)"
@@ -96,6 +99,7 @@ jobs:
ls ngx_http_tls_dyn_size/nginx__dynamic_tls_records_*.patch \
| sed "s|ngx_http_tls_dyn_size/nginx__dynamic_tls_records_\([0-9.]\+\)+.patch|\1|g" \
| sort -V \
| grep -v rc \
| tail -1
)"
rm -r ngx_http_tls_dyn_size
@@ -123,6 +127,7 @@ jobs:
ls openresty/patches/nginx-*-resolver_conf_parsing.patch \
| sed "s|openresty/patches/nginx-\([0-9.]\+\)-resolver_conf_parsing.patch|\1|g" \
| sort -V \
| grep -v rc \
| tail -1
)"
rm -r openresty
@@ -149,6 +154,7 @@ jobs:
git ls-remote --tags https://github.com/google/ngx_brotli \
| cut -d/ -f3 \
| sort -V \
| grep -v rc \
| tail -1
)"
sed -i "s|ARG NB_VER=.*|ARG NB_VER=$NB_VER|" Dockerfile
@@ -174,6 +180,7 @@ jobs:
git ls-remote --tags https://github.com/aperezdc/ngx-fancyindex \
| cut -d/ -f3 \
| sort -V \
| grep -v rc \
| tail -1 \
| sed "s|\^{}||g"
)"
@@ -200,6 +207,7 @@ jobs:
git ls-remote --tags https://github.com/openresty/headers-more-nginx-module \
| cut -d/ -f3 \
| sort -V \
| grep -v rc \
| tail -1
)"
sed -i "s|ARG HMNM_VER=.*|ARG HMNM_VER=$HMNM_VER|" Dockerfile
@@ -225,6 +233,7 @@ jobs:
git ls-remote --tags https://github.com/nginx/njs \
| cut -d/ -f3 \
| sort -V \
| grep -v rc \
| tail -1 \
| sed "s|\^{}||g"
)"
@@ -251,6 +260,7 @@ jobs:
git ls-remote --tags https://github.com/vision5/ngx_devel_kit \
| cut -d/ -f3 \
| sort -V \
| grep -v rc \
| tail -1 \
| sed "s|\^{}||g"
)"
@@ -277,6 +287,7 @@ jobs:
git ls-remote --tags https://github.com/openresty/lua-nginx-module \
| cut -d/ -f3 \
| sort -V \
| grep -v rc \
| tail -1
)"
sed -i "s|ARG LNM_VER=.*|ARG LNM_VER=$LNM_VER|" Dockerfile
@@ -302,6 +313,7 @@ jobs:
git ls-remote --tags https://github.com/SpiderLabs/ModSecurity-nginx \
| cut -d/ -f3 \
| sort -V \
| grep -v rc \
| tail -1 \
| sed "s|\^{}||g"
)"
@@ -328,6 +340,7 @@ jobs:
git ls-remote --tags https://github.com/openresty/lua-resty-core \
| cut -d/ -f3 \
| sort -V \
| grep -v rc \
| tail -1
)"
sed -i "s|ARG LRC_VER=.*|ARG LRC_VER=$LRC_VER|" Dockerfile
@@ -353,6 +366,7 @@ jobs:
git ls-remote --tags https://github.com/openresty/lua-resty-lrucache \
| cut -d/ -f3 \
| sort -V \
| grep -v rc \
| tail -1 \
| sed "s|\^{}||g"
)"
@@ -379,6 +393,7 @@ jobs:
git ls-remote --tags https://github.com/leev/ngx_http_geoip2_module \
| cut -d/ -f3 \
| sort -V \
| grep -v rc \
| tail -1
)"
sed -i "s|ARG NHG2M_VER=.*|ARG NHG2M_VER=$NHG2M_VER|" Dockerfile
@@ -404,6 +419,7 @@ jobs:
git ls-remote --tags https://github.com/gabihodoroaga/nginx-ntlm-module \
| cut -d/ -f3 \
| sort -V \
| grep -v rc \
| tail -1
)"
sed -i "s|ARG NNTLM_VER=.*|ARG NNTLM_VER=$NNTLM_VER|" Dockerfile
@@ -429,6 +445,7 @@ jobs:
git ls-remote --tags https://github.com/open-quantum-safe/liboqs \
| cut -d/ -f3 \
| sort -V \
| grep -v rc \
| grep "^v\?[0-9]" \
| tail -1
)"
@@ -455,6 +472,7 @@ jobs:
git ls-remote --tags https://github.com/open-quantum-safe/oqs-provider \
| cut -d/ -f3 \
| sort -V \
| grep -v rc \
| grep "^v\?[0-9]" \
| tail -1
)"
2 changes: 2 additions & 0 deletions .github/workflows/docker.yml
Original file line number Diff line number Diff line change
@@ -8,11 +8,13 @@ on:
- develop
paths:
- Dockerfile
- requirements.txt
- python.Dockerfile
- .github/workflows/docker.yml
pull_request:
paths:
- Dockerfile
- requirements.txt
- python.Dockerfile
- .github/workflows/docker.yml
workflow_dispatch:
35 changes: 21 additions & 14 deletions Dockerfile
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
# syntax=docker/dockerfile:labs
FROM alpine:3.20.3 AS build
FROM alpine:3.21.2 AS build
SHELL ["/bin/ash", "-eo", "pipefail", "-c"]

ARG LUAJIT_INC=/usr/include/luajit-2.1
@@ -15,26 +15,26 @@ ARG RCP_VER=1.27.1
ARG NB_VER=master
ARG NF_VER=master
ARG HMNM_VER=v0.37
ARG NJS_VER=0.8.6
ARG NJS_VER=0.8.8
ARG NDK_VER=v0.3.3
ARG LNM_VER=v0.10.27rc1
ARG LNM_VER=v0.10.27
ARG MODSECNGX_VER=v1.0.3
ARG LRC_VER=v0.1.29rc1
ARG LRC_VER=v0.1.30
ARG LRL_VER=v0.15
ARG NHG2M_VER=3.4
ARG NNTLM_VER=master

ARG LIBOQS_VER=0.11.0
ARG OQSPROVIDER_VER=0.7.0
ARG LIBOQS_VER=0.12.0
ARG OQSPROVIDER_VER=0.8.0

WORKDIR /src
# Requirements
RUN apk upgrade --no-cache -a && \
apk add --no-cache ca-certificates build-base patch cmake git libtool autoconf automake perl bash \
apk add --no-cache ca-certificates build-base cmake git libtool autoconf automake perl bash \
libatomic_ops-dev zlib-dev luajit-dev pcre2-dev linux-headers yajl-dev libxml2-dev libxslt-dev curl-dev lmdb-dev libfuzzy2-dev lua5.1-dev lmdb-dev geoip-dev libmaxminddb-dev
# Openssl
RUN git clone https://github.com/quictls/openssl --branch "$OPENSSL_VER" /usr/local/openssl
# modsecurity
# ModSecurity
RUN git clone --recursive https://github.com/owasp-modsecurity/ModSecurity --branch "$MODSEC_VER" /src/ModSecurity && \
sed -i "s|SecRuleEngine .*|SecRuleEngine On|g" /src/ModSecurity/modsecurity.conf-recommended && \
sed -i "s|^SecAudit|#SecAudit|g" /src/ModSecurity/modsecurity.conf-recommended && \
@@ -46,12 +46,14 @@ RUN git clone --recursive https://github.com/owasp-modsecurity/ModSecurity --bra
make -j "$(nproc)" install
# Nginx
RUN git clone --recursive https://github.com/freenginx/nginx --branch "$NGINX_VER" /src/nginx && \
cd /src/nginx && \
wget -q https://raw.githubusercontent.com/nginx-modules/ngx_http_tls_dyn_size/master/nginx__dynamic_tls_records_"$DTR_VER"%2B.patch -O /src/nginx/1.patch && \
wget -q https://raw.githubusercontent.com/openresty/openresty/master/patches/nginx-"$RCP_VER"-resolver_conf_parsing.patch -O /src/nginx/2.patch && \
sed -i "s|freenginx|NPMplus|g" /src/nginx/src/core/nginx.h && \
cd /src/nginx && \
patch -p1 </src/nginx/1.patch && \
patch -p1 </src/nginx/2.patch && \
sed -i "/<hr><center>/d" /src/nginx/src/http/ngx_http_special_response.c && \
git diff && \
git apply /src/nginx/1.patch && \
git apply /src/nginx/2.patch && \
rm /src/nginx/*.patch && \
# modules
git clone --recursive https://github.com/google/ngx_brotli --branch "$NB_VER" /src/ngx_brotli && \
@@ -60,11 +62,16 @@ RUN git clone --recursive https://github.com/freenginx/nginx --branch "$NGINX_VE
git clone --recursive https://github.com/nginx/njs --branch "$NJS_VER" /src/njs && \
git clone --recursive https://github.com/vision5/ngx_devel_kit --branch "$NDK_VER" /src/ngx_devel_kit && \
git clone --recursive https://github.com/openresty/lua-nginx-module --branch "$LNM_VER" /src/lua-nginx-module && \
git clone --recursive https://github.com/SpiderLabs/ModSecurity-nginx --branch "$MODSECNGX_VER" /src/ModSecurity-nginx && \
git clone --recursive https://github.com/openresty/lua-resty-core --branch "$LRC_VER" /src/lua-resty-core && \
git clone --recursive https://github.com/openresty/lua-resty-lrucache --branch "$LRL_VER" /src/lua-resty-lrucache && \
git clone --recursive https://github.com/leev/ngx_http_geoip2_module --branch "$NHG2M_VER" /src/ngx_http_geoip2_module && \
git clone --recursive https://github.com/gabihodoroaga/nginx-ntlm-module --branch "$NNTLM_VER" /src/nginx-ntlm-module
git clone --recursive https://github.com/gabihodoroaga/nginx-ntlm-module --branch "$NNTLM_VER" /src/nginx-ntlm-module && \
# patch ModSecurity-nginx
git clone --recursive https://github.com/SpiderLabs/ModSecurity-nginx --branch "$MODSECNGX_VER" /src/ModSecurity-nginx && \
cd /src/ModSecurity-nginx && \
wget -q https://patch-diff.githubusercontent.com/raw/owasp-modsecurity/ModSecurity-nginx/pull/320.patch -O /src/ModSecurity-nginx/1.patch && \
git apply /src/ModSecurity-nginx/1.patch && \
rm /src/ModSecurity-nginx/*.patch
# Configure
RUN cd /src/nginx && \
/src/nginx/auto/configure \
@@ -139,7 +146,7 @@ RUN find /usr/local/nginx -exec file {} \; | grep "not stripped" || true && \
file /src/ModSecurity/unicode.mapping && \
file /src/ModSecurity/modsecurity.conf-recommended

FROM alpine:3.20.3
FROM alpine:3.21.2
SHELL ["/bin/ash", "-eo", "pipefail", "-c"]
COPY --from=build /usr/local/nginx /usr/local/nginx
COPY --from=build /usr/local/openssl/.openssl /usr/local/openssl/.openssl
10 changes: 9 additions & 1 deletion python.Dockerfile
Original file line number Diff line number Diff line change
@@ -1,5 +1,12 @@
# syntax=docker/dockerfile:labs
FROM python:3.13.0-alpine3.20
FROM python:3.13.1-alpine3.21 AS certbot
COPY requirements.txt /tmp/requirements.txt
RUN apk upgrade --no-cache -a && \
apk add --no-cache ca-certificates build-base libffi-dev && \
python3 -m venv /usr/local && \
pip install --no-cache-dir -r /tmp/requirements.txt

FROM python:3.13.1-alpine3.21
ENV PYTHONUNBUFFERED=1
SHELL ["/bin/ash", "-eo", "pipefail", "-c"]
COPY --from=zoeyvid/nginx-quic:latest /usr/local/nginx /usr/local/nginx
@@ -9,6 +16,7 @@ RUN apk upgrade --no-cache -a && \
apk add --no-cache ca-certificates tzdata tini zlib luajit pcre2 libstdc++ yajl libxml2 libxslt libcurl lmdb libfuzzy2 lua5.1-libs geoip libmaxminddb-libs && \
ln -s /usr/local/nginx/sbin/nginx /usr/local/bin/nginx && \
ln -s /usr/local/openssl/.openssl/bin/openssl /usr/local/bin/openssl
COPY --from=certbot /usr/local /usr/local

ENV OPENSSL_CONF=/usr/local/openssl/.openssl/openssl.cnf
ENTRYPOINT ["tini", "--", "nginx"]
1 change: 1 addition & 0 deletions requirements.txt
Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
certbot==3.1.0