diff --git a/README.md b/README.md index d058b8e4..42c74874 100644 --- a/README.md +++ b/README.md @@ -47,7 +47,7 @@ If you'd like to support this open-source project I'll appreciate any kind of [c - [`almalinux`, `1-almalinux`, `1.27-almalinux`, `1.27.1-almalinux`, `1-almalinux9.4-20240723`, `1.27-almalinux9.4-20240723`, `1.27.1-almalinux9.4-20240723`](https://github.com/fabiocicerchia/nginx-lua/blob/main/nginx/1.27.1/almalinux/9.4-20240723/Dockerfile) - [`1`, `1.27`, `1.27.1`, `alpine`, `latest`, `1-alpine`, `1.27-alpine`, `1.27.1-alpine`, `1-alpine3.20.2`, `1.27-alpine3.20.2`, `1.27.1-alpine3.20.2`](https://github.com/fabiocicerchia/nginx-lua/blob/main/nginx/1.27.1/alpine/3.20.2/Dockerfile) -- [`amazonlinux`, `1-amazonlinux`, `1.27-amazonlinux`, `1.27.1-amazonlinux`, `1-amazonlinux2023.5.20240805.0`, `1.27-amazonlinux2023.5.20240805.0`, `1.27.1-amazonlinux2023.5.20240805.0`](https://github.com/fabiocicerchia/nginx-lua/blob/main/nginx/1.27.1/amazonlinux/2023.5.20240805.0/Dockerfile) +- [`amazonlinux`, `1-amazonlinux`, `1.27-amazonlinux`, `1.27.1-amazonlinux`, `1-amazonlinux2023.5.20240819.0`, `1.27-amazonlinux2023.5.20240819.0`, `1.27.1-amazonlinux2023.5.20240819.0`](https://github.com/fabiocicerchia/nginx-lua/blob/main/nginx/1.27.1/amazonlinux/2023.5.20240819.0/Dockerfile) - [`debian`, `1-debian`, `1.27-debian`, `1-debian12.6`, `1.27.1-debian`, `1.27-debian12.6`, `1.27.1-debian12.6`](https://github.com/fabiocicerchia/nginx-lua/blob/main/nginx/1.27.1/debian/12.6/Dockerfile) - [`fedora`, `1-fedora`, `1-fedora40`, `1.27-fedora`, `1.27-fedora40`, `1.27.1-fedora`, `1.27.1-fedora40`](https://github.com/fabiocicerchia/nginx-lua/blob/main/nginx/1.27.1/fedora/40/Dockerfile) - [`ubuntu`, `1-ubuntu`, `1.27-ubuntu`, `1-ubuntu24.04`, `1.27.1-ubuntu`, `1.27-ubuntu24.04`, `1.27.1-ubuntu24.04`](https://github.com/fabiocicerchia/nginx-lua/blob/main/nginx/1.27.1/ubuntu/24.04/Dockerfile) diff --git a/docs/TAGS.md b/docs/TAGS.md index 7fb13cae..1e608297 100644 --- a/docs/TAGS.md +++ b/docs/TAGS.md @@ -4,13 +4,14 @@ - [`1-almalinux`, `1.27-almalinux`, `1.27-almalinux9.4-20240723`, `1-almalinux9.4-20240723`, `1.27.1-almalinux9.4-20240723`, `1.27.1-almalinux`, `almalinux`](https://github.com/fabiocicerchia/nginx-lua/blob/main/nginx/1.27.1/almalinux/9.4-20240723/Dockerfile) - [`1-alpine`, `1`, `1.27-alpine`, `1.27`, `1.27-alpine3.20.2`, `1-alpine3.20.2`, `1.27.1-alpine3.20.2`, `1.27.1-alpine`, `1.27-1`, `alpine`, `latest`](https://github.com/fabiocicerchia/nginx-lua/blob/main/nginx/1.27.1/alpine/3.20.2/Dockerfile) -- [`1-amazonlinux`, `1.27-amazonlinux`, `1.27-amazonlinux2023.5.20240805.0`, `1-amazonlinux2023.5.20240805.0`, `1.27.1-amazonlinux2023.5.20240805.0`, `1.27.1-amazonlinux`, `amazonlinux`](https://github.com/fabiocicerchia/nginx-lua/blob/main/nginx/1.27.1/amazonlinux/2023.5.20240805.0/Dockerfile) +- [`1-amazonlinux`, `1.27-amazonlinux`, `1.27.1-amazonlinux`, `1.27.1-amazonlinux2023.5.20240819.0`, `1.27-amazonlinux2023.5.20240819.0`, `1-amazonlinux2023.5.20240819.0`, `amazonlinux`](https://github.com/fabiocicerchia/nginx-lua/blob/main/nginx/1.27.1/amazonlinux/2023.5.20240819.0/Dockerfile) - [`1-debian`, `1.27-debian`, `1.27-debian12.6`, `1-debian12.6`, `1.27.1-debian12.6`, `1.27.1-debian`, `debian`](https://github.com/fabiocicerchia/nginx-lua/blob/main/nginx/1.27.1/debian/12.6/Dockerfile) - [`1-fedora`, `1-fedora40`, `1.27-fedora40`, `1.27-fedora`, `1.27.1-fedora40`, `1.27.1-fedora`, `fedora`](https://github.com/fabiocicerchia/nginx-lua/blob/main/nginx/1.27.1/fedora/40/Dockerfile) - [`1-ubuntu`, `1-ubuntu24.04`, `1.27-ubuntu24.04`, `1.27-ubuntu`, `1.27.1-ubuntu24.04`, `1.27.1-ubuntu`, `ubuntu`](https://github.com/fabiocicerchia/nginx-lua/blob/main/nginx/1.27.1/ubuntu/24.04/Dockerfile) ## Unsupported Tags +- [`1.27-amazonlinux2023.5.20240805.0`, `1-amazonlinux2023.5.20240805.0`, `1.27.1-amazonlinux2023.5.20240805.0`](https://github.com/fabiocicerchia/nginx-lua/blob/main/nginx/1.27.1/amazonlinux/2023.5.20240805.0/Dockerfile) - [`1.27.0-ubuntu24.04`, `1.27.0-ubuntu`](https://github.com/fabiocicerchia/nginx-lua/blob/main/nginx/1.27.0/ubuntu/24.04/Dockerfile) - [`1.27.0-fedora40`, `1.27.0-fedora`](https://github.com/fabiocicerchia/nginx-lua/blob/main/nginx/1.27.0/fedora/40/Dockerfile) - [`1.27.0-debian`, `1.27.0-debian12.6`](https://github.com/fabiocicerchia/nginx-lua/blob/main/nginx/1.27.0/debian/12.6/Dockerfile) diff --git a/nginx/1.27.1/amazonlinux/2023.5.20240819.0/Dockerfile b/nginx/1.27.1/amazonlinux/2023.5.20240819.0/Dockerfile new file mode 100644 index 00000000..f791ebf4 --- /dev/null +++ b/nginx/1.27.1/amazonlinux/2023.5.20240819.0/Dockerfile @@ -0,0 +1,496 @@ +# __ __ +# .-----.-----.|__|.-----.--.--.______| |.--.--.---.-. +# | | _ || || |_ _|______| || | | _ | +# |__|__|___ ||__||__|__|__.__| |__||_____|___._| +# |_____| +# +# Copyright (c) 2024 Fabio Cicerchia. https://fabiocicerchia.it. MIT License +# Repo: https://github.com/fabiocicerchia/nginx-lua + +ARG ARCH= +ARG DISTRO=amazonlinux +ARG DISTRO_VER=2023.5.20240819.0 + +############################# +# Settings Common Variables # +############################# +FROM ${ARCH}/$DISTRO:$DISTRO_VER AS base + +ARG ARCH= +ENV ARCH=$ARCH + +ENV DOCKER_IMAGE=fabiocicerchia/nginx-lua +ENV DOCKER_IMAGE_OS=${DISTRO} +ENV DOCKER_IMAGE_TAG=${DISTRO_VER} + +ARG BUILD_DATE +ENV BUILD_DATE=$BUILD_DATE +ARG VCS_REF +ENV VCS_REF=$VCS_REF + +# NGINX +################################################################################ + +# nginx +# https://github.com/nginx/nginx/releases +ARG VER_NGINX=1.27.1 +ENV VER_NGINX=$VER_NGINX + +# NGINX MODULES +################################################################################ + +# ngx_devel_kit +# https://github.com/vision5/ngx_devel_kit +# The NDK is now considered to be stable. +ARG VER_NGX_DEVEL_KIT=0.3.3 +ENV VER_NGX_DEVEL_KIT=$VER_NGX_DEVEL_KIT + +# njs +# https://github.com/nginx/njs +ARG VER_NJS=0.8.5 +ENV VER_NJS=$VER_NJS + +# geoip2 +# https://github.com/leev/ngx_http_geoip2_module +ARG VER_GEOIP=3.4 +ENV VER_GEOIP=$VER_GEOIP + +# LUA +################################################################################ + +# luajit2 +# https://github.com/openresty/luajit2 +# Note: LuaJIT2 is stuck on Lua 5.1 since 2009. +# OpenResty's LuaJIT headers will be used. +# The `lua` interpreter is an alias of `luajit` to maintain the same version +# consistently in the system. If needed to use the latest Lua version (ie >=5.4) +# the os system package would be required, resulting in a system with multiple +# versions available. +ARG VER_LUAJIT=2.1-20240815 +ENV VER_LUAJIT=$VER_LUAJIT +ARG LUAJIT_LIB=/usr/local/lib +ENV LUAJIT_LIB=$LUAJIT_LIB +ARG LUAJIT_INC=/usr/local/include/luajit-2.1 +ENV LUAJIT_INC=$LUAJIT_INC +ARG LD_LIBRARY_PATH=/usr/local/lib/:$LD_LIBRARY_PATH +ENV LD_LIBRARY_PATH=$LD_LIBRARY_PATH + +# lua-nginx-module +# https://github.com/openresty/lua-nginx-module +# Production ready. +ARG VER_LUA_NGINX_MODULE=0.10.27 +ENV VER_LUA_NGINX_MODULE=$VER_LUA_NGINX_MODULE + +# lua-resty-core +# https://github.com/openresty/lua-resty-core +# This library is production ready. +ARG VER_LUA_RESTY_CORE=0.1.29 +ENV VER_LUA_RESTY_CORE=$VER_LUA_RESTY_CORE +ARG LUA_LIB_DIR=/usr/local/share/lua/5.1 +ENV LUA_LIB_DIR=$LUA_LIB_DIR + +# LUAROCKS +################################################################################ + +# lua-rocks +# https://luarocks.github.io/luarocks/releases/ +ARG VER_LUAROCKS=3.11.1 +ENV VER_LUAROCKS=$VER_LUAROCKS + +# LUA ADDONS +################################################################################ + +# headers-more-nginx-module +# https://github.com/openresty/headers-more-nginx-module +ARG VER_OPENRESTY_HEADERS=0.37 +ENV VER_OPENRESTY_HEADERS=$VER_OPENRESTY_HEADERS + +# lua-resty-cookie +# https://github.com/cloudflare/lua-resty-cookie +ARG VER_CLOUDFLARE_COOKIE=f418d77082eaef48331302e84330488fdc810ef4 +ENV VER_CLOUDFLARE_COOKIE=$VER_CLOUDFLARE_COOKIE + +# lua-resty-dns +# https://github.com/openresty/lua-resty-dns +ARG VER_OPENRESTY_DNS=0.23 +ENV VER_OPENRESTY_DNS=$VER_OPENRESTY_DNS + +# lua-resty-lrucache +# https://github.com/openresty/lua-resty-lrucache +# This library is considered production ready. +ARG VER_LUA_RESTY_LRUCACHE=0.14 +ENV VER_LUA_RESTY_LRUCACHE=$VER_LUA_RESTY_LRUCACHE + +# lua-resty-memcached +# https://github.com/openresty/lua-resty-memcached +ARG VER_OPENRESTY_MEMCACHED=0.17 +ENV VER_OPENRESTY_MEMCACHED=$VER_OPENRESTY_MEMCACHED + +# lua-resty-mysql +# https://github.com/openresty/lua-resty-mysql +ARG VER_OPENRESTY_MYSQL=0.27 +ENV VER_OPENRESTY_MYSQL=$VER_OPENRESTY_MYSQL + +# lua-resty-redis +# https://github.com/openresty/lua-resty-redis +ARG VER_OPENRESTY_REDIS=0.31 +ENV VER_OPENRESTY_REDIS=$VER_OPENRESTY_REDIS + +# lua-resty-shell +# https://github.com/openresty/lua-resty-shell +ARG VER_OPENRESTY_SHELL=0.03 +ENV VER_OPENRESTY_SHELL=$VER_OPENRESTY_SHELL + +# lua-resty-signal +# https://github.com/openresty/lua-resty-signal +ARG VER_OPENRESTY_SIGNAL=0.04 +ENV VER_OPENRESTY_SIGNAL=$VER_OPENRESTY_SIGNAL + +# lua-resty-upstream-healthcheck +# https://github.com/openresty/lua-resty-upstream-healthcheck +ARG VER_OPENRESTY_HEALTHCHECK=0.08 +ENV VER_OPENRESTY_HEALTHCHECK=$VER_OPENRESTY_HEALTHCHECK + +# lua-resty-websocket +# https://github.com/openresty/lua-resty-websocket +ARG VER_OPENRESTY_WEBSOCKET=0.12 +ENV VER_OPENRESTY_WEBSOCKET=$VER_OPENRESTY_WEBSOCKET + +# lua-tablepool +# https://github.com/openresty/lua-tablepool +ARG VER_OPENRESTY_TABLEPOOL=0.03 +ENV VER_OPENRESTY_TABLEPOOL=$VER_OPENRESTY_TABLEPOOL + +# lua-upstream-nginx-module +# https://github.com/openresty/lua-upstream-nginx-module +ARG VER_LUA_UPSTREAM=0.07 +ENV VER_LUA_UPSTREAM=$VER_LUA_UPSTREAM + +# nginx-lua-prometheus +# https://github.com/knyar/nginx-lua-prometheus +ARG VER_PROMETHEUS=0.20240525 +ENV VER_PROMETHEUS=$VER_PROMETHEUS + +# set-misc-nginx-module +# https://github.com/openresty/set-misc-nginx-module +ARG VER_MISC_NGINX=0.33 +ENV VER_MISC_NGINX=$VER_MISC_NGINX + +# stream-lua-nginx-module +# https://github.com/openresty/stream-lua-nginx-module +ARG VER_OPENRESTY_STREAMLUA=69f0cd762112a6e0cddb07f2b5192e9a65034a93 +ENV VER_OPENRESTY_STREAMLUA=$VER_OPENRESTY_STREAMLUA + +# lua-resty-limit-traffic +# https://github.com/openresty/lua-resty-limit-traffic/tags +ARG VER_OPENRESTY_LIMITTRAFFIC=0.09 +ENV VER_OPENRESTY_LIMITTRAFFIC=$VER_OPENRESTY_LIMITTRAFFIC + +# lua-resty-upload +# https://github.com/openresty/lua-resty-upload/tags +ARG VER_OPENRESTY_UPLOAD=0.11 +ENV VER_OPENRESTY_UPLOAD=$VER_OPENRESTY_UPLOAD + +# lua-resty-lock +# https://github.com/openresty/lua-resty-lock/tags +ARG VER_OPENRESTY_LOCK=0.09 +ENV VER_OPENRESTY_LOCK=$VER_OPENRESTY_LOCK + +# lua-resty-balancer +# https://github.com/openresty/lua-resty-balancer/tags +ARG VER_OPENRESTY_BALANCER=0.05 +ENV VER_OPENRESTY_BALANCER=$VER_OPENRESTY_BALANCER + +# lua-resty-string +# https://github.com/openresty/lua-resty-string/tags +ARG VER_OPENRESTY_STRING=0.16 +ENV VER_OPENRESTY_STRING=$VER_OPENRESTY_STRING + +################################################################################ + +# Replicate same official env variable +ENV NGINX_VERSION $VER_NGINX +ENV NJS_VERSION $VER_NJS +ENV PKG_RELEASE 1 + +# References: +# - https://developers.redhat.com/blog/2018/03/21/compiler-and-linker-flags-gcc +# - https://gcc.gnu.org/onlinedocs/gcc/Warning-Options.html +# -g Generate debugging information +# -O2 Recommended optimizations +# -fstack-protector-strong Stack smashing protector +# -Wformat Check calls to make sure that the arguments supplied have types appropriate to the format string specified +# -Werror=format-security Reject potentially unsafe format string arguents +# -Wp,-D_FORTIFY_SOURCE=2 Run-time buffer overflow detection +# -fPIC No text relocations +# ORIGINAL VALUE: -g -O2 -ffile-prefix-map=/data/builder/debuild/nginx-1.23.3/debian/debuild-base/nginx-1.23.3=. -fstack-protector-strong -Wformat -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -fPIC +ARG NGX_CFLAGS="-g -O2 -fstack-protector-strong -Wformat -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -fPIC" +ENV NGX_CFLAGS=$NGX_CFLAGS +# References +# - https://developers.redhat.com/blog/2018/03/21/compiler-and-linker-flags-gcc +# - https://wiki.debian.org/ToolChain/DSOLinking#Unresolved_symbols_in_shared_libraries +# - https://ftp.gnu.org/old-gnu/Manuals/ld-2.9.1/html_node/ld_3.html +# - https://linux.die.net/man/1/ld +# -Wl,-rpath,/usr/local/lib Add a directory to the runtime library search path +# -Wl,-z,relro Read-only segments after relocation +# -Wl,-z,now Disable lazy binding +# -Wl,--as-needed Only link with needed libraries +# -pie Full ASLR for executables +# ORIGINAL VALUE: -Wl,-z,relro -Wl,-z,now -Wl,--as-needed -pie +ARG NGX_LDOPT="-Wl,-rpath,/usr/local/lib -Wl,-z,relro -Wl,-z,now -Wl,--as-needed -pie" +ENV NGX_LDOPT=$NGX_LDOPT +# Reference: http://nginx.org/en/docs/configure.html +ARG NGINX_BUILD_CONFIG="\ + --prefix=/etc/nginx \ + --sbin-path=/usr/sbin/nginx \ + --modules-path=/usr/lib/nginx/modules \ + --conf-path=/etc/nginx/nginx.conf \ + --error-log-path=/var/log/nginx/error.log \ + --http-log-path=/var/log/nginx/access.log \ + --pid-path=/var/run/nginx.pid \ + --lock-path=/var/run/nginx.lock \ + --http-client-body-temp-path=/var/cache/nginx/client_temp \ + --http-proxy-temp-path=/var/cache/nginx/proxy_temp \ + --http-fastcgi-temp-path=/var/cache/nginx/fastcgi_temp \ + --http-uwsgi-temp-path=/var/cache/nginx/uwsgi_temp \ + --http-scgi-temp-path=/var/cache/nginx/scgi_temp \ + --with-perl_modules_path=/usr/lib/perl5/vendor_perl \ + --user=nginx \ + --group=nginx \ + `# OFFICIAL MODULES` \ + --with-compat \ + --with-file-aio \ + --with-threads \ + --with-http_addition_module \ + --with-http_auth_request_module \ + --with-http_dav_module \ + --with-http_flv_module \ + --with-http_gunzip_module \ + --with-http_gzip_static_module \ + --with-http_mp4_module \ + --with-http_random_index_module \ + --with-http_realip_module \ + --with-http_secure_link_module \ + --with-http_slice_module \ + --with-http_ssl_module \ + --with-http_stub_status_module \ + --with-http_sub_module \ + --with-http_v2_module \ + --with-mail \ + --with-mail_ssl_module \ + --with-stream \ + --with-stream_realip_module \ + --with-stream_ssl_module \ + --with-stream_ssl_preread_module \ + `# CUSTOM MODULES` \ + --add-module=/headers-more-nginx-module-${VER_OPENRESTY_HEADERS} \ + --add-module=/lua-nginx-module-${VER_LUA_NGINX_MODULE} \ + --add-module=/lua-upstream-nginx-module-${VER_LUA_UPSTREAM} \ + --add-module=/ngx_devel_kit-${VER_NGX_DEVEL_KIT} \ + --add-module=/ngx_http_geoip2_module-${VER_GEOIP} \ + --add-module=/njs-${VER_NJS}/nginx \ + --add-module=/set-misc-nginx-module-${VER_MISC_NGINX} \ + --add-module=/stream-lua-nginx-module-${VER_OPENRESTY_STREAMLUA} \ +" +ENV NGINX_BUILD_CONFIG=$NGINX_BUILD_CONFIG + +ARG BUILD_DEPS_BASE="\ + ca-certificates \ + gcc-c++ \ + gzip \ + libmaxminddb-devel \ + libxml2-devel \ + libxslt-devel \ + make \ + openssl-devel \ + patch \ + pcre-devel \ + tar \ + unzip \ + which \ + zlib-devel \ +" +ENV BUILD_DEPS_BASE=$BUILD_DEPS_BASE +ARG BUILD_DEPS_AMD64="\ + ${BUILD_DEPS_BASE} \ +" +ENV BUILD_DEPS_AMD64=$BUILD_DEPS_AMD64 +ARG BUILD_DEPS_ARM64V8="\ + ${BUILD_DEPS_BASE} \ +" +ENV BUILD_DEPS_ARM64V8=$BUILD_DEPS_ARM64V8 +ENV BUILD_DEPS= + +ARG NGINX_BUILD_DEPS="\ +# OPENRESTY PATCHES + git \ +" +ENV NGINX_BUILD_DEPS=$NGINX_BUILD_DEPS + +#################################### +# Build Nginx with support for LUA # +#################################### +FROM base AS builder + +# hadolint ignore=SC2086 +RUN set -eux \ + && eval BUILD_DEPS="\$$(echo BUILD_DEPS_${ARCH} | tr '[:lower:]' '[:upper:]')" \ + && yum makecache \ + && yum install -y \ + $BUILD_DEPS \ + $NGINX_BUILD_DEPS \ + && yum clean all \ + && rm -rf /var/cache/yum + +COPY tpl/Makefile Makefile +COPY tpl/patches patches + +RUN make deps \ + && make core \ + && make luarocks + +RUN set -eux \ +# envsubst +# ############################################################################## + && yum makecache \ + && yum install -y \ + gettext \ + && yum clean all \ + && rm -rf /var/cache/yum + +########################################## +# Combine everything with minimal layers # +########################################## +FROM base + +# http://label-schema.org/rc1/ +LABEL maintainer="Fabio Cicerchia " \ + org.label-schema.build-date="${BUILD_DATE}" \ + org.label-schema.description="Nginx ${VER_NGINX} with Lua support based on amazonlinux (${ARCH}) 2023.5.20240819.0." \ + org.label-schema.docker.cmd="docker run -p 80:80 -d ${DOCKER_IMAGE}:${VER_NGINX}-amazonlinux2023.5.20240819.0" \ + org.label-schema.name="${DOCKER_IMAGE}" \ + org.label-schema.schema-version="1.0" \ + org.label-schema.url="https://github.com/${DOCKER_IMAGE}" \ + org.label-schema.vcs-ref=$VCS_REF \ + org.label-schema.vcs-url="https://github.com/${DOCKER_IMAGE}" \ + org.label-schema.version="${VER_NGINX}-amazonlinux2023.5.20240819.0" \ + image.target.platform="${TARGETPLATFORM}" \ + image.target.os="${TARGETOS}" \ + image.target.arch="${ARCH}" \ + versions.os="2023.5.20240819.0" \ + versions.luajit2="${VER_LUAJIT}" \ + versions.luarocks="${VER_LUAROCKS}" \ + versions.nginx="${VER_NGINX}" \ + versions.ngx_devel_kit="${VER_NGX_DEVEL_KIT}" \ + versions.njs="${VER_NJS}" \ + versions.geoip="${VER_GEOIP}" \ + versions.headers-more-nginx-module="${VER_OPENRESTY_HEADERS}" \ + versions.lua-nginx-module="${VER_LUA_NGINX_MODULE}" \ + versions.lua-resty-balancer="${VER_OPENRESTY_BALANCER}" \ + versions.lua-resty-cookie="${VER_CLOUDFLARE_COOKIE}" \ + versions.lua-resty-core="${VER_LUA_RESTY_CORE}" \ + versions.lua-resty-dns="${VER_OPENRESTY_DNS}" \ + versions.lua-resty-limit-traffic="${VER_OPENRESTY_LIMITTRAFFIC}" \ + versions.lua-resty-lock="${VER_OPENRESTY_LOCK}" \ + versions.lua-resty-lrucache="${VER_LUA_RESTY_LRUCACHE}" \ + versions.lua-resty-memcached="${VER_OPENRESTY_MEMCACHED}" \ + versions.lua-resty-mysql="${VER_OPENRESTY_MYSQL}" \ + versions.lua-resty-redis="${VER_OPENRESTY_REDIS}" \ + versions.lua-resty-shell="${VER_OPENRESTY_SHELL}" \ + versions.lua-resty-signal="${VER_OPENRESTY_SIGNAL}" \ + versions.lua-resty-string="${VER_OPENRESTY_STRING}" \ + versions.lua-resty-tablepool="${VER_OPENRESTY_TABLEPOOL}" \ + versions.lua-resty-upload="${VER_OPENRESTY_UPLOAD}" \ + versions.lua-resty-upstream-healthcheck="${VER_OPENRESTY_HEALTHCHECK}" \ + versions.lua-resty-websocket="${VER_OPENRESTY_WEBSOCKET}" \ + versions.lua-upstream="${VER_LUA_UPSTREAM}" \ + versions.nginx-lua-prometheus="${VER_PROMETHEUS}" \ + versions.set-misc-nginx=${VER_MISC_NGINX} \ + versions.stream-lua-nginx-module="${VER_OPENRESTY_STREAMLUA}" + +ARG PKG_DEPS="\ + ca-certificates \ + libxml2-devel \ + openssl-devel \ + pcre-devel \ + unzip \ + zlib-devel \ +" +ENV PKG_DEPS=$PKG_DEPS + +COPY --from=builder --chown=101:101 /etc/nginx /etc/nginx +COPY --from=builder --chown=101:101 /usr/bin/envsubst /usr/local/bin/envsubst +COPY --from=builder --chown=101:101 /usr/lib64 /usr/lib64 +COPY --from=builder --chown=101:101 /usr/local/lib /usr/local/lib +COPY --from=builder --chown=101:101 /usr/local/share/lua /usr/local/share/lua +COPY --from=builder --chown=101:101 /usr/sbin/nginx /usr/sbin/nginx +COPY --from=builder --chown=101:101 /usr/sbin/nginx-debug /usr/sbin/nginx-debug +COPY --from=builder --chown=101:101 /var/cache/nginx /var/cache/nginx +# luajit +COPY --from=builder --chown=101:101 /usr/local/lib/libluajit* /usr/local/lib/ +COPY --from=builder --chown=101:101 /usr/local/lib/pkgconfig/luajit* /usr/local/lib/pkgconfig/ +COPY --from=builder --chown=101:101 $LUAJIT_INC $LUAJIT_INC +COPY --from=builder --chown=101:101 /usr/local/bin/luajit* /usr/local/bin/ +COPY --from=builder --chown=101:101 /usr/local/share/luajit* /usr/local/share/ +COPY --from=builder --chown=101:101 /usr/local/share/man/man1/luajit* /usr/local/share/man/man1/ +# luarocks +COPY --from=builder --chown=101:101 /usr/local/share/lua/5.1/luarocks /usr/local/share/lua/5.1/luarocks +COPY --from=builder --chown=101:101 /usr/local/bin/luarocks* /usr/local/bin/ +COPY --from=builder --chown=101:101 /usr/local/etc/luarocks /usr/local/etc/luarocks + +COPY --chown=101:101 tpl/??-*.sh /docker-entrypoint.d/ +COPY --chown=101:101 tpl/default.conf /etc/nginx/conf.d/default.conf +COPY --chown=101:101 tpl/docker-entrypoint.sh / +COPY --chown=101:101 tpl/nginx.conf /etc/nginx/nginx.conf +COPY --chown=101:101 tpl/support.sh / + +SHELL ["/bin/sh", "-o", "pipefail", "-c"] + +# hadolint ignore=SC2086 +RUN set -eux \ + && yum makecache \ + && yum install -y \ + $PKG_DEPS \ + shadow-utils \ +# Fix LUA alias + && ln -sf /usr/local/bin/luajit /usr/local/bin/lua \ +# Bring in tzdata so users could set the timezones through the environment +# variables + && yum install -y tzdata \ +# Bring in curl and ca-certificates to make registering on DNS SD easier + && yum install -y --allowerasing curl ca-certificates \ +# forward request and error logs to docker log collector + && mkdir -p /var/log/nginx \ + && ln -sf /dev/stdout /var/log/nginx/access.log \ + && ln -sf /dev/stderr /var/log/nginx/error.log \ +# create nginx user/group first, to be consistent throughout docker variants + && groupadd --system --gid 101 nginx \ + && useradd --system --gid nginx --no-create-home --home /nonexistent --comment "nginx user" --shell /bin/false --uid 101 nginx \ +# Upgrade software to latest version +# ############################################################################## + && yum upgrade -y \ +# Cleanup +# ############################################################################## + && yum remove -y \ + shadow-utils \ + && yum clean all \ + && rm -rf /var/cache/yum + +# smoke test +# ############################################################################## +RUN envsubst -V \ + && nginx -V \ + && nginx -t \ + && lua -v \ + && luarocks --version + +EXPOSE 80 443 + +HEALTHCHECK --interval=30s --timeout=3s CMD curl --fail http://localhost/ || exit 1 + +# Override stop signal to stop process gracefully +STOPSIGNAL SIGQUIT + +ENTRYPOINT ["/docker-entrypoint.sh"] + +CMD ["nginx", "-g", "daemon off;"] diff --git a/nginx/1.27.1/amazonlinux/2023.5.20240819.0/tpl/.env.dist b/nginx/1.27.1/amazonlinux/2023.5.20240819.0/tpl/.env.dist new file mode 100644 index 00000000..4196913e --- /dev/null +++ b/nginx/1.27.1/amazonlinux/2023.5.20240819.0/tpl/.env.dist @@ -0,0 +1,134 @@ +# NGINX MODULES +################################################################################ + +# ngx_devel_kit +# https://github.com/vision5/ngx_devel_kit/releases +# The NDK is now considered to be stable. +VER_NGX_DEVEL_KIT=0.3.3 + +# njs +# https://github.com/nginx/njs/tags +VER_NJS=0.8.5 + +# geoip2 +# https://github.com/leev/ngx_http_geoip2_module/releases +VER_GEOIP=3.4 + +# LUA +################################################################################ + +# luajit2 +# https://github.com/openresty/luajit2/tags +# Note: LuaJIT2 is stuck on Lua 5.1 since 2009. +VER_LUAJIT=2.1-20240815 + +# lua-nginx-module +# https://github.com/openresty/lua-nginx-module/tags +# Production ready. +VER_LUA_NGINX_MODULE=0.10.27 + +# lua-resty-core +# https://github.com/openresty/lua-resty-core/tags +# This library is production ready. +VER_LUA_RESTY_CORE=0.1.29 + +# LUAROCKS +################################################################################ + +# lua-rocks +# https://github.com/luarocks/luarocks/tags +VER_LUAROCKS=3.11.1 + +# LUA ADDONS +################################################################################ + +# lua-resty-lrucache +# https://github.com/openresty/lua-resty-lrucache/tags +# This library is considered production ready. +VER_LUA_RESTY_LRUCACHE=0.14 + +# headers-more-nginx-module +# https://github.com/openresty/headers-more-nginx-module/tags +VER_OPENRESTY_HEADERS=0.37 + +# lua-resty-cookie +# https://github.com/cloudflare/lua-resty-cookie/commits/master +VER_CLOUDFLARE_COOKIE=f418d77082eaef48331302e84330488fdc810ef4 + +# lua-resty-dns +# https://github.com/openresty/lua-resty-dns/tags +VER_OPENRESTY_DNS=0.23 + +# lua-resty-memcached +# https://github.com/openresty/lua-resty-memcached/tags +VER_OPENRESTY_MEMCACHED=0.17 + +# lua-resty-mysql +# https://github.com/openresty/lua-resty-mysql/tags +VER_OPENRESTY_MYSQL=0.27 + +# lua-resty-redis +# https://github.com/openresty/lua-resty-redis/tags +VER_OPENRESTY_REDIS=0.31 + +# lua-resty-shell +# https://github.com/openresty/lua-resty-shell/tags +VER_OPENRESTY_SHELL=0.03 + +# lua-resty-signal +# https://github.com/openresty/lua-resty-signal/tags +VER_OPENRESTY_SIGNAL=0.04 + +# lua-tablepool +# https://github.com/openresty/lua-tablepool/tags +VER_OPENRESTY_TABLEPOOL=0.03 + +# lua-resty-upstream-healthcheck +# https://github.com/openresty/lua-resty-upstream-healthcheck/tags +VER_OPENRESTY_HEALTHCHECK=0.08 + +# lua-resty-websocket +# https://github.com/openresty/lua-resty-websocket/tags +VER_OPENRESTY_WEBSOCKET=0.12 + +# lua-upstream-nginx-module +# https://github.com/openresty/lua-upstream-nginx-module/tags +VER_LUA_UPSTREAM=0.07 + +# nginx-lua-prometheus +# https://github.com/knyar/nginx-lua-prometheus/tags +VER_PROMETHEUS=0.20240525 + +# set-misc-nginx-module +# https://github.com/openresty/set-misc-nginx-module/tags +VER_MISC_NGINX=0.33 + +# stream-lua-nginx-module +# https://github.com/openresty/stream-lua-nginx-module/commits/master +# NOTE: +# The latest tag 0.0.14 is incompatible with nginx 1.25.5+: +# error: unknown type name 'ngx_stream_ssl_conf_t'; did you mean 'ngx_stream_addr_conf_t' +# The fix is released in master branch only without proper tag yet. +# So using the latest master commit available to date. +VER_OPENRESTY_STREAMLUA=69f0cd762112a6e0cddb07f2b5192e9a65034a93 + +# lua-resty-limit-traffic +# https://github.com/openresty/lua-resty-limit-traffic/tags +VER_OPENRESTY_LIMITTRAFFIC=0.09 + +# lua-resty-upload +# https://github.com/openresty/lua-resty-upload/tags +VER_OPENRESTY_UPLOAD=0.11 + +# lua-resty-lock +# https://github.com/openresty/lua-resty-lock/tags +VER_OPENRESTY_LOCK=0.09 + +# lua-resty-balancer +# https://github.com/openresty/lua-resty-balancer/tags +VER_OPENRESTY_BALANCER=0.05 + +# lua-resty-string +# https://github.com/openresty/lua-resty-string/tags +VER_OPENRESTY_STRING=0.16 + diff --git a/nginx/1.27.1/amazonlinux/2023.5.20240819.0/tpl/10-listen-on-ipv6-by-default.sh b/nginx/1.27.1/amazonlinux/2023.5.20240819.0/tpl/10-listen-on-ipv6-by-default.sh new file mode 100755 index 00000000..b90bf0c9 --- /dev/null +++ b/nginx/1.27.1/amazonlinux/2023.5.20240819.0/tpl/10-listen-on-ipv6-by-default.sh @@ -0,0 +1,67 @@ +#!/bin/sh +# vim:sw=4:ts=4:et + +set -e + +entrypoint_log() { + if [ -z "${NGINX_ENTRYPOINT_QUIET_LOGS:-}" ]; then + echo "$@" + fi +} + +ME=$(basename "$0") +DEFAULT_CONF_FILE="etc/nginx/conf.d/default.conf" + +# check if we have ipv6 available +if [ ! -f "/proc/net/if_inet6" ]; then + entrypoint_log "$ME: info: ipv6 not available" + exit 0 +fi + +if [ ! -f "/$DEFAULT_CONF_FILE" ]; then + entrypoint_log "$ME: info: /$DEFAULT_CONF_FILE is not a file or does not exist" + exit 0 +fi + +# check if the file can be modified, e.g. not on a r/o filesystem +touch /$DEFAULT_CONF_FILE 2>/dev/null || { entrypoint_log "$ME: info: can not modify /$DEFAULT_CONF_FILE (read-only file system?)"; exit 0; } + +# check if the file is already modified, e.g. on a container restart +grep -q "listen \[::]\:80;" /$DEFAULT_CONF_FILE && { entrypoint_log "$ME: info: IPv6 listen already enabled"; exit 0; } + +if [ -f "/etc/os-release" ]; then + . /etc/os-release +else + entrypoint_log "$ME: info: can not guess the operating system" + exit 0 +fi + +entrypoint_log "$ME: info: Getting the checksum of /$DEFAULT_CONF_FILE" + +case "$ID" in + "debian") + CHECKSUM=$(dpkg-query --show --showformat='${Conffiles}\n' nginx | grep $DEFAULT_CONF_FILE | cut -d' ' -f 3) + echo "$CHECKSUM /$DEFAULT_CONF_FILE" | md5sum -c - >/dev/null 2>&1 || { + entrypoint_log "$ME: info: /$DEFAULT_CONF_FILE differs from the packaged version" + exit 0 + } + ;; + "alpine") + CHECKSUM=$(apk manifest nginx 2>/dev/null| grep $DEFAULT_CONF_FILE | cut -d' ' -f 1 | cut -d ':' -f 2) + echo "$CHECKSUM /$DEFAULT_CONF_FILE" | sha1sum -c - >/dev/null 2>&1 || { + entrypoint_log "$ME: info: /$DEFAULT_CONF_FILE differs from the packaged version" + exit 0 + } + ;; + *) + entrypoint_log "$ME: info: Unsupported distribution" + exit 0 + ;; +esac + +# enable ipv6 on default.conf listen sockets +sed -i -E 's,listen 80;,listen 80;\n listen [::]:80;,' /$DEFAULT_CONF_FILE + +entrypoint_log "$ME: info: Enabled listen on IPv6 in /$DEFAULT_CONF_FILE" + +exit 0 diff --git a/nginx/1.27.1/amazonlinux/2023.5.20240819.0/tpl/20-envsubst-on-templates.sh b/nginx/1.27.1/amazonlinux/2023.5.20240819.0/tpl/20-envsubst-on-templates.sh new file mode 100755 index 00000000..3804165c --- /dev/null +++ b/nginx/1.27.1/amazonlinux/2023.5.20240819.0/tpl/20-envsubst-on-templates.sh @@ -0,0 +1,78 @@ +#!/bin/sh + +set -e + +ME=$(basename "$0") + +entrypoint_log() { + if [ -z "${NGINX_ENTRYPOINT_QUIET_LOGS:-}" ]; then + echo "$@" + fi +} + +add_stream_block() { + local conffile="/etc/nginx/nginx.conf" + + if grep -q -E "\s*stream\s*\{" "$conffile"; then + entrypoint_log "$ME: $conffile contains a stream block; include $stream_output_dir/*.conf to enable stream templates" + else + # check if the file can be modified, e.g. not on a r/o filesystem + touch "$conffile" 2>/dev/null || { entrypoint_log "$ME: info: can not modify $conffile (read-only file system?)"; exit 0; } + entrypoint_log "$ME: Appending stream block to $conffile to include $stream_output_dir/*.conf" + cat << END >> "$conffile" +# added by "$ME" on "$(date)" +stream { + include $stream_output_dir/*.conf; +} +END + fi +} + +auto_envsubst() { + local template_dir="${NGINX_ENVSUBST_TEMPLATE_DIR:-/etc/nginx/templates}" + local suffix="${NGINX_ENVSUBST_TEMPLATE_SUFFIX:-.template}" + local output_dir="${NGINX_ENVSUBST_OUTPUT_DIR:-/etc/nginx/conf.d}" + local stream_suffix="${NGINX_ENVSUBST_STREAM_TEMPLATE_SUFFIX:-.stream-template}" + local stream_output_dir="${NGINX_ENVSUBST_STREAM_OUTPUT_DIR:-/etc/nginx/stream-conf.d}" + local filter="${NGINX_ENVSUBST_FILTER:-}" + + local template defined_envs relative_path output_path subdir + defined_envs=$(printf '${%s} ' $(awk "END { for (name in ENVIRON) { print ( name ~ /${filter}/ ) ? name : \"\" } }" < /dev/null )) + [ -d "$template_dir" ] || return 0 + if [ ! -w "$output_dir" ]; then + entrypoint_log "$ME: ERROR: $template_dir exists, but $output_dir is not writable" + return 0 + fi + find "$template_dir" -follow -type f -name "*$suffix" -print | while read -r template; do + relative_path="${template#"$template_dir/"}" + output_path="$output_dir/${relative_path%"$suffix"}" + subdir=$(dirname "$relative_path") + # create a subdirectory where the template file exists + mkdir -p "$output_dir/$subdir" + entrypoint_log "$ME: Running envsubst on $template to $output_path" + envsubst "$defined_envs" < "$template" > "$output_path" + done + + # Print the first file with the stream suffix, this will be false if there are none + if test -n "$(find "$template_dir" -name "*$stream_suffix" -print -quit)"; then + mkdir -p "$stream_output_dir" + if [ ! -w "$stream_output_dir" ]; then + entrypoint_log "$ME: ERROR: $template_dir exists, but $stream_output_dir is not writable" + return 0 + fi + add_stream_block + find "$template_dir" -follow -type f -name "*$stream_suffix" -print | while read -r template; do + relative_path="${template#"$template_dir/"}" + output_path="$stream_output_dir/${relative_path%"$stream_suffix"}" + subdir=$(dirname "$relative_path") + # create a subdirectory where the template file exists + mkdir -p "$stream_output_dir/$subdir" + entrypoint_log "$ME: Running envsubst on $template to $output_path" + envsubst "$defined_envs" < "$template" > "$output_path" + done + fi +} + +auto_envsubst + +exit 0 diff --git a/nginx/1.27.1/amazonlinux/2023.5.20240819.0/tpl/30-tune-worker-processes.sh b/nginx/1.27.1/amazonlinux/2023.5.20240819.0/tpl/30-tune-worker-processes.sh new file mode 100755 index 00000000..defb994f --- /dev/null +++ b/nginx/1.27.1/amazonlinux/2023.5.20240819.0/tpl/30-tune-worker-processes.sh @@ -0,0 +1,188 @@ +#!/bin/sh +# vim:sw=2:ts=2:sts=2:et + +set -eu + +LC_ALL=C +ME=$(basename "$0") +PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin + +[ "${NGINX_ENTRYPOINT_WORKER_PROCESSES_AUTOTUNE:-}" ] || exit 0 + +touch /etc/nginx/nginx.conf 2>/dev/null || { echo >&2 "$ME: error: can not modify /etc/nginx/nginx.conf (read-only file system?)"; exit 0; } + +ceildiv() { + num=$1 + div=$2 + echo $(( (num + div - 1) / div )) +} + +get_cpuset() { + cpusetroot=$1 + cpusetfile=$2 + ncpu=0 + [ -f "$cpusetroot/$cpusetfile" ] || return 1 + for token in $( tr ',' ' ' < "$cpusetroot/$cpusetfile" ); do + case "$token" in + *-*) + count=$( seq $(echo "$token" | tr '-' ' ') | wc -l ) + ncpu=$(( ncpu+count )) + ;; + *) + ncpu=$(( ncpu+1 )) + ;; + esac + done + echo "$ncpu" +} + +get_quota() { + cpuroot=$1 + ncpu=0 + [ -f "$cpuroot/cpu.cfs_quota_us" ] || return 1 + [ -f "$cpuroot/cpu.cfs_period_us" ] || return 1 + cfs_quota=$( cat "$cpuroot/cpu.cfs_quota_us" ) + cfs_period=$( cat "$cpuroot/cpu.cfs_period_us" ) + [ "$cfs_quota" = "-1" ] && return 1 + [ "$cfs_period" = "0" ] && return 1 + ncpu=$( ceildiv "$cfs_quota" "$cfs_period" ) + [ "$ncpu" -gt 0 ] || return 1 + echo "$ncpu" +} + +get_quota_v2() { + cpuroot=$1 + ncpu=0 + [ -f "$cpuroot/cpu.max" ] || return 1 + cfs_quota=$( cut -d' ' -f 1 < "$cpuroot/cpu.max" ) + cfs_period=$( cut -d' ' -f 2 < "$cpuroot/cpu.max" ) + [ "$cfs_quota" = "max" ] && return 1 + [ "$cfs_period" = "0" ] && return 1 + ncpu=$( ceildiv "$cfs_quota" "$cfs_period" ) + [ "$ncpu" -gt 0 ] || return 1 + echo "$ncpu" +} + +get_cgroup_v1_path() { + needle=$1 + found= + foundroot= + mountpoint= + + [ -r "/proc/self/mountinfo" ] || return 1 + [ -r "/proc/self/cgroup" ] || return 1 + + while IFS= read -r line; do + case "$needle" in + "cpuset") + case "$line" in + *cpuset*) + found=$( echo "$line" | cut -d ' ' -f 4,5 ) + break + ;; + esac + ;; + "cpu") + case "$line" in + *cpuset*) + ;; + *cpu,cpuacct*|*cpuacct,cpu|*cpuacct*|*cpu*) + found=$( echo "$line" | cut -d ' ' -f 4,5 ) + break + ;; + esac + esac + done << __EOF__ +$( grep -F -- '- cgroup ' /proc/self/mountinfo ) +__EOF__ + + while IFS= read -r line; do + controller=$( echo "$line" | cut -d: -f 2 ) + case "$needle" in + "cpuset") + case "$controller" in + cpuset) + mountpoint=$( echo "$line" | cut -d: -f 3 ) + break + ;; + esac + ;; + "cpu") + case "$controller" in + cpu,cpuacct|cpuacct,cpu|cpuacct|cpu) + mountpoint=$( echo "$line" | cut -d: -f 3 ) + break + ;; + esac + ;; + esac +done << __EOF__ +$( grep -F -- 'cpu' /proc/self/cgroup ) +__EOF__ + + case "${found%% *}" in + "/") + foundroot="${found##* }$mountpoint" + ;; + "$mountpoint") + foundroot="${found##* }" + ;; + esac + echo "$foundroot" +} + +get_cgroup_v2_path() { + found= + foundroot= + mountpoint= + + [ -r "/proc/self/mountinfo" ] || return 1 + [ -r "/proc/self/cgroup" ] || return 1 + + while IFS= read -r line; do + found=$( echo "$line" | cut -d ' ' -f 4,5 ) + done << __EOF__ +$( grep -F -- '- cgroup2 ' /proc/self/mountinfo ) +__EOF__ + + while IFS= read -r line; do + mountpoint=$( echo "$line" | cut -d: -f 3 ) +done << __EOF__ +$( grep -F -- '0::' /proc/self/cgroup ) +__EOF__ + + case "${found%% *}" in + "") + return 1 + ;; + "/") + foundroot="${found##* }$mountpoint" + ;; + "$mountpoint" | /../*) + foundroot="${found##* }" + ;; + esac + echo "$foundroot" +} + +ncpu_online=$( getconf _NPROCESSORS_ONLN ) +ncpu_cpuset= +ncpu_quota= +ncpu_cpuset_v2= +ncpu_quota_v2= + +cpuset=$( get_cgroup_v1_path "cpuset" ) && ncpu_cpuset=$( get_cpuset "$cpuset" "cpuset.effective_cpus" ) || ncpu_cpuset=$ncpu_online +cpu=$( get_cgroup_v1_path "cpu" ) && ncpu_quota=$( get_quota "$cpu" ) || ncpu_quota=$ncpu_online +cgroup_v2=$( get_cgroup_v2_path ) && ncpu_cpuset_v2=$( get_cpuset "$cgroup_v2" "cpuset.cpus.effective" ) || ncpu_cpuset_v2=$ncpu_online +cgroup_v2=$( get_cgroup_v2_path ) && ncpu_quota_v2=$( get_quota_v2 "$cgroup_v2" ) || ncpu_quota_v2=$ncpu_online + +ncpu=$( printf "%s\n%s\n%s\n%s\n%s\n" \ + "$ncpu_online" \ + "$ncpu_cpuset" \ + "$ncpu_quota" \ + "$ncpu_cpuset_v2" \ + "$ncpu_quota_v2" \ + | sort -n \ + | head -n 1 ) + +sed -i.bak -r 's/^(worker_processes)(.*)$/# Commented out by '"$ME"' on '"$(date)"'\n#\1\2\n\1 '"$ncpu"';/' /etc/nginx/nginx.conf diff --git a/nginx/1.27.1/amazonlinux/2023.5.20240819.0/tpl/Makefile b/nginx/1.27.1/amazonlinux/2023.5.20240819.0/tpl/Makefile new file mode 100644 index 00000000..2b2cdcae --- /dev/null +++ b/nginx/1.27.1/amazonlinux/2023.5.20240819.0/tpl/Makefile @@ -0,0 +1,310 @@ +# __ __ +# .-----.-----.|__|.-----.--.--.______| |.--.--.---.-. +# | | _ || || |_ _|______| || | | _ | +# |__|__|___ ||__||__|__|__.__| |__||_____|___._| +# |_____| +# +# Copyright (c) 2024 Fabio Cicerchia. https://fabiocicerchia.it. MIT License +# Repo: https://github.com/fabiocicerchia/nginx-lua + +EXTENDED_IMAGE=YES +NPROC := $(shell nproc) + +# TODO: Find a better way to fallback when openresty is behind the nginx latest +# version and no patch is available. +FALLBACK_VER_NGINX=1.23.0 + +# ############################################################################## +# CORE +# ############################################################################## + +openresty-patches: + mkdir -p /nginx-${VER_NGINX}/patches + git clone https://github.com/openresty/openresty.git; \ + PATCH_VER=${VER_NGINX}; \ + if [ "$(ls -1 openresty/patches/nginx-${VER_NGINX}-*.patch 2>/dev/null)" = "" ]; then \ + PATCH_VER=${FALLBACK_VER_NGINX}; \ + fi; \ + for patch_file in openresty/patches/nginx-$${PATCH_VER}-*.patch; do \ + echo "copying openresty patch $${patch_file}"; \ + cp "$${patch_file}" /nginx-${VER_NGINX}/patches/; \ + done; \ + for patch_file in /patches/*.patch; do \ + echo "overriding openresty patch $${patch_file}"; \ + cp "$${patch_file}" /nginx-${VER_NGINX}/patches/; \ + done; \ + cd /nginx-${VER_NGINX}; \ + for patch_file in patches/*.patch; do \ + echo "applying openresty patch $${patch_file}"; \ + patch -p1 < "$${patch_file}"; \ + done; \ + +core: +# NGINX +# ############################################################################## +# we're on an architecture upstream doesn't officially build for +# let's build binaries from the published packaging sources + curl -sLo /nginx.tar.gz https://nginx.org/download/nginx-${VER_NGINX}.tar.gz + tar -C / -xvzf /nginx.tar.gz + mkdir -p /var/cache/nginx/client_temp \ + /var/cache/nginx/proxy_temp \ + /var/cache/nginx/fastcgi_temp \ + /var/cache/nginx/uwsgi_temp \ + /var/cache/nginx/scgi_temp + make openresty-patches + cd /nginx-${VER_NGINX}; \ + ./configure ${NGINX_BUILD_CONFIG} --with-cc-opt="$(NGX_CFLAGS)" --with-ld-opt="$(NGX_LDOPT)" --with-debug \ + && $(MAKE) build \ + && mv objs/nginx objs/nginx-debug \ + && ./configure ${NGINX_BUILD_CONFIG} --with-cc-opt="$(NGX_CFLAGS)" --with-ld-opt="$(NGX_LDOPT)" \ + && $(MAKE) build \ + && $(MAKE) modules \ + && install -m755 objs/nginx-debug /usr/sbin/nginx-debug \ + && $(MAKE) install + +# ############################################################################## +# DEPENDENCIES +# ############################################################################## + +deps: dep-ngx_devel_kit dep-njs dep-geoip2 dep-luajit dep-lua-nginx dep-lua-resty-core dep-lua-resty-lrucache +ifeq ($(EXTENDED_IMAGE), YES) + $(MAKE) dep-headers-more-nginx-module dep-lua-resty-cookie dep-lua-openresty-dns \ + dep-lua-openresty-memcached dep-lua-openresty-mysql dep-lua-openresty-redis \ + dep-lua-openresty-shell dep-lua-openresty-tablepool dep-lua-openresty-signal \ + dep-lua-resty-upstream-healthcheck dep-lua-openresty-websocket \ + dep-lua-upstream-nginx-module dep-nginx-lua-prometheus dep-stream-lua-nginx-module \ + dep-lua-openresty-misc dep-lua-resty-limit-traffic dep-lua-resty-upload \ + dep-lua-resty-lock dep-lua-resty-balancer dep-lua-resty-string +endif + +# NGX Devel Kit +# ############################################################################## +dep-ngx_devel_kit: + curl -sLo /ngx_devel_kit.tar.gz https://github.com/vision5/ngx_devel_kit/archive/v${VER_NGX_DEVEL_KIT}.tar.gz + tar -C / -xvzf /ngx_devel_kit.tar.gz + +# njs +# ############################################################################## +dep-njs: + curl -sLo /njs.tar.gz https://github.com/nginx/njs/archive/refs/tags/${VER_NJS}.tar.gz + tar -C / -xvzf /njs.tar.gz + +# geoip2 +# ############################################################################## +dep-geoip2: + mkdir -p /usr/lib64 + curl -sLo /geoip2.tar.gz https://github.com/leev/ngx_http_geoip2_module/archive/refs/tags/${VER_GEOIP}.tar.gz + tar -C / -xvzf /geoip2.tar.gz + +# OpenResty LUAJIT2 +# ############################################################################## +dep-luajit: + curl -sLo /luajit.tar.gz https://github.com/openresty/luajit2/archive/v${VER_LUAJIT}.tar.gz + tar -C / -xvzf /luajit.tar.gz + cd /luajit2-${VER_LUAJIT} \ + && $(MAKE) \ + && $(MAKE) install + +# Lua Nginx Module +# ############################################################################## +dep-lua-nginx: + curl -sLo /lua-nginx.tar.gz https://github.com/openresty/lua-nginx-module/archive/v${VER_LUA_NGINX_MODULE}.tar.gz + tar -C / -xvzf /lua-nginx.tar.gz + +# LUA Resty Core +# ############################################################################## +dep-lua-resty-core: + curl -sLo /lua-resty-core.tar.gz https://github.com/openresty/lua-resty-core/archive/v${VER_LUA_RESTY_CORE}.tar.gz + tar -C / -xvzf /lua-resty-core.tar.gz + cd /lua-resty-core-${VER_LUA_RESTY_CORE} \ + && $(MAKE) \ + && $(MAKE) install + +# LUA Resty LRUCache +# ############################################################################## +dep-lua-resty-lrucache: + curl -sLo /lua-resty-lrucache.tar.gz https://github.com/openresty/lua-resty-lrucache/archive/v${VER_LUA_RESTY_LRUCACHE}.tar.gz + tar -C / -xvzf /lua-resty-lrucache.tar.gz + cd /lua-resty-lrucache-${VER_LUA_RESTY_LRUCACHE} \ + && $(MAKE) \ + && $(MAKE) install + +# OpenResty Headers +# ############################################################################## +dep-headers-more-nginx-module: + curl -sLo /headers-more-nginx-module.zip https://github.com/openresty/headers-more-nginx-module/archive/v${VER_OPENRESTY_HEADERS}.zip + unzip -d / /headers-more-nginx-module.zip + +# Cloudflare Cookie +# ############################################################################## +dep-lua-resty-cookie: + curl -sLo /lua-resty-cookie.tar.gz https://github.com/cloudflare/lua-resty-cookie/archive/${VER_CLOUDFLARE_COOKIE}.tar.gz + tar -C / -xvzf /lua-resty-cookie.tar.gz + cd /lua-resty-cookie-${VER_CLOUDFLARE_COOKIE} \ + && $(MAKE) \ + && $(MAKE) install + +# OpenResty Dns +# ############################################################################## +dep-lua-openresty-dns: + curl -sLo /lua-openresty-dns.tar.gz https://github.com/openresty/lua-resty-dns/archive/v${VER_OPENRESTY_DNS}.tar.gz + tar -C / -xvzf /lua-openresty-dns.tar.gz + cd /lua-resty-dns-${VER_OPENRESTY_DNS} \ + && $(MAKE) \ + && $(MAKE) install + +# OpenResty Memcached +# ############################################################################## +dep-lua-openresty-memcached: + curl -sLo /lua-openresty-memcached.tar.gz https://github.com/openresty/lua-resty-memcached/archive/v${VER_OPENRESTY_MEMCACHED}.tar.gz + tar -C / -xvzf /lua-openresty-memcached.tar.gz + cd /lua-resty-memcached-${VER_OPENRESTY_MEMCACHED} \ + && $(MAKE) \ + && $(MAKE) install + +# OpenResty Mysql +# ############################################################################## +dep-lua-openresty-mysql: + curl -sLo /lua-openresty-mysql.tar.gz https://github.com/openresty/lua-resty-mysql/archive/v${VER_OPENRESTY_MYSQL}.tar.gz + tar -C / -xvzf /lua-openresty-mysql.tar.gz + cd /lua-resty-mysql-${VER_OPENRESTY_MYSQL} \ + && $(MAKE) \ + && $(MAKE) install + +# OpenResty Redis +# ############################################################################## +dep-lua-openresty-redis: + curl -sLo /lua-openresty-redis.tar.gz https://github.com/openresty/lua-resty-redis/archive/v${VER_OPENRESTY_REDIS}.tar.gz + tar -C / -xvzf /lua-openresty-redis.tar.gz + cd /lua-resty-redis-${VER_OPENRESTY_REDIS} \ + && $(MAKE) \ + && $(MAKE) install + +# OpenResty Shell +# ############################################################################## +dep-lua-openresty-shell: + curl -sLo /lua-openresty-shell.tar.gz https://github.com/openresty/lua-resty-shell/archive/v${VER_OPENRESTY_SHELL}.tar.gz + tar -C / -xvzf /lua-openresty-shell.tar.gz + cd /lua-resty-shell-${VER_OPENRESTY_SHELL} \ + && $(MAKE) \ + && $(MAKE) install + +# OpenResty Tablepool +# ############################################################################## +dep-lua-openresty-tablepool: + curl -sLo /lua-tablepool.tar.gz https://github.com/openresty/lua-tablepool/archive/refs/tags/v${VER_OPENRESTY_TABLEPOOL}.tar.gz + tar -C / -xvzf /lua-tablepool.tar.gz + cd /lua-tablepool-${VER_OPENRESTY_TABLEPOOL} \ + && $(MAKE) \ + && $(MAKE) install + +# OpenResty Signal +# ############################################################################## +dep-lua-openresty-signal: + curl -sLo /lua-openresty-signal.tar.gz https://github.com/openresty/lua-resty-signal/archive/refs/tags/v${VER_OPENRESTY_SIGNAL}.tar.gz + tar -C / -xvzf /lua-openresty-signal.tar.gz + cd /lua-resty-signal-${VER_OPENRESTY_SIGNAL} \ + && $(MAKE) \ + && $(MAKE) install \ + && install -d /usr/local/lib/lua/5.1 \ + && install /usr/local/share/lua/5.1/librestysignal.so /usr/local/lib/lua/5.1/librestysignal.so + +# OpenResty Upstream Healthcheck +# ############################################################################## +dep-lua-resty-upstream-healthcheck: + curl -sLo /lua-resty-upstream-healthcheck.tar.gz https://github.com/openresty/lua-resty-upstream-healthcheck/archive/refs/tags/v${VER_OPENRESTY_HEALTHCHECK}.tar.gz + tar -C / -xvzf /lua-resty-upstream-healthcheck.tar.gz + cd /lua-resty-upstream-healthcheck-${VER_OPENRESTY_HEALTHCHECK} \ + && $(MAKE) \ + && $(MAKE) install + +# OpenResty Websocket +# ############################################################################## +dep-lua-openresty-websocket: + curl -sLo /lua-openresty-websocket.tar.gz https://github.com/openresty/lua-resty-websocket/archive/v${VER_OPENRESTY_WEBSOCKET}.tar.gz + tar -C / -xvzf /lua-openresty-websocket.tar.gz + cd /lua-resty-websocket-${VER_OPENRESTY_WEBSOCKET} \ + && $(MAKE) \ + && $(MAKE) install + +# OpenResty Nginx Misc +# ############################################################################## +dep-lua-openresty-misc: + curl -Lo /lua-openresty-misc.tar.gz https://github.com/openresty/set-misc-nginx-module/archive/v${VER_MISC_NGINX}.tar.gz + tar -C / -xvzf /lua-openresty-misc.tar.gz + +# LUA Upstream +# ############################################################################## +dep-lua-upstream-nginx-module: + curl -sLo /lua-upstream-nginx-module.tar.gz https://github.com/openresty/lua-upstream-nginx-module/archive/v${VER_LUA_UPSTREAM}.tar.gz + tar -C / -xvzf /lua-upstream-nginx-module.tar.gz + +# Prometheus +# ############################################################################## +dep-nginx-lua-prometheus: + curl -sLo /nginx-lua-prometheus.tar.gz https://github.com/knyar/nginx-lua-prometheus/archive/${VER_PROMETHEUS}.tar.gz + tar -C / -xvzf /nginx-lua-prometheus.tar.gz + mv /nginx-lua-prometheus-${VER_PROMETHEUS}/*.lua ${LUA_LIB_DIR}/ + +# OpenResty Stream Lua +# ############################################################################## +dep-stream-lua-nginx-module: + curl -sLo /stream-lua-nginx-module.zip https://github.com/openresty/stream-lua-nginx-module/archive/${VER_OPENRESTY_STREAMLUA}.zip + unzip -d / /stream-lua-nginx-module.zip + +# OpenResty Limit Traffic +# ############################################################################## +dep-lua-resty-limit-traffic: + curl -sLo /lua-resty-limit-traffic.zip https://github.com/openresty/lua-resty-limit-traffic/archive/v${VER_OPENRESTY_LIMITTRAFFIC}.zip + unzip -d / /lua-resty-limit-traffic.zip + cd /lua-resty-limit-traffic-${VER_OPENRESTY_LIMITTRAFFIC} \ + && $(MAKE) \ + && $(MAKE) install + +# OpenResty Upload +# ############################################################################## +dep-lua-resty-upload: + curl -sLo /lua-resty-upload.zip https://github.com/openresty/lua-resty-upload/archive/v${VER_OPENRESTY_UPLOAD}.zip + unzip -d / /lua-resty-upload.zip + cd /lua-resty-upload-${VER_OPENRESTY_UPLOAD} \ + && $(MAKE) \ + && $(MAKE) install + +# OpenResty Lock +# ############################################################################## +dep-lua-resty-lock: + curl -sLo /lua-resty-lock.zip https://github.com/openresty/lua-resty-lock/archive/v${VER_OPENRESTY_LOCK}.zip + unzip -d / /lua-resty-lock.zip + cd /lua-resty-lock-${VER_OPENRESTY_LOCK} \ + && $(MAKE) \ + && $(MAKE) install + +# OpenResty Balancer +# ############################################################################## +dep-lua-resty-balancer: + curl -sLo /lua-resty-balancer.zip https://github.com/openresty/lua-resty-balancer/archive/v${VER_OPENRESTY_BALANCER}.zip + unzip -d / /lua-resty-balancer.zip + cd /lua-resty-balancer-${VER_OPENRESTY_BALANCER} \ + && $(MAKE) \ + && $(MAKE) install + +# OpenResty String +# ############################################################################## +dep-lua-resty-string: + curl -sLo /lua-resty-string.zip https://github.com/openresty/lua-resty-string/archive/v${VER_OPENRESTY_STRING}.zip + unzip -d / /lua-resty-string.zip + cd /lua-resty-string-${VER_OPENRESTY_STRING} \ + && $(MAKE) \ + && $(MAKE) install + +# ############################################################################## +# LUAROCKS +# ############################################################################## + +luarocks: + curl -sLo /luarocks.tar.gz https://luarocks.org/releases/luarocks-${VER_LUAROCKS}.tar.gz + tar -C / -xzvf /luarocks.tar.gz + cd /luarocks-${VER_LUAROCKS}; \ + ./configure \ + && $(MAKE) \ + && $(MAKE) install diff --git a/nginx/1.27.1/amazonlinux/2023.5.20240819.0/tpl/default.conf b/nginx/1.27.1/amazonlinux/2023.5.20240819.0/tpl/default.conf new file mode 100644 index 00000000..4559b82f --- /dev/null +++ b/nginx/1.27.1/amazonlinux/2023.5.20240819.0/tpl/default.conf @@ -0,0 +1,44 @@ +server { + listen 80; + server_name localhost; + + #charset koi8-r; + #access_log /var/log/nginx/host.access.log main; + + location / { + root /usr/share/nginx/html; + index index.html index.htm; + } + + #error_page 404 /404.html; + + # redirect server error pages to the static page /50x.html + # + error_page 500 502 503 504 /50x.html; + location = /50x.html { + root /usr/share/nginx/html; + } + + # proxy the PHP scripts to Apache listening on 127.0.0.1:80 + # + #location ~ \.php$ { + # proxy_pass http://127.0.0.1; + #} + + # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000 + # + #location ~ \.php$ { + # root html; + # fastcgi_pass 127.0.0.1:9000; + # fastcgi_index index.php; + # fastcgi_param SCRIPT_FILENAME /scripts$fastcgi_script_name; + # include fastcgi_params; + #} + + # deny access to .htaccess files, if Apache's document root + # concurs with nginx's one + # + #location ~ /\.ht { + # deny all; + #} +} diff --git a/nginx/1.27.1/amazonlinux/2023.5.20240819.0/tpl/docker-entrypoint.sh b/nginx/1.27.1/amazonlinux/2023.5.20240819.0/tpl/docker-entrypoint.sh new file mode 100755 index 00000000..509b8502 --- /dev/null +++ b/nginx/1.27.1/amazonlinux/2023.5.20240819.0/tpl/docker-entrypoint.sh @@ -0,0 +1,49 @@ +#!/bin/sh +# vim:sw=4:ts=4:et + +/support.sh + +set -e + +entrypoint_log() { + if [ -z "${NGINX_ENTRYPOINT_QUIET_LOGS:-}" ]; then + echo "$@" + fi +} + +if [ "$1" = "nginx" ] || [ "$1" = "nginx-debug" ]; then + if /usr/bin/find "/docker-entrypoint.d/" -mindepth 1 -maxdepth 1 -type f -print -quit 2>/dev/null | read v; then + entrypoint_log "$0: /docker-entrypoint.d/ is not empty, will attempt to perform configuration" + + entrypoint_log "$0: Looking for shell scripts in /docker-entrypoint.d/" + find "/docker-entrypoint.d/" -follow -type f -print | sort -V | while read -r f; do + case "$f" in + *.envsh) + if [ -x "$f" ]; then + entrypoint_log "$0: Sourcing $f"; + . "$f" + else + # warn on shell scripts without exec bit + entrypoint_log "$0: Ignoring $f, not executable"; + fi + ;; + *.sh) + if [ -x "$f" ]; then + entrypoint_log "$0: Launching $f"; + "$f" + else + # warn on shell scripts without exec bit + entrypoint_log "$0: Ignoring $f, not executable"; + fi + ;; + *) entrypoint_log "$0: Ignoring $f";; + esac + done + + entrypoint_log "$0: Configuration complete; ready for start up" + else + entrypoint_log "$0: No files found in /docker-entrypoint.d/, skipping configuration" + fi +fi + +exec "$@" diff --git a/nginx/1.27.1/amazonlinux/2023.5.20240819.0/tpl/nginx.conf b/nginx/1.27.1/amazonlinux/2023.5.20240819.0/tpl/nginx.conf new file mode 100644 index 00000000..41d94b46 --- /dev/null +++ b/nginx/1.27.1/amazonlinux/2023.5.20240819.0/tpl/nginx.conf @@ -0,0 +1,31 @@ +user nginx; +worker_processes auto; + +error_log /var/log/nginx/error.log warn; +pid /var/run/nginx.pid; + + +events { + worker_connections 1024; +} + + +http { + include /etc/nginx/mime.types; + default_type application/octet-stream; + + log_format main '$remote_addr - $remote_user [$time_local] "$request" ' + '$status $body_bytes_sent "$http_referer" ' + '"$http_user_agent" "$http_x_forwarded_for"'; + + access_log /var/log/nginx/access.log main; + + sendfile on; + #tcp_nopush on; + + keepalive_timeout 65; + + #gzip on; + + include /etc/nginx/conf.d/*.conf; +} diff --git a/nginx/1.27.1/amazonlinux/2023.5.20240819.0/tpl/patches/nginx-1.23.0-no_pool.patch b/nginx/1.27.1/amazonlinux/2023.5.20240819.0/tpl/patches/nginx-1.23.0-no_pool.patch new file mode 100644 index 00000000..f8da13f1 --- /dev/null +++ b/nginx/1.27.1/amazonlinux/2023.5.20240819.0/tpl/patches/nginx-1.23.0-no_pool.patch @@ -0,0 +1,2 @@ +# emptying the openresty patch because not compatible with nginx 1.25.1 +# also, this patch is only used when the flag --with-no-pool-patch is set diff --git a/nginx/1.27.1/amazonlinux/2023.5.20240819.0/tpl/patches/nginx-1.23.0-safe_resolver_ipv6_option.patch b/nginx/1.27.1/amazonlinux/2023.5.20240819.0/tpl/patches/nginx-1.23.0-safe_resolver_ipv6_option.patch new file mode 100644 index 00000000..e86ab487 --- /dev/null +++ b/nginx/1.27.1/amazonlinux/2023.5.20240819.0/tpl/patches/nginx-1.23.0-safe_resolver_ipv6_option.patch @@ -0,0 +1 @@ +# emptying the openresty patch because not compatible with nginx 1.25.1 diff --git a/nginx/1.27.1/amazonlinux/2023.5.20240819.0/tpl/patches/nginx-1.23.0-server_header.patch b/nginx/1.27.1/amazonlinux/2023.5.20240819.0/tpl/patches/nginx-1.23.0-server_header.patch new file mode 100644 index 00000000..e86ab487 --- /dev/null +++ b/nginx/1.27.1/amazonlinux/2023.5.20240819.0/tpl/patches/nginx-1.23.0-server_header.patch @@ -0,0 +1 @@ +# emptying the openresty patch because not compatible with nginx 1.25.1 diff --git a/nginx/1.27.1/amazonlinux/2023.5.20240819.0/tpl/patches/nginx-1.23.0-setting_args_invalidates_uri.patch b/nginx/1.27.1/amazonlinux/2023.5.20240819.0/tpl/patches/nginx-1.23.0-setting_args_invalidates_uri.patch new file mode 100644 index 00000000..e86ab487 --- /dev/null +++ b/nginx/1.27.1/amazonlinux/2023.5.20240819.0/tpl/patches/nginx-1.23.0-setting_args_invalidates_uri.patch @@ -0,0 +1 @@ +# emptying the openresty patch because not compatible with nginx 1.25.1 diff --git a/nginx/1.27.1/amazonlinux/2023.5.20240819.0/tpl/patches/nginx-1.23.0-ssl_client_hello_cb_yield.patch b/nginx/1.27.1/amazonlinux/2023.5.20240819.0/tpl/patches/nginx-1.23.0-ssl_client_hello_cb_yield.patch new file mode 100644 index 00000000..e86ab487 --- /dev/null +++ b/nginx/1.27.1/amazonlinux/2023.5.20240819.0/tpl/patches/nginx-1.23.0-ssl_client_hello_cb_yield.patch @@ -0,0 +1 @@ +# emptying the openresty patch because not compatible with nginx 1.25.1 diff --git a/nginx/1.27.1/amazonlinux/2023.5.20240819.0/tpl/patches/nginx-1.23.0-stream_proxy_timeout_fields.patch b/nginx/1.27.1/amazonlinux/2023.5.20240819.0/tpl/patches/nginx-1.23.0-stream_proxy_timeout_fields.patch new file mode 100644 index 00000000..e86ab487 --- /dev/null +++ b/nginx/1.27.1/amazonlinux/2023.5.20240819.0/tpl/patches/nginx-1.23.0-stream_proxy_timeout_fields.patch @@ -0,0 +1 @@ +# emptying the openresty patch because not compatible with nginx 1.25.1 diff --git a/nginx/1.27.1/amazonlinux/2023.5.20240819.0/tpl/patches/nginx-1.25.1-safe_resolver_ipv6_option.patch b/nginx/1.27.1/amazonlinux/2023.5.20240819.0/tpl/patches/nginx-1.25.1-safe_resolver_ipv6_option.patch new file mode 100644 index 00000000..f5caa4ca --- /dev/null +++ b/nginx/1.27.1/amazonlinux/2023.5.20240819.0/tpl/patches/nginx-1.25.1-safe_resolver_ipv6_option.patch @@ -0,0 +1,39 @@ +diff --git a/src/core/ngx_resolver.c b/src/core/ngx_resolver.c +--- a/src/core/ngx_resolver.c ++++ b/src/core/ngx_resolver.c +@@ -425,7 +425,6 @@ + continue; + } + +-#if (NGX_HAVE_INET6) + if (ngx_strncmp(names[i].data, "ipv4=", 5) == 0) { + + if (ngx_strcmp(&names[i].data[5], "on") == 0) { +@@ -446,10 +445,19 @@ + if (ngx_strncmp(names[i].data, "ipv6=", 5) == 0) { + + if (ngx_strcmp(&names[i].data[5], "on") == 0) { ++#if (NGX_HAVE_INET6) + r->ipv6 = 1; ++#else ++ ngx_conf_log_error(NGX_LOG_EMERG, cf, 0, ++ "no ipv6 support but \"%V\" in resolver", ++ &names[i]); ++ return NULL; ++#endif + + } else if (ngx_strcmp(&names[i].data[5], "off") == 0) { ++#if (NGX_HAVE_INET6) + r->ipv6 = 0; ++#endif + + } else { + ngx_conf_log_error(NGX_LOG_EMERG, cf, 0, +@@ -459,7 +467,6 @@ + + continue; + } +-#endif + + #if !(NGX_WIN32) + if (ngx_strncmp(names[i].data, "local=", 6) == 0) { diff --git a/nginx/1.27.1/amazonlinux/2023.5.20240819.0/tpl/patches/nginx-1.25.1-server_header.patch b/nginx/1.27.1/amazonlinux/2023.5.20240819.0/tpl/patches/nginx-1.25.1-server_header.patch new file mode 100644 index 00000000..02255c4e --- /dev/null +++ b/nginx/1.27.1/amazonlinux/2023.5.20240819.0/tpl/patches/nginx-1.25.1-server_header.patch @@ -0,0 +1,36 @@ +diff --git a/src/core/nginx.h b/src/core/nginx.h +--- a/src/core/nginx.h ++++ b/src/core/nginx.h +@@ -11,7 +11,7 @@ + + #define nginx_version 1025001 + #define NGINX_VERSION "1.25.1" +-#define NGINX_VER "nginx/" NGINX_VERSION ++#define NGINX_VER "openresty/" NGINX_VERSION ".unknown" + + #ifdef NGX_BUILD + #define NGINX_VER_BUILD NGINX_VER " (" NGX_BUILD ")" +diff --git a/src/http/ngx_http_header_filter_module.c b/src/http/ngx_http_header_filter_module.c +--- a/src/http/ngx_http_header_filter_module.c ++++ b/src/http/ngx_http_header_filter_module.c +@@ -46,7 +46,7 @@ ngx_module_t ngx_http_header_filter_module = { + }; + + +-static u_char ngx_http_server_string[] = "Server: nginx" CRLF; ++static u_char ngx_http_server_string[] = "Server: openresty" CRLF; + static u_char ngx_http_server_full_string[] = "Server: " NGINX_VER CRLF; + static u_char ngx_http_server_build_string[] = "Server: " NGINX_VER_BUILD CRLF; + +diff --git a/src/http/v2/ngx_http_v2_filter_module.c b/src/http/v2/ngx_http_v2_filter_module.c +--- a/src/http/v2/ngx_http_v2_filter_module.c ++++ b/src/http/v2/ngx_http_v2_filter_module.c +@@ -143,7 +143,7 @@ ngx_http_v2_header_filter(ngx_http_request_t *r) + ngx_http_core_srv_conf_t *cscf; + u_char addr[NGX_SOCKADDR_STRLEN]; + +- static const u_char nginx[5] = "\x84\xaa\x63\x55\xe7"; ++ static const u_char nginx[8] = "\x87\x3d\x65\xaa\xc2\xa1\x3e\xbf"; + #if (NGX_HTTP_GZIP) + static const u_char accept_encoding[12] = + "\x8b\x84\x84\x2d\x69\x5b\x05\x44\x3c\x86\xaa\x6f"; diff --git a/nginx/1.27.1/amazonlinux/2023.5.20240819.0/tpl/patches/nginx-1.25.1-setting_args_invalidates_uri.patch b/nginx/1.27.1/amazonlinux/2023.5.20240819.0/tpl/patches/nginx-1.25.1-setting_args_invalidates_uri.patch new file mode 100644 index 00000000..295f3fdf --- /dev/null +++ b/nginx/1.27.1/amazonlinux/2023.5.20240819.0/tpl/patches/nginx-1.25.1-setting_args_invalidates_uri.patch @@ -0,0 +1,37 @@ +diff --git a/src/http/ngx_http_variables.c b/src/http/ngx_http_variables.c +--- a/src/http/ngx_http_variables.c ++++ b/src/http/ngx_http_variables.c +@@ -20,6 +20,8 @@ + static void ngx_http_variable_request_set(ngx_http_request_t *r, + ngx_http_variable_value_t *v, uintptr_t data); + #endif ++static void ngx_http_variable_request_args_set(ngx_http_request_t *r, ++ ngx_http_variable_value_t *v, uintptr_t data); + static ngx_int_t ngx_http_variable_request_get_size(ngx_http_request_t *r, + ngx_http_variable_value_t *v, uintptr_t data); + static ngx_int_t ngx_http_variable_header(ngx_http_request_t *r, +@@ -255,7 +257,7 @@ + NGX_HTTP_VAR_NOCACHEABLE, 0 }, + + { ngx_string("args"), +- ngx_http_variable_set_args, ++ ngx_http_variable_request_args_set, + ngx_http_variable_request, + offsetof(ngx_http_request_t, args), + NGX_HTTP_VAR_CHANGEABLE|NGX_HTTP_VAR_NOCACHEABLE, 0 }, +@@ -785,6 +787,15 @@ + #endif + + ++static void ++ngx_http_variable_request_args_set(ngx_http_request_t *r, ++ ngx_http_variable_value_t *v, uintptr_t data) ++{ ++ r->valid_unparsed_uri = 0; ++ ngx_http_variable_set_args(r, v, data); ++} ++ ++ + static ngx_int_t + ngx_http_variable_request_get_size(ngx_http_request_t *r, + ngx_http_variable_value_t *v, uintptr_t data) diff --git a/nginx/1.27.1/amazonlinux/2023.5.20240819.0/tpl/patches/nginx-1.25.1-ssl_client_hello_cb_yield.patch b/nginx/1.27.1/amazonlinux/2023.5.20240819.0/tpl/patches/nginx-1.25.1-ssl_client_hello_cb_yield.patch new file mode 100644 index 00000000..0d9805ad --- /dev/null +++ b/nginx/1.27.1/amazonlinux/2023.5.20240819.0/tpl/patches/nginx-1.25.1-ssl_client_hello_cb_yield.patch @@ -0,0 +1,37 @@ +diff --git a/src/event/ngx_event_openssl.c b/src/event/ngx_event_openssl.c +--- a/src/event/ngx_event_openssl.c ++++ b/src/event/ngx_event_openssl.c +@@ -1712,6 +1712,9 @@ ngx_ssl_handshake(ngx_connection_t *c) + if (sslerr == SSL_ERROR_WANT_X509_LOOKUP + # ifdef SSL_ERROR_PENDING_SESSION + || sslerr == SSL_ERROR_PENDING_SESSION ++# endif ++# ifdef SSL_ERROR_WANT_CLIENT_HELLO_CB ++ || sslerr == SSL_ERROR_WANT_CLIENT_HELLO_CB + # endif + ) + { +@@ -1889,6 +1892,23 @@ ngx_ssl_try_early_data(ngx_connection_t *c) + } + #endif + ++#ifdef SSL_ERROR_WANT_CLIENT_HELLO_CB ++ if (sslerr == SSL_ERROR_WANT_CLIENT_HELLO_CB) { ++ c->read->handler = ngx_ssl_handshake_handler; ++ c->write->handler = ngx_ssl_handshake_handler; ++ ++ if (ngx_handle_read_event(c->read, 0) != NGX_OK) { ++ return NGX_ERROR; ++ } ++ ++ if (ngx_handle_write_event(c->write, 0) != NGX_OK) { ++ return NGX_ERROR; ++ } ++ ++ return NGX_AGAIN; ++ } ++#endif ++ + err = (sslerr == SSL_ERROR_SYSCALL) ? ngx_errno : 0; + + c->ssl->no_wait_shutdown = 1; diff --git a/nginx/1.27.1/amazonlinux/2023.5.20240819.0/tpl/patches/nginx-1.25.1-stream_proxy_timeout_fields.patch b/nginx/1.27.1/amazonlinux/2023.5.20240819.0/tpl/patches/nginx-1.25.1-stream_proxy_timeout_fields.patch new file mode 100644 index 00000000..02a13a19 --- /dev/null +++ b/nginx/1.27.1/amazonlinux/2023.5.20240819.0/tpl/patches/nginx-1.25.1-stream_proxy_timeout_fields.patch @@ -0,0 +1,169 @@ +diff --git a/src/stream/ngx_stream.h b/src/stream/ngx_stream.h +--- a/src/stream/ngx_stream.h ++++ b/src/stream/ngx_stream.h +@@ -254,6 +254,15 @@ typedef struct { + } ngx_stream_module_t; + + ++typedef struct { ++ ngx_msec_t connect_timeout; ++ ngx_msec_t timeout; ++} ngx_stream_proxy_ctx_t; ++ ++ ++#define NGX_STREAM_HAVE_PROXY_TIMEOUT_FIELDS_PATCH 1 ++ ++ + #define NGX_STREAM_MODULE 0x4d525453 /* "STRM" */ + + #define NGX_STREAM_MAIN_CONF 0x02000000 +@@ -307,6 +316,7 @@ void ngx_stream_finalize_session(ngx_str + extern ngx_module_t ngx_stream_module; + extern ngx_uint_t ngx_stream_max_module; + extern ngx_module_t ngx_stream_core_module; ++extern ngx_module_t ngx_stream_proxy_module; + + + typedef ngx_int_t (*ngx_stream_filter_pt)(ngx_stream_session_t *s, +diff --git a/src/stream/ngx_stream_proxy_module.c b/src/stream/ngx_stream_proxy_module.c +--- a/src/stream/ngx_stream_proxy_module.c ++++ b/src/stream/ngx_stream_proxy_module.c +@@ -400,6 +400,7 @@ ngx_stream_proxy_handler(ngx_stream_sess + ngx_stream_proxy_srv_conf_t *pscf; + ngx_stream_upstream_srv_conf_t *uscf, **uscfp; + ngx_stream_upstream_main_conf_t *umcf; ++ ngx_stream_proxy_ctx_t *pctx; + + c = s->connection; + +@@ -410,6 +411,17 @@ ngx_stream_proxy_handler(ngx_stream_sess + ngx_log_debug0(NGX_LOG_DEBUG_STREAM, c->log, 0, + "proxy connection handler"); + ++ pctx = ngx_palloc(c->pool, sizeof(ngx_stream_proxy_ctx_t)); ++ if (pctx == NULL) { ++ ngx_stream_proxy_finalize(s, NGX_STREAM_INTERNAL_SERVER_ERROR); ++ return; ++ } ++ ++ pctx->connect_timeout = pscf->connect_timeout; ++ pctx->timeout = pscf->timeout; ++ ++ ngx_stream_set_ctx(s, pctx, ngx_stream_proxy_module); ++ + u = ngx_pcalloc(c->pool, sizeof(ngx_stream_upstream_t)); + if (u == NULL) { + ngx_stream_proxy_finalize(s, NGX_STREAM_INTERNAL_SERVER_ERROR); +@@ -701,6 +713,7 @@ ngx_stream_proxy_connect(ngx_stream_sess + ngx_connection_t *c, *pc; + ngx_stream_upstream_t *u; + ngx_stream_proxy_srv_conf_t *pscf; ++ ngx_stream_proxy_ctx_t *ctx; + + c = s->connection; + +@@ -708,6 +721,8 @@ ngx_stream_proxy_connect(ngx_stream_sess + + pscf = ngx_stream_get_module_srv_conf(s, ngx_stream_proxy_module); + ++ ctx = ngx_stream_get_module_ctx(s, ngx_stream_proxy_module); ++ + u = s->upstream; + + u->connected = 0; +@@ -771,7 +786,7 @@ ngx_stream_proxy_connect(ngx_stream_sess + pc->read->handler = ngx_stream_proxy_connect_handler; + pc->write->handler = ngx_stream_proxy_connect_handler; + +- ngx_add_timer(pc->write, pscf->connect_timeout); ++ ngx_add_timer(pc->write, ctx->connect_timeout); + } + + +@@ -946,8 +961,10 @@ ngx_stream_proxy_send_proxy_protocol(ngx + ssize_t n, size; + ngx_connection_t *c, *pc; + ngx_stream_upstream_t *u; +- ngx_stream_proxy_srv_conf_t *pscf; + u_char buf[NGX_PROXY_PROTOCOL_V1_MAX_HEADER]; ++ ngx_stream_proxy_ctx_t *ctx; ++ ++ ctx = ngx_stream_get_module_ctx(s, ngx_stream_proxy_module); + + c = s->connection; + +@@ -975,9 +992,7 @@ ngx_stream_proxy_send_proxy_protocol(ngx + return NGX_ERROR; + } + +- pscf = ngx_stream_get_module_srv_conf(s, ngx_stream_proxy_module); +- +- ngx_add_timer(pc->write, pscf->timeout); ++ ngx_add_timer(pc->write, ctx->timeout); + + pc->write->handler = ngx_stream_proxy_connect_handler; + +@@ -1052,6 +1067,9 @@ ngx_stream_proxy_ssl_init_connection(ngx + ngx_connection_t *pc; + ngx_stream_upstream_t *u; + ngx_stream_proxy_srv_conf_t *pscf; ++ ngx_stream_proxy_ctx_t *ctx; ++ ++ ctx = ngx_stream_get_module_ctx(s, ngx_stream_proxy_module); + + u = s->upstream; + +@@ -1100,7 +1118,7 @@ ngx_stream_proxy_ssl_init_connection(ngx + if (rc == NGX_AGAIN) { + + if (!pc->write->timer_set) { +- ngx_add_timer(pc->write, pscf->connect_timeout); ++ ngx_add_timer(pc->write, ctx->connect_timeout); + } + + pc->ssl->handler = ngx_stream_proxy_ssl_handshake; +@@ -1409,6 +1427,7 @@ ngx_stream_proxy_process_connection(ngx_ + ngx_stream_session_t *s; + ngx_stream_upstream_t *u; + ngx_stream_proxy_srv_conf_t *pscf; ++ ngx_stream_proxy_ctx_t *ctx; + + c = ev->data; + s = c->data; +@@ -1420,6 +1439,8 @@ ngx_stream_proxy_process_connection(ngx_ + return; + } + ++ ctx = ngx_stream_get_module_ctx(s, ngx_stream_proxy_module); ++ + c = s->connection; + pc = u->peer.connection; + +@@ -1439,7 +1460,7 @@ ngx_stream_proxy_process_connection(ngx_ + } + + if (u->connected && !c->read->delayed && !pc->read->delayed) { +- ngx_add_timer(c->write, pscf->timeout); ++ ngx_add_timer(c->write, ctx->timeout); + } + + return; +@@ -1601,6 +1622,9 @@ ngx_stream_proxy_process(ngx_stream_sess + ngx_log_handler_pt handler; + ngx_stream_upstream_t *u; + ngx_stream_proxy_srv_conf_t *pscf; ++ ngx_stream_proxy_ctx_t *ctx; ++ ++ ctx = ngx_stream_get_module_ctx(s, ngx_stream_proxy_module); + + u = s->upstream; + +@@ -1792,7 +1816,7 @@ ngx_stream_proxy_process(ngx_stream_sess + } + + if (!c->read->delayed && !pc->read->delayed) { +- ngx_add_timer(c->write, pscf->timeout); ++ ngx_add_timer(c->write, ctx->timeout); + + } else if (c->write->timer_set) { + ngx_del_timer(c->write); diff --git a/nginx/1.27.1/amazonlinux/2023.5.20240819.0/tpl/support.sh b/nginx/1.27.1/amazonlinux/2023.5.20240819.0/tpl/support.sh new file mode 100755 index 00000000..eb4858ea --- /dev/null +++ b/nginx/1.27.1/amazonlinux/2023.5.20240819.0/tpl/support.sh @@ -0,0 +1,18 @@ +#!/bin/sh + +echo "💗 Support the Project 💗" +echo "This project is only maintained by one person, Fabio Cicerchia ." +echo "It started as a simple docker image, now it updates automatically periodically and provides support for multiple distro 😎" +echo "Maintaining a project is a very time consuming activity, especially when done alone 💪" +echo "I really want to make this project better and become super cool 🚀" +echo "" +echo "If you'd like to support this open-source project I'll appreciate any kind of contribution ." +echo "" +echo "---" +echo "" + +# track execution runs +if [ "$SKIP_TRACK" != "1" ]; then + . /etc/os-release + curl -m 5 "https://kodebeat.com/nginx-lua/stats/hit/boot.php?os=$ID&v=$VER_NGINX" +fi diff --git a/supported_versions b/supported_versions index 46cee5bb..0de39ffd 100644 --- a/supported_versions +++ b/supported_versions @@ -1,7 +1,7 @@ nginx=1.27.1 almalinux=9.4-20240723 alpine=3.20.2 -amazonlinux=2023.5.20240805.0 +amazonlinux=2023.5.20240819.0 debian=12.6 fedora=40 ubuntu=24.04