endial
2983477b7a
ci/woodpecker/push/woodpecker Pipeline was successful
- Change order to COPY --from=builder first, then COPY customer/ - This ensures consistent behavior between main and 1.28 branches
192 lines
7.6 KiB
Docker
192 lines
7.6 KiB
Docker
# Ver: 1.12 by Endial Fang (endial@126.com)
|
||
#
|
||
|
||
# 系统默认变量 ====================================================================
|
||
# 该部分变量为系统根据编译命令默认设置
|
||
# `TARGETPLATFORM`:构建后的目标平台信息。如 `linux/amd64`,`linux/arm/v7`,`windows/amd64`
|
||
# `TARGETOS`:目标平台信息(TARGETPLATFORM)中的操作系统部分,如:`linux`、`windows`
|
||
# `TARGETARCH`:目标平台信息(TARGETPLATFORM)中的平台架构部分,如:`amd64`、`arm`
|
||
# `TARGETVARIANT`:目标平台信息(TARGETPLATFORM)中的版本变体部分,如:`v7`
|
||
# `BUILDPLATFORM`:用于构建的节点平台信息
|
||
# `BUILDOS`:用于构建的节点平台信息(BUILDPLATFORM)中的操作系统部分
|
||
# `BUILDARCH`:用于构建的节点平台信息(BUILDPLATFORM)中的平台架构部分
|
||
# `BUILDVARIANT`:用于构建的节点平台信息(BUILDPLATFORM)中的版本变体部分
|
||
|
||
# 可变参数 ========================================================================
|
||
# 该部分变量,在编译命令中通过 `--build-arg` 传入;如果未设置,则使用下面对应的默认值
|
||
# 依赖镜像下载地址: docker.io (默认) / swr.cn-north-4.myhuaweicloud.com/colovu/
|
||
# apt源: default / aliyun / ustc
|
||
# 软件包本地服务器: http://pkgs.colovu.com/dist
|
||
|
||
ARG APP_NAME=nginx
|
||
ARG APP_VER=1.29.4
|
||
ARG REGISTRY_URL="swr.cn-north-4.myhuaweicloud.com/colovu/"
|
||
ARG APT_SOURCE=aliyun
|
||
ARG LOCAL_URL=""
|
||
|
||
# 0. 预处理 ======================================================================
|
||
FROM ${REGISTRY_URL}debian-builder:v13 AS builder
|
||
|
||
# 声明需要使用的全局可变参数
|
||
ARG APP_NAME
|
||
ARG APP_VER
|
||
ARG APT_SOURCE
|
||
ARG LOCAL_URL
|
||
ARG TARGETARCH
|
||
|
||
# 选择软件包源,加速后续软件包安装
|
||
RUN /usr/local/sbin/select_source ${APT_SOURCE};
|
||
|
||
# 安装依赖的软件包及库
|
||
RUN /usr/local/sbin/install_pkg libperl-dev \
|
||
libpcre2-32-0 libpcre2-16-0 libpcre2-posix3 libpcre2-dev \
|
||
zlib1g zlib1g-dev \
|
||
libxslt1.1 libxslt1-dev \
|
||
libgd3 libgd-dev \
|
||
libxml2 libxml2-dev \
|
||
geoip-bin geoip-database libgeoip-dev
|
||
|
||
# 下载并解压软件包 nginx: https://nginx.org/download/nginx-1.29.4.tar.gz
|
||
RUN set -eux; \
|
||
appName="${APP_NAME}-${APP_VER}.tar.gz"; \
|
||
[ -n ${LOCAL_URL} ] && localURL=${LOCAL_URL}/${APP_NAME}; \
|
||
appUrls="${localURL:-} \
|
||
http://nginx.org/download \
|
||
"; \
|
||
/usr/local/sbin/download_pkg unpack ${appName} "${appUrls}";
|
||
|
||
# 源码编译: 编译后将配置文件模板拷贝至 /usr/local/${app_name}/share/${app_name} 中
|
||
RUN set -eux; \
|
||
APP_ARCH=${TARGETARCH:-$(dpkg --print-architecture)}; \
|
||
APP_SRC="/tmp/${APP_NAME}-${APP_VER}"; \
|
||
cd ${APP_SRC}; \
|
||
LDFLAGS="-L/usr/local/lib -L/usr/lib/${APP_ARCH}-linux-gnu" \
|
||
./configure \
|
||
--prefix=/usr/local/${APP_NAME} \
|
||
--sbin-path=/usr/local/${APP_NAME}/sbin/nginx \
|
||
--conf-path=/usr/local/${APP_NAME}/etc/nginx/nginx.conf \
|
||
--pid-path=/var/run/${APP_NAME}/nginx.pid \
|
||
--lock-path=/var/run/${APP_NAME}/nginx.lock \
|
||
--http-log-path=/var/log/${APP_NAME}/access.log \
|
||
--error-log-path=/var/log/${APP_NAME}/error.log \
|
||
--modules-path=/usr/local/${APP_NAME}/modules \
|
||
--http-client-body-temp-path=/var/cache/${APP_NAME}/client_temp \
|
||
--http-proxy-temp-path=/var/cache/${APP_NAME}/proxy_temp \
|
||
--http-fastcgi-temp-path=/var/cache/${APP_NAME}/fastcgi_temp \
|
||
--http-uwsgi-temp-path=/var/cache/${APP_NAME}/uwsgi_temp \
|
||
--http-scgi-temp-path=/var/cache/${APP_NAME}/scgi_temp \
|
||
\
|
||
--with-http_ssl_module \
|
||
--with-http_v2_module \
|
||
--with-http_v3_module \
|
||
--with-http_realip_module \
|
||
--with-http_geoip_module \
|
||
--with-http_sub_module \
|
||
--with-http_dav_module \
|
||
--with-http_mp4_module \
|
||
--with-http_flv_module \
|
||
--with-http_gunzip_module \
|
||
--with-http_gzip_static_module \
|
||
--with-http_auth_request_module \
|
||
--with-http_addition_module \
|
||
--with-http_slice_module \
|
||
--with-http_random_index_module \
|
||
--with-http_secure_link_module \
|
||
--with-http_stub_status_module \
|
||
--with-mail_ssl_module \
|
||
--with-pcre \
|
||
--with-pcre-jit \
|
||
--with-poll_module \
|
||
--with-stream_realip_module \
|
||
--with-stream_ssl_module \
|
||
--with-threads \
|
||
\
|
||
--with-stream=dynamic \
|
||
--with-stream_geoip_module=dynamic \
|
||
--with-http_perl_module=dynamic \
|
||
--with-http_geoip_module=dynamic \
|
||
--with-http_xslt_module=dynamic \
|
||
--with-http_image_filter_module=dynamic \
|
||
--with-mail=dynamic \
|
||
; \
|
||
make -j "$(nproc)" && make install; \
|
||
strip /usr/local/${APP_NAME}/sbin/nginx;
|
||
|
||
# 生成默认 PHP 首页文件
|
||
RUN set -eux; \
|
||
echo "<?php" >/usr/local/${APP_NAME}/html/index.php; \
|
||
echo "phpinfo();" >>/usr/local/${APP_NAME}/html/index.php; \
|
||
echo "?>" >>/usr/local/${APP_NAME}/html/index.php;
|
||
|
||
# 检测并生成依赖文件记录
|
||
RUN set -eux; \
|
||
find /usr/local/${APP_NAME} -type f -executable -exec ldd '{}' ';' | \
|
||
awk '/=>/ { print $(NF-1) }' | xargs -r basename -a | sort -u | \
|
||
xargs -r dpkg-query --search 2>/dev/null | cut -d: -f1 | sort -u \
|
||
>>/usr/local/${APP_NAME}/runDeps;
|
||
|
||
# 1. 生成镜像 =====================================================================
|
||
FROM ${REGISTRY_URL}debian:v13
|
||
|
||
# 声明需要使用的全局可变参数(ARG声明的变量仅编译打包阶段有效)
|
||
ARG APP_NAME
|
||
ARG APP_VER
|
||
ARG APT_SOURCE
|
||
|
||
# 定义应用的基础信息变量(ENV声明的变量实例化后容器内有效)
|
||
ENV APP_NAME=${APP_NAME} \
|
||
APP_VER=${APP_VER} \
|
||
APP_EXEC=${APP_NAME} \
|
||
APP_USER=${APP_NAME} \
|
||
\
|
||
PATH="${PATH}:/usr/local/${APP_NAME}/sbin"
|
||
|
||
# 镜像元数据标签 - 符合OCI镜像规范
|
||
LABEL org.opencontainers.image.title="${APP_NAME}" \
|
||
org.opencontainers.image.version="${APP_VER}" \
|
||
org.opencontainers.image.description="Docker image for Nginx." \
|
||
org.opencontainers.image.authors="Endial Fang <endial@126.com>" \
|
||
org.opencontainers.image.url="https://gitee.com/colovu/docker-${APP_NAME}" \
|
||
org.opencontainers.image.vendor="Endial Fang (colovu)" \
|
||
org.opencontainers.image.licenses="Apache-2.0" \
|
||
org.opencontainers.image.source="https://gitee.com/colovu/docker-${APP_NAME}" \
|
||
org.opencontainers.image.documentation="https://gitee.com/colovu/docker-${APP_NAME}/blob/main/README.md" \
|
||
maintainer="Endial Fang <endial@126.com>"
|
||
|
||
# 拷贝多阶段构建结果输出及客制化脚本
|
||
COPY --from=builder /usr/local/${APP_NAME} /usr/local/${APP_NAME}
|
||
COPY customer /
|
||
|
||
RUN set -eux; \
|
||
\
|
||
useradd -U -u 996 -d /srv/${APP_NAME} -s /usr/sbin/nologin -r ${APP_USER}; \
|
||
mkdir -p /var/log/${APP_NAME} /var/run/${APP_NAME} /var/cache/${APP_NAME}; \
|
||
mkdir -p /srv/${APP_NAME}/conf /srv/${APP_NAME}/data /srv/${APP_NAME}/cert /srv/${APP_NAME}/log; \
|
||
chown -R ${APP_USER}:${APP_USER} /var/log/${APP_NAME} /var/run/${APP_NAME} /var/cache/${APP_NAME}; \
|
||
chown -R ${APP_USER}:${APP_USER} /usr/local/${APP_NAME} /srv/${APP_NAME}; \
|
||
\
|
||
/bin/bash -c "ln -sf /usr/local/${APP_NAME}/etc/${APP_NAME} /etc/"; \
|
||
\
|
||
/usr/local/sbin/select_source ${APT_SOURCE}; \
|
||
\
|
||
/usr/local/sbin/install_pkg `cat /usr/local/${APP_NAME}/runDeps`; \
|
||
\
|
||
overrideShell="/usr/local/overrides/overrides-${APP_VER}.sh"; \
|
||
[ -e "${overrideShell}" ] && /bin/bash "${overrideShell}"; \
|
||
\
|
||
${APP_EXEC} -V ;
|
||
|
||
# 配置容器的数据卷、工作目录及服务端口(必须保证端口在1024之上)
|
||
VOLUME ["/srv/${APP_NAME}/conf", "/srv/${APP_NAME}/data", "/srv/${APP_NAME}/cert", "/srv/${APP_NAME}/log"]
|
||
WORKDIR /srv/${APP_NAME}
|
||
EXPOSE 8080 8443
|
||
|
||
#HEALTHCHECK NONE
|
||
HEALTHCHECK --interval=30s --timeout=30s --retries=3 CMD curl -fs http://localhost:8080/ || exit 1
|
||
#HEALTHCHECK --interval=10s --timeout=10s --retries=3 CMD netstat -ltun | grep 8080
|
||
|
||
# 使用 dumb-init 启动入口 Shell,确保容器可以接收控制信号;并使用前台方式启动应用程序
|
||
ENTRYPOINT ["dumb-init", "entry.sh"]
|
||
CMD ["run.sh"]
|
||
|