Commit 34e97939 authored by nimrod's avatar nimrod
Browse files

Nginx base image.

parent b17059b0
Loading
Loading
Loading
Loading
Loading
+16 −0
Original line number Diff line number Diff line
@@ -151,3 +151,19 @@ push-webdav:
  needs:
    - job: build-webdav
      artifacts: true

# nginx image:

build-nginx:
  extends: .container-build-base
  variables:
    CONTEXT: nginx

push-nginx:
  extends: .container-push-base
  variables:
    CONTEXT: nginx
    IMAGE: nginx
  needs:
    - job: build-nginx
      artifacts: true

nginx/.dockerignore

0 → 100644
+4 −0
Original line number Diff line number Diff line
*
!conf.d/
!www/
!snippets/

nginx/Dockerfile

0 → 100644
+26 −0
Original line number Diff line number Diff line
FROM nginx:1.21.3-alpine
# hadolint ignore=DL3018
RUN rm -rf /etc/nginx/conf./* && \
    chmod 777 /run && \
    apk add --no-cache --update libcap openssl && \
    curl https://letsencrypt.org/certs/isrg-root-ocsp-x1.pem.txt > /etc/ssl/ocsp.pem && \
    mkdir /var/ssl &&\
    curl https://ssl-config.mozilla.org/ffdhe2048.txt > /var/ssl/dhparams &&\
    chmod 644 /var/ssl/dhparams && \
    install -d -m 755 -o root -g root /etc/nginx/snippets && \
    install -d -m 755 -o root -g root /var/ssl && \
    install -d -m 755 -o root -g root /var/www && \
    install -d -m 700 -o nginx -g nginx /var/cache/nginx && \
    openssl req -x509 \
                -newkey rsa:4096 \
                -keyout /var/ssl/site.key \
                -nodes \
                -out /var/ssl/site.crt \
                -batch && \
    setcap CAP_NET_BIND_SERVICE=+ep "$(command -v nginx)" && \
    chown nginx /var/ssl/site.*
COPY conf.d/ /etc/nginx/conf.d/
COPY snippets/ /etc/nginx/snippets/
USER nginx
RUN nginx -t
HEALTHCHECK CMD curl --fail --verbose --user-agent 'Docker health check' --header "Host: status" http://localhost/ || exit 1

nginx/README.md

0 → 100644
+3 −0
Original line number Diff line number Diff line
# Nginx

My tweaked version of the Nginx image.
+13 −0
Original line number Diff line number Diff line
server {
    listen      80 default_server;
    listen      [::]:80 default_server;
    include     snippets/www-acme-challenge.conf;
    location    / { return 301 https://www.shore.co.il$request_uri; }
}

server {
    listen      443 ssl http2 default_server;
    listen      [::]:443 ssl http2 default_server;
    include     snippets/ssl.conf;
    location    / { return 301 https://www.shore.co.il$request_uri; }
}
Loading