Commit 34df6b47 authored by Michał 'rysiek' Woźniak's avatar Michał 'rysiek' Woźniak
Browse files

backports support added

parent 08299f1d
......@@ -21,6 +21,11 @@ FROM debian:stretch
# based on: https://github.com/nginxinc/docker-nginx/blob/1eea9f7d082dff426e7923a90138de804038266d/Dockerfile
MAINTAINER Michał "rysiek" Woźniak <rysiek@occrp.org>
# requirements
RUN DEBIAN_FRONTEND=noninteractive apt-get update && \
apt-get install -y ca-certificates inotify-tools gnupg2 && \
rm -rf /var/lib/apt/lists/*
#
# which package do we want?
# possible versions: nginx, nginx-light, nginx-full, nginx-extras
......@@ -29,16 +34,8 @@ MAINTAINER Michał "rysiek" Woźniak <rysiek@occrp.org>
# otherwise, the Debian-provided package is installed; compare versions here:
# https://wiki.debian.org/Nginx#Recap_of_the_different_modules_in_every_package_.28starting_Squeeze-Backports.29
ARG NGINX_PACKAGE=nginx
# NOTICE: Debian-provided packages are *older*, so adjust NGINX_VERSION accordingly
# (as of this writing Debian stretch package version is at 1.10*)
ARG NGINX_VERSION=1.13*
# requirements
RUN DEBIAN_FRONTEND=noninteractive apt-get update && \
apt-get install -y ca-certificates inotify-tools gnupg2 && \
rm -rf /var/lib/apt/lists/*
ARG INSTALL_PACKAGES=
# reality check
RUN case $NGINX_PACKAGE in \
nginx) \
......@@ -46,9 +43,14 @@ RUN case $NGINX_PACKAGE in \
apt-key adv --keyserver hkp://keyserver.ubuntu.com:80 --recv-keys 573BFD6B3D8FBC641079A6ABABF5BD827BD9BF62; \
echo "deb http://nginx.org/packages/mainline/debian/ stretch nginx" >> /etc/apt/sources.list; \
;; \
nginx-light|nginx-full|nginx-extras) \
nginx-light*|nginx-full*|nginx-extras*) \
echo "+-- building with Debian-provided package: ${NGINX_PACKAGE}"; \
echo "\n* * * NOTICE: if build fails, make sure NGINX_VERSION is properly adjusted to what is available in Debian repository!\n\n"; \
echo "\n* * * NOTICE: if build fails, make sure NGINX_VERSION is properly adjusted to what is available in Debian repositories!\n\n"; \
echo "$NGINX_PACKAGE $INSTALL_PACKAGES" | tr ' ' '\n' | egrep ':backports$' >/dev/null 2>&1 && \
echo "* * * Setting up backports to install: " && \
echo "$NGINX_PACKAGE $INSTALL_PACKAGES" | tr ' ' '\n' | egrep ':backports$' | sed -r -e 's/:backports$//'; \
echo "\n"; \
echo "deb http://ftp.debian.org/debian stretch-backports main" > /etc/apt/sources.list.d/stretch-backports.list ; \
;; \
*) \
echo "\n* * * ERROR: unknown nginx package: ${NGINX_PACKAGE}; please use one of: nginx, nginx-light, nginx-full, nginx-extras\n\n"; \
......@@ -56,16 +58,38 @@ RUN case $NGINX_PACKAGE in \
;; \
esac
# NOTICE: Debian-provided packages are *older*, so adjust NGINX_VERSION accordingly
# (as of this writing Debian stretch package version is at 1.10*)
ARG NGINX_VERSION=1.13*
RUN DEBIAN_FRONTEND=noninteractive apt-get update && \
apt-get install -y "${NGINX_PACKAGE}"="${NGINX_VERSION}" && \
case "$NGINX_PACKAGE" in \
*:backports) \
echo "* * * installing backports nginx package: ${NGINX_PACKAGE%:backports}"; \
export BACKPORTS_ENABLED="-t stretch-backports"; \
;; \
*) \
echo "* * * installing mainline nginx package: $NGINX_PACKAGE"; \
esac; \
apt-get install -y $BACKPORTS_ENABLED "${NGINX_PACKAGE%:backports}"="${NGINX_VERSION}" && \
rm -rf /var/lib/apt/lists/*
# we might need to install some packages, but doing this in the entrypoint doesn't make any sense
ARG INSTALL_PACKAGES
RUN if [ "$INSTALL_PACKAGES" != "" ]; then \
MAINLINE_PACKAGES="$( echo "$INSTALL_PACKAGES" | tr ' ' '\n' | egrep -v ':backports$' | tr '\n' ' ' )"; \
echo "* * * installing mainline packages: $MAINLINE_PACKAGES"; \
BACKPORTS_PACKAGES="$( echo "$INSTALL_PACKAGES" | tr ' ' '\n' | egrep ':backports$' | sed -r -e 's/:backports$//' | tr '\n' ' ' )"; \
echo "* * * installing backports packages: $BACKPORTS_PACKAGES"; \
export DEBIAN_FRONTEND=noninteractive && apt-get update && apt-get install -y \
$INSTALL_PACKAGES \
$MAINLINE_PACKAGES \
--no-install-recommends && \
if [ "$BACKPORTS_PACKAGES" != "" ]; then \
apt-get install -y \
-t stretch-backports \
$BACKPORTS_PACKAGES \
--no-install-recommends ; \
fi; \
rm -rf /var/lib/apt/lists/* ; \
fi
......
......@@ -10,7 +10,7 @@ By default, `nginx` package from `nginx.org` is being installed. If `NGINX_PACKA
The `NGINX_VERSION` build argument controls the `nginx` package version that is going to be installed. By default, version `1.13*` (the latest) is used.
**NOTICE: package versions in official Debian repositories are much older than on `nginx.org`; hence, when using them, remember to set `NGINX_VERSION` accordingly. As of this writing Debian jessie package version is at `1.10*`.**
**NOTICE: package versions in official Debian repositories are much older than on `nginx.org`; hence, when using them, remember to set `NGINX_VERSION` accordingly. As of this writing Debian stretch package version is at `1.10*`.**
## Environment variables
......@@ -27,6 +27,19 @@ The `NGINX_VERSION` build argument controls the `nginx` package version that is
- `DHPARAM_FILE` (default: "`/etc/ssl/nginx/dhparam.pem`")
these control the locations where the `run.sh` script expects to find the `nginx` pidfile, the file to watch for logrotate signalling, and the SSL DH parameters files; these should reflect `nginx` config.
- `NGINX_PACKAGE` (default: "`nginx`")
- `NGINX_VERSION` (default: "`1.13*`")
Name of Nginx package to install, and version of it. If the package name is exactly `nginx`, it is installed from official Nginx repositories; otherwise it is installed from Debian repositories. Backports repository is supported in the latter case the same way as in `INSTALL_PACKAGES` (see below).
- `INSTALL_PACKAGES` (default: empty)
Space-separated list of packages to be installed upon building the container. All packages are installed with `--no-install-recommend` flag passed to `apt-get`.
Installing packages from [Debian Backports](https://backports.debian.org/) is supported by appending `:backports` to a package name. The backports repository will be added automagically if there is at least one package to be installed from it.
For example, setting `INSTALL_PACKAGES` to `tmux:backports screen` will install `screen` from the main repository, then set-up `stretch-backports`, and install `tmux` from there. This also works with package versions and regexen: setting `INSTALL_PACKAGES` to `tmux=2.2-1~bpo8+1:backports` will set-up `stretch-backports` and install version `2.2-1~bpo8+1` of `tmux` from there; setting `INSTALL_PACKAGES` to `vim*:backports` will set-up `stretch-backports` and install all packages whise names start with `vim` from there,
### Examples
Building the image with `nginx` package from `nginx.org`, version `1.13.x` (i.e. the default):
......@@ -43,6 +56,12 @@ Building the image with `nginx-extras` package from the Debian repository, versi
docker build --build-arg=NGINX_PACKAGE=nginx-extras --build-arg=NGINX_VERSION=1.10* --no-cache ./
```
Building the image with `nginx-full` package from the Debian backports repository, version `1.13*`:
```
docker build --build-arg=NGINX_PACKAGE=nginx-full:backports --build-arg=NGINX_VERSION=1.13* --no-cache ./
```
## Operation
Upon start it creates a dhparam file in `$DHPARAM_FILE` (if the file does not exist) and sets an `inotify` watch on `$WATCH_FILE`. Once the watch discovers that the watchfile has been modified, it sends the `USR1` signal to `nginx`, which causes it to reload the logfiles.
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment