Commit ecce3b97 authored by Michał 'rysiek' Woźniak's avatar Michał 'rysiek' Woźniak
Browse files

support for installing nginx-(light|full|extras) packages from the Debian repository; documentation

parent 56b8a260
...@@ -19,17 +19,40 @@ FROM debian:jessie ...@@ -19,17 +19,40 @@ FROM debian:jessie
# along with this program. If not, see <http://www.gnu.org/licenses/>. # along with this program. If not, see <http://www.gnu.org/licenses/>.
# based on: https://github.com/nginxinc/docker-nginx/blob/1eea9f7d082dff426e7923a90138de804038266d/Dockerfile # based on: https://github.com/nginxinc/docker-nginx/blob/1eea9f7d082dff426e7923a90138de804038266d/Dockerfile
#MAINTAINER NGINX Docker Maintainers "docker-maint@nginx.com"
MAINTAINER Michał "rysiek" Woźniak <rysiek@occrp.org> MAINTAINER Michał "rysiek" Woźniak <rysiek@occrp.org>
RUN apt-key adv --keyserver hkp://pgp.mit.edu:80 --recv-keys 573BFD6B3D8FBC641079A6ABABF5BD827BD9BF62 #
RUN echo "deb http://nginx.org/packages/mainline/debian/ jessie nginx" >> /etc/apt/sources.list # which package do we want?
# possible versions: nginx, nginx-light, nginx-full, nginx-extras
#
# if version is the default -- "nginx" -- the nginx.org package is installed
# otherwise, the Debian-provided package is installed; compare versions here:
# https://wiki.debian.org/Nginx#Recap_of_the_different_modules_in_every_package_.28starting_Squeeze-Backports.29
ARG NGINX_PACKAGE=nginx
# NOTICE: Debian-provided packages are *older*, so adjust NGINX_VERSION accordingly
# (as of this writing Debian jessie package version is at 1.6*)
ARG NGINX_VERSION=1.11*
# yeah, we'll pin on this # reality check
ENV NGINX_VERSION 1.9* RUN case $NGINX_PACKAGE in \
nginx) \
echo "+-- building with nginx.org package: ${NGINX_PACKAGE}"; \
apt-key adv --keyserver hkp://pgp.mit.edu:80 --recv-keys 573BFD6B3D8FBC641079A6ABABF5BD827BD9BF62; \
echo "deb http://nginx.org/packages/mainline/debian/ jessie nginx" >> /etc/apt/sources.list; \
;; \
nginx-light|nginx-full|nginx-extras) \
echo "+-- building with Debian-provided package: ${NGINX_PACKAGE}"; \
echo "\n* * * NOTICE: if build fails, make sure NGINX_VERSION is properly adjusted to what is available in Debian repository!\n\n"; \
;; \
*) \
echo "\n* * * ERROR: unknown nginx package: ${NGINX_PACKAGE}; please use one of: nginx, nginx-light, nginx-full, nginx-extras\n\n"; \
exit 1; \
;; \
esac
RUN DEBIAN_FRONTEND=noninteractive apt-get update && \ RUN DEBIAN_FRONTEND=noninteractive apt-get update && \
apt-get install -y ca-certificates nginx="${NGINX_VERSION}" inotify-tools && \ apt-get install -y ca-certificates "${NGINX_PACKAGE}"="${NGINX_VERSION}" inotify-tools && \
rm -rf /var/lib/apt/lists/* rm -rf /var/lib/apt/lists/*
# forward request and error logs to docker log collector # forward request and error logs to docker log collector
...@@ -45,5 +68,4 @@ RUN chmod +x /run.sh ...@@ -45,5 +68,4 @@ RUN chmod +x /run.sh
VOLUME ["/var/cache/nginx", "/etc/nginx"] VOLUME ["/var/cache/nginx", "/etc/nginx"]
EXPOSE 80 443 EXPOSE 80 443
#CMD ["nginx", "-g", "daemon off;"]
CMD ["/run.sh"] CMD ["/run.sh"]
\ No newline at end of file
...@@ -2,6 +2,34 @@ ...@@ -2,6 +2,34 @@
Watchful NginX container -- `nginx` docker container that watches for logrotated logfiles using `inotify` and makes sure `nginx` reloads them when needed. A nasty, but functional, kludge of a work-around for [lack of PID namespaces in docker](https://github.com/docker/docker/issues/10163). Watchful NginX container -- `nginx` docker container that watches for logrotated logfiles using `inotify` and makes sure `nginx` reloads them when needed. A nasty, but functional, kludge of a work-around for [lack of PID namespaces in docker](https://github.com/docker/docker/issues/10163).
## Building
The image can be built with either [`nginx` package installed from `nginx.org` repository](https://www.nginx.com/resources/wiki/start/topics/tutorials/install/?highlight=packages#official-debian-ubuntu-packages), or any of [`nginx-light`, `nginx-full`, `nginx-extras` installed from official Debian repository](https://wiki.debian.org/Nginx#Recap_of_the_different_modules_in_every_package_.28starting_Squeeze-Backports.29). This is controlled by `NGINX_PACKAGE` build argument.
By default, `nginx` package from `nginx.org` is being installed. If `NGINX_PACKAGE` is set to anything else than `nginx`, packages from default Debian repositories are used instead.
The `NGINX_VERSION` build argument controls the `nginx` package version that is going to be installed. By default, version `1.11*` (the latest) is used.
**NOTICE: package versions in official Debian repositories are much older than on `nginx.org`; hence, when using them, remember to set `NGINX_VERSION` accordingly. As of this writing Debian jessie package version is at `1.6*`.**
### Examples
Building the image with `nginx` package from `nginx.org`, version `1.11.x` (i.e. the default):
```bash
docker build ./
# equivalent to
docker build --build-arg=NGINX_PACKAGE=nginx --build-arg=NGINX_VERSION=1.11* --no-cache ./
```
Building the image with `nginx-extras` package from the Debian repository, version `1.6*`:
```
docker build --build-arg=NGINX_PACKAGE=nginx-extras --build-arg=NGINX_VERSION=1.6* --no-cache ./
```
## Operation
Upon start it creates a dhparam file in `/etc/ssl/nginx/dhparam.pem` (if the file does not exist) and sets an `inotify` watch on `/srv/logs/nginx/logrotate`. Once the watch discovers that the watchfile has been modified, it sends the `USR1` signal to `nginx`, which causes it to reload the logfiles. Upon start it creates a dhparam file in `/etc/ssl/nginx/dhparam.pem` (if the file does not exist) and sets an `inotify` watch on `/srv/logs/nginx/logrotate`. Once the watch discovers that the watchfile has been modified, it sends the `USR1` signal to `nginx`, which causes it to reload the logfiles.
Use by volume-mounting the watchfile in this container and in a container that logrotate runs in, and making sure logrotate touches/modifies that file, for instance by using the following in your logrotate config files: Use by volume-mounting the watchfile in this container and in a container that logrotate runs in, and making sure logrotate touches/modifies that file, for instance by using the following in your logrotate config files:
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment