From 00676994bcba24a974d97246396f480b9bdd16da Mon Sep 17 00:00:00 2001 From: Rasmus Werling Date: Fri, 31 May 2024 09:57:23 +0300 Subject: [PATCH 1/3] SLT-1039 Added silta-nginx image with nginx 1.26. --- silta-nginx/1.26/Dockerfile | 78 +++++++++++++++++++++ silta-nginx/1.26/TAGS | 3 + silta-nginx/1.26/modules/ngx_http_echo.conf | 1 + 3 files changed, 82 insertions(+) create mode 100644 silta-nginx/1.26/Dockerfile create mode 100644 silta-nginx/1.26/TAGS create mode 100644 silta-nginx/1.26/modules/ngx_http_echo.conf diff --git a/silta-nginx/1.26/Dockerfile b/silta-nginx/1.26/Dockerfile new file mode 100644 index 00000000..b8660348 --- /dev/null +++ b/silta-nginx/1.26/Dockerfile @@ -0,0 +1,78 @@ +# https://hg.nginx.org/pkg-oss/tags +ARG NGINX_VERSION=1.26.1 +ARG NGINX_UNPRIVILEGED_VERSION=1.26.0 + +FROM nginx:${NGINX_VERSION}-alpine as builder + +# https://github.com/openresty/echo-nginx-module/tags +ENV HTTPECHO_VERSION=0.63 + +# Nginx virtual host traffic status module +# https://github.com/vozlt/nginx-module-vts +ENV NGINX_VTS_VERSION 0.2.2 + +RUN apk add --update gcc libc-dev linux-headers zlib-dev openrc autoconf automake g++ make \ + libressl-dev geoip-dev lmdb-dev pcre-dev libtool libxml2-dev yajl-dev pkgconf zlib-dev \ + libcurl curl tzdata + +# Download sources +RUN curl "http://nginx.org/download/nginx-${NGINX_VERSION}.tar.gz" -o nginx.tar.gz && \ + curl -L "https://github.com/openresty/echo-nginx-module/archive/v${HTTPECHO_VERSION}.tar.gz" -o httpecho.tar.gz && \ + curl -L "https://github.com/vozlt/nginx-module-vts/archive/refs/tags/v${NGINX_VTS_VERSION}.tar.gz" -o nginx-module-vts.tar.gz + +# Reuse same cli arguments as the nginx:alpine image used to build +RUN CONFARGS=$(nginx -V 2>&1 | sed -n -e 's/^.*arguments: //p') \ + mkdir /usr/src && \ + tar -zxC /usr/src -f nginx.tar.gz && \ + # Uncompress echo module + tar -xzvf "httpecho.tar.gz" && \ + HTTPECHODIR="$(pwd)/echo-nginx-module-${HTTPECHO_VERSION}" && \ + # Uncompress vts module + tar -xzvf "nginx-module-vts.tar.gz" && \ + VTSDIR="$(pwd)/nginx-module-vts-${NGINX_VTS_VERSION}" && \ + cd /usr/src/nginx-$NGINX_VERSION && \ + ./configure --with-compat $CONFARGS \ + --add-dynamic-module=$HTTPECHODIR \ + --add-dynamic-module=$VTSDIR \ + --with-http_stub_status_module && \ + make modules && \ + # Move module to root so it's easier to locate it in the next layer + mv ./objs/*.so / + +#### Make the nginx image and copy modules from builder + +FROM nginxinc/nginx-unprivileged:${NGINX_UNPRIVILEGED_VERSION}-alpine +ARG UID=101 +LABEL maintainer="wunder.io" +USER root + +COPY --from=builder /ngx_http_echo_module.so /etc/nginx/modules/ngx_http_echo_module.so +COPY modules/ngx_http_echo.conf /etc/nginx/modules/ngx_http_echo.conf + +# Nginx virtual host traffic status module +COPY --from=builder /ngx_http_vhost_traffic_status_module.so /etc/nginx/modules/ngx_http_vhost_traffic_status_module.so + +# Fastly signal sciences module +# https://docs.fastly.com/signalsciences/install-guides/nginx-module/alpine-nginx-1.15.3higher/ +RUN apk update && apk add wget openssl --virtual build-dependencies && \ + wget https://apk.signalsciences.net/sigsci_apk.pub ; mv sigsci_apk.pub /etc/apk/keys && \ + echo https://apk.signalsciences.net/3.16/main | tee -a /etc/apk/repositories && \ + apk update && \ + openssl rsa -pubin -in /etc/apk/keys/sigsci_apk.pub -text -noout && \ + apk add nginx-module-sigsci-nxo-${NGINX_VERSION} && \ + apk del build-dependencies +# Module is enabled conditionally via chart template / configmap + +RUN rm -rf /etc/nginx/conf.d/default.conf \ + && touch /var/run/nginx.pid \ + && chown -R $UID:0 /var/run/nginx.pid + +RUN mkdir -p /var/www/html/web \ + && ln -s /var/www/html /app +RUN adduser nginx www-data + +STOPSIGNAL SIGQUIT + +USER $UID + +CMD ["nginx", "-g", "daemon off;"] diff --git a/silta-nginx/1.26/TAGS b/silta-nginx/1.26/TAGS new file mode 100644 index 00000000..bff9887c --- /dev/null +++ b/silta-nginx/1.26/TAGS @@ -0,0 +1,3 @@ +1.26-v1 +1.26-v1.0 +1.26-v1.0.0 diff --git a/silta-nginx/1.26/modules/ngx_http_echo.conf b/silta-nginx/1.26/modules/ngx_http_echo.conf new file mode 100644 index 00000000..3da9e04c --- /dev/null +++ b/silta-nginx/1.26/modules/ngx_http_echo.conf @@ -0,0 +1 @@ +load_module "modules/ngx_http_echo_module.so"; From 6afcb4504e16c10fcf3b970a04f284365f5cef37 Mon Sep 17 00:00:00 2001 From: Rasmus Werling Date: Fri, 31 May 2024 09:58:35 +0300 Subject: [PATCH 2/3] SLT-1039 Added silta-nginx 1.24 and 1.26 to dependabot configs. --- .github/dependabot.yml | 54 ++++++++++++++++++++++++++++-------------- 1 file changed, 36 insertions(+), 18 deletions(-) diff --git a/.github/dependabot.yml b/.github/dependabot.yml index e3fce7e8..8f39408d 100644 --- a/.github/dependabot.yml +++ b/.github/dependabot.yml @@ -35,14 +35,14 @@ updates: ignore: - dependency-name: "*" update-types: ["version-update:semver-major"] - + - package-ecosystem: "docker" directory: "/silta-nginx/1.17" schedule: interval: "daily" ignore: - dependency-name: "*" - update-types: + update-types: - "version-update:semver-major" - "version-update:semver-minor" - package-ecosystem: "docker" @@ -51,7 +51,7 @@ updates: interval: "daily" ignore: - dependency-name: "*" - update-types: + update-types: - "version-update:semver-major" - "version-update:semver-minor" - package-ecosystem: "docker" @@ -60,7 +60,7 @@ updates: interval: "daily" ignore: - dependency-name: "*" - update-types: + update-types: - "version-update:semver-major" - "version-update:semver-minor" - package-ecosystem: "docker" @@ -69,7 +69,25 @@ updates: interval: "daily" ignore: - dependency-name: "*" - update-types: + update-types: + - "version-update:semver-major" + - "version-update:semver-minor" + - package-ecosystem: "docker" + directory: "/silta-nginx/1.24" + schedule: + interval: "daily" + ignore: + - dependency-name: "*" + update-types: + - "version-update:semver-major" + - "version-update:semver-minor" + - package-ecosystem: "docker" + directory: "/silta-nginx/1.26" + schedule: + interval: "daily" + ignore: + - dependency-name: "*" + update-types: - "version-update:semver-major" - "version-update:semver-minor" @@ -79,7 +97,7 @@ updates: interval: "daily" ignore: - dependency-name: "*" - update-types: + update-types: - "version-update:semver-major" - "version-update:semver-minor" - package-ecosystem: "docker" @@ -88,7 +106,7 @@ updates: interval: "daily" ignore: - dependency-name: "*" - update-types: + update-types: - "version-update:semver-major" - "version-update:semver-minor" - package-ecosystem: "docker" @@ -97,7 +115,7 @@ updates: interval: "daily" ignore: - dependency-name: "*" - update-types: + update-types: - "version-update:semver-major" - "version-update:semver-minor" - package-ecosystem: "docker" @@ -106,7 +124,7 @@ updates: interval: "daily" ignore: - dependency-name: "*" - update-types: + update-types: - "version-update:semver-major" - "version-update:semver-minor" - package-ecosystem: "docker" @@ -115,7 +133,7 @@ updates: interval: "daily" ignore: - dependency-name: "*" - update-types: + update-types: - "version-update:semver-major" - "version-update:semver-minor" - package-ecosystem: "docker" @@ -124,7 +142,7 @@ updates: interval: "daily" ignore: - dependency-name: "*" - update-types: + update-types: - "version-update:semver-major" - "version-update:semver-minor" @@ -134,7 +152,7 @@ updates: interval: "daily" ignore: - dependency-name: "*" - update-types: + update-types: - "version-update:semver-major" - "version-update:semver-minor" - package-ecosystem: "docker" @@ -143,7 +161,7 @@ updates: interval: "daily" ignore: - dependency-name: "*" - update-types: + update-types: - "version-update:semver-major" - "version-update:semver-minor" - package-ecosystem: "docker" @@ -152,7 +170,7 @@ updates: interval: "daily" ignore: - dependency-name: "*" - update-types: + update-types: - "version-update:semver-major" - "version-update:semver-minor" - package-ecosystem: "docker" @@ -161,7 +179,7 @@ updates: interval: "daily" ignore: - dependency-name: "*" - update-types: + update-types: - "version-update:semver-major" - "version-update:semver-minor" - package-ecosystem: "docker" @@ -170,7 +188,7 @@ updates: interval: "daily" ignore: - dependency-name: "*" - update-types: + update-types: - "version-update:semver-major" - "version-update:semver-minor" - package-ecosystem: "docker" @@ -179,7 +197,7 @@ updates: interval: "daily" ignore: - dependency-name: "*" - update-types: + update-types: - "version-update:semver-major" - "version-update:semver-minor" @@ -220,6 +238,6 @@ updates: interval: "daily" ignore: - dependency-name: "*" - update-types: + update-types: - "version-update:semver-major" - "version-update:semver-minor" From 677ff7a11c145ecdbeabb91e6ef4fce3efffc95f Mon Sep 17 00:00:00 2001 From: Rasmus Werling Date: Wed, 12 Jun 2024 11:34:43 +0300 Subject: [PATCH 3/3] Use Nginx 1.26.0 and update signalsciences apk url from alpine 3.16 to 3.19. --- silta-nginx/1.26/Dockerfile | 12 ++++++++---- 1 file changed, 8 insertions(+), 4 deletions(-) diff --git a/silta-nginx/1.26/Dockerfile b/silta-nginx/1.26/Dockerfile index b8660348..0d7aa9dc 100644 --- a/silta-nginx/1.26/Dockerfile +++ b/silta-nginx/1.26/Dockerfile @@ -1,6 +1,5 @@ # https://hg.nginx.org/pkg-oss/tags -ARG NGINX_VERSION=1.26.1 -ARG NGINX_UNPRIVILEGED_VERSION=1.26.0 +ARG NGINX_VERSION=1.26.0 FROM nginx:${NGINX_VERSION}-alpine as builder @@ -22,6 +21,11 @@ RUN curl "http://nginx.org/download/nginx-${NGINX_VERSION}.tar.gz" -o nginx.tar. # Reuse same cli arguments as the nginx:alpine image used to build RUN CONFARGS=$(nginx -V 2>&1 | sed -n -e 's/^.*arguments: //p') \ + # 1.26.0 does not compile with the options that are removed below. + # It will generate errors like this: ./configure: error: invalid option "-fstack-clash-protection" \ + # When 1.26.1 is used, this can be removed. Currently blocked by signalsciences module not supporting 1.26.1. + CONFARGS=${CONFARGS/-Os -fstack-clash-protection -Wformat -Werror=format-security -fno-plt -g/-Os} && \ + CONFARGS=${CONFARGS/,--sort-common -Wl,-z,pack-relative-relocs/-Os} && \ mkdir /usr/src && \ tar -zxC /usr/src -f nginx.tar.gz && \ # Uncompress echo module @@ -41,7 +45,7 @@ RUN CONFARGS=$(nginx -V 2>&1 | sed -n -e 's/^.*arguments: //p') \ #### Make the nginx image and copy modules from builder -FROM nginxinc/nginx-unprivileged:${NGINX_UNPRIVILEGED_VERSION}-alpine +FROM nginxinc/nginx-unprivileged:${NGINX_VERSION}-alpine ARG UID=101 LABEL maintainer="wunder.io" USER root @@ -56,7 +60,7 @@ COPY --from=builder /ngx_http_vhost_traffic_status_module.so /etc/nginx/modules/ # https://docs.fastly.com/signalsciences/install-guides/nginx-module/alpine-nginx-1.15.3higher/ RUN apk update && apk add wget openssl --virtual build-dependencies && \ wget https://apk.signalsciences.net/sigsci_apk.pub ; mv sigsci_apk.pub /etc/apk/keys && \ - echo https://apk.signalsciences.net/3.16/main | tee -a /etc/apk/repositories && \ + echo https://apk.signalsciences.net/3.19/main | tee -a /etc/apk/repositories && \ apk update && \ openssl rsa -pubin -in /etc/apk/keys/sigsci_apk.pub -text -noout && \ apk add nginx-module-sigsci-nxo-${NGINX_VERSION} && \