| # debian.sh --arch 'amd64' out/ 'trixie' '@1779062400' |
| LABEL maintainer=NGINX Docker Maintainers <docker-maint@nginx.com> |
| ENV NGINX_VERSION=1.30.2 |
| ENV NJS_VERSION=0.9.9 |
| ENV NJS_RELEASE=1~trixie |
| ENV ACME_VERSION=0.4.1 |
| ENV PKG_RELEASE=1~trixie |
| ENV DYNPKG_RELEASE=1~trixie |
| RUN /bin/sh -c set -x && groupadd --system --gid 101 nginx && useradd --system --gid nginx --no-create-home --home /nonexistent --comment "nginx user" --shell /bin/false --uid 101 nginx && apt-get update && apt-get install --no-install-recommends --no-install-suggests -y gnupg1 ca-certificates && NGINX_GPGKEYS="573BFD6B3D8FBC641079A6ABABF5BD827BD9BF62 8540A6F18833A80E9C1653A42FD21310B49F6B46 9E9BE90EACBCDE69FE9B204CBCDCD8A38D88A2B3"; NGINX_GPGKEY_PATH=/etc/apt/keyrings/nginx-archive-keyring.gpg; export GNUPGHOME="$(mktemp -d)"; found=''; for NGINX_GPGKEY in $NGINX_GPGKEYS; do for server in hkp://keyserver.ubuntu.com:80 pgp.mit.edu ; do echo "Fetching GPG key $NGINX_GPGKEY from $server"; gpg1 --batch --keyserver "$server" --keyserver-options timeout=10 --recv-keys "$NGINX_GPGKEY" && found=yes && break; done; test -z "$found" && echo >&2 "error: failed to fetch GPG key $NGINX_GPGKEY" && exit 1; done; gpg1 --batch --export $NGINX_GPGKEYS > "$NGINX_GPGKEY_PATH" ; rm -rf "$GNUPGHOME"; apt-get remove --purge --auto-remove -y gnupg1 && rm -rf /var/lib/apt/lists/* && dpkgArch="$(dpkg --print-architecture)" && nginxPackages=" nginx=${NGINX_VERSION}-${PKG_RELEASE} nginx-module-xslt=${NGINX_VERSION}-${DYNPKG_RELEASE} nginx-module-geoip=${NGINX_VERSION}-${DYNPKG_RELEASE} nginx-module-image-filter=${NGINX_VERSION}-${DYNPKG_RELEASE} nginx-module-njs=${NGINX_VERSION}+${NJS_VERSION}-${NJS_RELEASE} nginx-module-acme=${NGINX_VERSION}+${ACME_VERSION}-${PKG_RELEASE} " && case "$dpkgArch" in amd64|arm64) echo "deb [signed-by=$NGINX_GPGKEY_PATH] https://nginx.org/packages/debian/ trixie nginx" >> /etc/apt/sources.list.d/nginx.list && apt-get update ;; *) tempDir="$(mktemp -d)" && chmod 777 "$tempDir" && savedAptMark="$(apt-mark showmanual)" && apt-get update && apt-get install --no-install-recommends --no-install-suggests -y cargo curl devscripts equivs git libxml2-utils lsb-release xsltproc && ( cd "$tempDir" && export CARGO_HOME="$tempDir/.cargo" && REVISION="60789259bfab36b1669a414881a9d002fd246d6b" && REVISION=${REVISION%~*} && curl -f -L -O https://github.com/nginx/pkg-oss/archive/${REVISION}.tar.gz && PKGOSSCHECKSUM="9282a0265c921af3e2d5760cbdc06aae65e6efb145ed266fe02102326174a9e9405f6492979372556c14e2f4f8cf66a48c338d054d0ece375a1c41f343f244cc *${REVISION}.tar.gz" && if [ "$(openssl sha512 -r ${REVISION}.tar.gz)" = "$PKGOSSCHECKSUM" ]; then echo "pkg-oss tarball checksum verification succeeded!"; else echo "pkg-oss tarball checksum verification failed!"; exit 1; fi && tar xzvf ${REVISION}.tar.gz && cd pkg-oss-${REVISION} && cd debian && for target in base module-geoip module-image-filter module-njs module-xslt module-acme; do make rules-$target; mk-build-deps --install --tool="apt-get -o Debug::pkgProblemResolver=yes --no-install-recommends --yes" debuild-$target/nginx-$NGINX_VERSION/debian/control; done && make base module-geoip module-image-filter module-njs module-xslt module-acme ) && apt-mark showmanual | xargs apt-mark auto > /dev/null && { [ -z "$savedAptMark" ] || apt-mark manual $savedAptMark; } && ls -lAFh "$tempDir" && ( cd "$tempDir" && dpkg-scanpackages . > Packages ) && grep '^Package: ' "$tempDir/Packages" && echo "deb [ trusted=yes ] file://$tempDir ./" > /etc/apt/sources.list.d/temp.list && apt-get -o Acquire::GzipIndexes=false update ;; esac && apt-get install --no-install-recommends --no-install-suggests -y $nginxPackages gettext-base curl && apt-get remove --purge --auto-remove -y && rm -rf /var/lib/apt/lists/* /etc/apt/sources.list.d/nginx.list && if [ -n "$tempDir" ]; then apt-get purge -y --auto-remove && rm -rf "$tempDir" /etc/apt/sources.list.d/temp.list; fi && ln -sf /dev/stdout /var/log/nginx/access.log && ln -sf /dev/stderr /var/log/nginx/error.log && mkdir /docker-entrypoint.d # buildkit |
| COPY docker-entrypoint.sh / # buildkit |
| COPY 10-listen-on-ipv6-by-default.sh /docker-entrypoint.d # buildkit |
| COPY 15-local-resolvers.envsh /docker-entrypoint.d # buildkit |
| COPY 20-envsubst-on-templates.sh /docker-entrypoint.d # buildkit |
| COPY 30-tune-worker-processes.sh /docker-entrypoint.d # buildkit |
| ENTRYPOINT ["/docker-entrypoint.sh"] |
| EXPOSE map[80/tcp:{}] |
| STOPSIGNAL SIGQUIT |
| CMD ["nginx" "-g" "daemon off;"] |
| ARG NGINX_VERSION=1.30.2 |
| COPY /app/nginx-1.30.2/objs/ngx_http_brotli_static_module.so /etc/nginx/modules/ # buildkit |
| COPY /app/nginx-1.30.2/objs/ngx_http_brotli_filter_module.so /etc/nginx/modules/ # buildkit |
| RUN |1 NGINX_VERSION=1.30.2 /bin/sh -c echo "load_module modules/ngx_http_brotli_filter_module.so;\nload_module modules/ngx_http_brotli_static_module.so;\n$(cat /etc/nginx/nginx.conf)" > /etc/nginx/nginx.conf # buildkit |
| RUN |1 NGINX_VERSION=1.30.2 /bin/sh -c echo 'brotli on;\n brotli_comp_level 6;\n brotli_static on;\n brotli_types application/atom+xml application/javascript application/json application/rss+xml\n application/vnd.ms-fontobject application/x-font-opentype application/x-font-truetype\n application/x-font-ttf application/x-javascript application/xhtml+xml application/xml\n font/eot font/opentype font/otf font/truetype image/svg+xml image/vnd.microsoft.icon\n image/x-icon image/x-win-bitmap text/css text/javascript text/plain text/xml;' > /etc/nginx/conf.d/brotli.conf # buildkit |
| RUN /bin/sh -c groupadd --gid 1000 node && useradd --uid 1000 --gid node --shell /bin/bash --create-home node # buildkit |
| ARG NODE_VERSION=22.22.3 |
| ENV NODE_VERSION=22.22.3 |
| RUN |1 NODE_VERSION=22.22.3 /bin/sh -c ARCH= OPENSSL_ARCH= && dpkgArch="$(dpkg --print-architecture)" && case "${dpkgArch##*-}" in amd64) ARCH='x64' OPENSSL_ARCH='linux-x86_64';; ppc64el) ARCH='ppc64le' OPENSSL_ARCH='linux-ppc64le';; s390x) ARCH='s390x' OPENSSL_ARCH='linux*-s390x';; arm64) ARCH='arm64' OPENSSL_ARCH='linux-aarch64';; armhf) ARCH='armv7l' OPENSSL_ARCH='linux-armv4';; i386) ARCH='x86' OPENSSL_ARCH='linux-elf';; *) echo "unsupported architecture"; exit 1 ;; esac && set -ex && apt-get update && apt-get install -y ca-certificates curl wget gnupg dirmngr xz-utils libatomic1 lsof --no-install-recommends && rm -rf /var/lib/apt/lists/* && export GNUPGHOME="$(mktemp -d)" && for key in 5BE8A3F6C8A5C01D106C0AD820B1A390B168D356 DD792F5973C6DE52C432CBDAC77ABFA00DDBF2B7 CC68F5A3106FF448322E48ED27F5E38D5B0A215F 8FCCA13FEF1D0C2E91008E09770F7A9A5AE15600 890C08DB8579162FEE0DF9DB8BEAB4DFCF555EF4 C82FA3AE1CBEDC6BE46B9360C43CEC45C17AB93C 108F52B48DB57BB0CC439B2997B01419BD92F80A A363A499291CBBC940DD62E41F10027AF002F8B0 ; do { gpg --batch --keyserver hkps://keys.openpgp.org --recv-keys "$key" && gpg --batch --fingerprint "$key"; } || { gpg --batch --keyserver keyserver.ubuntu.com --recv-keys "$key" && gpg --batch --fingerprint "$key"; } ; done && curl -fsSLO --compressed "https://nodejs.org/dist/v$NODE_VERSION/node-v$NODE_VERSION-linux-$ARCH.tar.xz" && curl -fsSLO --compressed "https://nodejs.org/dist/v$NODE_VERSION/SHASUMS256.txt.asc" && gpg --batch --decrypt --output SHASUMS256.txt SHASUMS256.txt.asc && gpgconf --kill all && rm -rf "$GNUPGHOME" && grep " node-v$NODE_VERSION-linux-$ARCH.tar.xz\$" SHASUMS256.txt | sha256sum -c - && tar -xJf "node-v$NODE_VERSION-linux-$ARCH.tar.xz" -C /usr/local --strip-components=1 --no-same-owner && rm "node-v$NODE_VERSION-linux-$ARCH.tar.xz" SHASUMS256.txt.asc SHASUMS256.txt && apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false && ln -s /usr/local/bin/node /usr/local/bin/nodejs && node --version && npm --version && rm -rf /tmp/* # buildkit |
| ENV NODE_ENV=production |
| ARG TYPST_BUILD_MODE=onpremise |
| RUN |1 TYPST_BUILD_MODE=onpremise /bin/sh -c apt update && apt install --no-install-recommends -y parallel dumb-init pdf2svg lsof brotli postgresql-client ca-certificates && rm -rf /var/lib/apt/lists/* # buildkit |
| ENV NODE_ENV=production TYPST_BUILD_MODE=onpremise TYPST_PACKAGE_DIR=/usr/src/typst-packages |
| COPY --chown=nginx:nginx /usr/src/app /usr/src/api # buildkit |
| COPY --chown=nginx:nginx /usr/bin/bundler /usr/bin/bundler # buildkit |
| COPY /usr/local/share/sbom/* /usr/local/share/sbom/ # buildkit |
| COPY --chown=nginx:nginx /bin/server /bin/typst-converter # buildkit |
| COPY --chown=nginx:nginx /bin/pandoc /bin/pandoc # buildkit |
| COPY --chown=nginx:nginx /usr/src/frontend /usr/src/frontend # buildkit |
| COPY --chown=nginx:nginx /usr/local/bin/provision-vars /usr/local/bin/provision-vars # buildkit |
| COPY --chown=nginx:nginx /etc/nginx /etc/nginx # buildkit |
| COPY /usr/local/share/sbom/* /usr/local/share/sbom/ # buildkit |
| COPY /usr/local/bin/index /usr/local/bin/index # buildkit |
| COPY --chown=nginx:nginx deploy/nginx/aio /etc/nginx/ # buildkit |
| COPY --chown=nginx:nginx deploy/scripts/aio-start.sh /bin/aio-start.sh # buildkit |
| COPY --chown=nginx:nginx deploy/scripts/aio-healthcheck.sh /usr/src/scripts/healthcheck.sh # buildkit |
| RUN |1 TYPST_BUILD_MODE=onpremise /bin/sh -c chmod +x /bin/aio-start.sh /usr/src/scripts/healthcheck.sh # buildkit |
| EXPOSE [8080/tcp] |
| HEALTHCHECK {Test:[CMD /usr/src/scripts/healthcheck.sh] Interval:30s Timeout:30s StartPeriod:5s StartInterval:0s Retries:3} |
| CMD ["dumb-init" "bash" "/bin/aio-start.sh"] |
