feat: new nginx original base (#3)

.github/dependabot.yml

@@ -19,7 +19,7 @@ updates:
           - '*'
 
   - package-ecosystem: docker
-    directory: /nginx-core
+    directory: /nginx
     reviewers:
       - AliMD
     schedule:

.github/workflows/publish-container.yml

@@ -29,6 +29,7 @@ jobs:
       max-parallel: 1
       matrix:
         include:
+          - path: nginx
           - path: nginx-core
           - path: nginx-pwa
           - path: nginx-ws

nginx-core/.dockerignore

@@ -1,3 +1,3 @@
 *
-!conf/
-!www/
+!etc/nginx/
+!var/www/

nginx-core/Dockerfile

@@ -1,16 +1,14 @@
-FROM docker.io/library/nginx:1.25.3-alpine3.18
+FROM ghcr.io/alwatr/nginx:1.1.0
 
 RUN apk add --no-cache curl
 HEALTHCHECK --interval=30s --timeout=3s --start-period=1s --retries=3 CMD curl -fso /dev/null http://localhost/server-info || exit 1
 
-RUN rm -rfv /etc/nginx/conf.d/*
-COPY conf/ /etc/nginx/
-COPY www/  /var/www/
-RUN chmod a+rx /etc/nginx/entrypoint.sh /etc/nginx/entrypoint.d/*.sh
+COPY etc/nginx/ /etc/nginx/
+COPY var/www/ /var/www/
+RUN ls -RlAhF /etc/nginx/
 
 # Default environment for nginx template
-# ENV NGINX_ACCESS_LOG="/var/log/nginx/access.log json"
-ENV NGINX_ACCESS_LOG=off \
+ENV NGINX_ACCESS_LOG="/var/log/nginx/access.log json" \
     NGINX_ERROR_LOG_LEVEL=notice \
     NGINX_WORKER_CONNECTIONS=2048 \
     NGINX_CLIENT_MAX_BODY_SIZE=10m \
@@ -37,18 +35,13 @@ ENV NGINX_ACCESS_LOG=off \
     NGINX_ENTRYPOINT_WORKER_PROCESSES_AUTOTUNE=1 \
     NGINX_ENTRYPOINT_QUIET_LOGS=""
 
-EXPOSE 80
-WORKDIR /var/www/html/
-ENTRYPOINT ["/etc/nginx/entrypoint.sh"]
-CMD ["nginx", "-g", "daemon off;"]
-
 ARG BUILD_REV
 ARG BUILD_DATE
 LABEL org.opencontainers.image.title="alwatr/nginx-core" \
       org.opencontainers.image.description="High-performance, accelerated NGINX, optimized for serving static content. Enhanced and accelerated by Alwatr." \
-      org.opencontainers.image.base.name="docker.io/library/nginx:1.25.3-alpine3.18" \
-      org.opencontainers.image.version="1.0.0" \
-      org.opencontainers.image.ref.name="1.0.0-nginx1.25.3-alpine" \
+      org.opencontainers.image.base.name="ghcr.io/alwatr/nginx:1.1.0" \
+      org.opencontainers.image.version="1.1.0-n1.25.3" \
+      org.opencontainers.image.ref.name="1.1.0-n1.25.3-a3.18-slim" \
       org.opencontainers.image.licenses="MIT" \
       org.opencontainers.image.created=${BUILD_DATE} \
       org.opencontainers.image.revision=${BUILD_REV} \

nginx/.dockerignore

@@ -0,0 +1,2 @@
+*
+!etc/nginx/

nginx/Dockerfile

@@ -0,0 +1,28 @@
+FROM docker.io/library/nginx:1.25.3-alpine3.18-slim
+
+RUN rm -rfv /docker-entrypoint* /etc/nginx/conf.d/* /etc/nginx/nginx.conf /var/www/html /usr/share/nginx/html
+COPY etc/nginx/ /etc/nginx/
+RUN chmod a+rx /etc/nginx/entrypoint.sh /etc/nginx/entrypoint.d/*.sh
+RUN ls -RlAhF /etc/nginx/
+
+EXPOSE 80
+STOPSIGNAL SIGQUIT
+WORKDIR /var/www/html/
+ENTRYPOINT ["/etc/nginx/entrypoint.sh"]
+CMD ["nginx", "-g", "daemon off;"]
+
+ARG BUILD_REV
+ARG BUILD_DATE
+LABEL org.opencontainers.image.title="alwatr/nginx" \
+      org.opencontainers.image.description="NGINX web server slim (light), packaged by Alwatr." \
+      org.opencontainers.image.base.name="docker.io/library/nginx:1.25.3-alpine3.18-slim" \
+      org.opencontainers.image.version="1.1.0-n1.25.3" \
+      org.opencontainers.image.ref.name="1.1.0-n1.25.3-a3.18-slim" \
+      org.opencontainers.image.licenses="MIT" \
+      org.opencontainers.image.created=${BUILD_DATE} \
+      org.opencontainers.image.revision=${BUILD_REV} \
+      org.opencontainers.image.vendor="Alwatr" \
+      org.opencontainers.image.source="https://github.com/Alwatr/nginx" \
+      org.opencontainers.image.url="https://github.com/Alwatr/nginx" \
+      org.opencontainers.image.documentation="https://github.com/Alwatr/nginx" \
+      org.opencontainers.image.authors="S. Ali Mihandoost <[email protected]> (https://ali.mihandoost.com), S. Amir Mohammad Najafi <[email protected]> (https://njfamirm.ir/)"

nginx-core/conf/entrypoint.d/10-envsubst-on-templates.sh → nginx/etc/nginx/entrypoint.d/10-envsubst-on-templates.sh

@@ -1,5 +1,4 @@
 #!/bin/sh
-# vim:sw=2:ts=2:sts=2:et
 
 set -e
 

nginx-core/conf/entrypoint.sh → nginx/etc/nginx/entrypoint.sh

@@ -2,7 +2,6 @@
 
 set -e
 
-
 entrypoint_log() {
   if [ -z "${NGINX_ENTRYPOINT_QUIET_LOGS:-}" ]; then
     echo "$@"

original.bk/etc/init.d/nginx

@@ -0,0 +1,70 @@
+#!/sbin/openrc-run
+
+description="Nginx http and reverse proxy server"
+extra_commands="checkconfig"
+extra_started_commands="reload reopen upgrade"
+
+cfgfile=${cfgfile:-/etc/nginx/nginx.conf}
+pidfile=/var/run/nginx.pid
+command=/usr/sbin/nginx
+command_args="-c $cfgfile"
+required_files="$cfgfile"
+
+depend() {
+	need net
+	use dns logger netmount
+}
+
+start_pre() {
+	$command $command_args -t -q
+}
+
+checkconfig() {
+	ebegin "Checking $RC_SVCNAME configuration"
+	start_pre
+	eend $?
+}
+
+reload() {
+	ebegin "Reloading $RC_SVCNAME configuration"
+	start_pre && start-stop-daemon --signal HUP --pidfile $pidfile
+	eend $?
+}
+
+reopen() {
+	ebegin "Reopening $RC_SVCNAME log files"
+	start-stop-daemon --signal USR1 --pidfile $pidfile
+	eend $?
+}
+
+upgrade() {
+	start_pre || return 1
+
+	ebegin "Upgrading $RC_SVCNAME binary"
+
+	einfo "Sending USR2 to old binary"
+	start-stop-daemon --signal USR2 --pidfile $pidfile
+
+	einfo "Sleeping 3 seconds before pid-files checking"
+	sleep 3
+
+	if [ ! -f $pidfile.oldbin ]; then
+		eerror "File with old pid ($pidfile.oldbin) not found"
+		return 1
+	fi
+
+	if [ ! -f $pidfile ]; then
+		eerror "New binary failed to start"
+		return 1
+	fi
+
+	einfo "Sleeping 3 seconds before WINCH"
+	sleep 3 ; start-stop-daemon --signal 28 --pidfile $pidfile.oldbin
+
+	einfo "Sending QUIT to old binary"
+	start-stop-daemon --signal QUIT --pidfile $pidfile.oldbin
+
+	einfo "Upgrade completed"
+
+	eend $? "Upgrade failed"
+}

original.bk/etc/init.d/nginx-debug

@@ -0,0 +1,70 @@
+#!/sbin/openrc-run
+
+description="Nginx http and reverse proxy server"
+extra_commands="checkconfig"
+extra_started_commands="reload reopen upgrade"
+
+cfgfile=${cfgfile:-/etc/nginx/nginx.conf}
+pidfile=/var/run/nginx.pid
+command=/usr/sbin/nginx-debug
+command_args="-c $cfgfile"
+required_files="$cfgfile"
+
+depend() {
+	need net
+	use dns logger netmount
+}
+
+start_pre() {
+	$command $command_args -t -q
+}
+
+checkconfig() {
+	ebegin "Checking $RC_SVCNAME configuration"
+	start_pre
+	eend $?
+}
+
+reload() {
+	ebegin "Reloading $RC_SVCNAME configuration"
+	start_pre && start-stop-daemon --signal HUP --pidfile $pidfile
+	eend $?
+}
+
+reopen() {
+	ebegin "Reopening $RC_SVCNAME log files"
+	start-stop-daemon --signal USR1 --pidfile $pidfile
+	eend $?
+}
+
+upgrade() {
+	start_pre || return 1
+
+	ebegin "Upgrading $RC_SVCNAME binary"
+
+	einfo "Sending USR2 to old binary"
+	start-stop-daemon --signal USR2 --pidfile $pidfile
+
+	einfo "Sleeping 3 seconds before pid-files checking"
+	sleep 3
+
+	if [ ! -f $pidfile.oldbin ]; then
+		eerror "File with old pid ($pidfile.oldbin) not found"
+		return 1
+	fi
+
+	if [ ! -f $pidfile ]; then
+		eerror "New binary failed to start"
+		return 1
+	fi
+
+	einfo "Sleeping 3 seconds before WINCH"
+	sleep 3 ; start-stop-daemon --signal 28 --pidfile $pidfile.oldbin
+
+	einfo "Sending QUIT to old binary"
+	start-stop-daemon --signal QUIT --pidfile $pidfile.oldbin
+
+	einfo "Upgrade completed"
+
+	eend $? "Upgrade failed"
+}

original.bk/etc/logrotate.d/nginx

@@ -0,0 +1,15 @@
+/var/log/nginx/*.log {
+	daily
+	missingok
+	rotate 52
+	compress
+	delaycompress
+	notifempty
+	create 640 nginx adm
+	sharedscripts
+	postrotate
+		if [ -f /var/run/nginx.pid ]; then
+			kill -USR1 `cat /var/run/nginx.pid`
+		fi
+	endscript
+}

original.bk/etc/nginx/conf.d/default.conf

@@ -0,0 +1,44 @@
+server {
+    listen       80;
+    server_name  localhost;
+
+    #access_log  /var/log/nginx/host.access.log  main;
+
+    location / {
+        root   /usr/share/nginx/html;
+        index  index.html index.htm;
+    }
+
+    #error_page  404              /404.html;
+
+    # redirect server error pages to the static page /50x.html
+    #
+    error_page   500 502 503 504  /50x.html;
+    location = /50x.html {
+        root   /usr/share/nginx/html;
+    }
+
+    # proxy the PHP scripts to Apache listening on 127.0.0.1:80
+    #
+    #location ~ \.php$ {
+    #    proxy_pass   http://127.0.0.1;
+    #}
+
+    # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
+    #
+    #location ~ \.php$ {
+    #    root           html;
+    #    fastcgi_pass   127.0.0.1:9000;
+    #    fastcgi_index  index.php;
+    #    fastcgi_param  SCRIPT_FILENAME  /scripts$fastcgi_script_name;
+    #    include        fastcgi_params;
+    #}
+
+    # deny access to .htaccess files, if Apache's document root
+    # concurs with nginx's one
+    #
+    #location ~ /\.ht {
+    #    deny  all;
+    #}
+}
+

original.bk/etc/nginx/fastcgi.conf

@@ -0,0 +1,26 @@
+
+fastcgi_param  SCRIPT_FILENAME    $document_root$fastcgi_script_name;
+fastcgi_param  QUERY_STRING       $query_string;
+fastcgi_param  REQUEST_METHOD     $request_method;
+fastcgi_param  CONTENT_TYPE       $content_type;
+fastcgi_param  CONTENT_LENGTH     $content_length;
+
+fastcgi_param  SCRIPT_NAME        $fastcgi_script_name;
+fastcgi_param  REQUEST_URI        $request_uri;
+fastcgi_param  DOCUMENT_URI       $document_uri;
+fastcgi_param  DOCUMENT_ROOT      $document_root;
+fastcgi_param  SERVER_PROTOCOL    $server_protocol;
+fastcgi_param  REQUEST_SCHEME     $scheme;
+fastcgi_param  HTTPS              $https if_not_empty;
+
+fastcgi_param  GATEWAY_INTERFACE  CGI/1.1;
+fastcgi_param  SERVER_SOFTWARE    nginx/$nginx_version;
+
+fastcgi_param  REMOTE_ADDR        $remote_addr;
+fastcgi_param  REMOTE_PORT        $remote_port;
+fastcgi_param  SERVER_ADDR        $server_addr;
+fastcgi_param  SERVER_PORT        $server_port;
+fastcgi_param  SERVER_NAME        $server_name;
+
+# PHP only, required if PHP was built with --enable-force-cgi-redirect
+fastcgi_param  REDIRECT_STATUS    200;

original.bk/etc/nginx/fastcgi_params

@@ -0,0 +1,25 @@
+
+fastcgi_param  QUERY_STRING       $query_string;
+fastcgi_param  REQUEST_METHOD     $request_method;
+fastcgi_param  CONTENT_TYPE       $content_type;
+fastcgi_param  CONTENT_LENGTH     $content_length;
+
+fastcgi_param  SCRIPT_NAME        $fastcgi_script_name;
+fastcgi_param  REQUEST_URI        $request_uri;
+fastcgi_param  DOCUMENT_URI       $document_uri;
+fastcgi_param  DOCUMENT_ROOT      $document_root;
+fastcgi_param  SERVER_PROTOCOL    $server_protocol;
+fastcgi_param  REQUEST_SCHEME     $scheme;
+fastcgi_param  HTTPS              $https if_not_empty;
+
+fastcgi_param  GATEWAY_INTERFACE  CGI/1.1;
+fastcgi_param  SERVER_SOFTWARE    nginx/$nginx_version;
+
+fastcgi_param  REMOTE_ADDR        $remote_addr;
+fastcgi_param  REMOTE_PORT        $remote_port;
+fastcgi_param  SERVER_ADDR        $server_addr;
+fastcgi_param  SERVER_PORT        $server_port;
+fastcgi_param  SERVER_NAME        $server_name;
+
+# PHP only, required if PHP was built with --enable-force-cgi-redirect
+fastcgi_param  REDIRECT_STATUS    200;