LAB-linuxserver/docker-baseimage-alpine-nginx
1
0
Fork 0
mirror of https://github.com/linuxserver/docker-baseimage-alpine-nginx.git synced 2026-02-20 01:03:46 +08:00
Code Issues Packages Projects Releases Wiki Activity

Roll back new folder structure

Browse Source
This commit is contained in:
Eric Nemchik 2022-07-23 19:25:11 -05:00
parent 299af756bc
commit 8cfaa03acb
10 changed files with 53 additions and 107 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
Dockerfile
View File

@ -1,4 +1,4 @@
FROM ghcr.io/linuxserver/baseimage-alpine:3.15
FROM ghcr.io/linuxserver/baseimage-alpine:3.16
# install packages
RUN \

2
Dockerfile.aarch64
View File

@ -1,4 +1,4 @@
FROM ghcr.io/linuxserver/baseimage-alpine:arm64v8-3.15
FROM ghcr.io/linuxserver/baseimage-alpine:arm64v8-3.16
# install packages
RUN \

2
Dockerfile.armhf
View File

@ -1,4 +1,4 @@
FROM ghcr.io/linuxserver/baseimage-alpine:arm32v7-3.15
FROM ghcr.io/linuxserver/baseimage-alpine:arm32v7-3.16
# install packages
RUN \

2
jenkins-vars.yml
View File

@ -4,7 +4,7 @@
project_name: docker-baseimage-alpine-nginx
external_type: os
release_type: stable
release_tag: "3.15"
release_tag: "3.16"
ls_branch: master
repo_vars:
- BUILD_VERSION_ARG = 'OS'

59
root/defaults/nginx/nginx.conf.sample
View File

@ -1,7 +1,7 @@
## Version 2021/11/25 - Changelog: https://github.com/linuxserver/docker-baseimage-alpine-nginx/commits/master/root/defaults/nginx.conf.sample
## Version 2022/07/23 - Changelog: https://github.com/linuxserver/docker-baseimage-alpine-nginx/commits/master/root/defaults/nginx.conf.sample
### Based on alpine defaults
# https://git.alpinelinux.org/aports/tree/main/nginx/nginx.conf?h=3.14-stable
# https://git.alpinelinux.org/aports/tree/main/nginx/nginx.conf?h=3.16-stable
user abc;
@ -36,6 +36,7 @@ http {
# Name servers used to resolve names of upstream servers into addresses.
# It's also needed when using tcpsocket and udpsocket in Lua modules.
#resolver 1.1.1.1 1.0.0.1 2606:4700:4700::1111 2606:4700:4700::1001;
include /config/nginx/resolver.conf;
# Don't tell nginx version to the clients. Default is 'on'.
server_tokens off;
@ -54,13 +55,50 @@ http {
# instead of using partial frames. Default is 'off'.
tcp_nopush on;
### Mozilla Recommendations
# generated 2022-07-23, Mozilla Guideline v5.6, nginx 1.17.7, OpenSSL 1.1.1k, intermediate configuration
# https://ssl-config.mozilla.org/#server=nginx&version=1.17.7&config=intermediate&openssl=1.1.1k&guideline=5.6
ssl_certificate /config/keys/cert.crt;
ssl_certificate_key /config/keys/cert.key;
ssl_session_timeout 1d;
ssl_session_cache shared:MozSSL:10m; # about 40000 sessions
ssl_session_tickets off;
# curl https://ssl-config.mozilla.org/ffdhe2048.txt > /path/to/dhparam
ssl_dhparam /config/nginx/dhparams.pem;
# intermediate configuration
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384;
ssl_prefer_server_ciphers off;
# HSTS (ngx_http_headers_module is required) (63072000 seconds)
#add_header Strict-Transport-Security "max-age=63072000" always;
# OCSP stapling
ssl_stapling on;
ssl_stapling_verify on;
# verify chain of trust of OCSP response using Root CA and Intermediate certs
ssl_trusted_certificate /config/keys/cert.crt;
# Optional additional headers
#add_header Cache-Control "no-transform" always;
#add_header Content-Security-Policy "upgrade-insecure-requests; frame-ancestors 'self'";
#add_header Permissions-Policy "interest-cohort=()";
#add_header Referrer-Policy "same-origin" always;
#add_header X-Content-Type-Options "nosniff" always;
#add_header X-Frame-Options "SAMEORIGIN" always;
#add_header X-UA-Compatible "IE=Edge" always;
#add_header X-XSS-Protection "1; mode=block" always;
# Enable gzipping of responses.
#gzip on;
# Set the Vary HTTP header as defined in the RFC 2616. Default is 'off'.
gzip_vary on;
# Helper variable for proxying websockets.
map $http_upgrade $connection_upgrade {
default upgrade;
@ -70,24 +108,9 @@ http {
# Sets the path, format, and configuration for a buffered log write.
access_log /config/log/nginx/access.log;
### Linuxserver.io Defaults
client_body_buffer_size 128k; # default: client_body_buffer_size 8k|16k;
#keepalive_timeout 75s; # default: keepalive_timeout 75s;
large_client_header_buffers 4 16k; # default: large_client_header_buffers 4 8k;
send_timeout 5m; # default: send_timeout 60s;
#server_name_in_redirect off; # default: server_name_in_redirect off;
#server_names_hash_bucket_size 64; # default: server_names_hash_bucket_size 32|64|128;
#tcp_nodelay on; # default: tcp_nodelay on;
types_hash_max_size 2048; # default: types_hash_max_size 1024;
variables_hash_max_size 2048; # default: variables_hash_max_size 1024;
# Includes virtual hosts configs.
include /config/nginx/site-confs/*.conf;
#Removed lua. Do not remove this comment
# Include configs for http block.
include /config/nginx/http-confs/*.conf;
}
daemon off;

47
root/defaults/nginx/server-confs/ssl.conf.sample
View File

@ -1,47 +0,0 @@
## Version 2021/11/25 - Changelog: https://github.com/linuxserver/docker-baseimage-alpine-nginx/commits/master/root/defaults/nginx/server-confs/ssl.conf.sample
### Mozilla Recommendations
# generated 2021-10-16, Mozilla Guideline v5.6, nginx 1.20.1-r3, OpenSSL 1.1.1l-r0, intermediate configuration
# https://ssl-config.mozilla.org/#server=nginx&version=1.20.1-r3&config=intermediate&openssl=1.1.1l-r0&guideline=5.6
listen 443 ssl http2;
listen [::]:443 ssl http2;
ssl_certificate /config/keys/cert.crt;
ssl_certificate_key /config/keys/cert.key;
ssl_session_timeout 1d;
ssl_session_cache shared:MozSSL:10m; # about 40000 sessions
ssl_session_tickets off;
# curl https://ssl-config.mozilla.org/ffdhe2048.txt > /path/to/dhparam
ssl_dhparam /config/nginx/dhparams.pem;
# intermediate configuration
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384;
ssl_prefer_server_ciphers off;
# HSTS (ngx_http_headers_module is required) (63072000 seconds)
#add_header Strict-Transport-Security "max-age=63072000" always;
# OCSP stapling
ssl_stapling on;
ssl_stapling_verify on;
# verify chain of trust of OCSP response using Root CA and Intermediate certs
ssl_trusted_certificate /config/keys/cert.crt;
### Linuxserver.io Defaults
# Enable TLS 1.3 early data
ssl_early_data on;
# Optional additional headers
#add_header Cache-Control "no-transform" always;
#add_header Content-Security-Policy "upgrade-insecure-requests; frame-ancestors 'self'";
#add_header Permissions-Policy "interest-cohort=()";
#add_header Referrer-Policy "same-origin" always;
#add_header X-Content-Type-Options "nosniff" always;
#add_header X-Frame-Options "SAMEORIGIN" always;
#add_header X-UA-Compatible "IE=Edge" always;
#add_header X-XSS-Protection "1; mode=block" always;

16
root/defaults/nginx/site-confs/default.conf.sample
View File

@ -1,8 +1,6 @@
## Version 2021/11/25 - Changelog: https://github.com/linuxserver/docker-baseimage-alpine-nginx/commits/master/root/defaults/nginx/site-confs/default.conf.sample
## Version 2022/07/23 - Changelog: https://github.com/linuxserver/docker-baseimage-alpine-nginx/commits/master/root/defaults/nginx/site-confs/default.conf.sample
server {
include /config/nginx/server-confs/*.conf;
listen 80 default_server;
listen [::]:80 default_server;
@ -15,16 +13,10 @@ server {
root $root;
index index.html index.htm index.php;
set $htpasswd_file /config/nginx/.htpasswd;
set $auth_basic "Restricted";
if (!-f $htpasswd_file) {
set $auth_basic off;
}
location / {
include /config/nginx/location-confs/*.conf;
auth_basic $auth_basic;
auth_basic_user_file $htpasswd_file;
# enable for basic auth
#auth_basic "Restricted";
#auth_basic_user_file /config/nginx/.htpasswd;
try_files $uri $uri/ /index.html /index.php?$args =404;
}

2
root/etc/cont-init.d/11-folders
View File

@ -4,7 +4,7 @@
mkdir -p \
/config/{keys,php,www} \
/config/log/{nginx,php} \
/config/nginx/{http-confs,location-confs,server-confs,site-confs} \
/config/nginx/site-confs \
/run \
/var/lib/nginx/tmp/client_body \
/var/tmp/nginx

21
root/etc/cont-init.d/12-samples
View File

@ -13,27 +13,6 @@ find /defaults/nginx/ \
-type f \
-exec cp "{}" /config/nginx/ +
[[ -d /defaults/nginx/http-confs/ ]] &&
find /defaults/nginx/http-confs/ \
-maxdepth 1 \
-name "*.conf.sample" \
-type f \
-exec cp "{}" /config/nginx/http-confs/ +
[[ -d /defaults/nginx/location-confs/ ]] &&
find /defaults/nginx/location-confs/ \
-maxdepth 1 \
-name "*.conf.sample" \
-type f \
-exec cp "{}" /config/nginx/location-confs/ +
[[ -d /defaults/nginx/server-confs/ ]] &&
find /defaults/nginx/server-confs/ \
-maxdepth 1 \
-name "*.conf.sample" \
-type f \
-exec cp "{}" /config/nginx/server-confs/ +
[[ -d /defaults/nginx/site-confs/ ]] &&
find /defaults/nginx/site-confs/ \
-maxdepth 1 \

7
root/etc/cont-init.d/13-nginx
View File

@ -25,8 +25,8 @@ if ! grep -q 'PARAMETERS' "/config/nginx/dhparams.pem"; then
fi
# Set resolver, ignore ipv6 addresses
touch /config/nginx/http-confs/resolver.conf
if ! grep -q 'resolver' /config/nginx/http-confs/resolver.conf; then
touch /config/nginx/resolver.conf
if ! grep -q 'resolver' /config/nginx/resolver.conf; then
RESOLVERRAW=$(awk 'BEGIN{ORS=" "} $1=="nameserver" {print $2}' /etc/resolv.conf)
for i in ${RESOLVERRAW}; do
if [[ "$(awk -F ':' '{print NF-1}' <<< "${i}")" -le 2 ]]; then
@ -38,8 +38,7 @@ if ! grep -q 'resolver' /config/nginx/http-confs/resolver.conf; then
fi
echo "Setting resolver to ${RESOLVER}"
RESOLVEROUTPUT="# This file is auto-generated only on first start, based on the container's /etc/resolv.conf file. Feel free to modify it as you wish.\n\nresolver ${RESOLVER} valid=30s;"
echo -e "${RESOLVEROUTPUT}" > /config/nginx/http-confs/resolver.conf
echo -e "${RESOLVEROUTPUT}" > /config/nginx/location-confs/resolver.conf
echo -e "${RESOLVEROUTPUT}" > /config/nginx/resolver.conf
fi
# Set worker_processes