Skip to content
Snippets Groups Projects
Commit 64033f05 authored by Federico Fornari's avatar Federico Fornari
Browse files

Added openresty image

parent 1f536b89
No related branches found
No related tags found
No related merge requests found
# Copyright 2018-2023 Istituto Nazionale di Fisica Nucleare
# SPDX-License-Identifier: EUPL-1.2
FROM centos:7
ENV DOCKER_IN_DOCKER_ENABLED=true
ENV PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/root/go/bin
ENV LD_LIBRARY_PATH=/usr/lib:/usr/lib64:/usr/local/lib:/usr/local/lib64:/opt/nginx/lib:/opt/nginx/auto/lib
ENV LUAJIT_LIB=/usr/local/lib/lua/5.1
ENV LUAJIT_INC=/usr/local/include/luajit-2.1
ENV NGINX_VERSION=1.19.3.2
VOLUME /var/run/docker.sock:/var/run/docker.sock
# Allow customization of nginx user ID and name
ARG USERNAME=nginx
ARG USER_UID=101
ARG USER_GID=${USER_UID}
EXPOSE 80
EXPOSE 443
EXPOSE 8443
STOPSIGNAL SIGQUIT
# install dependencies
COPY library-scripts/*.sh /tmp/library-scripts/
RUN yum update -y && \
sh /tmp/library-scripts/provide-deps.sh && \
sh /tmp/library-scripts/provide-user.sh ${USERNAME} ${USER_UID} ${USER_GID} && \
mkdir /pkgs && \
yum install -y yum-utils device-mapper-persistent-data lvm2 centos-release-scl && \
yum-config-manager --add-repo https://download.docker.com/linux/centos/docker-ce.repo && \
yum install -y docker-ce docker-ce-cli containerd.io devtoolset-7 cmake3 && \
yum clean all && rm -rf /var/cache/yum && \
source /opt/rh/devtoolset-7/enable && \
git clone https://github.com/microsoft/mimalloc.git && \
cd mimalloc && mkdir build && cd build && \
cmake3 .. && make && make install && \
ln -s /usr/local/lib64/libmimalloc.so /usr/local/lib/libmimalloc.so && \
cd ../.. && rm -rf mimalloc && \
git clone https://github.com/kubernetes/ingress-nginx.git && \
cd ingress-nginx && git checkout tags/controller-v1.5.1 && \
make build && \
sed -i "s/ ajp_temp_path \/tmp\/nginx\/ajp-temp;\
/# ajp_temp_path \/tmp\/nginx\/ajp-temp;/g" \
rootfs/etc/nginx/template/nginx.tmpl && \
sed -i '/ lua_package_path "\/etc\/nginx\/lua\/?.lua;;";/a \ \ \ \ lua_package_cpath "\/usr\/local\/lib\/lua\/?.so;;";' \
rootfs/etc/nginx/template/nginx.tmpl && \
mv rootfs/bin/amd64/* / && \
mkdir -p /etc/ingress-controller && \
mkdir -p /etc/nginx/modules && \
mkdir -p /etc/nginx/geoip && \
mkdir -p /tmp/nginx && \
mkdir -p /opt/nginx && \
mkdir -p /var/log/nginx && \
mkdir -p /var/lib/nginx && \
mkdir -p /tmp/luajit2 && \
mkdir -p /tmp/ngx_devel_kit && \
mkdir -p /tmp/lua-nginx-module && \
mkdir -p /tmp/lua-cjson && \
mkdir -p /tmp/lua-resty-http && \
mkdir -p /tmp/lua-resty-dns && \
mkdir -p /tmp/lua-resty-global-throttle && \
mkdir -p /tmp/lua-resty-ipmatcher && \
mkdir -p /tmp/lua-resty-roundrobin && \
mkdir -p /tmp/lua-resty-cookie && \
mkdir -p /tmp/lua-resty-lock && \
mkdir -p /tmp/lua-resty-core && \
mkdir -p /tmp/lua-resty-lrucache && \
mkdir -p /tmp/stream-lua-nginx-module && \
mv rootfs/etc/nginx/* /etc/nginx/ && \
cd .. && rm -rf ingress-nginx && \
setcap cap_net_bind_service=+eip /nginx-ingress-controller && \
setcap cap_net_bind_service=+eip /wait-shutdown && \
setcap cap_net_bind_service=+eip /dbg && \
chown nginx: -R /etc/ingress-controller && \
chown nginx: -R /var/log/nginx && \
chown nginx: -R /var/lib/nginx && \
chown nginx: -R /tmp/nginx && \
chown nginx: -R /opt/nginx
RUN curl -L "http://openresty.org/download/openresty-${NGINX_VERSION}.tar.gz" | tar -C /opt/nginx --strip-components=1 -xz && \
curl -L "https://github.com/openresty/luajit2/archive/refs/tags/v2.1-20220915.tar.gz" | tar -C /tmp/luajit2 --strip-components=1 -xz && \
curl -L "https://github.com/vision5/ngx_devel_kit/archive/refs/tags/v0.3.2.tar.gz" | tar -C /tmp/ngx_devel_kit --strip-components=1 -xz && \
curl -L "https://github.com/openresty/lua-nginx-module/archive/refs/tags/v0.10.20.tar.gz" | tar -C /tmp/lua-nginx-module --strip-components=1 -xz && \
curl -L "https://mirrors-cdn.liferay.com/geolite.maxmind.com/download/geoip/database/GeoIP.dat.gz" | gunzip -c > /etc/nginx/geoip/GeoIP.dat && \
curl -L "https://mirrors-cdn.liferay.com/geolite.maxmind.com/download/geoip/database/GeoIPASNum.dat.gz" | gunzip -c > /etc/nginx/geoip/GeoIPASNum.dat && \
curl -L "https://mirrors-cdn.liferay.com/geolite.maxmind.com/download/geoip/database/GeoLiteCity.dat.xz" | xz -d > /etc/nginx/geoip/GeoLiteCity.dat && \
git clone https://baltig.infn.it/cnafsd/ngx_http_voms_module.git /tmp/ngx_http_voms_module && \
cd /tmp/luajit2 && make && make install && \
cd /opt/nginx && ./configure \
--with-ld-opt="-Wl,-lpcre,-rpath,/usr/local/lib/lua/5.1" \
--add-dynamic-module=/tmp/ngx_devel_kit \
--add-dynamic-module=/tmp/lua-nginx-module \
--add-dynamic-module=/tmp/ngx_http_voms_module \
--with-pcre --with-stream --with-http_ssl_module \
--with-threads --with-http_geoip_module --with-stream \
--with-http_v2_module --with-http_stub_status_module \
--with-stream_ssl_module \
&& \
make -j2 && make install && \
ln -s /opt/nginx/lib/lua/ngx /etc/nginx/lua/ngx && \
ln -s /opt/nginx/lib/lua/resty /etc/nginx/lua/resty && \
ln -s /usr/local/nginx/sbin/nginx /usr/bin/nginx && \
ln -s /usr/local/nginx/modules/ngx_http_voms_module.so /etc/nginx/modules/ngx_http_voms_module.so && \
ln -s /usr/local/nginx/modules/ngx_http_lua_module.so /etc/nginx/modules/ngx_http_lua_module.so && \
ln -s /usr/local/nginx/modules/ndk_http_module.so /etc/nginx/modules/ndk_http_module.so && \
ln -s /usr/local/nginx/conf /etc/nginx/conf && \
chown nginx: -R /etc/nginx && \
chown nginx: -R /usr/local/openresty && \
setcap cap_net_bind_service=+eip /usr/local/openresty/nginx/sbin/nginx && \
ln -s /usr/local/lib/libluajit-5.1.so /usr/lib64/libluajit-5.1.so.2 && \
ln -s /usr/lib64/lua/5.1/cjson.so /usr/local/lib/lua/5.1/cjson.so && \
rm -rf /tmp/lua* /tmp/ngx* /tmp/stream*
RUN curl -L "http://repository.egi.eu/sw/production/cas/1/current/tgz/" -o index.html && \
mkdir -p tgz /etc/grid-security/certificates && \
for tgz in $(cat index.html | awk -F'"' '{print $2}' | grep tar.gz); \
do curl -L "http://repository.egi.eu/sw/production/cas/1/current/tgz/$tgz" -o tgz/$tgz; \
done && for tgz in $(ls tgz/); do tar xzf tgz/$tgz --strip-components=1 -C /etc/grid-security/certificates/; \
done && for f in $(find /etc/grid-security/certificates/ -type f -name "*.pem"); \
do cat $f >> /etc/ssl/certs/ca-certificates.crt; done && \
curl -L "https://crt.sh/?d=2475254782" -o /etc/ssl/certs/geant-ov-rsa-ca.crt && \
cat /etc/ssl/certs/geant-ov-rsa-ca.crt >> /etc/ssl/certs/ca-certificates.crt && rm -rf tgz && \
mkdir -p /etc/grid-security/vomsdir/juno && \
mkdir -p /etc/vomses/ && \
echo '"juno" "lcgvoms02.jinr.ru" "15008" "/C=RU/O=RDIG/OU=hosts/OU=jinr.ru/CN=lcgvoms02.jinr.ru" "juno" "24"' \
| tee /etc/vomses/juno-lcgvoms02.jinr.ru && \
echo '"juno" "voms.ihep.ac.cn" "15008" "/C=CN/O=HEP/OU=CC/O=IHEP/CN=voms.ihep.ac.cn" "juno" "24"' \
| tee /etc/vomses/juno-voms.ihep.ac.cn && \
echo '"juno" "voms-juno.cloud.cnaf.infn.it" "15008" "/DC=org/DC=terena/DC=tcs/C=IT/ST=Roma/O=Istituto Nazionale di Fisica Nucleare/CN=voms-juno.cloud.cnaf.infn.it" "juno" "24"' \
| tee /etc/vomses/juno-voms-juno.cloud.cnaf.infn.it && \
echo $'/C=RU/O=RDIG/OU=hosts/OU=jinr.ru/CN=lcgvoms02.jinr.ru \n\
/C=RU/O=RDIG/CN=Russian Data-Intensive Grid CA' | tee /etc/grid-security/vomsdir/juno/lcgvoms02.jinr.ru.lsc && \
echo $'/C=CN/O=HEP/OU=CC/O=IHEP/CN=voms.ihep.ac.cn \n\
/C=CN/O=HEP/CN=Institute of High Energy Physics Certification Authority' | tee /etc/grid-security/vomsdir/juno/voms.ihep.ac.cn.lsc && \
echo $'/DC=org/DC=terena/DC=tcs/C=IT/ST=Roma/O=Istituto Nazionale di Fisica Nucleare/CN=voms-juno.cloud.cnaf.infn.it \n\
/C=NL/O=GEANT Vereniging/CN=GEANT eScience SSL CA 4' | tee /etc/grid-security/vomsdir/juno/voms-juno.cloud.cnaf.infn.it.lsc
CMD ["/nginx-ingress-controller"]
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment