Towards working docker image

.gitlab-ci.yml

-
-stages:
-  - build
-  - docker-build
-  - docker-push
-
-build-rpms:
-  stage: build
-  image: centos:7
-  script: 
-    - env | sort
-    - yum -y install epel-release
-    - yum install -y wget openssl-devel zlib-devel pcre2-devel make rpmdevtools rpmlint boost-devel voms-devel gcc-c++
-    - source .devcontainer/assets/build-library.sh 
-    - CI_PROJECT_DIR=$PWD
-    - downloadNginx
-    - buildHttpgNginxRPM
-    - buildVomsModuleRPM
-    - cd ${CI_PROJECT_DIR}/docker && mkdir artifacts
-    - cp ~/rpmbuild/SRPMS/* artifacts/ 
-    - cp ~/rpmbuild/RPMS/x86_64/* artifacts/
-  artifacts:
-    paths:
-      - docker/artifacts/
-
-docker-build-rpms:
-  stage: docker-build
-  image: docker:latest
-  services:
-    - name: docker:dind
-      command: ["--tls=false"]
-  dependencies:
-    - build-rpms
-  script:
-    - apk add git bash
-    - git clone https://baltig.infn.it/mw-devel/helper-scripts.git helper-scripts
-    - cp helper-scripts/scripts/* /usr/local/bin
-    - rm ${CI_PROJECT_DIR}/docker/artifacts/*-debuginfo*.rpm
-    - docker login -u gitlab-ci-token -p ${CI_JOB_TOKEN} ${CI_REGISTRY}
-    - export DOCKER_REGISTRY_HOST=${CI_REGISTRY}
-    - export DOCKER_REGISTRY_NAMESPACE=${CI_PROJECT_PATH}
-    - cd docker && build-docker-image.sh && push-docker-image.sh
-
-push-to-dockerhub:
-  stage: docker-push
-  image: docker:latest
-  services:
-    - name: docker:dind
-      command: ["--tls=false"]
-  dependencies:
-    - docker-build-rpms
-  script:
-    - apk add git bash
-    - git clone https://baltig.infn.it/mw-devel/helper-scripts.git helper-scripts
-    - cp helper-scripts/scripts/* /usr/local/bin
-    - export DOCKER_PUSH_TO_DOCKERHUB=y
-    - env | sort
-    - docker login -u gitlab-ci-token -p ${CI_JOB_TOKEN} ${CI_REGISTRY}
-    - export DOCKER_REGISTRY_HOST=${CI_REGISTRY}
-    - export DOCKER_REGISTRY_NAMESPACE=${CI_PROJECT_PATH}
-    - cd docker && pull-docker-image.sh && unset DOCKER_REGISTRY_HOST
-    - docker login -u ${DOCKERHUB_USER} -p ${DOCKERHUB_PASSWORD} && push-docker-image.sh
-  only:
-    - master
\ No newline at end of file

docker/Dockerfile

@@ -5,11 +5,13 @@ FROM centos:7
 
 ENV DOCKER_IN_DOCKER_ENABLED=true
 ENV PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/root/go/bin
+ENV LD_LIBRARY_PATH=/usr/lib:/usr/lib64:/usr/local/lib:/usr/local/lib64:/opt/nginx/lib:/opt/nginx/auto/lib
+
 VOLUME /var/run/docker.sock:/var/run/docker.sock
 
 # Allow customization of nginx user ID and name
 ARG USERNAME=nginx
-ARG USER_UID=1000
+ARG USER_UID=101
 ARG USER_GID=${USER_UID}
 
 # install dependencies
@@ -39,11 +41,64 @@ RUN rpm -ivh /pkgs/nginx-httpg-1.24.0-1.el7.ngx.x86_64.rpm && \
 
 EXPOSE 80
 EXPOSE 443
+EXPOSE 8443
 
 STOPSIGNAL SIGQUIT
 
+RUN yum install -y centos-release-scl && \
+    yum install -y devtoolset-7 cmake3 && \
+    source /opt/rh/devtoolset-7/enable && \
+    git clone https://github.com/microsoft/mimalloc.git && \
+    cd mimalloc && mkdir build && cd build && \
+    cmake3 .. && make && make install && \
+    ln -s /usr/local/lib64/libmimalloc.so /usr/local/lib/libmimalloc.so && \
+    cd ../.. && rm -rf mimalloc
+
 RUN git clone https://github.com/kubernetes/ingress-nginx.git && \
     cd ingress-nginx && git checkout tags/controller-v1.5.1 && \
-    make build && mv rootfs/bin/amd64/* /
+    make build && mv rootfs/bin/amd64/* / && \
+    mv rootfs/etc/nginx/* /etc/nginx/ && \
+    cd .. && rm -rf ingress-nginx && \
+    setcap cap_net_bind_service+ep /nginx-ingress-controller && \
+    mkdir -p /etc/ingress-controller && \
+    mkdir -p /etc/nginx/geoip && \
+    mkdir -p /tmp/nginx && \
+    mkdir -p /opt/nginx && \
+    mkdir -p /tmp/luajit2 && \
+    mkdir -p /tmp/ngx_devel_kit && \
+    mkdir -p /tmp/lua-nginx-module && \
+    mkdir -p /tmp/lua-resty-core && \
+    mkdir -p /tmp/lua-resty-lrucache && \
+    chown nginx: -R /etc/ingress-controller && \
+    chown nginx: -R /etc/nginx && \
+    chown nginx: -R /tmp/nginx && \
+    chown nginx: -R /opt/nginx
+
+ENV LUAJIT_LIB=/usr/local/lib/lua/5.1
+ENV LUAJIT_INC=/usr/local/include/luajit-2.1
+
+RUN NGINX_VERSION=$(nginx -V 2>&1 |sed -n -e 's/nginx version: //p' |cut -d'/' -f2); \
+    curl -L "http://nginx.org/download/nginx-${NGINX_VERSION}.tar.gz" | tar -C /opt/nginx --strip-components=1 -xz && \
+    curl -L "https://github.com/openresty/luajit2/archive/refs/tags/v2.1-20230410.tar.gz" | tar -C /tmp/luajit2 --strip-components=1 -xz && \
+    curl -L "https://github.com/vision5/ngx_devel_kit/archive/refs/tags/v0.3.2.tar.gz" | tar -C /tmp/ngx_devel_kit --strip-components=1 -xz && \
+    curl -L "https://github.com/openresty/lua-nginx-module/archive/refs/tags/v0.10.24.tar.gz" | tar -C /tmp/lua-nginx-module --strip-components=1 -xz && \
+    curl -L "https://github.com/openresty/lua-resty-core/archive/refs/tags/v0.1.24.tar.gz" | tar -C /tmp/lua-resty-core --strip-components=1 -xz && \
+    curl -L "https://github.com/openresty/lua-resty-lrucache/archive/refs/tags/v0.13.tar.gz" | tar -C /tmp/lua-resty-lrucache --strip-components=1 -xz && \
+    source /opt/rh/devtoolset-7/enable && \
+    cd /tmp/luajit2 && make && make install && \
+    cd /opt/nginx &&  ./configure \
+    --with-ld-opt="-Wl,-rpath,/usr/local/lib/lua/5.1" \
+    --add-dynamic-module=/tmp/ngx_devel_kit \
+    --add-dynamic-module=/tmp/lua-nginx-module \
+    --with-pcre --with-stream --with-http_ssl_module && \
+    make -j2 && make install && \
+    cd /tmp/lua-resty-core && \
+    make install PREFIX=/opt/nginx && \
+    cd /tmp/lua-resty-lrucache && \
+    make install PREFIX=/opt/nginx && \
+    ln -s /usr/local/nginx/sbin/nginx /usr/bin/nginx && \
+    ln -s /usr/local/nginx/modules/ngx_http_lua_module.so /etc/nginx/modules/ngx_http_lua_module.so && \
+    ln -s /usr/local/nginx/modules/ndk_http_module.so /etc/nginx/modules/ndk_http_module.so && \
+    chown nginx: -R /usr/local/nginx
 
 CMD ["/nginx-ingress-controller"]

docker/library-scripts/provide-deps.sh

@@ -19,6 +19,7 @@ yum -y install \
     gettext \
     less \
     openssl \
+    openssl-devel \
     zlib-devel \
     pcre2-devel \
     boost-devel \