Re-implement based on Debian base image

flownative/beach#185

Author: robertlemke

.github/build-env.sh

@@ -1,2 +1 @@
-#BUILD_ARG_NGINX_VERSION=$(wget -qO- https://versions.flownative.io/projects/base/channels/stable/versions/nginx.txt)
-export BUILD_ARG_NGINX_VERSION=1.14.0-0ubuntu1.7
+export BUILD_ARG_NGINX_VERSION=1.14.2-2+deb10u1

.github/workflows/docker.build.yaml

@@ -19,7 +19,7 @@ jobs:
           tag_ref: ${{ github.ref }}
           git_repository_url: https://github.com/${{ github.repository }}
           git_sha: ${{ github.sha }}
-          image_name: flownative/docker-beach-nginx/beach-nginx
+          image_name: flownative/docker-nginx/nginx
           registry_password: ${{ secrets.GITHUB_BOT_TOKEN }}
 
       - name: Dispatch

.github/workflows/docker.nightly.yaml

@@ -21,7 +21,7 @@ jobs:
         uses: flownative/action-docker-build@v1
         with:
           tag_ref: ${{ steps.latest_version.outputs.tag }}
-          image_name: flownative/docker-beach-nginx/beach-nginx
+          image_name: flownative/docker-nginx/nginx
           git_repository_url: https://github.com/${{ github.repository }}
           git_sha: ${{ github.sha }}
           registry_password: ${{ secrets.GITHUB_BOT_TOKEN }}

.github/workflows/docker.release.yaml

@@ -38,7 +38,7 @@ jobs:
           source_registry_password: ${{ secrets.GITHUB_BOT_TOKEN }}
           source_registry_endpoint: https://docker.pkg.github.com/v2/
 
-          target_image_name: eu.gcr.io/flownative-beach/beach-nginx
+          target_image_name: eu.gcr.io/flownative-beach/nginx
           target_registry_username: '_json_key'
           target_registry_password: ${{ secrets.GOOGLE_REGISTRY_PASSWORD }}
           target_registry_endpoint: https://eu.gcr.io/v2/
@@ -54,7 +54,7 @@ jobs:
           source_registry_password: ${{ secrets.GITHUB_BOT_TOKEN }}
           source_registry_endpoint: https://docker.pkg.github.com/v2/
 
-          target_image_name: eu.gcr.io/flownative-beach-a7c8b2/beach-nginx
+          target_image_name: eu.gcr.io/flownative-beach-a7c8b2/nginx
           target_registry_username: '_json_key'
           target_registry_password: ${{ secrets.GOOGLE_REGISTRY_PASSWORD_A7C8B2 }}
           target_registry_endpoint: https://eu.gcr.io/v2/
@@ -74,7 +74,7 @@ jobs:
           source_registry_password: ${{ secrets.GITHUB_BOT_TOKEN }}
           source_registry_endpoint: https://docker.pkg.github.com/v2/
 
-          target_image_name: flownative/beach-nginx
+          target_image_name: flownative/nginx
           target_registry_username: ${{ secrets.DOCKER_IO_REGISTRY_USER }}
           target_registry_password: ${{ secrets.DOCKER_IO_REGISTRY_PASSWORD }}
           target_registry_endpoint: https://index.docker.io/v1/

Dockerfile

@@ -1,4 +1,4 @@
-FROM docker.pkg.github.com/flownative/docker-base/base:1
+FROM docker.pkg.github.com/flownative/docker-base/base:buster
 MAINTAINER Robert Lemke <[email protected]>
 
 LABEL org.label-schema.name="Beach Nginx"
@@ -7,36 +7,35 @@ LABEL org.label-schema.vendor="Flownative GmbH"
 
 # -----------------------------------------------------------------------------
 # Nginx
-# Latest versions: https://packages.ubuntu.com/bionic/nginx
+# Latest versions: https://packages.debian.org/buster/nginx
 
 ARG NGINX_VERSION
 ENV NGINX_VERSION ${NGINX_VERSION}
 
-# Create the beach user and group
-RUN groupadd -r -g 1000 beach && \
-    useradd -s /bin/bash -r -g beach -G beach -p "*" -u 1000 beach && \
-    rm -f /var/log/* /etc/group~ /etc/gshadow~
-
-# Note: we need nginx-extras for the chunkin and more headers module and apache2-utils for the htpasswd command
-RUN apt-get update \
-    && apt-get install \
-        nginx-common=${NGINX_VERSION} \
-        nginx-extras=${NGINX_VERSION} \
-    && rm -rf /var/lib/apt/lists/* \
-    && rm -rf /var/log/apt \
-    && rm -rf /var/log/dpkg.log \
-    && rm -rf /var/www \
+ENV FLOWNATIVE_LIB_PATH=/opt/flownative/lib \
+    NGINX_BASE_PATH=/opt/flownative/nginx \
+    PATH="/opt/flownative/nginx/bin:$PATH" \
+    LOG_DEBUG=false
+
+COPY --from=docker.pkg.github.com/flownative/bash-library/bash-library:1 /lib $FLOWNATIVE_LIB_PATH
+
+# Note: We need nginx-extras for the chunkin and more headers module and apache2-utils for the htpasswd command.
+#       The gettext package provides "envsubst" for templating.
+RUN install_packages \
+    ca-certificates \
+    nginx-common=${NGINX_VERSION} \
+    nginx-extras=${NGINX_VERSION} \
+    gettext \
+    curl \
+    procps \
     && rm /etc/nginx/sites-available/default \
     && rm /etc/nginx/sites-enabled/default
 
-# Forward request and error logs to docker log collector
-RUN ln -sf /dev/stdout /var/log/nginx/access.log && \
-    ln -sf /dev/stderr /var/log/nginx/error.log
+COPY root-files /
+RUN /build.sh
 
-COPY service-nginx.sh /etc/service/nginx/run
-RUN chmod 755 /etc/service/nginx/run \
-    && chown root:root /etc/service/nginx/run
-COPY nginx.conf /etc/nginx/nginx.conf
-COPY mime.types /etc/nginx/
+EXPOSE 8080
 
-EXPOSE 80
+USER 1000
+ENTRYPOINT [ "/entrypoint.sh" ]
+CMD [ "/run.sh" ]

LICENSE

@@ -1,6 +1,6 @@
 The MIT License (MIT)
 
-Copyright (c) 2015-2019 Robert Lemke, Flownative GmbH
+Copyright (c) 2015-2020 Robert Lemke, Flownative GmbH
 
 Permission is hereby granted, free of charge, to any person obtaining a copy
 of this software and associated documentation files (the "Software"), to deal

README.md

@@ -9,10 +9,10 @@ of the tools as build arguments:
 
 ```bash
 docker build \
-    --build-arg NGINX_VERSION=1.14.0-0ubuntu1.6 \
-    -t flownative/beach-nginx:latest .
+    --build-arg NGINX_VERSION=1.14.2-2+deb10u1 \
+    -t flownative/nginx:latest .
 ```
 
 Check the latest stable release on the tool's respective websites:
 
-- Nginx: https://packages.ubuntu.com/bionic/nginx
+- Nginx: https://packages.debian.org/buster/nginx

root-files/build.sh

@@ -0,0 +1,35 @@
+#!/bin/bash
+
+set -o errexit
+set -o nounset
+set -o pipefail
+
+mkdir -p \
+    "${NGINX_BASE_PATH}/sbin" \
+    "${NGINX_BASE_PATH}/etc" \
+    "${NGINX_BASE_PATH}/tmp" \
+    "${NGINX_BASE_PATH}/log"
+
+mv /etc/nginx/* "${NGINX_BASE_PATH}/etc/"
+mv /usr/sbin/nginx "${NGINX_BASE_PATH}/sbin/"
+
+chown -R root:root "${NGINX_BASE_PATH}"
+chmod -R g+rwX "${NGINX_BASE_PATH}"
+chmod 664 "${NGINX_BASE_PATH}"/etc/*.conf
+
+# Forward request and error logs to docker log collector
+ln -sf /dev/stdout "${NGINX_BASE_PATH}/log/access.log"
+ln -sf /dev/stderr "${NGINX_BASE_PATH}/log/error.log"
+
+# Nginx will try to access /var/log/nginx once, before even reading its
+# configuration file. This results in a "permission denied" error, if
+# Nginx does not have access to the default directory. Therefore we
+# create it, but don't use it:
+mkdir  -p /var/log/nginx
+chown -R root:root /var/log/nginx
+chmod -R g+rwX /var/log/nginx
+
+# For backwards-compatibility, create the /application/Web directory:
+mkdir  -p /application/Web
+chown -R root:root /application/Web
+chmod -R g+rwX /application/Web

root-files/entrypoint.sh

@@ -0,0 +1,19 @@
+#!/bin/bash
+
+set -o errexit
+set -o nounset
+set -o pipefail
+
+# Load lib
+. "${FLOWNATIVE_LIB_PATH}/nginx.sh"
+. "${FLOWNATIVE_LIB_PATH}/nginx-legacy.sh"
+
+eval "$(nginx_env)"
+eval "$(nginx_legacy_env)"
+
+if [[ "$*" = *"/run.sh"* ]]; then
+    nginx_initialize
+    nginx_legacy_initialize
+fi
+
+exec "$@"