From 811829de60f8e0c2c69e67a0e6044eab4a5b1627 Mon Sep 17 00:00:00 2001
From: Manuel de Brito Fontes <aledbf@gmail.com>
Date: Sun, 12 Nov 2017 00:34:40 -0300
Subject: [PATCH] Release nginx 0.29

---
 images/nginx-slim/README.md             | 25 --------------
 images/{nginx-slim => nginx}/Dockerfile |  6 ++--
 images/{nginx-slim => nginx}/Makefile   | 16 +++++----
 images/nginx/README.md                  | 36 ++++++++++++++++++++
 images/{nginx-slim => nginx}/build.sh   | 45 +++++++++++++------------
 images/{nginx-slim => nginx}/rc.yaml    | 19 ++++++-----
 6 files changed, 84 insertions(+), 63 deletions(-)
 delete mode 100644 images/nginx-slim/README.md
 rename images/{nginx-slim => nginx}/Dockerfile (94%)
 rename images/{nginx-slim => nginx}/Makefile (93%)
 create mode 100644 images/nginx/README.md
 rename images/{nginx-slim => nginx}/build.sh (93%)
 rename images/{nginx-slim => nginx}/rc.yaml (61%)

diff --git a/images/nginx-slim/README.md b/images/nginx-slim/README.md
deleted file mode 100644
index 499d7a321..000000000
--- a/images/nginx-slim/README.md
+++ /dev/null
@@ -1,25 +0,0 @@
-
-nginx 1.13.x base image using [ubuntu-slim](https://github.com/kubernetes/ingress-nginx/tree/master/images/ubuntu-slim)
-
-nginx [engine x] is an HTTP and reverse proxy server, a mail proxy server, and a generic TCP proxy server.
-
-This custom nginx image contains:
-
-- [stream](http://nginx.org/en/docs/stream/ngx_stream_core_module.html) tcp support for upstreams
-- nginx stats [nginx-module-vts](https://github.com/vozlt/nginx-module-vts)
-- [Dynamic TLS record sizing](https://blog.cloudflare.com/optimizing-tls-over-tcp-to-reduce-latency/)
-
-**How to use this image:**
-This image does provides a default configuration file with no backend servers.
-
-*Using docker*
-
-```console
-docker run -v /some/nginx.con:/etc/nginx/nginx.conf:ro quay.io/kubernetes-ingress-controller/nginx-slim:0.28
-```
-
-*Creating a replication controller*
-
-```console
-kubectl create -f ./rc.yaml
-```
diff --git a/images/nginx-slim/Dockerfile b/images/nginx/Dockerfile
similarity index 94%
rename from images/nginx-slim/Dockerfile
rename to images/nginx/Dockerfile
index dbbffcc5f..4144ae3a7 100644
--- a/images/nginx-slim/Dockerfile
+++ b/images/nginx/Dockerfile
@@ -17,9 +17,11 @@ FROM BASEIMAGE
 
 CROSS_BUILD_COPY qemu-ARCH-static /usr/bin/
 
-COPY build.sh /tmp
+COPY build.sh /
 
-RUN /tmp/build.sh
+RUN clean-install bash
+
+RUN /build.sh
 
 # Create symlinks to redirect nginx logs to stdout and stderr docker log collector
 # This only works if nginx is started with CMD or ENTRYPOINT
diff --git a/images/nginx-slim/Makefile b/images/nginx/Makefile
similarity index 93%
rename from images/nginx-slim/Makefile
rename to images/nginx/Makefile
index c7029a543..3195b96e1 100644
--- a/images/nginx-slim/Makefile
+++ b/images/nginx/Makefile
@@ -13,12 +13,12 @@
 # limitations under the License.
 
 # 0.0.0 shouldn't clobber any released builds
-TAG ?= 0.28
+TAG ?= 0.29
 REGISTRY ?= quay.io/kubernetes-ingress-controller
 ARCH ?= $(shell go env GOARCH)
 DOCKER ?= gcloud docker --
 
-ALL_ARCH = amd64 arm arm64 ppc64le
+ALL_ARCH = amd64 arm arm64 ppc64le s390x
 SED_I?=sed -i
 GOHOSTOS ?= $(shell go env GOHOSTOS)
 
@@ -28,22 +28,25 @@ endif
 
 QEMUVERSION=v2.9.1
 
-IMGNAME = nginx-slim
+IMGNAME = nginx
 IMAGE = $(REGISTRY)/$(IMGNAME)
 MULTI_ARCH_IMG = $(IMAGE)-$(ARCH)
 
 # Set default base image dynamically for each arch
-BASEIMAGE?=quay.io/kubernetes-ingress-controller/ubuntu-slim-$(ARCH):0.14
+BASEIMAGE?=gcr.io/google-containers/debian-base-$(ARCH):0.3
 
 ifeq ($(ARCH),arm)
-        QEMUARCH=arm
+	QEMUARCH=arm
 endif
 ifeq ($(ARCH),arm64)
-        QEMUARCH=aarch64
+	QEMUARCH=aarch64
 endif
 ifeq ($(ARCH),ppc64le)
 	QEMUARCH=ppc64le
 endif
+ifeq ($(ARCH),s390x)
+	QEMUARCH=s390x
+endif
 
 TEMP_DIR := $(shell mktemp -d)
 
@@ -62,7 +65,6 @@ all-container: $(addprefix sub-container-,$(ALL_ARCH))
 
 all-push: $(addprefix sub-push-,$(ALL_ARCH))
 
-
 container: .container-$(ARCH)
 .container-$(ARCH):
 	cp ./* $(TEMP_DIR)
diff --git a/images/nginx/README.md b/images/nginx/README.md
new file mode 100644
index 000000000..baba522a1
--- /dev/null
+++ b/images/nginx/README.md
@@ -0,0 +1,36 @@
+
+nginx 1.13.x base image using [debian-base](https://github.com/kubernetes/kubernetes/tree/master/build/debian-base)
+
+nginx [engine x] is an HTTP and reverse proxy server, a mail proxy server, and a generic TCP proxy server.
+
+This custom nginx image contains:
+
+- [stream](http://nginx.org/en/docs/stream/ngx_stream_core_module.html) tcp support for upstreams
+- nginx stats [nginx-module-vts](https://github.com/vozlt/nginx-module-vts)
+- [Dynamic TLS record sizing](https://blog.cloudflare.com/optimizing-tls-over-tcp-to-reduce-latency/)
+- [ngx_devel_kit](https://github.com/simpl/ngx_devel_kit)
+- [set-misc-nginx-module](https://github.com/openresty/set-misc-nginx-module)
+- [headers-more-nginx-module](https://github.com/openresty/headers-more-nginx-module)
+- [nginx-sticky-module-ng](https://bitbucket.org/nginx-goodies/nginx-sticky-module-ng)
+- [nginx-http-auth-digest](https://github.com/atomx/nginx-http-auth-digest)
+- [ngx_http_substitutions_filter_module](https://github.com/yaoweibin/ngx_http_substitutions_filter_module)
+- [nginx-opentracing](https://github.com/opentracing-contrib/nginx-opentracing)
+- [opentracing-cpp](https://github.com/opentracing/opentracing-cpp)
+- [zipkin-cpp-opentracing](https://github.com/rnburn/zipkin-cpp-opentracing)
+- [ModSecurity-nginx](https://github.com/SpiderLabs/ModSecurity-nginx) (only supported in x86_64)
+- [brotli](https://github.com/google/brotli) (not supported in s390x)
+
+**How to use this image:**
+This image does provides a default configuration file with no backend servers.
+
+*Using docker*
+
+```console
+docker run -v /some/nginx.con:/etc/nginx/nginx.conf:ro quay.io/kubernetes-ingress-controller/nginx:0.29
+```
+
+*Creating a replication controller*
+
+```console
+kubectl create -f ./rc.yaml
+```
diff --git a/images/nginx-slim/build.sh b/images/nginx/build.sh
similarity index 93%
rename from images/nginx-slim/build.sh
rename to images/nginx/build.sh
index 27f3e446b..017baedea 100755
--- a/images/nginx-slim/build.sh
+++ b/images/nginx/build.sh
@@ -24,8 +24,8 @@ export NDK_VERSION=0.3.0
 export VTS_VERSION=0.1.15
 export SETMISC_VERSION=0.31
 export STICKY_SESSIONS_VERSION=08a395c66e42
-export MORE_HEADERS_VERSION=0.32
-export NGINX_DIGEST_AUTH=7955af9c77598c697ac292811914ce1e2b3b824c
+export MORE_HEADERS_VERSION=0.33
+export NGINX_DIGEST_AUTH=519dc2a4907bc6d9c48f95b3cf6a0151aaf44b40
 export NGINX_SUBSTITUTIONS=bc58cb11844bc42735bbaef7085ea86ace46d05b
 export NGINX_OPENTRACING_VERSION=0.1.1
 export OPENTRACING_CPP_VERSION=1.0.0
@@ -34,7 +34,7 @@ export MODSECURITY=a2a5858d249222938c2f5e48087a922c63d7f9d8
 
 export BUILD_PATH=/tmp/build
 
-ARCH=$(uname -p)
+ARCH=$(uname -m)
 
 get_src()
 {
@@ -48,15 +48,12 @@ get_src()
   rm -rf "$f"
 }
 
-mkdir "$BUILD_PATH"
-cd "$BUILD_PATH"
-
 if [[ ${ARCH} == "ppc64le" ]]; then
-  apt-get update && apt-get install --no-install-recommends -y software-properties-common
+  clean-install software-properties-common
 fi
 
 # install required packages to build
-apt-get update && apt-get install --no-install-recommends -y \
+clean-install \
   bash \
   build-essential \
   curl ca-certificates \
@@ -78,7 +75,7 @@ apt-get update && apt-get install --no-install-recommends -y \
   libcurl4-openssl-dev \
   procps \
   git g++ pkgconf flex bison doxygen libyajl-dev liblmdb-dev libgeoip-dev libtool dh-autoreconf libxml2 libpcre++-dev libxml2-dev \
-  linux-headers-generic || exit 1
+  || exit 1
 
 mkdir -p /etc/nginx
 
@@ -89,6 +86,9 @@ wget -O /etc/nginx/GeoLiteCity.dat.gz https://geolite.maxmind.com/download/geoip
 gunzip /etc/nginx/GeoIP.dat.gz
 gunzip /etc/nginx/GeoLiteCity.dat.gz
 
+mkdir --verbose -p "$BUILD_PATH"
+cd "$BUILD_PATH"
+
 # download, verify and extract the source files
 get_src 8512fc6f986a20af293b61f33b0e72f64a72ea5b1acbcc790c4c4e2d6f63f8f8 \
         "http://nginx.org/download/nginx-$NGINX_VERSION.tar.gz"
@@ -102,13 +102,13 @@ get_src 97946a68937b50ab8637e1a90a13198fe376d801dc3e7447052e43c28e9ee7de \
 get_src 5112a054b1b1edb4c0042a9a840ef45f22abb3c05c68174e28ebf483164fb7e1 \
         "https://github.com/vozlt/nginx-module-vts/archive/v$VTS_VERSION.tar.gz"
 
-get_src c6d9dab8ea1fc997031007e2e8f47cced01417e203cd88d53a9fe9f6ae138720 \
+get_src a3dcbab117a9c103bc1ea5200fc00a7b7d2af97ff7fd525f16f8ac2632e30fbf \
         "https://github.com/openresty/headers-more-nginx-module/archive/v$MORE_HEADERS_VERSION.tar.gz"
 
 get_src 53e440737ed1aff1f09fae150219a45f16add0c8d6e84546cb7d80f73ebffd90 \
         "https://bitbucket.org/nginx-goodies/nginx-sticky-module-ng/get/$STICKY_SESSIONS_VERSION.tar.gz"
 
-get_src 9b1d0075df787338bb607f14925886249bda60b6b3156713923d5d59e99a708b \
+get_src 5ea7093cedea1a17b3c890015f83fc72346627400a9e6e3cec9c4b21297ecb61 \
         "https://github.com/atomx/nginx-http-auth-digest/archive/$NGINX_DIGEST_AUTH.tar.gz"
 
 get_src 618551948ab14cac51d6e4ad00452312c7b09938f59ebff4f93875013be31f2d \
@@ -147,13 +147,15 @@ make install
 
 cd "$BUILD_PATH"
 
-# Get Brotli source and deps
-git clone https://github.com/google/ngx_brotli.git
-cd ngx_brotli && git submodule update --init
-
+if [[ ${ARCH} != "s390x" ]]; then
+ # Get Brotli source and deps
+ git clone --depth=1 https://github.com/google/ngx_brotli.git 
+ cd ngx_brotli && git submodule update --init
+fi
 
 if [[ ${ARCH} == "x86_64" ]]; then
   # build modsecurity library
+  cd "$BUILD_PATH"
   git clone https://github.com/SpiderLabs/ModSecurity
   cd ModSecurity/
   git checkout -b v3/master origin/v3/master
@@ -209,7 +211,6 @@ WITH_MODULES="--add-module=$BUILD_PATH/ngx_devel_kit-$NDK_VERSION \
   --add-module=$BUILD_PATH/nginx-goodies-nginx-sticky-module-ng-$STICKY_SESSIONS_VERSION \
   --add-module=$BUILD_PATH/nginx-http-auth-digest-$NGINX_DIGEST_AUTH \
   --add-module=$BUILD_PATH/ngx_http_substitutions_filter_module-$NGINX_SUBSTITUTIONS \
-  --add-module=$BUILD_PATH/ngx_brotli \
   --add-dynamic-module=$BUILD_PATH/nginx-opentracing-$NGINX_OPENTRACING_VERSION/opentracing \
   --add-dynamic-module=$BUILD_PATH/nginx-opentracing-$NGINX_OPENTRACING_VERSION/zipkin"
 
@@ -217,6 +218,10 @@ if [[ ${ARCH} == "x86_64" ]]; then
   WITH_MODULES+=" --add-dynamic-module=$BUILD_PATH/ModSecurity-nginx-$MODSECURITY"
 fi
 
+if [[ ${ARCH} != "s390x" ]]; then
+  WITH_MODULES+=" --add-module=$BUILD_PATH/ngx_brotli"
+fi
+
 ./configure \
   --prefix=/usr/share/nginx \
   --conf-path=/etc/nginx/nginx.conf \
@@ -261,19 +266,17 @@ apt-mark unmarkauto \
 
 apt-get remove -y --purge \
   build-essential \
-  gcc-5 \
-  cpp-5 \
+  gcc-6 \
+  cpp-6 \
   libgeoip-dev \
   libpcre3-dev \
   libssl-dev \
   zlib1g-dev \
   libaio-dev \
   linux-libc-dev \
-  perl-modules-5.22 \
   cmake \
   wget \
-  git g++ pkgconf flex bison doxygen libyajl-dev liblmdb-dev libgeoip-dev libtool dh-autoreconf libpcre++-dev libxml2-dev \
-  linux-headers-generic
+  git g++ pkgconf flex bison doxygen libyajl-dev liblmdb-dev libgeoip-dev libtool dh-autoreconf libpcre++-dev libxml2-dev
 
 apt-get autoremove -y
 
diff --git a/images/nginx-slim/rc.yaml b/images/nginx/rc.yaml
similarity index 61%
rename from images/nginx-slim/rc.yaml
rename to images/nginx/rc.yaml
index 7f7000ef4..7919553ff 100644
--- a/images/nginx-slim/rc.yaml
+++ b/images/nginx/rc.yaml
@@ -1,34 +1,37 @@
 apiVersion: v1
 kind: Service
 metadata:
-  name: nginxslimsvc
+  name: nginxsvc
   labels:
-    app: nginxslim
+    app: nginx
 spec:
   type: NodePort
   ports:
   - port: 80
     protocol: TCP
     name: http
+  - port: 443
+    protocol: TCP
+    name: https
   selector:
-    app: nginxslim
+    app: nginx
 ---
 apiVersion: v1
 kind: ReplicationController
 metadata:
-  name: nginxslim
+  name: nginx
 spec:
   replicas: 1
   selector:
-    app: nginxslim
+    app: nginx
   template:
     metadata:
       labels:
-        app: nginxslim
+        app: nginx
         name: frontend
     spec:
       containers:
-      - name: nginxslim
-        image: quay.io/kubernetes-ingress-controller/nginx-slim:0.28
+      - name: nginx
+        image: quay.io/kubernetes-ingress-controller/nginx:0.29
         ports:
         - containerPort: 80