DevFW-CICD/ingress-nginx-helm
14
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Update nginx image (#2893)

Browse source
This commit is contained in:
Manuel Alejandro de Brito Fontes 2018-08-04 08:02:20 -04:00 committed by GitHub
parent c475f9dc91
commit e2f5d9066e
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
9 changed files with 49 additions and 21 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
images/e2e/Dockerfile
View file

@ -12,7 +12,7 @@
# See the License for the specific language governing permissions and # See the License for the specific language governing permissions and
# limitations under the License. # limitations under the License.
FROM quay.io/kubernetes-ingress-controller/nginx-amd64:0.55 FROM quay.io/kubernetes-ingress-controller/nginx-amd64:0.57
RUN clean-install \ RUN clean-install \
g++ \ g++ \

4
images/nginx/Makefile
View file

@ -13,7 +13,7 @@
# limitations under the License. # limitations under the License.
# 0.0.0 shouldn't clobber any released builds # 0.0.0 shouldn't clobber any released builds
TAG ?= 0.56 TAG ?= 0.57
REGISTRY ?= quay.io/kubernetes-ingress-controller REGISTRY ?= quay.io/kubernetes-ingress-controller
ARCH ?= $(shell go env GOARCH) ARCH ?= $(shell go env GOARCH)
DOCKER ?= docker DOCKER ?= docker
@ -67,7 +67,7 @@ all-push: $(addprefix sub-push-,$(ALL_ARCH))
container: .container-$(ARCH) container: .container-$(ARCH)
.container-$(ARCH): .container-$(ARCH):
cp ./* $(TEMP_DIR) cp -r ./rootfs/* $(TEMP_DIR)
cd $(TEMP_DIR) && $(SED_I) 's|BASEIMAGE|$(BASEIMAGE)|g' Dockerfile cd $(TEMP_DIR) && $(SED_I) 's|BASEIMAGE|$(BASEIMAGE)|g' Dockerfile
cd $(TEMP_DIR) && $(SED_I) "s|ARCH|$(QEMUARCH)|g" Dockerfile cd $(TEMP_DIR) && $(SED_I) "s|ARCH|$(QEMUARCH)|g" Dockerfile

4
images/nginx/Dockerfile → images/nginx/rootfs/Dockerfile
View file

@ -17,7 +17,7 @@ FROM BASEIMAGE
CROSS_BUILD_COPY qemu-ARCH-static /usr/bin/ CROSS_BUILD_COPY qemu-ARCH-static /usr/bin/
COPY build.sh install_lua_resty_waf.sh / COPY . /
RUN clean-install bash RUN clean-install bash
@ -30,4 +30,6 @@ RUN ln -sf /dev/stderr /var/log/nginx/error.log
EXPOSE 80 443 EXPOSE 80 443
ENTRYPOINT [ "/entrypoint.sh" ]
CMD ["nginx", "-g", "daemon off;"] CMD ["nginx", "-g", "daemon off;"]

37
images/nginx/build.sh → images/nginx/rootfs/build.sh
View file

@ -36,6 +36,7 @@ export LUA_UPSTREAM_VERSION=0.07
export COOKIE_FLAG_VERSION=1.1.0 export COOKIE_FLAG_VERSION=1.1.0
export NGINX_INFLUXDB_VERSION=f20cfb2458c338f162132f5a21eb021e2cbe6383 export NGINX_INFLUXDB_VERSION=f20cfb2458c338f162132f5a21eb021e2cbe6383
export GEOIP2_VERSION=2.0 export GEOIP2_VERSION=2.0
export NGINX_AJP_VERSION=bf6cd93f2098b59260de8d494f0f4b1f11a84627
export BUILD_PATH=/tmp/build export BUILD_PATH=/tmp/build
@ -92,6 +93,8 @@ clean-install \
luarocks \ luarocks \
libmaxminddb-dev \ libmaxminddb-dev \
libatomic-ops-dev \ libatomic-ops-dev \
authbind \
dumb-init \
|| exit 1 || exit 1
if [[ ${ARCH} == "x86_64" ]]; then if [[ ${ARCH} == "x86_64" ]]; then
@ -223,6 +226,9 @@ get_src 1897d7677d99c1cedeb95b2eb00652a4a7e8e604304c3053a93bd3ba7dd82884 \
get_src ebb4652c4f9a2e1ee31fddefc4c93ff78e651a4b2727d3453d026bccbd708d99 \ get_src ebb4652c4f9a2e1ee31fddefc4c93ff78e651a4b2727d3453d026bccbd708d99 \
"https://github.com/leev/ngx_http_geoip2_module/archive/$GEOIP2_VERSION.tar.gz" "https://github.com/leev/ngx_http_geoip2_module/archive/$GEOIP2_VERSION.tar.gz"
get_src 5f629a50ba22347c441421091da70fdc2ac14586619934534e5a0f8a1390a950 \
"https://github.com/yaoweibin/nginx_ajp_module/archive/$NGINX_AJP_VERSION.tar.gz"
# improve compilation times # improve compilation times
CORES=$(($(grep -c ^processor /proc/cpuinfo) - 0)) CORES=$(($(grep -c ^processor /proc/cpuinfo) - 0))
@ -236,7 +242,7 @@ if [[ ${ARCH} == "x86_64" ]]; then
fi fi
# luajit is not available on ppc64le and s390x # luajit is not available on ppc64le and s390x
if [[ (${ARCH} != "s390x") ]]; then if [[ (${ARCH} != "ppc64le") && (${ARCH} != "s390x") ]]; then
cd "$BUILD_PATH/luajit2-2.1-20180420" cd "$BUILD_PATH/luajit2-2.1-20180420"
make make
make install make install
@ -470,6 +476,7 @@ WITH_MODULES="--add-module=$BUILD_PATH/ngx_devel_kit-$NDK_VERSION \
--add-dynamic-module=$BUILD_PATH/nginx-opentracing-$NGINX_OPENTRACING_VERSION/opentracing \ --add-dynamic-module=$BUILD_PATH/nginx-opentracing-$NGINX_OPENTRACING_VERSION/opentracing \
--add-dynamic-module=$BUILD_PATH/ModSecurity-nginx-$MODSECURITY_VERSION \ --add-dynamic-module=$BUILD_PATH/ModSecurity-nginx-$MODSECURITY_VERSION \
--add-dynamic-module=$BUILD_PATH/ngx_http_geoip2_module-${GEOIP2_VERSION} \ --add-dynamic-module=$BUILD_PATH/ngx_http_geoip2_module-${GEOIP2_VERSION} \
--add-module=$BUILD_PATH/nginx_ajp_module-${NGINX_AJP_VERSION} \
--add-module=$BUILD_PATH/ngx_brotli" --add-module=$BUILD_PATH/ngx_brotli"
./configure \ ./configure \
@ -494,17 +501,12 @@ WITH_MODULES="--add-module=$BUILD_PATH/ngx_devel_kit-$NDK_VERSION \
--with-cc-opt="${CC_OPT}" \ --with-cc-opt="${CC_OPT}" \
--with-ld-opt="${LD_OPT}" \ --with-ld-opt="${LD_OPT}" \
--with-libatomic \ --with-libatomic \
${WITH_MODULES} \ --user=www-data \
&& make || exit 1 \ --group=www-data \
&& make install || exit 1 ${WITH_MODULES}
# install su-exec to switch user and group id and exec make || exit 1
cd "$BUILD_PATH" make install || exit 1
curl -sSL https://github.com/ncopa/su-exec/archive/master.tar.gz | tar zxpv
cd su-exec-master
make
cp su-exec /usr/local/bin
echo "Cleaning..." echo "Cleaning..."
@ -560,12 +562,8 @@ rm -rf $HOME/.hunter
# update image permissions # update image permissions
writeDirs=( \ writeDirs=( \
/etc/nginx \ /etc/nginx \
/etc/ingress-controller/ssl \
/etc/ingress-controller/auth \
/var/log \
/var/log/nginx \
/var/lib/nginx \ /var/lib/nginx \
/usr/share/nginx/html \ /var/log/nginx \
/opt/modsecurity/var/log \ /opt/modsecurity/var/log \
/opt/modsecurity/var/upload \ /opt/modsecurity/var/upload \
/opt/modsecurity/var/audit \ /opt/modsecurity/var/audit \
@ -575,3 +573,8 @@ for dir in "${writeDirs[@]}"; do
mkdir -p ${dir}; mkdir -p ${dir};
chown -R www-data.www-data ${dir}; chown -R www-data.www-data ${dir};
done done
chmod 755 /etc/authbind/byuid/33
chown www-data /etc/authbind/byuid/33
chmod 755 /etc/authbind/byport/*
chown www-data /etc/authbind/byport/*

19
images/nginx/rootfs/entrypoint.sh Executable file
View file

@ -0,0 +1,19 @@
#!/usr/bin/dumb-init /bin/bash
# Copyright 2018 The Kubernetes Authors.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
set -e
authbind --deep $@

0
images/nginx/rootfs/etc/authbind/byport/443 Normal file
View file

0
images/nginx/rootfs/etc/authbind/byport/80 Normal file
View file

4
images/nginx/rootfs/etc/authbind/byuid/33 Normal file
View file

@ -0,0 +1,4 @@
0.0.0.0:1-1023
0.0.0.0:1-1023
::0:1-1023
::0:1-1023

0
images/nginx/install_lua_resty_waf.sh → images/nginx/rootfs/install_lua_resty_waf.sh
View file