写一个dockerfile使用nginxincnginx-unprivileged1221-alpine-slim作为基础镜像采用多阶段构建第一阶段编译ngx_pagespeedso 和ngx_http_image_filter_moduleso第二阶段将第一阶段编译好的so文件复制到第二阶段并修改nginxconf让so生效。最终容器需要使用noroot启动启动用户的uid和gid都是5000请
# 第一阶段:编译ngx_pagespeed.so 和ngx_http_image_filter_module.so
FROM nginxinc/nginx-unprivileged:1.22.1-alpine-slim AS builder
RUN apk add --no-cache \
build-base \
libpng-dev \
libjpeg-turbo-dev \
zlib-dev \
git \
curl \
wget \
gnupg \
ca-certificates \
libressl-dev \
pcre-dev \
unzip
WORKDIR /build
# 下载ngx_pagespeed和psol
ARG NGX_PAGESPEED_VERSION=1.14.36.1-stable
ARG PSOL_VERSION=1.14.36.1
RUN wget https://github.com/apache/incubator-pagespeed-ngx/archive/v${NGX_PAGESPEED_VERSION}.tar.gz && \
tar -xzvf v${NGX_PAGESPEED_VERSION}.tar.gz && \
git clone --depth=1 https://github.com/apache/incubator-pagespeed-psol.git psol && \
cd incubator-pagespeed-ngx-${NGX_PAGESPEED_VERSION}/ && \
psol/scripts/build_psol.sh /build/incubator-pagespeed-ngx-${NGX_PAGESPEED_VERSION}/psol ${PSOL_VERSION}
# 下载ngx_http_image_filter_module
ARG NGX_IMAGE_FILTER_VERSION=0.12
RUN wget https://github.com/yaoweibin/ngx_http_image_filter_module/archive/v${NGX_IMAGE_FILTER_VERSION}.tar.gz && \
tar -xzvf v${NGX_IMAGE_FILTER_VERSION}.tar.gz
# 编译Nginx和modules
ARG NGINX_VERSION=1.22.1
RUN wget https://nginx.org/download/nginx-${NGINX_VERSION}.tar.gz && \
tar -xzvf nginx-${NGINX_VERSION}.tar.gz && \
cd nginx-${NGINX_VERSION}/ && \
./configure \
--with-compat \
--add-dynamic-module=/build/incubator-pagespeed-ngx-${NGX_PAGESPEED_VERSION} \
--add-dynamic-module=/build/ngx_http_image_filter_module-${NGX_IMAGE_FILTER_VERSION} \
--with-http_ssl_module \
--with-http_v2_module \
--with-http_realip_module \
--with-http_addition_module \
--with-http_sub_module \
--with-http_dav_module \
--with-http_flv_module \
--with-http_mp4_module \
--with-http_gunzip_module \
--with-http_gzip_static_module \
--with-http_auth_request_module \
--with-http_random_index_module \
--with-http_secure_link_module \
--with-http_slice_module \
--with-http_stub_status_module \
--with-stream \
--with-stream_ssl_module \
--with-stream_ssl_preread_module \
--with-stream_realip_module \
--with-stream_geoip_module=dynamic \
--with-threads \
--with-http_geoip_module=dynamic \
--with-http_image_filter_module=dynamic \
--prefix=/usr/share/nginx \
--sbin-path=/usr/sbin/nginx \
--modules-path=/usr/lib/nginx/modules \
--conf-path=/etc/nginx/nginx.conf \
--error-log-path=/var/log/nginx/error.log \
--http-log-path=/var/log/nginx/access.log \
--http-client-body-temp-path=/var/cache/nginx/client_temp \
--http-proxy-temp-path=/var/cache/nginx/proxy_temp \
--http-fastcgi-temp-path=/var/cache/nginx/fastcgi_temp \
--http-uwsgi-temp-path=/var/cache/nginx/uwsgi_temp \
--http-scgi-temp-path=/var/cache/nginx/scgi_temp \
--user=nginx \
--group=nginx \
--with-debug \
--with-pcre-jit \
--with-ld-opt="-Wl,-rpath,/usr/share/nginx/modules" && \
make && \
make install
# 第二阶段:构建最终镜像
FROM nginxinc/nginx-unprivileged:1.22.1-alpine-slim
# 复制第一阶段编译好的so文件
COPY --from=builder /usr/lib/nginx/modules/*.so /usr/lib/nginx/modules/
# 修改nginx.conf让so生效
RUN sed -i '/^load_module/ d' /etc/nginx/nginx.conf && \
sed -i '1i\load_module modules/ngx_pagespeed.so;' /etc/nginx/nginx.conf && \
sed -i '1i\load_module modules/ngx_http_image_filter_module.so;' /etc/nginx/nginx.conf && \
mkdir -p /var/cache/nginx && \
chown -R 5000:5000 /var/run/nginx /usr/share/nginx /var/cache/nginx /var/log/nginx
USER 5000:5000
CMD ["nginx", "-g", "daemon off;"]
注意事项:
- 第一阶段需要安装编译需要的依赖;
- 第一阶段需要下载ngx_pagespeed和psol,curl和wget都可以,但需要根据实际情况选择;
- 第一阶段需要下载ngx_http_image_filter_module,同样需要根据实际情况选择;
- 第一阶段需要编译Nginx和modules,需要根据实际情况选择需要的module;
- 第二阶段需要从第一阶段复制so文件,需要保证so文件的权限正确;
- 第二阶段需要修改nginx.conf让so生效;
- 最终容器需要使用noroot启动,启动用户的uid和gid都是5000;
- 第二阶段的镜像仅仅包含了Nginx和第一阶段编译好的so文件,如果需要安装其他软件需要在此基础上进行扩展
原文地址: https://www.cveoy.top/t/topic/dq63 著作权归作者所有。请勿转载和采集!