build from inception

srcs/requirements/nginx/Dockerfile

@@ -0,0 +1,87 @@
+# debian (~ 180s) --------------------------------------------
+
+#	FROM debian:buster
+#
+#	# vim for debug
+#	RUN apt update && apt install -y \
+#		nginx openssl \
+#		vim \
+#		&& \
+#		rm -rf /var/lib/apt/lists/*
+#
+#	# nginx conf
+#	COPY ./conf/nginx.conf.debian /etc/nginx/nginx.conf
+#	COPY ./conf/inception_nginx.conf /etc/nginx/conf.d/
+
+# alpine (~ 45s) ---------------------------------------------
+
+	FROM alpine:3.15
+
+	# vim and bash for debug
+	RUN apk update && apk add \
+		nginx openssl \
+		vim bash \
+		&& \
+		rm -rf /var/cache/apk*
+
+	# nginx conf
+	COPY ./conf/nginx.conf.alpine /etc/nginx/nginx.conf
+	COPY ./conf/inception_nginx.conf /etc/nginx/http.d/
+
+	# create user www-data and assign it to group www-data
+	RUN adduser -S www-data && \
+		adduser www-data www-data
+
+	RUN mkdir -p /var/www/html
+
+# common -----------------------------------------------------
+
+# replace WP_URL
+ARG WP_URL
+RUN sed -i "s/\${WP_URL}/${WP_URL}/g" /etc/nginx/http.d/inception_nginx.conf
+
+# personalized index.html
+COPY ./conf/index.html /data/www/
+
+# create ssl certificate
+RUN mkdir -p /etc/ssl/private /etc/ssl/certs
+RUN openssl req -newkey rsa:2048 -nodes -x509 -days 365 \
+	-subj "/C=fr/ST=ile-de-france/L=paris/O=42/OU=inception/CN=${WP_URL}" \
+	-keyout /etc/ssl/private/${WP_URL}.key \
+	-out /etc/ssl/certs/${WP_URL}.crt
+
+ENTRYPOINT [ "nginx", "-g", "daemon off;" ]
+
+
+#
+# -g 'daemon off' :
+#   daemon off, to avoid the main process of nginx to quit after creating its childs, and therefore make docker exit
+#   https://stackoverflow.com/questions/18861300/how-to-run-nginx-within-a-docker-container-without-halting
+#
+# ssl certificate :
+#   openssl faq : https://www.openssl.org/docs/faq.html
+#   openssl req : create ertificate request, and optionally create self signed certificates
+#   openssl req man : https://www.openssl.org/docs/man1.0.2/man1/openssl-req.html
+#   exemple of openssl with nginx on docker : https://www.johnmackenzie.co.uk/posts/using-self-signed-ssl-certificates-with-docker-and-nginx/
+#
+#   usually the steps are :
+#   - create a server private key : `openssl genrsa -out server.key 2048`
+#   - create a CSR (certificate signing request) with the key : `openssl req -new -key server.key -out www.exemple.com.csr`
+#   - it will ask for :
+#     -  Country Name (2 letter code)
+#     -  State or Province Name (full name)
+#     -  Locality Name (eg, city)
+#     -  Organization Name (eg, company)
+#     -  Organizational Unit Name (eg, section)
+#     -  Common Name (eg, fully qualified host name)
+#     -  Email Address (put nothing)
+#   - now ask to a CA (certificate authority) for a certificate.crt by giving them your request.csr
+#
+#   alternatively we can generate our self-signed certificate with the `openssl req` command :
+#     - `x509` option is used to output a certificate instead of a certificate request
+#     - a request is created from scratch, if it is not given with `-in`
+#     - `newkey` generate a new private key, unless `-key` is given
+#     - `nodes` create a private key without encryption (no passphrase needed)
+#
+# SO discussion about becomming a real CA to have a certificate that works in deployement : https://stackoverflow.com/questions/10175812/how-to-generate-a-self-signed-ssl-certificate-using-openssl
+#