pro/2023_WEBSITE_jipf
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
Files
fdba54cdb75503153bb76ad87e6dd20c1293f790
2023_WEBSITE_jipf/srcs/requirements/nginx/Dockerfile

57 lines
2.1 KiB
Docker
Raw Blame History

FROM alpine:3.15
# vim and bash for debug
RUN apk update && apk add \
nginx openssl \
vim bash \
&& \
rm -rf /var/cache/apk*
# nginx conf
COPY ./conf/nginx_main.conf.alpine /etc/nginx/nginx.conf
COPY ./conf/nginx_http_server.conf /etc/nginx/http.d/
# dir for logs
RUN mkdir -p /var/log/nginx/
# create user www-data and assign it to group www-data
RUN adduser -S www-data && \
adduser www-data www-data && \
adduser www-data nginx && \
chmod +rwx /var/lib/nginx/tmp
# ARG variables are not persistent after the build process, in opposite to ENV
ARG WP_URL
ARG MAX_UPLOAD_SIZE
ARG WP_VOLUME_DIR
ARG NG_VOLUME_CERTS
# replace WP_URL
RUN sed -i "s/\${WP_URL}/${WP_URL}/g" /etc/nginx/http.d/nginx_http_server.conf
# replace max file size upload
RUN sed -i "s/\(client_max_body_size \).*\(m;\)/\1${MAX_UPLOAD_SIZE}\2/g" /etc/nginx/nginx.conf
# create ssl certificates
# command openssl :
# - req : create a certificate signing request (CSR) or a self-signed certificate
# - newkey rsa:2048 : generate a new RSA key pair with a key length of 2048 bits
# - nodes : the private key should not be encrypted with a passphrase. This is useful for automated processes where entering a passphrase is not practical
# - x509 : a self-signed certificate should be created
# - days 365 : sets the validity period of the certificate to 365 days
# - subj : sets the subject, information about the entity the certificate is issued to
# - C, ST, L, O, OU, CN : country, state, locality, organization, organizational unit, and common name
# - keyout : the filename for the private key file
# - out : the filename for the output certificate file
ARG SSL_KEY=${NG_VOLUME_CERTS}/private/${WP_URL}.key
ARG SSL_CERT=${NG_VOLUME_CERTS}/certs/${WP_URL}.crt
RUN mkdir -p ${NG_VOLUME_CERTS}; \
cd ${NG_VOLUME_CERTS}; \
mkdir private certs; \
openssl req -newkey rsa:2048 -nodes -x509 -days 365 \
-subj "/C=fr/ST=ile-de-france/L=paris/O=wp/OU=wp_local/CN=${WP_URL}" \
-keyout ${SSL_KEY} \
-out ${SSL_CERT};
ENTRYPOINT [ "nginx", "-g", "daemon off;" ]
Reference in New Issue View Git Blame Copy Permalink