Nginx
Introduction
Il est nécessaire d’avoir installé au préalable Docker sur votre Archlinux.
Pour construire une image Docker compatible ARM64 pour le Raspberry PI vous aurez besoin de 5 fichiers:
- build.sh
- platform.sh
- Dockerfile
- fastcgi.conf (à placer dans le dossier files)
- nginx.conf (à placer dans le dossier files)
Fichiers requis
platform.sh
[Fichier]
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
#!/bin/bash
# Used in Docker build to set platform dependent variables
case $TARGETARCH in
"amd64")
echo "x86_64-unknown-linux-gnu" > /.platform
echo "" > /.compiler
;;
"arm64")
echo "aarch64-unknown-linux-gnu" > /.platform
echo "gcc-aarch64-linux-gnu" > /.compiler
;;
"arm")
echo "armv7-unknown-linux-gnueabihf" > /.platform
echo "gcc-arm-linux-gnueabihf" > /.compiler
;;
esac
build.sh
[Fichier]
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
#!/bin/bash
#
# https://github.com/VanBerlo/docker-nginx-with-modules
# https://github.com/Pon57/docker-php-nginx-mysql-memcached
# https://www.nginx.com/resources/wiki/modules/
# https://github.com/bpaquet/ngx_http_enhanced_memcached_module
#
clear
cd "$(dirname "$0")" || exit 1
IMAGE_BASE=zogg/nginx
IMAGE_NAME_LATEST=${IMAGE_BASE}:latest
export DOCKER_CLI_EXPERIMENTAL=enabled
docker run --privileged --rm tonistiigi/binfmt --install all
NGINX_VERSION=1.23.1
export DOCKER_DEFAULT_PLATFORM=linux/amd64
docker buildx build --pull \
--platform=linux/amd64 \
--output=type=docker \
--build-arg TZ=Europe/Paris \
--build-arg CONCURRENCY=$(nproc) \
--build-arg NGINX_VERSION=$NGINX_VERSION \
-t "${IMAGE_NAME_LATEST}" \
. 2>&1 | tee build.log
exit 0
fastcgi.conf
[Fichier]
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
# fastcgi.conf
fastcgi_param QUERY_STRING $query_string;
fastcgi_param REQUEST_METHOD $request_method;
fastcgi_param CONTENT_TYPE $content_type;
fastcgi_param CONTENT_LENGTH $content_length;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param SCRIPT_NAME $fastcgi_script_name;
fastcgi_param PATH_INFO $fastcgi_path_info;
fastcgi_param PATH_TRANSLATED $document_root$fastcgi_path_info;
fastcgi_param REQUEST_URI $request_uri;
fastcgi_param DOCUMENT_URI $document_uri;
fastcgi_param DOCUMENT_ROOT $document_root;
fastcgi_param SERVER_PROTOCOL $server_protocol;
fastcgi_param REQUEST_SCHEME $scheme;
fastcgi_param HTTPS $https if_not_empty;
fastcgi_param GATEWAY_INTERFACE CGI/1.1;
fastcgi_param SERVER_SOFTWARE nginx/$nginx_version;
fastcgi_param REMOTE_ADDR $remote_addr;
fastcgi_param REMOTE_PORT $remote_port;
fastcgi_param SERVER_ADDR $server_addr;
fastcgi_param SERVER_PORT $server_port;
fastcgi_param SERVER_NAME $host;
fastcgi_buffers 8 64k;
fastcgi_buffer_size 32k;
nginx.conf
[Fichier]
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
# nginx.conf
# https://www.tweaked.io/guide/nginx/
# https://www.tweaked.io/guide/nginx-proxying/
# https://medium.com/website-performance-optimization/6-best-practices-for-optimizing-your-nginx-performance-4e800785ad42
# https://www.rosehosting.com/blog/how-to-speed-up-your-nginx-website/
# https://hostadvice.com/how-to/how-to-tune-and-optimize-performance-of-nginx-web-server/
# https://kinsta.com/blog/enable-gzip-compression/
# https://devdocs.prestashop-project.org/1.7/scale/webservers/nginx/
# https://www.cyberciti.biz/tips/linux-unix-bsd-nginx-webserver-security.html
user nginx;
pid /var/run/nginx.pid;
worker_processes auto;
worker_rlimit_nofile 40000;
include /etc/nginx/modules-enabled/*.conf;
error_log /var/log/nginx/error.log;
events {
worker_connections 1024;
multi_accept on;
use epoll;
}
http {
include /etc/nginx/mime.types;
default_type application/octet-stream;
server_tokens off;
sendfile on;
tcp_nopush on;
tcp_nodelay on;
access_log off;
#access_log /var/log/nginx/access.log;
types_hash_max_size 2048;
client_body_buffer_size 64K;
client_header_buffer_size 64k;
client_max_body_size 128k;
large_client_header_buffers 8 16k;
keepalive_timeout 65;
keepalive_requests 100000;
send_timeout 30;
client_body_timeout 30;
client_header_timeout 30;
reset_timedout_connection on;
open_file_cache max=2000 inactive=20s;
open_file_cache_valid 60s;
open_file_cache_min_uses 5;
open_file_cache_errors off;
add_header X-XSS-Protection "1; mode=block";
add_header X-Frame-Options "SAMEORIGIN";
add_header X-Content-Type-Options nosniff;
add_header Strict-Transport-Security "max-age=63072000" always;
gzip on;
gzip_static on;
gzip_min_length 1024;
gzip_comp_level 6;
gzip_http_version 1.1;
gzip_vary on;
gzip_disable msie6;
gzip_disable "MSIE [1-6]\.";
gzip_proxied any;
gzip_buffers 16 8k;
gzip_types
text/plain
text/css
text/xml
text/javascript
text/x-component
application/x-javascript
application/xml
application/javascript
application/json
application/xml+rss
application/rss+xml
application/atom+xml
font/truetype
font/opentype
application/vnd.ms-fontobject
image/svg+xml
application/geo+json
application/ld+json
application/manifest+json
application/rdf+xml
application/wasm
application/x-web-app-manifest+json
application/xhtml+xml
font/eot
font/otf
font/ttf
image/bmp
text/cache-manifest
text/calendar
text/markdown
text/vcard
text/vnd.rim.location.xloc
text/vtt
text/x-cross-domain-policy
application/x-font-ttf
image/x-icon;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3;
ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384;
ssl_prefer_server_ciphers on;
ssl_session_timeout 10m;
ssl_session_cache shared:MySSL:10m;
ssl_session_tickets off;
ssl_stapling on;
ssl_stapling_verify on;
include /etc/nginx/conf.d/*.conf;
}
Dockerfile
[Fichier]
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
#
# Add additionnal modules
#
FROM --platform=linux/amd64 nginx:latest AS builder
ARG TARGETPLATFORM
ARG TARGETOS
ARG TARGETARCH
ARG BUILDPLATFORM
ARG BUILDOS
ARG BUILDARCH
ARG BUILDVARIANT
ARG NGINX_VERSION
COPY platform.sh .
RUN ./platform.sh
RUN apt-get update -y && \
DEBIAN_FRONTEND=noninteractive \
apt-get install -y \
libc-dev \
make \
libssl-dev \
libpcre3-dev \
zlib1g-dev \
curl \
gnupg \
libxslt-dev \
libgd-dev \
libgeoip-dev \
wget \
gcc
RUN wget --inet4-only "http://nginx.org/download/nginx-${NGINX_VERSION}.tar.gz" -O nginx.tar.gz && \
mkdir /tmp/nginx && \
tar -xzvf nginx.tar.gz -C /tmp/nginx --strip-components=1
RUN CONFARGS=$(nginx -V 2>&1 | sed -n -e 's/^.*arguments: //p') \
tar -zxC /usr/src -f nginx.tar.gz && \
cd /usr/src/nginx-$NGINX_VERSION && \
./configure \
--with-compat $CONFARGS \
--user=nginx \
--with-debug \
--group=nginx \
--prefix=/usr/share/nginx \
--sbin-path=/usr/sbin/nginx \
--conf-path=/etc/nginx/nginx.conf \
--pid-path=/run/nginx.pid \
--lock-path=/run/lock/subsys/nginx \
--error-log-path=/var/log/nginx/error.log \
--http-log-path=/var/log/nginx/access.log \
--with-http_gzip_static_module \
--with-http_stub_status_module \
--with-http_ssl_module \
--with-pcre \
--with-http_image_filter_module \
--with-file-aio \
--with-ipv6 \
--with-http_dav_module \
--with-http_flv_module \
--with-http_mp4_module \
--with-http_gunzip_module \
--with-threads \
--with-http_ssl_module \
--with-http_v2_module \
--with-http_realip_module \
--with-http_image_filter_module \
--with-http_image_filter_module=dynamic \
--with-http_geoip_module \
--with-http_geoip_module=dynamic \
--with-http_gunzip_module \
--with-http_gzip_static_module \
--with-stream \
--with-stream=dynamic \
--with-stream_ssl_module \
--with-stream_realip_module \
--with-stream_geoip_module \
--with-stream_geoip_module=dynamic \
--with-stream_ssl_preread_module \
&& \
make && \
make install
#
# Setup Nginx image
#
FROM --platform=linux/amd64 nginx:latest
ARG TARGETPLATFORM
ARG TARGETOS
ARG TARGETARCH
ARG BUILDPLATFORM
ARG BUILDOS
ARG BUILDARCH
ARG BUILDVARIANT
COPY --from=builder \
/usr/share/nginx/modules/*.so /usr/lib/nginx/modules/
ADD files/fastcgi.conf /etc/nginx/fastcgi.conf
ADD files/nginx.conf /etc/nginx/nginx.conf
LABEL author "Olivier Le Bris"
LABEL maintainer "zogg"
LABEL com.centurylinklabs.watchtower.enable=false
LABEL org.opencontainers.image.source "https://zogg.fr"
LABEL org.opencontainers.image.licenses MIT
Procédure
Pour lancer la construction de l’image, il suffit de donner au script shell build.sh les droits d’éxécution puis de le lancer :
1
sudo chmod +x build.sh && sudo bash build.sh
Conclusion
Vous avez maintenant une image Docker compatible AMD64 à lancer sous Docker (ou avec Portainer :p).
Cet article est sous licence CC BY 4.0 par l'auteur.