Moved v3 code from NginxProxyManager/nginx-proxy-manager-3 to NginxProxyManager/nginx-proxy-manager
This commit is contained in:
Jamie Curnow
@ -1,63 +1,107 @@
|
||||
# This is a Dockerfile intended to be built using `docker buildx`
|
||||
# for multi-arch support. Building with `docker build` may have unexpected results.
|
||||
|
||||
# This file assumes that the frontend has been built using ./scripts/frontend-build
|
||||
# This file assumes that these scripts have been run first:
|
||||
# - ./scripts/ci/build-frontend
|
||||
|
||||
FROM nginxproxymanager/nginx-full:certbot-node
|
||||
FROM nginxproxymanager/testca as testca
|
||||
FROM letsencrypt/pebble as pebbleca
|
||||
FROM jc21/gotools:latest AS gobuild
|
||||
|
||||
ARG TARGETPLATFORM
|
||||
SHELL ["/bin/bash", "-o", "pipefail", "-c"]
|
||||
|
||||
ARG BUILD_COMMIT
|
||||
ARG BUILD_VERSION
|
||||
ARG GOPRIVATE
|
||||
ARG GOPROXY
|
||||
ARG SENTRY_DSN
|
||||
|
||||
ENV BUILD_COMMIT="${BUILD_COMMIT:-dev}" \
|
||||
BUILD_VERSION="${BUILD_VERSION:-0.0.0}" \
|
||||
CGO_ENABLED=1 \
|
||||
GO111MODULE=on \
|
||||
GOPRIVATE="${GOPRIVATE:-}" \
|
||||
GOPROXY="${GOPROXY:-}" \
|
||||
SENTRY_DSN="${SENTRY_DSN:-}"
|
||||
|
||||
COPY scripts /scripts
|
||||
COPY backend /app
|
||||
WORKDIR /app
|
||||
|
||||
RUN mkdir -p /dist \
|
||||
&& /scripts/go-multiarch-wrapper /dist/server
|
||||
|
||||
#===============
|
||||
# Final image
|
||||
#===============
|
||||
|
||||
FROM nginxproxymanager/nginx-full:acmesh AS final
|
||||
|
||||
COPY --from=gobuild /dist/server /app/bin/server
|
||||
# these certs are used for testing in CI
|
||||
COPY --from=pebbleca /test/certs/pebble.minica.pem /etc/ssl/certs/pebble.minica.pem
|
||||
COPY --from=testca /home/step/certs/root_ca.crt /etc/ssl/certs/NginxProxyManager.crt
|
||||
|
||||
# These acmesh vars are defined in the base image
|
||||
ENV SUPPRESS_NO_CONFIG_WARNING=1 \
|
||||
S6_FIX_ATTRS_HIDDEN=1 \
|
||||
ACMESH_CONFIG_HOME=/data/.acme.sh/config \
|
||||
ACMESH_HOME=/data/.acme.sh \
|
||||
CERT_HOME=/data/.acme.sh/certs \
|
||||
LE_CONFIG_HOME=/data/.acme.sh/config \
|
||||
LE_WORKING_DIR=/data/.acme.sh
|
||||
|
||||
RUN echo "fs.file-max = 65535" > /etc/sysctl.conf
|
||||
|
||||
# s6 overlay
|
||||
COPY scripts/install-s6 /tmp/install-s6
|
||||
RUN /tmp/install-s6 "${TARGETPLATFORM}" && rm -rf /tmp/*
|
||||
|
||||
EXPOSE 80/tcp 81/tcp 443/tcp
|
||||
|
||||
COPY docker/rootfs /
|
||||
|
||||
# Remove frontend service not required for prod, dev nginx config as well
|
||||
# and remove any other cruft
|
||||
RUN rm -rf /etc/services.d/frontend \
|
||||
/etc/nginx/conf.d/dev.conf \
|
||||
/var/cache/* \
|
||||
/var/log/* \
|
||||
/tmp/* \
|
||||
/var/lib/dpkg/status-old
|
||||
|
||||
# Dummy cert
|
||||
RUN openssl req \
|
||||
-new \
|
||||
-newkey rsa:2048 \
|
||||
-days 3650 \
|
||||
-nodes \
|
||||
-x509 \
|
||||
-subj '/O=Nginx Proxy Manager/OU=Dummy Certificate/CN=localhost' \
|
||||
-keyout /etc/ssl/certs/dummykey.pem \
|
||||
-out /etc/ssl/certs/dummycert.pem \
|
||||
&& chmod +r /etc/ssl/certs/dummykey.pem /etc/ssl/certs/dummycert.pem
|
||||
|
||||
VOLUME /data
|
||||
|
||||
CMD [ "/init" ]
|
||||
|
||||
ARG NOW
|
||||
ARG BUILD_VERSION
|
||||
ARG BUILD_COMMIT
|
||||
ARG BUILD_DATE
|
||||
|
||||
ENV SUPPRESS_NO_CONFIG_WARNING=1 \
|
||||
S6_FIX_ATTRS_HIDDEN=1 \
|
||||
S6_BEHAVIOUR_IF_STAGE2_FAILS=1 \
|
||||
NODE_ENV=production \
|
||||
NPM_BUILD_VERSION="${BUILD_VERSION}" \
|
||||
NPM_BUILD_COMMIT="${BUILD_COMMIT}" \
|
||||
NPM_BUILD_DATE="${BUILD_DATE}"
|
||||
|
||||
RUN echo "fs.file-max = 65535" > /etc/sysctl.conf \
|
||||
&& apt-get update \
|
||||
&& apt-get install -y --no-install-recommends jq logrotate \
|
||||
&& apt-get clean \
|
||||
&& rm -rf /var/lib/apt/lists/*
|
||||
|
||||
# s6 overlay
|
||||
COPY scripts/install-s6 /tmp/install-s6
|
||||
RUN /tmp/install-s6 "${TARGETPLATFORM}" && rm -f /tmp/install-s6
|
||||
|
||||
EXPOSE 80 81 443
|
||||
|
||||
COPY backend /app
|
||||
COPY frontend/dist /app/frontend
|
||||
COPY global /app/global
|
||||
|
||||
WORKDIR /app
|
||||
RUN yarn install
|
||||
|
||||
# add late to limit cache-busting by modifications
|
||||
COPY docker/rootfs /
|
||||
|
||||
# Remove frontend service not required for prod, dev nginx config as well
|
||||
RUN rm -rf /etc/services.d/frontend /etc/nginx/conf.d/dev.conf
|
||||
|
||||
# Change permission of logrotate config file
|
||||
RUN chmod 644 /etc/logrotate.d/nginx-proxy-manager
|
||||
|
||||
# fix for pip installs
|
||||
# https://github.com/NginxProxyManager/nginx-proxy-manager/issues/1769
|
||||
RUN pip uninstall --yes setuptools \
|
||||
&& pip install "setuptools==58.0.0"
|
||||
|
||||
VOLUME [ "/data", "/etc/letsencrypt" ]
|
||||
ENTRYPOINT [ "/init" ]
|
||||
ENV NPM_BUILD_VERSION="${BUILD_VERSION:-0.0.0}" \
|
||||
NPM_BUILD_COMMIT="${BUILD_COMMIT:-dev}" \
|
||||
NPM_BUILD_DATE="${BUILD_DATE:-}"
|
||||
|
||||
LABEL org.label-schema.schema-version="1.0" \
|
||||
org.label-schema.license="MIT" \
|
||||
org.label-schema.name="nginx-proxy-manager" \
|
||||
org.label-schema.description="Docker container for managing Nginx proxy hosts with a simple, powerful interface " \
|
||||
org.label-schema.url="https://github.com/jc21/nginx-proxy-manager" \
|
||||
org.label-schema.vcs-url="https://github.com/jc21/nginx-proxy-manager.git" \
|
||||
org.label-schema.cmd="docker run --rm -ti jc21/nginx-proxy-manager:latest"
|
||||
org.label-schema.description="Nginx Host Management and Proxy" \
|
||||
org.label-schema.build-date="${NOW:-}" \
|
||||
org.label-schema.version="${BUILD_VERSION:-0.0.0}" \
|
||||
org.label-schema.url="https://nginxproxymanager.com" \
|
||||
org.label-schema.vcs-url="https://github.com/NginxProxyManager/nginx-proxy-manager.git" \
|
||||
org.label-schema.vcs-ref="${BUILD_COMMIT:-dev}" \
|
||||
org.label-schema.cmd="docker run --rm -ti jc21/nginx-proxy-manager:${BUILD_VERSION:-0.0.0}"
|
||||
|
||||
Reference in New Issue
Block a user