Bitnami/containers
2
0
Fork 0
mirror of https://github.com/bitnami/containers.git synced 2026-03-06 06:58:01 +08:00
Code Issues Packages Projects Releases Wiki Activity

[bitnami/nginx-intel] Release 0.4.7-debian-11-r34 (#4847)

Browse Source 
Signed-off-by: Bitnami Containers <bitnami-bot@vmware.com>

Signed-off-by: Bitnami Containers <bitnami-bot@vmware.com>
This commit is contained in:
Bitnami Bot
2022-09-01 21:43:38 +02:00
committed by GitHub
parent 0b751da9db
commit 861e00383c
6 changed files with 54 additions and 128 deletions
Download Patch File Download Diff File Expand all files Collapse all files

34
bitnami/nginx-intel/0/debian-11/Dockerfile
View File

@@ -6,7 +6,7 @@ ENV HOME="/" \
LABEL org.opencontainers.image.authors="https://bitnami.com/contact" \
org.opencontainers.image.description="Application packaged by Bitnami" \
org.opencontainers.image.ref.name="0.4.7-debian-11-r33" \
org.opencontainers.image.ref.name="0.4.7-debian-11-r34" \
org.opencontainers.image.source="https://github.com/bitnami/containers/tree/main/bitnami/nginx-intel" \
org.opencontainers.image.title="nginx-intel" \
org.opencontainers.image.vendor="VMware, Inc." \
@@ -16,10 +16,34 @@ COPY prebuildfs /
SHELL ["/bin/bash", "-o", "pipefail", "-c"]
# Install required system packages and dependencies
RUN install_packages acl ca-certificates curl gzip libc6 libcrypt1 libgeoip1 libpcre3 libssl1.1 procps tar zlib1g
RUN . /opt/bitnami/scripts/libcomponent.sh && component_unpack "qatengine" "0.6.15-0" --checksum 9c0e33d7f8d76f959ae54375c7b813db088791601f8c1cb7e3e9dcbcaea70bde
RUN . /opt/bitnami/scripts/libcomponent.sh && component_unpack "render-template" "1.0.3-153" --checksum c1f2cdabdcc920512e8936ab2c8a033e1aeb97801fa026f0b12432581bf849ae
RUN . /opt/bitnami/scripts/libcomponent.sh && component_unpack "nginx-intel" "0.4.7-153" --checksum 4aafdae5e8ee3e85d96ccd086762e800b8b2574a7b512355ce7052bc89650626
RUN . /opt/bitnami/scripts/libcomponent.sh && component_unpack "gosu" "1.14.0-154" --checksum e36c3d90f4fbfbe989f40947fa7c8ab817f12fcf97d3aef893c753a20ce976ab
RUN mkdir -p /tmp/bitnami/pkg/cache/ && cd /tmp/bitnami/pkg/cache/ && \
if [ ! -f qatengine-0.6.15-0-linux-amd64-debian-11.tar.gz ]; then \
curl -SsLf https://downloads.bitnami.com/files/stacksmith/qatengine-0.6.15-0-linux-amd64-debian-11.tar.gz -O ; \
fi && \
echo "9c0e33d7f8d76f959ae54375c7b813db088791601f8c1cb7e3e9dcbcaea70bde qatengine-0.6.15-0-linux-amd64-debian-11.tar.gz" | sha256sum -c - && \
tar -zxf qatengine-0.6.15-0-linux-amd64-debian-11.tar.gz -C /opt/bitnami --strip-components=2 --no-same-owner --wildcards '*/files' && \
rm -rf qatengine-0.6.15-0-linux-amd64-debian-11.tar.gz
RUN mkdir -p /tmp/bitnami/pkg/cache/ && cd /tmp/bitnami/pkg/cache/ && \
if [ ! -f render-template-1.0.3-153-linux-amd64-debian-11.tar.gz ]; then \
curl -SsLf https://downloads.bitnami.com/files/stacksmith/render-template-1.0.3-153-linux-amd64-debian-11.tar.gz -O ; \
fi && \
echo "c1f2cdabdcc920512e8936ab2c8a033e1aeb97801fa026f0b12432581bf849ae render-template-1.0.3-153-linux-amd64-debian-11.tar.gz" | sha256sum -c - && \
tar -zxf render-template-1.0.3-153-linux-amd64-debian-11.tar.gz -C /opt/bitnami --strip-components=2 --no-same-owner --wildcards '*/files' && \
rm -rf render-template-1.0.3-153-linux-amd64-debian-11.tar.gz
RUN mkdir -p /tmp/bitnami/pkg/cache/ && cd /tmp/bitnami/pkg/cache/ && \
if [ ! -f nginx-intel-0.4.7-153-linux-amd64-debian-11.tar.gz ]; then \
curl -SsLf https://downloads.bitnami.com/files/stacksmith/nginx-intel-0.4.7-153-linux-amd64-debian-11.tar.gz -O ; \
fi && \
echo "4aafdae5e8ee3e85d96ccd086762e800b8b2574a7b512355ce7052bc89650626 nginx-intel-0.4.7-153-linux-amd64-debian-11.tar.gz" | sha256sum -c - && \
tar -zxf nginx-intel-0.4.7-153-linux-amd64-debian-11.tar.gz -C /opt/bitnami --strip-components=2 --no-same-owner --wildcards '*/files' && \
rm -rf nginx-intel-0.4.7-153-linux-amd64-debian-11.tar.gz
RUN mkdir -p /tmp/bitnami/pkg/cache/ && cd /tmp/bitnami/pkg/cache/ && \
if [ ! -f gosu-1.14.0-154-linux-amd64-debian-11.tar.gz ]; then \
curl -SsLf https://downloads.bitnami.com/files/stacksmith/gosu-1.14.0-154-linux-amd64-debian-11.tar.gz -O ; \
fi && \
echo "e36c3d90f4fbfbe989f40947fa7c8ab817f12fcf97d3aef893c753a20ce976ab gosu-1.14.0-154-linux-amd64-debian-11.tar.gz" | sha256sum -c - && \
tar -zxf gosu-1.14.0-154-linux-amd64-debian-11.tar.gz -C /opt/bitnami --strip-components=2 --no-same-owner --wildcards '*/files' && \
rm -rf gosu-1.14.0-154-linux-amd64-debian-11.tar.gz
RUN apt-get update && apt-get upgrade -y && \
rm -r /var/lib/apt/lists /var/cache/apt/archives
RUN chmod g+rwX /opt/bitnami

65
bitnami/nginx-intel/0/debian-11/prebuildfs/opt/bitnami/scripts/libcomponent.sh
View File

@@ -1,65 +0,0 @@
#!/bin/bash
#
# Library for managing Bitnami components
# Constants
CACHE_ROOT="/tmp/bitnami/pkg/cache"
DOWNLOAD_URL="https://downloads.bitnami.com/files/stacksmith"
# Functions
########################
# Download and unpack a Bitnami package
# Globals:
# OS_NAME
# OS_ARCH
# OS_FLAVOUR
# Arguments:
# $1 - component's name
# $2 - component's version
# Returns:
# None
#########################
component_unpack() {
local name="${1:?name is required}"
local version="${2:?version is required}"
local base_name="${name}-${version}-${OS_NAME}-${OS_ARCH}-${OS_FLAVOUR}"
local package_sha256=""
local directory="/opt/bitnami"
# Validate arguments
shift 2
while [ "$#" -gt 0 ]; do
case "$1" in
-c|--checksum)
shift
package_sha256="${1:?missing package checksum}"
;;
*)
echo "Invalid command line flag $1" >&2
return 1
;;
esac
shift
done
echo "Downloading $base_name package"
if [ -f "${CACHE_ROOT}/${base_name}.tar.gz" ]; then
echo "${CACHE_ROOT}/${base_name}.tar.gz already exists, skipping download."
cp "${CACHE_ROOT}/${base_name}.tar.gz" .
rm "${CACHE_ROOT}/${base_name}.tar.gz"
if [ -f "${CACHE_ROOT}/${base_name}.tar.gz.sha256" ]; then
echo "Using the local sha256 from ${CACHE_ROOT}/${base_name}.tar.gz.sha256"
package_sha256="$(< "${CACHE_ROOT}/${base_name}.tar.gz.sha256")"
rm "${CACHE_ROOT}/${base_name}.tar.gz.sha256"
fi
else
curl --remote-name --silent --show-error --fail "${DOWNLOAD_URL}/${base_name}.tar.gz"
fi
if [ -n "$package_sha256" ]; then
echo "Verifying package integrity"
echo "$package_sha256 ${base_name}.tar.gz" | sha256sum --check - || return "$?"
fi
tar --directory "${directory}" --extract --gunzip --file "${base_name}.tar.gz" --no-same-owner --strip-components=2 || return "$?"
rm "${base_name}.tar.gz"
}

24
bitnami/nginx-intel/0/debian-11/rootfs/opt/bitnami/scripts/libnginx.sh
View File

@@ -128,18 +128,21 @@ nginx_validate() {
print_validation_error "The allowed values for ${1} are: yes no"
fi
}
check_valid_port() {
local port_var="${1:?missing port variable}"
local validate_port_args=()
local err
! am_i_root && validate_port_args+=("-unprivileged")
if ! err="$(validate_port "${validate_port_args[@]}" "${!port_var}")"; then
print_validation_error "An invalid port was specified in the environment variable ${port_var}: ${err}."
fi
}
! is_empty_value "$NGINX_ENABLE_ABSOLUTE_REDIRECT" && check_yes_no_value "NGINX_ENABLE_ABSOLUTE_REDIRECT"
! is_empty_value "$NGINX_ENABLE_PORT_IN_REDIRECT" && check_yes_no_value "NGINX_ENABLE_PORT_IN_REDIRECT"
if [[ -n "${NGINX_HTTP_PORT_NUMBER:-}" ]]; then
local -a validate_port_args=()
! am_i_root && validate_port_args+=("-unprivileged")
validate_port_args+=("${NGINX_HTTP_PORT_NUMBER}")
if ! err=$(validate_port "${validate_port_args[@]}"); then
print_validation_error "An invalid port was specified in the environment variable NGINX_HTTP_PORT_NUMBER: $err"
fi
fi
! is_empty_value "$NGINX_HTTP_PORT_NUMBER" && check_valid_port "NGINX_HTTP_PORT_NUMBER"
! is_empty_value "$NGINX_HTTPS_PORT_NUMBER" && check_valid_port "NGINX_HTTPS_PORT_NUMBER"
if ! is_file_writable "$NGINX_CONF_FILE"; then
warn "The NGINX configuration file '${NGINX_CONF_FILE}' is not writable by current user. Configurations based on environment variables will not be applied."
@@ -188,9 +191,14 @@ nginx_initialize() {
nginx_user_configuration="$(sed -E "s/(^user)/# \1/g" "$NGINX_CONF_FILE")"
is_file_writable "$NGINX_CONF_FILE" && echo "$nginx_user_configuration" >"$NGINX_CONF_FILE"
fi
# Configure HTTP port number
if [[ -n "${NGINX_HTTP_PORT_NUMBER:-}" ]]; then
nginx_configure_port "$NGINX_HTTP_PORT_NUMBER"
fi
# Configure HTTPS port number
if [[ -n "${NGINX_HTTPS_PORT_NUMBER:-}" ]]; then
nginx_configure_port "$NGINX_HTTPS_PORT_NUMBER" "${NGINX_SERVER_BLOCKS_DIR}/default-https-server-block.conf"
fi
nginx_configure "absolute_redirect" "$(is_boolean_yes "$NGINX_ENABLE_ABSOLUTE_REDIRECT" && echo "on" || echo "off" )"
nginx_configure "port_in_redirect" "$(is_boolean_yes "$NGINX_ENABLE_PORT_IN_REDIRECT" && echo "on" || echo "off" )"
}

2
bitnami/nginx-intel/0/debian-11/rootfs/opt/bitnami/scripts/nginx/postunpack.sh
View File

@@ -46,6 +46,8 @@ nginx_patch_httpoxy_vulnerability
# Configure default HTTP port
nginx_configure_port "$NGINX_DEFAULT_HTTP_PORT_NUMBER"
# Configure default HTTPS port
nginx_configure_port "$NGINX_DEFAULT_HTTPS_PORT_NUMBER" "${BITNAMI_ROOT_DIR}/scripts/nginx/server_blocks/default-https-server-block.conf"
# shellcheck disable=SC1091

16
bitnami/nginx-intel/0/debian-11/rootfs/opt/bitnami/scripts/nginx/setup.sh
View File

@@ -27,20 +27,14 @@ am_i_root && ensure_user_exists "$NGINX_DAEMON_USER" --group "$NGINX_DAEMON_GROU
# Run init scripts
nginx_custom_init_scripts
# Validate HTTPS port number
if [[ -n "${NGINX_HTTPS_PORT_NUMBER:-}" ]]; then
validate_port_args=()
! am_i_root && validate_port_args+=("-unprivileged")
validate_port_args+=("$NGINX_HTTPS_PORT_NUMBER")
if ! err=$(validate_port "${validate_port_args[@]}"); then
error "An invalid port was specified in the environment variable NGINX_HTTPS_PORT_NUMBER: $err"
exit 1
fi
fi
# Fix logging issue when running as root
! am_i_root || chmod o+w "$(readlink /dev/stdout)" "$(readlink /dev/stderr)"
# Configure HTTPS port number
if [[ -n "${NGINX_HTTPS_PORT_NUMBER:-}" ]] && [[ ! -f "${NGINX_SERVER_BLOCKS_DIR}/default-https-server-block.conf" ]]; then
cp "${BITNAMI_ROOT_DIR}/scripts/nginx/server_blocks/default-https-server-block.conf" "${NGINX_SERVER_BLOCKS_DIR}/default-https-server-block.conf"
fi
# Initialize NGINX
nginx_initialize

41
bitnami/nginx-intel/README.md
View File

@@ -23,7 +23,7 @@ $ docker-compose up -d
## Why use Intel optimized containers
Encryption is becoming pervasive with most organizations increasingly adopting encryption for application execution, data in flight, and data storage. Intel® 3rd gen Xeon® Scalable Processor (Ice Lake) cores and architecture, offers several new instructions for encryption acceleration. These new instructions, coupled with algorithmic and software innovations, deliver breakthrough performance for the industry's most widely deployed cryptographic ciphers.
Encryption is becoming pervasive with most organizations increasingly adopting encryption for application execution, data in flight, and data storage. Intel(R) 3rd gen Xeon(R) Scalable Processor (Ice Lake) cores and architecture, offers several new instructions for encryption acceleration. These new instructions, coupled with algorithmic and software innovations, deliver breakthrough performance for the industry's most widely deployed cryptographic ciphers.
This solution accelerates the processing of the Transport Layer Security (TLS) significantly by using built-in Intel crypto acceleration included in the latest Intel 3rd gen Xeon Scalable Processor (Ice Lake). For more information, refer to [Intels documentation](https://software.intel.com/content/www/us/en/develop/articles/wordpress-tuning-guide-on-xeon-systems.html).
@@ -53,7 +53,7 @@ Non-root container images add an extra layer of security and are generally recom
Learn more about the Bitnami tagging policy and the difference between rolling tags and immutable tags [in our documentation page](https://docs.bitnami.com/tutorials/understand-rolling-tags-containers/).
* [`0`, `0-debian-11`, `0.4.7`, `0.4.7-debian-11-r33`, `latest` (0/debian-11/Dockerfile)](https://github.com/bitnami/containers/blob/main/bitnami/nginx-intel/0/debian-11/Dockerfile)
* [`0`, `0-debian-11`, `0.4.7`, `0.4.7-debian-11-r34`, `latest` (0/debian-11/Dockerfile)](https://github.com/bitnami/containers/blob/main/bitnami/nginx-intel/0/debian-11/Dockerfile)
## Get this image
@@ -285,47 +285,10 @@ $ docker-compose logs nginx
You can configure the containers [logging driver](https://docs.docker.com/engine/admin/logging/overview/) using the `--log-driver` option if you wish to consume the container logs differently. In the default configuration docker uses the `json-file` driver.
## Understand the structure of this image
The Bitnami NGINX Open Source for Intel Docker image is built using a Dockerfile with the structure below:
```Dockerfile
FROM bitnami/minideb
...
## Install required system packages and dependencies
RUN install_packages xxx yyy zzz
RUN . /opt/bitnami/scripts/libcomponent.sh && component_unpack "nginx" "a.b.c-0"
...
COPY rootfs /
RUN /opt/bitnami/scripts/nginx/postunpack.sh
...
ENV BITNAMI_APP_NAME="nginx" ...
EXPOSE 8080 8443
WORKDIR /app
USER 1001
...
ENTRYPOINT [ "/opt/bitnami/scripts/nginx/entrypoint.sh" ]
CMD [ "/opt/bitnami/scripts/nginx/run.sh" ]
```
The Dockerfile has several sections related to:
- Components installation
- Components static configuration
- Environment variables
- Volumes
- Ports to be exposed
- Working directory and user
- Note that once the user is set to 1001, unprivileged commands cannot be executed any longer.
- Entrypoint and command
- Take into account that these actions are not executed until the container is started.
## Customize this image
The Bitnami NGINX Open Source for Intel Docker image is designed to be extended so it can be used as the base image for your custom web applications.
> Note: Read the [previous section](#understand-the-structure-of-this-image) to understand the Dockerfile structure before extending this image.
### Extend this image
Before extending this image, please note there are certain configuration settings you can modify using the original image: