AirisX / nginx_cookie_flag_module

Module for Nginx which allows to set the flags "HttpOnly", "secure" and "SameSite" for cookies.
BSD 2-Clause "Simplified" License
106 stars 67 forks source link

Add instructions for installing in docker #18

Open alicederyn opened 4 years ago

alicederyn commented 4 years ago

I found the following gist really useful when attempting to add this module to nginx in docker:

https://gist.github.com/muuvmuuv/f1a0e7b6a6a02c2253dc92350eab7607

It's not for this module per se but it taught me what I needed to know. Leaving it here in case anyone else finds it useful (also it would be great to get this added to the docs <3)

Jesega commented 8 months ago

Hi Alice! The page is no longer available :/ Do you have any idea where can I find this info? Thanks!

alicederyn commented 8 months ago

https://web.archive.org/web/20220928234117/https://gist.github.com/muuvmuuv/f1a0e7b6a6a02c2253dc92350eab7607

ARG version
ARG timezone=Europe/Berlin
ARG modules_dir="/usr/lib/nginx/modules"

################################################################
# BUILDER
#
# Compile brotli and zstd from source to use it in a standard
# NGINX image container.
################################################################

FROM debian:stable AS builder

ARG version
ARG modules_dir
ARG build_dir="/usr/share/tmp"

# Setup
RUN apt-get update
RUN apt-get install -y --no-install-recommends \
  ca-certificates \
  wget \
  git \
  build-essential \
  libpcre3-dev \
  zlib1g-dev \
  libzstd-dev
RUN mkdir -p ${build_dir}
RUN mkdir -p ${modules_dir}

# Download NGINX
RUN cd ${build_dir} \
  && wget https://nginx.org/download/nginx-${version}.tar.gz \
  && tar zxf nginx-${version}.tar.gz \
  && rm nginx-${version}.tar.gz

# Download Modules
RUN cd ${build_dir} \
  && git clone --recursive https://github.com/google/ngx_brotli.git brotli \
  && git clone --recursive https://github.com/tokers/zstd-nginx-module.git zstd

# Install modules
RUN cd ${build_dir}/nginx-${version} \
  && ./configure --with-compat \
  --add-dynamic-module=../brotli  \
  # --add-module=../zstd  \
  && make && make install

# Move compiled modules
RUN cd ${build_dir}/nginx-${version}/objs \
  && cp ngx_http_brotli_static_module.so ${modules_dir} \
  && cp ngx_http_brotli_filter_module.so ${modules_dir} \
  # && cp ngx_http_zstd_static_module.so ${modules_dir} \
  # && cp ngx_http_zstd_filter_module.so ${modules_dir} \
  && chmod -R 644 ${modules_dir}

################################################################
# SERVER
################################################################

FROM nginx:${version}-alpine

ARG timezone
ARG modules_dir

COPY --from=builder ${modules_dir}/* ${modules_dir}/

COPY dist/aqua                    /var/www
COPY docker/nginx/share/*         /usr/share/

# Configure System
RUN cp /usr/share/zoneinfo/${timezone} /etc/localtime
RUN echo "${timezone}" > /etc/timezone
COPY docker/nginx/entrypoint.sh /
RUN chmod +x /entrypoint.sh

# Moves files and set permissions
COPY docker/nginx/certs/* /etc/nginx/certs/
COPY docker/nginx/components/ /etc/nginx/components/
RUN mv /etc/nginx/conf.d/ /etc/nginx/conf.d-copy/
COPY docker/nginx/conf.d/ /etc/nginx/conf.d/
RUN chmod +x /usr/share/*.sh
RUN mv /etc/nginx/nginx.conf /etc/nginx/nginx-backup.conf
COPY docker/nginx/nginx.conf /etc/nginx/nginx.conf

################################################################

EXPOSE 80
EXPOSE 443/tcp
EXPOSE 443/udp

ENTRYPOINT ["/entrypoint.sh"]

CMD ["nginx-debug", "-g", "daemon off;"]