From 0dafb34fa491edf75eb651e400f9de34ef8ad985 Mon Sep 17 00:00:00 2001 From: Michael Pleshakov Date: Thu, 8 Feb 2018 18:40:57 +0000 Subject: [PATCH] Change the base image to Debian Stretch for Plus controller (#235) --- nginx-controller/DockerfileForPlus | 56 ++++++++++++++++++++---------- 1 file changed, 37 insertions(+), 19 deletions(-) diff --git a/nginx-controller/DockerfileForPlus b/nginx-controller/DockerfileForPlus index ed45f37b07..0b5c4266fa 100644 --- a/nginx-controller/DockerfileForPlus +++ b/nginx-controller/DockerfileForPlus @@ -1,43 +1,61 @@ -FROM ubuntu:16.04 +FROM debian:stretch-slim -MAINTAINER NGINX Docker Maintainers "docker-maint@nginx.com" +LABEL maintainer="NGINX Docker Maintainers " -# Set the debconf front end to Noninteractive -RUN echo 'debconf debconf/frontend select Noninteractive' | debconf-set-selections - -RUN apt-get update && apt-get install -y -q wget lsb-release apt-transport-https +ENV NGINX_PLUS_VERSION 1.13.7-2~stretch # Download certificate and key from the customer portal (https://cs.nginx.com) # and copy to the build context -ADD nginx-repo.crt /etc/ssl/nginx/ -ADD nginx-repo.key /etc/ssl/nginx/ +COPY nginx-repo.crt /etc/ssl/nginx/ +COPY nginx-repo.key /etc/ssl/nginx/ # Make sure the certificate and key have correct permissions RUN chmod 644 /etc/ssl/nginx/* -# Get other files required for installation -RUN wget -q -O - http://nginx.org/keys/nginx_signing.key | apt-key add - -RUN wget -q -O /etc/apt/apt.conf.d/90nginx https://cs.nginx.com/static/files/90nginx - -RUN printf "deb https://plus-pkgs.nginx.com/ubuntu `lsb_release -cs` nginx-plus\n" >/etc/apt/sources.list.d/nginx-plus.list - # Install NGINX Plus -RUN apt-get update && apt-get install -y nginx-plus +RUN set -x \ + && apt-get update && apt-get upgrade -y \ + && apt-get install --no-install-recommends --no-install-suggests -y apt-transport-https ca-certificates gnupg1 \ + && \ + NGINX_GPGKEY=573BFD6B3D8FBC641079A6ABABF5BD827BD9BF62; \ + found=''; \ + for server in \ + ha.pool.sks-keyservers.net \ + hkp://keyserver.ubuntu.com:80 \ + hkp://p80.pool.sks-keyservers.net:80 \ + pgp.mit.edu \ + ; do \ + echo "Fetching GPG key $NGINX_GPGKEY from $server"; \ + apt-key adv --keyserver "$server" --keyserver-options timeout=10 --recv-keys "$NGINX_GPGKEY" && found=yes && break; \ + done; \ + test -z "$found" && echo >&2 "error: failed to fetch GPG key $NGINX_GPGKEY" && exit 1; \ + echo "Acquire::https::plus-pkgs.nginx.com::Verify-Peer \"true\";" >> /etc/apt/apt.conf.d/90nginx \ + && echo "Acquire::https::plus-pkgs.nginx.com::Verify-Host \"true\";" >> /etc/apt/apt.conf.d/90nginx \ + && echo "Acquire::https::plus-pkgs.nginx.com::SslCert \"/etc/ssl/nginx/nginx-repo.crt\";" >> /etc/apt/apt.conf.d/90nginx \ + && echo "Acquire::https::plus-pkgs.nginx.com::SslKey \"/etc/ssl/nginx/nginx-repo.key\";" >> /etc/apt/apt.conf.d/90nginx \ + && printf "deb https://plus-pkgs.nginx.com/debian stretch nginx-plus\n" > /etc/apt/sources.list.d/nginx-plus.list \ + && apt-get update && apt-get install -y nginx-plus=${NGINX_PLUS_VERSION} \ + && apt-get remove --purge --auto-remove -y gnupg1 \ + && rm -rf /var/lib/apt/lists/* \ + && rm -rf /etc/ssl/nginx \ + && rm /etc/apt/apt.conf.d/90nginx /etc/apt/sources.list.d/nginx-plus.list -EXPOSE 80 443 8080 # forward nginx access and error logs to stdout and stderr of the ingress # controller process RUN ln -sf /proc/1/fd/1 /var/log/nginx/access.log \ && ln -sf /proc/1/fd/2 /var/log/nginx/error.log + +EXPOSE 80 443 + COPY nginx-ingress nginx/templates/nginx-plus.ingress.tmpl nginx/templates/nginx-plus.tmpl / -RUN rm /etc/nginx/conf.d/* -RUN mkdir -p /etc/nginx/secrets +RUN rm /etc/nginx/conf.d/* \ + && mkdir -p /etc/nginx/secrets # Uncomment the line below if you would like to add the default.pem to the image # and use it as a certificate and key for the default server # ADD default.pem /etc/nginx/secrets/default -ENTRYPOINT ["/nginx-ingress"] +ENTRYPOINT ["/nginx-ingress"] \ No newline at end of file