oyM7ppIdlo - snips.sh

 1FROM debian:trixie AS builder
 2
 3ARG NGINX_VERSION="1.29.4"
 4ARG BORINGSSL_VERSION="0.20251124.0"
 5
 6ARG CFLAGS="-I/usr/src/boringssl/include -flto -fmerge-all-constants -fno-unwind-tables -fvisibility=hidden -fuse-linker-plugin -Wimplicit -Os -s -ffunction-sections -fdata-sections -fno-ident -fno-asynchronous-unwind-tables -static -Wno-cast-function-type -Wno-implicit-function-declaration"
 7ARG LDFLAGS="-L/usr/src/boringssl/build -lstdc++ -L/usr/src/boringssl/build/crypto -flto -fuse-linker-plugin -static -s -Wl,--gc-sections"
 8
 9WORKDIR /src
10
11RUN apt-get update && \
12    apt-get install -y cmake ninja-build build-essential pkg-config git curl golang jq zlib1g-dev libpcre2-dev
13
14# Install BoringSSL
15RUN git clone https://boringssl.googlesource.com/boringssl /usr/src/boringssl \
16    && cd /usr/src/boringssl && git checkout --force --quiet "${BORINGSSL_VERSION}" \
17    && mkdir -p /usr/src/boringssl/build \
18    && cmake -GNinja -B/usr/src/boringssl/build -S/usr/src/boringssl -DCMAKE_BUILD_TYPE=RelWithDebInfo \
19    && ninja -C /usr/src/boringssl/build
20
21RUN git clone --depth 1 --branch "release-${NGINX_VERSION}" https://github.com/nginx/nginx.git
22
23WORKDIR /src/nginx
24
25RUN ./auto/configure \
26    --with-cc-opt="$CFLAGS" \
27    --with-ld-opt="$LDFLAGS" \
28    --prefix=/usr/local/nginx \
29    --sbin-path=/usr/bin/nginx \
30    --conf-path=/etc/nginx/nginx.conf \
31    --error-log-path=stderr \
32    --pid-path=/tmp/nginx.pid \
33    --lock-path=/tmp/nginx.lock \
34    --user=nobody \
35    --group=nogroup \
36    --with-pcre \
37    --with-threads \
38    --with-stream \
39    --with-stream_ssl_module \
40    --with-stream_ssl_preread_module \
41    --with-file-aio \
42    --with-http_v2_module \
43    --with-http_v3_module \
44    --with-http_ssl_module \
45    --with-http_gunzip_module \
46    --with-http_gzip_static_module \
47    --without-http_ssi_module \
48    --without-http_access_module \
49    --without-http_auth_basic_module \
50    --without-http_browser_module \
51    --without-http_map_module \
52    --without-http_mirror_module \
53    --without-http_autoindex_module \
54    --without-http_geo_module \
55    --without-http_split_clients_module \
56    --without-http_userid_module \
57    --without-http_empty_gif_module \
58    --without-http_referer_module \
59    --without-http_fastcgi_module \
60    --without-http_uwsgi_module \
61    --without-http_scgi_module \
62    --without-http_grpc_module \
63    --without-http_memcached_module \
64    --without-http_limit_conn_module \
65    --without-http_limit_req_module \
66    --without-http_upstream_hash_module \
67    --without-http_upstream_ip_hash_module \
68    --without-http_upstream_least_conn_module \
69    --without-http_upstream_random_module \
70    --without-http_upstream_keepalive_module \
71    --without-http_upstream_zone_module
72
73RUN make && \
74    make install
75
76FROM scratch
77
78COPY config/group /etc/group
79COPY config/passwd /etc/passwd
80COPY --chmod=755 config/nginx /etc/nginx
81
82COPY --from=builder /usr/bin/nginx /usr/bin/nginx
83
84USER nobody
85
86EXPOSE 8080
87VOLUME [ "/tmp" ]
88
89ENTRYPOINT [ "/usr/bin/nginx" ]
90CMD [ "-g", "daemon off;" ]