1
0
angie-conv-image/Dockerfile

206 lines
5.7 KiB
Docker
Raw Normal View History

2024-07-20 17:12:15 +03:00
FROM docker.io/rockdrilla/angie-conv:deps-v1 AS deps
2024-07-11 13:37:35 +03:00
## ---
2024-07-20 17:12:15 +03:00
FROM deps AS certs
2024-07-11 13:37:35 +03:00
SHELL [ "/bin/sh", "-ec" ]
COPY /scripts/* /usr/local/sbin/
COPY /extra-scripts/* /usr/local/sbin/
## consult https://github.com/certifi/python-certifi/
ENV CERTIFI_COMMIT=bd8153872e9c6fc98f4023df9c2deaffea2fa463
RUN pkg='curl' ; \
apt-install.sh ca-certificates ${pkg} ; \
## process certifi
ls -l /etc/ssl/certs/ca-certificates.crt ; \
certifi-extras.sh ; \
ls -l /etc/ssl/certs/ca-certificates.crt
## ---
2024-07-20 17:12:15 +03:00
FROM deps AS pycache
2024-07-11 13:37:35 +03:00
SHELL [ "/bin/sh", "-ec" ]
COPY /scripts/* /usr/local/sbin/
COPY /extra-scripts/* /usr/local/sbin/
2024-07-20 16:35:39 +03:00
COPY /j2cfg/ /usr/local/lib/j2cfg/
2024-07-16 02:43:08 +03:00
2024-07-11 13:37:35 +03:00
ENV PYTHONDONTWRITEBYTECODE=''
## Python cache preseed
2024-07-16 02:43:08 +03:00
2024-07-20 16:35:39 +03:00
RUN python3 -m compileall -q -j 2 /usr/local/lib/j2cfg/
2024-07-16 02:43:08 +03:00
2024-07-11 13:37:35 +03:00
RUN libpython="${PYTHON_SITE_PACKAGES%/*}" ; \
find "${libpython}/" -mindepth 1 -maxdepth 1 -printf '%P\0' \
| sed -zEn \
-e '/^(collections|importlib|json|re)$/p' \
2024-07-11 13:37:35 +03:00
| sort -zV \
| env -C "${libpython}" xargs -0r \
python3 -m compileall -q -j 2 ; \
find "${PYTHON_SITE_PACKAGES}/" -mindepth 1 -maxdepth 1 -printf '%P\0' \
| sed -zE \
-e '/\.(dist-info|pth|txt)$/d' \
-e '/^(pip|pkg_resources|setuptools|wheel)$/d' \
| sort -zV \
| env -C "${PYTHON_SITE_PACKAGES}" xargs -0r \
python3 -m compileall -q -j 2
## Python cache warmup
2024-07-20 18:29:09 +03:00
RUN j2cfg-single /usr/local/lib/j2cfg/test.j2 /tmp/test ; \
cat /tmp/test ; echo ; \
rm -f /tmp/test
2024-07-11 13:37:35 +03:00
## Python cache adjustments
RUN d="@$(date '+%s')" ; \
2024-07-16 02:43:08 +03:00
find /usr/local/lib/ -name '*.pyc' -exec touch -m -d "$d" {} + ; \
find /usr/local/lib/ -name __pycache__ -exec touch -m -d "$d" {} +
2024-07-11 13:37:35 +03:00
## ---
FROM deps
SHELL [ "/bin/sh", "-ec" ]
## NB: NGX_DEBUG is set via build script
COPY /Dockerfile /usr/local/share/
COPY --from=certs /etc/ssl/certs/ca-certificates.crt /etc/ssl/certs/ca-certificates.crt
COPY --from=certs /usr/local/share/ca-certificates/ /usr/local/share/ca-certificates/
## RFC: Python cache
## TODO: reduce load by selecting only __pycache__ directories in either way
2024-07-16 02:43:08 +03:00
COPY --from=pycache /usr/local/lib/ /usr/local/lib/
## already copied by statement above
2024-07-20 16:35:39 +03:00
# COPY /j2cfg/ /usr/local/lib/j2cfg/
2024-07-11 13:37:35 +03:00
ENV ANGIE_MODULES_DIR=/usr/lib/angie/modules
COPY /scripts/* /usr/local/bin/
RUN _UID=11111 _GID=11111 ; \
echo "angie:x:${_UID}:${_GID}:Angie:/etc/angie:/bin/false" >> /etc/passwd ; \
echo "angie:x:${_GID}:" >> /etc/group ; \
echo 'angie:!:::::::' >> /etc/shadow
RUN apt-install.sh angie ; \
apt-clean.sh ; \
## verify Angie layout
[ -d "${ANGIE_MODULES_DIR}" ] ; \
n='/usr/sbin/angie' ; \
[ -x "$n-debug" ] ; \
[ -x "$n-nodebug" ] ; \
## adjust Angie binaries
rm -fv "$n" ; \
if [ "${NGX_DEBUG}" = 0 ] ; then \
rm -fv "$n-debug" ; \
mv -fv "$n-nodebug" "$n" ; \
ln -fsv "${n##*/}" "$n-nodebug" ; \
ln -fsv /bin/false "$n-debug" ; \
else \
rm -fv "$n-nodebug" ; \
mv -fv "$n-debug" "$n" ; \
ln -fsv "${n##*/}" "$n-debug" ; \
ln -fsv /bin/false "$n-nodebug" ; \
fi
## preserve snippets from Angie config directory
## ref: https://git.angie.software/web-server/angie/src/tag/Angie-1.6.0/conf
RUN d=/etc/angie ; t=$(mktemp -d) ; \
tar -C "$d" -cf - \
fastcgi_params \
fastcgi.conf \
mime.types \
prometheus_all.conf \
scgi_params \
uwsgi_params \
| tar -C "$t" -xf - ; \
rm -rf "$d" ; \
install -d "$d" "$d/snip.dist" ; \
tar -C "$t" -cf - . | tar -C "$d/snip.dist" -xf - ; \
rm -rf "$t" ; \
chown -hR 0:0 "$d" ; \
chmod go-w "$d" ; \
find "$d/" -type f -exec chmod 0644 {} +
## produce own layout for Angie >:)
## /angie/ is persistence store
RUN install -d -o angie -g angie -m 03777 /angie /run/angie ; \
## adjust paths across filesystem
rm -rfv /var/cache/angie/ /var/lib/angie/ /var/log/angie/ ; \
ln -sv /run/angie/cache /var/cache/angie ; \
ln -sv /run/angie/lib /var/lib/angie ; \
ln -sv /run/angie/log /var/log/angie ; \
## adjust paths in config directory
2024-07-20 17:12:15 +03:00
cd /etc/angie || exit 1 ; \
2024-07-11 13:37:35 +03:00
ln -sv /run/angie run ; \
2024-07-23 21:59:49 +03:00
ln -sv /run/angie/load load ; \
ln -sv /run/angie/lock lock ; \
2024-07-11 13:37:35 +03:00
ln -sv ${ANGIE_MODULES_DIR} modules.dist ; \
## hyper-modular paths:
data='conf j2cfg mod modules site snip static' ; \
2024-07-11 13:37:35 +03:00
vardata='cache lib log' ; \
for n in ${data} ; do \
for d in "$n" "$n.dist" ; do \
[ -e "$d" ] || install -d "$d" ; \
done ; \
done ; \
for n in ${data} ${vardata} ; do \
ln -sv "/run/angie/$n" "$n.d" ; \
done
VOLUME [ "/run/angie" ]
COPY /angie/ /etc/angie/
RUN find /etc/angie/ -name .gitkeep -delete ; \
find /etc/angie/ ! -type l -exec chmod go-w {} +
2024-07-15 16:15:47 +03:00
## preseed builtin modules list
RUN x='angie-builtin-modules.sh' ; \
"$x" ; \
2024-07-20 17:12:15 +03:00
chmod a-x "$(which "$x")"
2024-07-15 16:15:47 +03:00
2024-07-11 13:37:35 +03:00
## misc tools
RUN apt-install.sh \
brotli \
zstd \
; \
apt-clean.sh
## relatively lightweight modules
RUN apt-install-angie-mod.sh \
brotli \
cache-purge \
echo \
geoip2 \
headers-more \
subs \
upload \
zip \
zstd \
; \
apt-clean.sh
## image-entry.sh is placed into /usr/local/bin/ to allow custom entrypoint/chaining:
## - there's no need to change ENTRYPOINT/CMD
## - custom entrypoint should be placed in /usr/local/sbin/
## - custom entrypoint should "exec" /usr/local/bin/image-entry.sh
COPY /image-entry.sh /usr/local/bin/
COPY /image-entry.d/ /image-entry.d/
## must be bind-mounted only for local customization/overrides!
# RUN install -d /image-entry
## misc defaults
ENV DUMB_INIT_SETSID=0 \
2024-07-20 17:12:15 +03:00
MALLOC_ARENA_MAX=4
2024-07-11 13:37:35 +03:00
STOPSIGNAL SIGQUIT
ENTRYPOINT [ "image-entry.sh" ]
2024-07-15 16:15:47 +03:00
CMD [ "angie" ]