Compare commits
5 Commits
78c442bdba
...
main
| Author | SHA1 | Date | |
|---|---|---|---|
6f2dc19d07
|
|||
|
49a522bf15
|
|||
|
b332ed833e
|
|||
|
7525b5847a
|
|||
|
778fe4855f
|
@@ -1,5 +1,5 @@
|
||||
# FROM docker.io/debian:bookworm-slim as base-upstream
|
||||
ARG PYTHONTAG=3.12.11-slim-bookworm
|
||||
# FROM docker.io/debian:trixie-slim as base-upstream
|
||||
ARG PYTHONTAG=3.12.11-slim-trixie
|
||||
FROM docker.io/python:${PYTHONTAG} AS base-upstream
|
||||
|
||||
FROM base-upstream AS base-intermediate
|
||||
@@ -19,7 +19,6 @@ ENV PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin \
|
||||
PYTHONUNBUFFERED=1 \
|
||||
PYTHONDONTWRITEBYTECODE=1
|
||||
|
||||
COPY /apt/prefs.backports /etc/apt/preferences.d/backports
|
||||
COPY /apt/sources.debian /etc/apt/sources.list.d/debian.sources
|
||||
|
||||
## prevent services from auto-starting, part 1
|
||||
@@ -60,6 +59,7 @@ RUN apt-env.sh apt-get update ; \
|
||||
openssl \
|
||||
procps \
|
||||
psmisc \
|
||||
systemd-standalone-sysusers \
|
||||
tzdata \
|
||||
zstd \
|
||||
; \
|
||||
@@ -272,8 +272,8 @@ RUN env -C /root rm -f .bash_history .python_history .wget-hsts
|
||||
FROM base-intermediate AS certs
|
||||
SHELL [ "/bin/sh", "-ec" ]
|
||||
|
||||
## "2025.06.15"
|
||||
ENV CERTIFI_COMMIT=e767d5938eddddf804216cec93a55c85129c5f2d
|
||||
## "2025.08.03"
|
||||
ENV CERTIFI_COMMIT=a97d9ad8f87c382378dddc0b0b33b9770932404e
|
||||
|
||||
# ARG CERTIFI_BASE_URI='https://raw.githubusercontent.com/certifi/python-certifi'
|
||||
|
||||
|
||||
5
angie/autoconf/http-realip.conf.j2
Normal file
5
angie/autoconf/http-realip.conf.j2
Normal file
@@ -0,0 +1,5 @@
|
||||
{%- set hdr = j2cfg.headers.real_ip_from or 'off' -%}
|
||||
{%- if hdr != 'off' %}
|
||||
real_ip_header {{ hdr | http_header }};
|
||||
{% include 'realip-set-from.j2inc' %}
|
||||
{%- endif %}
|
||||
1
angie/autoconf/http-server-tokens.conf
Normal file
1
angie/autoconf/http-server-tokens.conf
Normal file
@@ -0,0 +1 @@
|
||||
server_tokens off;
|
||||
1
angie/autoconf/mail-realip.conf.j2
Normal file
1
angie/autoconf/mail-realip.conf.j2
Normal file
@@ -0,0 +1 @@
|
||||
{% include 'realip-set-from.j2inc' %}
|
||||
8
angie/autoconf/realip-set-from.j2inc
Normal file
8
angie/autoconf/realip-set-from.j2inc
Normal file
@@ -0,0 +1,8 @@
|
||||
{%- set src = (j2cfg.trusted_sources or []) | any_to_str_list | uniq_str_list | ngx_esc -%}
|
||||
{%- if src %}
|
||||
{%- for s in src %}
|
||||
set_real_ip_from {{ s }};
|
||||
{%- endfor %}
|
||||
{%- else %}
|
||||
set_real_ip_from unix: ;
|
||||
{%- endif %}
|
||||
1
angie/autoconf/stream-realip.conf.j2
Normal file
1
angie/autoconf/stream-realip.conf.j2
Normal file
@@ -0,0 +1 @@
|
||||
{% include 'realip-set-from.j2inc' %}
|
||||
@@ -58,3 +58,15 @@ tls:
|
||||
dhparam: tls/dh1024.pem
|
||||
session_tickets: off
|
||||
session_timeout: 1d
|
||||
|
||||
## well-known values are:
|
||||
## - 'off' - don't use "realip" module
|
||||
## - 'proxy_protocol' - get information from PROXY protocol if listen directive has "proxy_protocol" option
|
||||
## - 'X-Forwarded-For' - get information from 'X-Forwarded-For' header
|
||||
## - 'X-Real-IP' - get information from 'X-Real-IP' header
|
||||
## any other value will be treated as uncommon (but valid?) header
|
||||
real_ip_from: off
|
||||
## list of trusted sources to be used in "realip" module
|
||||
## ref: https://en.angie.software/angie/docs/configuration/modules/http/http_realip/
|
||||
## if empty, defaults to "unix:"
|
||||
trusted_sources: []
|
||||
|
||||
@@ -1,27 +0,0 @@
|
||||
Package: src:curl
|
||||
Pin: release n=bookworm-backports
|
||||
Pin-Priority: 600
|
||||
|
||||
Package: src:debhelper
|
||||
Pin: release n=bookworm-backports
|
||||
Pin-Priority: 600
|
||||
|
||||
Package: src:elfutils
|
||||
Pin: release n=bookworm-backports
|
||||
Pin-Priority: 600
|
||||
|
||||
Package: src:iproute2
|
||||
Pin: release n=bookworm-backports
|
||||
Pin-Priority: 600
|
||||
|
||||
Package: src:libbpf
|
||||
Pin: release n=bookworm-backports
|
||||
Pin-Priority: 600
|
||||
|
||||
Package: src:systemd
|
||||
Pin: release n=bookworm-backports
|
||||
Pin-Priority: 600
|
||||
|
||||
Package: src:sysvinit
|
||||
Pin: release n=bookworm-backports
|
||||
Pin-Priority: 600
|
||||
@@ -1,11 +1,11 @@
|
||||
Types: deb
|
||||
URIs: http://deb.debian.org/debian
|
||||
Suites: bookworm bookworm-updates bookworm-proposed-updates bookworm-backports
|
||||
Suites: trixie trixie-updates trixie-proposed-updates trixie-backports
|
||||
Components: main
|
||||
Signed-By: /usr/share/keyrings/debian-archive-keyring.gpg
|
||||
|
||||
Types: deb
|
||||
URIs: http://deb.debian.org/debian-security
|
||||
Suites: bookworm-security
|
||||
Suites: trixie-security
|
||||
Components: main
|
||||
Signed-By: /usr/share/keyrings/debian-archive-keyring.gpg
|
||||
|
||||
@@ -10,7 +10,7 @@ BUILDAH_ISOLATION="${BUILDAH_ISOLATION:-chroot}"
|
||||
BUILDAH_NETWORK="${BUILDAH_NETWORK:-host}"
|
||||
set +a
|
||||
|
||||
PYTHONTAG="${PYTHONTAG:-3.12.11-slim-bookworm}"
|
||||
PYTHONTAG="${PYTHONTAG:-3.12.11-slim-trixie}"
|
||||
|
||||
grab_site_packages() {
|
||||
podman run \
|
||||
|
||||
@@ -1,4 +1,4 @@
|
||||
jinja2==3.1.6
|
||||
psutil==7.0.0
|
||||
pyyaml==6.0.2
|
||||
wcmatch==10.0
|
||||
wcmatch==10.1
|
||||
|
||||
Reference in New Issue
Block a user