diff --git a/Dockerfile b/Dockerfile index aae3693..5b7a4f1 100644 --- a/Dockerfile +++ b/Dockerfile @@ -3,8 +3,8 @@ FROM alpine:3 AS build ARG VERSION="1.27.4" ARG CHECKSUM="294816f879b300e621fa4edd5353dd1ec00badb056399eceb30de7db64b753b2" -ARG OPENSSL_VERSION="3.3.3" -ARG OPENSSL_CHECKSUM="712590fd20aaa60ec75d778fe5b810d6b829ca7fb1e530577917a131f9105539" +ARG OPENSSL_VERSION="3.4.1" +ARG OPENSSL_CHECKSUM="002a2d6b30b58bf4bea46c43bdd96365aaf8daa6c428782aa4feee06da197df3" ARG ZLIB_VERSION="1.3.1" ARG ZLIB_CHECKSUM="9a93b2b7dfdac77ceba5a558a580e74667dd6fede4585b91eefb60f03b72df23" @@ -22,8 +22,8 @@ RUN [ "$(sha256sum /tmp/nginx.tar.gz | awk '{print $1}')" = "$CHECKSUM" ] && \ tar -C /tmp -xf /tmp/zlib.tar.gz && \ cd /tmp/nginx-$VERSION && \ ./configure \ - --with-cc-opt="-static" \ - --with-ld-opt="-static" \ + --with-cc-opt="-static -march=x86-64-v2 -O2 -flto=auto -fstack-protector-strong -Wformat -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -fPIC" \ + --with-ld-opt="-static -Wl,-O1 -Wl,--sort-common -Wl,--as-needed -Wl,-z,relro -Wl,-z,now -Wl,-z,pack-relative-relocs -flto=auto" \ --with-cpu-opt="generic" \ --sbin-path="/bin/nginx" \ --conf-path="/etc/nginx/nginx.conf" \ @@ -68,7 +68,8 @@ RUN [ "$(sha256sum /tmp/nginx.tar.gz | awk '{print $1}')" = "$CHECKSUM" ] && \ --with-stream_ssl_preread_module \ --with-compat \ --with-openssl="/tmp/openssl-$OPENSSL_VERSION" \ - --with-zlib="/tmp/zlib-$ZLIB_VERSION" && \ + --with-zlib="/tmp/zlib-$ZLIB_VERSION" \ + --with-openssl-opt=enable-ktls && \ make RUN mkdir -p /rootfs/bin && \ @@ -82,10 +83,13 @@ RUN mkdir -p /rootfs/bin && \ mkdir -p /rootfs/tmp -FROM scratch +FROM alpine:3 + +RUN apk add envsubst COPY --from=build --chown=10000:10000 /rootfs / USER 10000:10000 -ENTRYPOINT ["/bin/nginx"] -CMD ["-g", "daemon off;"] +# ENTRYPOINT ["/bin/nginx"] +CMD ["/bin/sh" , "-c" , "envsubst < /nginx.conf.template > /etc/nginx/nginx.conf && exec nginx -g 'daemon off;'"] +# CMD ["-g", "daemon off;"]