Use latest openssl version, enable ktls, add optimization compiler flags
Some checks failed
Build and push container image / main (push) Has been cancelled
Some checks failed
Build and push container image / main (push) Has been cancelled
This commit is contained in:
parent
b0ff8f1151
commit
e965dfdea9
GPG key ID:
32C1DDF333EDA6A4
1 changed files with 12 additions and 8 deletions
20
Dockerfile
20
Dockerfile
|
|
@ -3,8 +3,8 @@ FROM alpine:3 AS build
|
||||||
ARG VERSION="1.27.4"
|
ARG VERSION="1.27.4"
|
||||||
ARG CHECKSUM="294816f879b300e621fa4edd5353dd1ec00badb056399eceb30de7db64b753b2"
|
ARG CHECKSUM="294816f879b300e621fa4edd5353dd1ec00badb056399eceb30de7db64b753b2"
|
||||||
|
|
||||||
ARG OPENSSL_VERSION="3.3.3"
|
ARG OPENSSL_VERSION="3.4.1"
|
||||||
ARG OPENSSL_CHECKSUM="712590fd20aaa60ec75d778fe5b810d6b829ca7fb1e530577917a131f9105539"
|
ARG OPENSSL_CHECKSUM="002a2d6b30b58bf4bea46c43bdd96365aaf8daa6c428782aa4feee06da197df3"
|
||||||
|
|
||||||
ARG ZLIB_VERSION="1.3.1"
|
ARG ZLIB_VERSION="1.3.1"
|
||||||
ARG ZLIB_CHECKSUM="9a93b2b7dfdac77ceba5a558a580e74667dd6fede4585b91eefb60f03b72df23"
|
ARG ZLIB_CHECKSUM="9a93b2b7dfdac77ceba5a558a580e74667dd6fede4585b91eefb60f03b72df23"
|
||||||
|
|
@ -22,8 +22,8 @@ RUN [ "$(sha256sum /tmp/nginx.tar.gz | awk '{print $1}')" = "$CHECKSUM" ] && \
|
||||||
tar -C /tmp -xf /tmp/zlib.tar.gz && \
|
tar -C /tmp -xf /tmp/zlib.tar.gz && \
|
||||||
cd /tmp/nginx-$VERSION && \
|
cd /tmp/nginx-$VERSION && \
|
||||||
./configure \
|
./configure \
|
||||||
--with-cc-opt="-static" \
|
--with-cc-opt="-static -march=x86-64-v2 -O2 -flto=auto -fstack-protector-strong -Wformat -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -fPIC" \
|
||||||
--with-ld-opt="-static" \
|
--with-ld-opt="-static -Wl,-O1 -Wl,--sort-common -Wl,--as-needed -Wl,-z,relro -Wl,-z,now -Wl,-z,pack-relative-relocs -flto=auto" \
|
||||||
--with-cpu-opt="generic" \
|
--with-cpu-opt="generic" \
|
||||||
--sbin-path="/bin/nginx" \
|
--sbin-path="/bin/nginx" \
|
||||||
--conf-path="/etc/nginx/nginx.conf" \
|
--conf-path="/etc/nginx/nginx.conf" \
|
||||||
|
|
@ -68,7 +68,8 @@ RUN [ "$(sha256sum /tmp/nginx.tar.gz | awk '{print $1}')" = "$CHECKSUM" ] && \
|
||||||
--with-stream_ssl_preread_module \
|
--with-stream_ssl_preread_module \
|
||||||
--with-compat \
|
--with-compat \
|
||||||
--with-openssl="/tmp/openssl-$OPENSSL_VERSION" \
|
--with-openssl="/tmp/openssl-$OPENSSL_VERSION" \
|
||||||
--with-zlib="/tmp/zlib-$ZLIB_VERSION" && \
|
--with-zlib="/tmp/zlib-$ZLIB_VERSION" \
|
||||||
|
--with-openssl-opt=enable-ktls && \
|
||||||
make
|
make
|
||||||
|
|
||||||
RUN mkdir -p /rootfs/bin && \
|
RUN mkdir -p /rootfs/bin && \
|
||||||
|
|
@ -82,10 +83,13 @@ RUN mkdir -p /rootfs/bin && \
|
||||||
mkdir -p /rootfs/tmp
|
mkdir -p /rootfs/tmp
|
||||||
|
|
||||||
|
|
||||||
FROM scratch
|
FROM alpine:3
|
||||||
|
|
||||||
|
RUN apk add envsubst
|
||||||
|
|
||||||
COPY --from=build --chown=10000:10000 /rootfs /
|
COPY --from=build --chown=10000:10000 /rootfs /
|
||||||
|
|
||||||
USER 10000:10000
|
USER 10000:10000
|
||||||
ENTRYPOINT ["/bin/nginx"]
|
# ENTRYPOINT ["/bin/nginx"]
|
||||||
CMD ["-g", "daemon off;"]
|
CMD ["/bin/sh" , "-c" , "envsubst < /nginx.conf.template > /etc/nginx/nginx.conf && exec nginx -g 'daemon off;'"]
|
||||||
|
# CMD ["-g", "daemon off;"]
|
||||||
|
|
|
||||||
Loading…
Add table
Reference in a new issue