如何创建一个自行设计的nginx的Docker Image

目录

• • 前奏
  • 问题描述
  • 问题解决
  • • 第一步：设置构建环境
    • 第二步：构建BoringSSL
    • 第三步：下载并构建Nginx
    • 第四步：创建最终镜像
  • 整体的Dockerfile

前奏

你是否曾经想过，亲手打造一个属于自己的Nginx Docker镜像呢？

今天，让我们创建一个支持HTTP/3的Nginx Docker镜像吧！

请原谅我选择开启仅粉丝可见。

问题描述

在现代网络架构中，Nginx作为一个高性能的Web服务器和反向代理服务器，广受欢迎。然而，默认的Nginx镜像可能无法满足我们所有的需求，尤其是当我们需要支持一些高级特性比如HTTP/3时。因此，我们需要自行设计并构建一个自定义的Nginx镜像。

问题解决

第一步：设置构建环境

首先，我们需要一个基础镜像，这里我们选择Ubuntu 22.04作为起点。接着，我们设置非交互式安装环境，以确保安装过程不会因为用户交互而中断。以下是相关的Dockerfile配置：

FROM ubuntu:22.04 AS builder

# 设置非交互式安装
ENV DEBIAN_FRONTEND=noninteractive

# 安装构建依赖
RUN apt-get update && apt-get install -y \
    git wget build-essential libpcre3-dev zlib1g-dev \
    libssl-dev cmake ninja-build golang libunwind-dev \
    pkg-config curl gnupg2 ca-certificates

第二步：构建BoringSSL

为了支持HTTP/3，我们需要使用BoringSSL。我们将其源码克隆下来，并进行构建。以下是相关步骤：

WORKDIR /src
RUN git clone https://github.com/google/boringssl.git && \
    cd boringssl && \
    mkdir build && \
    cd build && \
    cmake -GNinja .. && \
    ninja

第三步：下载并构建Nginx

接下来，我们需要下载Nginx的源码，并配置其构建参数，以便支持HTTP/3。具体步骤如下：

ARG NGINX_VERSION=1.25.4
WORKDIR /src
RUN wget https://nginx.org/download/nginx-${NGINX_VERSION}.tar.gz && \
    tar -xzvf nginx-${NGINX_VERSION}.tar.gz && \
    git clone --recursive https://github.com/cloudflare/quiche.git && \
    cd nginx-${NGINX_VERSION} && \
    ./configure \
        --prefix=/etc/nginx \
        --sbin-path=/usr/sbin/nginx \
        --modules-path=/usr/lib/nginx/modules \
        --conf-path=/etc/nginx/nginx.conf \
        --error-log-path=/var/log/nginx/error.log \
        --http-log-path=/var/log/nginx/access.log \
        --pid-path=/var/run/nginx.pid \
        --lock-path=/var/run/nginx.lock \
        --http-client-body-temp-path=/var/cache/nginx/client_temp \
        --http-proxy-temp-path=/var/cache/nginx/proxy_temp \
        --http-fastcgi-temp-path=/var/cache/nginx/fastcgi_temp \
        --http-uwsgi-temp-path=/var/cache/nginx/uwsgi_temp \
        --http-scgi-temp-path=/var/cache/nginx/scgi_temp \
        --with-http_ssl_module \
        --with-http_v2_module \
        --with-http_v3_module \
        --with-cc-opt="-I../quiche/deps/boringssl/include" \
        --with-ld-opt="-L../quiche/deps/boringssl/lib"  && \
    make -j$(nproc) && \
    make install

第四步：创建最终镜像

我们将构建好的Nginx及其依赖复制到最终镜像中，同时设置运行时的环境和参数。以下是相关配置：

FROM ubuntu:22.04

# 安装运行时依赖
RUN apt-get update && apt-get install -y \
    ca-certificates libpcre3 openssl \
    && rm -rf /var/lib/apt/lists/*

# 复制Nginx及其依赖
COPY --from=builder /etc/nginx /etc/nginx
COPY --from=builder /usr/sbin/nginx /usr/sbin/nginx
COPY --from=builder /var/log/nginx /var/log/nginx
COPY --from=builder /src/boringssl/build/ssl/libssl.a /usr/lib/
COPY --from=builder /src/boringssl/build/crypto/libcrypto.a /usr/lib/

# 创建所需的目录
RUN mkdir -p /var/cache/nginx/client_temp && \
    mkdir -p /etc/nginx/conf.d && \
    mkdir -p /usr/share/nginx/html

# 创建默认配置，支持HTTP/3
RUN echo 'worker_processes auto;\n\
events {\n\
    worker_connections 1024;\n\
}\n\
\n\
http {\n\
    sendfile on;\n\
    tcp_nopush on;\n\
    tcp_nodelay on;\n\
    keepalive_timeout 65;\n\
    types_hash_max_size 2048;\n\
    include /etc/nginx/mime.types;\n\
    default_type application/octet-stream;\n\
    ssl_protocols TLSv1.3;\n\
    ssl_prefer_server_ciphers on;\n\
    access_log /var/log/nginx/access.log;\n\
    error_log /var/log/nginx/error.log;\n\
    include /etc/nginx/conf.d/*.conf;\n\
}' > /etc/nginx/nginx.conf

# 默认站点配置
RUN echo 'server {\
    listen 80;\
    listen 443 ssl http2;\
    listen 443 quic reuseport;\
    server_name localhost;\
    ssl_certificate /etc/nginx/ssl/nginx.crt;\
    ssl_certificate_key /etc/nginx/ssl/nginx.key;\
    ssl_protocols TLSv1.3;\
    add_header Alt-Svc '\''h3=":443"; ma=86400'\'';\
    location / {\
        root /usr/share/nginx/html;\
        index index.html;\
    }\
}' > /etc/nginx/conf.d/default.conf

# 创建默认首页
RUN echo '<html><body><h1>HTTP/3 Enabled!</h1></body></html>' > /usr/share/nginx/html/index.html

# 转发请求日志到Docker日志收集器
RUN ln -sf /dev/stdout /var/log/nginx/access.log && \
    ln -sf /dev/stderr /var/log/nginx/error.log

# 创建非root用户
RUN adduser --system --no-create-home --shell /bin/false --group --disabled-login nginx

# 创建SSL证书目录
RUN mkdir -p /etc/nginx/ssl

# 暴露端口
EXPOSE 80 443/tcp 443/udp

STOPSIGNAL SIGQUIT

CMD ["nginx", "-g", "daemon off;"]

整体的Dockerfile

哈~这就是我们完整的定制Nginx Dockerfile了！希望你能在这次旅程中找到乐趣，并成功创建出属于你自己的Nginx镜像。记住，真正的自由，是带着自己的创造力翱翔哦！

FROM ubuntu:22.04 AS builder

# 设置非交互式安装
ENV DEBIAN_FRONTEND=noninteractive

# 安装构建依赖
RUN apt-get update && apt-get install -y \
    git wget build-essential libpcre3-dev zlib1g-dev \
    libssl-dev cmake ninja-build golang libunwind-dev \
    pkg-config curl gnupg2 ca-certificates

# 构建BoringSSL
WORKDIR /src
RUN git clone https://github.com/google/boringssl.git && \
    cd boringssl && \
    mkdir build && \
    cd build && \
    cmake -GNinja .. && \
    ninja

# 下载并构建Nginx
ARG NGINX_VERSION=1.25.4
WORKDIR /src
RUN wget https://nginx.org/download/nginx-${NGINX_VERSION}.tar.gz && \
    tar -xzvf nginx-${NGINX_VERSION}.tar.gz && \
    git clone --recursive https://github.com/cloudflare/quiche.git && \
    cd nginx-${NGINX_VERSION} && \
    ./configure \
        --prefix=/etc/nginx \
        --sbin-path=/usr/sbin/nginx \
        --modules-path=/usr/lib/nginx/modules \
        --conf-path=/etc/nginx/nginx.conf \
        --error-log-path=/var/log/nginx/error.log \
        --http-log-path=/var/log/nginx/access.log \
        --pid-path=/var/run/nginx.pid \
        --lock-path=/var/run/nginx.lock \
        --http-client-body-temp-path=/var/cache/nginx/client_temp \
        --http-proxy-temp-path=/var/cache/nginx/proxy_temp \
        --http-fastcgi-temp-path=/var/cache/nginx/fastcgi_temp \
        --http-uwsgi-temp-path=/var/cache/nginx/uwsgi_temp \
        --http-scgi-temp-path=/var/cache/nginx/scgi_temp \
        --with-http_ssl_module \
        --with-http_v2_module \
        --with-http_v3_module \
        --with-cc-opt="-I../quiche/deps/boringssl/include" \
        --with-ld-opt="-L../quiche/deps/boringssl/lib"  && \
    make -j$(nproc) && \
    make install

# 创建最终镜像
FROM ubuntu:22.04

# 安装运行时依赖
RUN apt-get update && apt-get install -y \
    ca-certificates libpcre3 openssl \
    && rm -rf /var/lib/apt/lists/*

# 复制Nginx及其依赖
COPY --from=builder /etc/nginx /etc/nginx
COPY --from=builder /usr/sbin/nginx /usr/sbin/nginx
COPY --from=builder /var/log/nginx /var/log/nginx
COPY --from=builder /src/boringssl/build/ssl/libssl.a /usr/lib/
COPY --from=builder /src/boringssl/build/crypto/libcrypto.a /usr/lib/

# 创建所需的目录
RUN mkdir -p /var/cache/nginx/client_temp && \
    mkdir -p /etc/nginx/conf.d && \
    mkdir -p /usr/share/nginx/html

# 创建默认配置，支持HTTP/3
RUN echo 'worker_processes auto;\n\
events {\n\
    worker_connections 1024;\n\
}\n\
\n\
http {\n\
    sendfile on;\n\
    tcp_nopush on;\n\
    tcp_nodelay on;\n\
    keepalive_timeout 65;\n\
    types_hash_max_size 2048;\n\
    include /etc/nginx/mime.types;\n\
    default_type application/octet-stream;\n\
    ssl_protocols TLSv1.3;\n\
    ssl_prefer_server_ciphers on;\n\
    access_log /var/log/nginx/access.log;\n\
    error_log /var/log/nginx/error.log;\n\
    include /etc/nginx/conf.d/*.conf;\n\
}' > /etc/nginx/nginx.conf

# 默认站点配置
RUN echo 'server {\
    listen 80;\
    listen 443 ssl http2;\
    listen 443 quic reuseport;\
    server_name localhost;\
    ssl_certificate /etc/nginx/ssl/nginx.crt;\
    ssl_certificate_key /etc/nginx/ssl/nginx.key;\
    ssl_protocols TLSv1.3;\
    add_header Alt-Svc '\''h3=":443"; ma=86400'\'';\
    location / {\
        root /usr/share/nginx/html;\
        index index.html;\
    }\
}' > /etc/nginx/conf.d/default.conf

# 创建默认首页
RUN echo '<html><body><h1>HTTP/3 Enabled!</h1></body></html>' > /usr/share/nginx/html/index.html

# 转发请求日志到Docker日志收集器
RUN ln -sf /dev/stdout /var/log/nginx/access.log && \
    ln -sf /dev/stderr /var/log/nginx/error.log

# 创建非root用户
RUN adduser --system --no-create-home --shell /bin/false --group --disabled-login nginx

# 创建SSL证书目录
RUN mkdir -p /etc/nginx/ssl

# 暴露端口
EXPOSE 80 443/tcp 443/udp

STOPSIGNAL SIGQUIT

CMD ["nginx", "-g", "daemon off;"]