目录
- 前奏
- 问题描述
- 问题解决
- 第一步:设置构建环境
- 第二步:构建BoringSSL
- 第三步:下载并构建Nginx
- 第四步:创建最终镜像
- 整体的Dockerfile
前奏
你是否曾经想过,亲手打造一个属于自己的Nginx Docker镜像呢?
今天,让我们创建一个支持HTTP/3的Nginx Docker镜像吧!
请原谅我选择开启仅粉丝可见。
问题描述
在现代网络架构中,Nginx作为一个高性能的Web服务器和反向代理服务器,广受欢迎。然而,默认的Nginx镜像可能无法满足我们所有的需求,尤其是当我们需要支持一些高级特性比如HTTP/3时。因此,我们需要自行设计并构建一个自定义的Nginx镜像。
问题解决
第一步:设置构建环境
首先,我们需要一个基础镜像,这里我们选择Ubuntu 22.04作为起点。接着,我们设置非交互式安装环境,以确保安装过程不会因为用户交互而中断。以下是相关的Dockerfile配置:
FROM ubuntu:22.04 AS builder
# 设置非交互式安装
ENV DEBIAN_FRONTEND=noninteractive
# 安装构建依赖
RUN apt-get update && apt-get install -y \
git wget build-essential libpcre3-dev zlib1g-dev \
libssl-dev cmake ninja-build golang libunwind-dev \
pkg-config curl gnupg2 ca-certificates
第二步:构建BoringSSL
为了支持HTTP/3,我们需要使用BoringSSL。我们将其源码克隆下来,并进行构建。以下是相关步骤:
WORKDIR /src
RUN git clone https://github.com/google/boringssl.git && \
cd boringssl && \
mkdir build && \
cd build && \
cmake -GNinja .. && \
ninja
第三步:下载并构建Nginx
接下来,我们需要下载Nginx的源码,并配置其构建参数,以便支持HTTP/3。具体步骤如下:
ARG NGINX_VERSION=1.25.4
WORKDIR /src
RUN wget https://nginx.org/download/nginx-${NGINX_VERSION}.tar.gz && \
tar -xzvf nginx-${NGINX_VERSION}.tar.gz && \
git clone --recursive https://github.com/cloudflare/quiche.git && \
cd nginx-${NGINX_VERSION} && \
./configure \
--prefix=/etc/nginx \
--sbin-path=/usr/sbin/nginx \
--modules-path=/usr/lib/nginx/modules \
--conf-path=/etc/nginx/nginx.conf \
--error-log-path=/var/log/nginx/error.log \
--http-log-path=/var/log/nginx/access.log \
--pid-path=/var/run/nginx.pid \
--lock-path=/var/run/nginx.lock \
--http-client-body-temp-path=/var/cache/nginx/client_temp \
--http-proxy-temp-path=/var/cache/nginx/proxy_temp \
--http-fastcgi-temp-path=/var/cache/nginx/fastcgi_temp \
--http-uwsgi-temp-path=/var/cache/nginx/uwsgi_temp \
--http-scgi-temp-path=/var/cache/nginx/scgi_temp \
--with-http_ssl_module \
--with-http_v2_module \
--with-http_v3_module \
--with-cc-opt="-I../quiche/deps/boringssl/include" \
--with-ld-opt="-L../quiche/deps/boringssl/lib" && \
make -j$(nproc) && \
make install
第四步:创建最终镜像
我们将构建好的Nginx及其依赖复制到最终镜像中,同时设置运行时的环境和参数。以下是相关配置:
FROM ubuntu:22.04
# 安装运行时依赖
RUN apt-get update && apt-get install -y \
ca-certificates libpcre3 openssl \
&& rm -rf /var/lib/apt/lists/*
# 复制Nginx及其依赖
COPY --from=builder /etc/nginx /etc/nginx
COPY --from=builder /usr/sbin/nginx /usr/sbin/nginx
COPY --from=builder /var/log/nginx /var/log/nginx
COPY --from=builder /src/boringssl/build/ssl/libssl.a /usr/lib/
COPY --from=builder /src/boringssl/build/crypto/libcrypto.a /usr/lib/
# 创建所需的目录
RUN mkdir -p /var/cache/nginx/client_temp && \
mkdir -p /etc/nginx/conf.d && \
mkdir -p /usr/share/nginx/html
# 创建默认配置,支持HTTP/3
RUN echo 'worker_processes auto;\n\
events {\n\
worker_connections 1024;\n\
}\n\
\n\
http {\n\
sendfile on;\n\
tcp_nopush on;\n\
tcp_nodelay on;\n\
keepalive_timeout 65;\n\
types_hash_max_size 2048;\n\
include /etc/nginx/mime.types;\n\
default_type application/octet-stream;\n\
ssl_protocols TLSv1.3;\n\
ssl_prefer_server_ciphers on;\n\
access_log /var/log/nginx/access.log;\n\
error_log /var/log/nginx/error.log;\n\
include /etc/nginx/conf.d/*.conf;\n\
}' > /etc/nginx/nginx.conf
# 默认站点配置
RUN echo 'server {\
listen 80;\
listen 443 ssl http2;\
listen 443 quic reuseport;\
server_name localhost;\
ssl_certificate /etc/nginx/ssl/nginx.crt;\
ssl_certificate_key /etc/nginx/ssl/nginx.key;\
ssl_protocols TLSv1.3;\
add_header Alt-Svc '\''h3=":443"; ma=86400'\'';\
location / {\
root /usr/share/nginx/html;\
index index.html;\
}\
}' > /etc/nginx/conf.d/default.conf
# 创建默认首页
RUN echo '<html><body><h1>HTTP/3 Enabled!</h1></body></html>' > /usr/share/nginx/html/index.html
# 转发请求日志到Docker日志收集器
RUN ln -sf /dev/stdout /var/log/nginx/access.log && \
ln -sf /dev/stderr /var/log/nginx/error.log
# 创建非root用户
RUN adduser --system --no-create-home --shell /bin/false --group --disabled-login nginx
# 创建SSL证书目录
RUN mkdir -p /etc/nginx/ssl
# 暴露端口
EXPOSE 80 443/tcp 443/udp
STOPSIGNAL SIGQUIT
CMD ["nginx", "-g", "daemon off;"]
整体的Dockerfile
哈~这就是我们完整的定制Nginx Dockerfile了!希望你能在这次旅程中找到乐趣,并成功创建出属于你自己的Nginx镜像。记住,真正的自由,是带着自己的创造力翱翔哦!
FROM ubuntu:22.04 AS builder
# 设置非交互式安装
ENV DEBIAN_FRONTEND=noninteractive
# 安装构建依赖
RUN apt-get update && apt-get install -y \
git wget build-essential libpcre3-dev zlib1g-dev \
libssl-dev cmake ninja-build golang libunwind-dev \
pkg-config curl gnupg2 ca-certificates
# 构建BoringSSL
WORKDIR /src
RUN git clone https://github.com/google/boringssl.git && \
cd boringssl && \
mkdir build && \
cd build && \
cmake -GNinja .. && \
ninja
# 下载并构建Nginx
ARG NGINX_VERSION=1.25.4
WORKDIR /src
RUN wget https://nginx.org/download/nginx-${NGINX_VERSION}.tar.gz && \
tar -xzvf nginx-${NGINX_VERSION}.tar.gz && \
git clone --recursive https://github.com/cloudflare/quiche.git && \
cd nginx-${NGINX_VERSION} && \
./configure \
--prefix=/etc/nginx \
--sbin-path=/usr/sbin/nginx \
--modules-path=/usr/lib/nginx/modules \
--conf-path=/etc/nginx/nginx.conf \
--error-log-path=/var/log/nginx/error.log \
--http-log-path=/var/log/nginx/access.log \
--pid-path=/var/run/nginx.pid \
--lock-path=/var/run/nginx.lock \
--http-client-body-temp-path=/var/cache/nginx/client_temp \
--http-proxy-temp-path=/var/cache/nginx/proxy_temp \
--http-fastcgi-temp-path=/var/cache/nginx/fastcgi_temp \
--http-uwsgi-temp-path=/var/cache/nginx/uwsgi_temp \
--http-scgi-temp-path=/var/cache/nginx/scgi_temp \
--with-http_ssl_module \
--with-http_v2_module \
--with-http_v3_module \
--with-cc-opt="-I../quiche/deps/boringssl/include" \
--with-ld-opt="-L../quiche/deps/boringssl/lib" && \
make -j$(nproc) && \
make install
# 创建最终镜像
FROM ubuntu:22.04
# 安装运行时依赖
RUN apt-get update && apt-get install -y \
ca-certificates libpcre3 openssl \
&& rm -rf /var/lib/apt/lists/*
# 复制Nginx及其依赖
COPY --from=builder /etc/nginx /etc/nginx
COPY --from=builder /usr/sbin/nginx /usr/sbin/nginx
COPY --from=builder /var/log/nginx /var/log/nginx
COPY --from=builder /src/boringssl/build/ssl/libssl.a /usr/lib/
COPY --from=builder /src/boringssl/build/crypto/libcrypto.a /usr/lib/
# 创建所需的目录
RUN mkdir -p /var/cache/nginx/client_temp && \
mkdir -p /etc/nginx/conf.d && \
mkdir -p /usr/share/nginx/html
# 创建默认配置,支持HTTP/3
RUN echo 'worker_processes auto;\n\
events {\n\
worker_connections 1024;\n\
}\n\
\n\
http {\n\
sendfile on;\n\
tcp_nopush on;\n\
tcp_nodelay on;\n\
keepalive_timeout 65;\n\
types_hash_max_size 2048;\n\
include /etc/nginx/mime.types;\n\
default_type application/octet-stream;\n\
ssl_protocols TLSv1.3;\n\
ssl_prefer_server_ciphers on;\n\
access_log /var/log/nginx/access.log;\n\
error_log /var/log/nginx/error.log;\n\
include /etc/nginx/conf.d/*.conf;\n\
}' > /etc/nginx/nginx.conf
# 默认站点配置
RUN echo 'server {\
listen 80;\
listen 443 ssl http2;\
listen 443 quic reuseport;\
server_name localhost;\
ssl_certificate /etc/nginx/ssl/nginx.crt;\
ssl_certificate_key /etc/nginx/ssl/nginx.key;\
ssl_protocols TLSv1.3;\
add_header Alt-Svc '\''h3=":443"; ma=86400'\'';\
location / {\
root /usr/share/nginx/html;\
index index.html;\
}\
}' > /etc/nginx/conf.d/default.conf
# 创建默认首页
RUN echo '<html><body><h1>HTTP/3 Enabled!</h1></body></html>' > /usr/share/nginx/html/index.html
# 转发请求日志到Docker日志收集器
RUN ln -sf /dev/stdout /var/log/nginx/access.log && \
ln -sf /dev/stderr /var/log/nginx/error.log
# 创建非root用户
RUN adduser --system --no-create-home --shell /bin/false --group --disabled-login nginx
# 创建SSL证书目录
RUN mkdir -p /etc/nginx/ssl
# 暴露端口
EXPOSE 80 443/tcp 443/udp
STOPSIGNAL SIGQUIT
CMD ["nginx", "-g", "daemon off;"]
