diff --git a/1.26-minimal/.exclude-rhel8 b/1.26-minimal/.exclude-rhel8 new file mode 100644 index 00000000..e69de29b diff --git a/1.26-minimal/Dockerfile.c11s b/1.26-minimal/Dockerfile.c11s new file mode 100644 index 00000000..013e1387 --- /dev/null +++ b/1.26-minimal/Dockerfile.c11s @@ -0,0 +1,91 @@ +FROM quay.io/centos/centos:stream10 + +EXPOSE 8080 +EXPOSE 8443 + +ENV NAME=nginx \ + NGINX_VERSION=1.26 \ + NGINX_SHORT_VER=126 \ + VERSION=0 + +ENV SUMMARY="Platform for running nginx $NGINX_VERSION or building nginx-based application" \ + DESCRIPTION="Nginx is a web server and a reverse proxy server for HTTP, SMTP, POP3 and IMAP \ +protocols, with a strong focus on high concurrency, performance and low memory usage. The container \ +image provides a containerized packaging of the nginx $NGINX_VERSION daemon. The image can be used \ +as a base image for other applications based on nginx $NGINX_VERSION web server. \ +Nginx server image can be extended using source-to-image tool." + +LABEL summary="${SUMMARY}" \ + description="${DESCRIPTION}" \ + io.k8s.description="${DESCRIPTION}" \ + io.k8s.display-name="Nginx ${NGINX_VERSION}" \ + io.openshift.expose-services="8080:http" \ + io.openshift.expose-services="8443:https" \ + io.openshift.tags="builder,${NAME},${NAME}-${NGINX_SHORT_VER}" \ + com.redhat.component="${NAME}-${NGINX_SHORT_VER}-container" \ + name="sclorg/${NAME}-${NGINX_SHORT_VER}-minimal-c11s" \ + version="1" \ + com.redhat.license_terms="https://www.redhat.com/en/about/red-hat-end-user-license-agreements#UBI" \ + maintainer="SoftwareCollections.org " \ + help="For more information visit https://github.com/sclorg/${NAME}-container" \ + usage="s2i build quay.io/sclorg/${NAME}-${NGINX_SHORT_VER}-minimal-c11s:latest " + +# Install nginx and required packages using microdnf +RUN INSTALL_PKGS="nginx nss_wrapper-libs gettext hostname findutils tar" && \ + microdnf -y --setopt=tsflags=nodocs install $INSTALL_PKGS && \ + nginx -v 2>&1 | grep -qe "$NGINX_VERSION\." && echo "Found VERSION $NGINX_VERSION" && \ + microdnf -y clean all --enablerepo='*' + +# These variables are normally provided by s2i-core, but we're using minimal base +ENV HOME=/opt/app-root/src \ + STI_SCRIPTS_PATH=/usr/libexec/s2i \ + APP_ROOT=/opt/app-root + +ENV NGINX_CONFIGURATION_PATH=${APP_ROOT}/etc/nginx.d \ + NGINX_CONF_PATH=/etc/nginx/nginx.conf \ + NGINX_DEFAULT_CONF_PATH=${APP_ROOT}/etc/nginx.default.d \ + NGINX_CONTAINER_SCRIPTS_PATH=/usr/share/container-scripts/nginx \ + NGINX_APP_ROOT=${APP_ROOT} \ + NGINX_LOG_PATH=/var/log/nginx + +COPY root / +COPY ./s2i/bin/ $STI_SCRIPTS_PATH + +# Changing ownership and user rights to support following use-cases: +# 1) running container on OpenShift, whose default security model +# is to run the container under random UID, but GID=0 +# 2) for working root-less container with UID=1001, which does not have +# to have GID=0 +# 3) for default use-case, that is running container directly on operating system, +# with default UID and GID (1001:0) +# Supported combinations of UID:GID are thus following: +# UID=1001 && GID=0 +# UID=&& GID=0 +# UID=1001 && GID= +RUN sed -i -f ${NGINX_APP_ROOT}/nginxconf.sed ${NGINX_CONF_PATH} && \ + mkdir -p ${NGINX_APP_ROOT}/etc/nginx.d/ && \ + mkdir -p ${NGINX_APP_ROOT}/etc/nginx.default.d/ && \ + mkdir -p ${NGINX_APP_ROOT}/src/nginx-start/ && \ + mkdir -p ${NGINX_CONTAINER_SCRIPTS_PATH}/nginx-start && \ + mkdir -p ${NGINX_LOG_PATH} && \ + chown -R 1001:0 ${NGINX_CONF_PATH} && \ + chown -R 1001:0 ${NGINX_APP_ROOT}/etc && \ + chown -R 1001:0 ${NGINX_APP_ROOT}/src/nginx-start/ && \ + chown -R 1001:0 ${NGINX_CONTAINER_SCRIPTS_PATH}/nginx-start && \ + chown -R 1001:0 /var/lib/nginx /var/log/nginx /run && \ + chmod ug+rw ${NGINX_CONF_PATH} && \ + chmod -R ug+rwX ${NGINX_APP_ROOT}/etc && \ + chmod -R ug+rwX ${NGINX_APP_ROOT}/src/nginx-start/ && \ + chmod -R ug+rwX ${NGINX_CONTAINER_SCRIPTS_PATH}/nginx-start && \ + chmod -R ug+rwX /var/lib/nginx /var/log/nginx /run + +USER 1001 + +STOPSIGNAL SIGQUIT + +# Not using VOLUME statement since it's not working in OpenShift Online: +# https://github.com/sclorg/httpd-container/issues/30 +# VOLUME ["/usr/share/nginx/html"] +# VOLUME ["/var/log/nginx/"] + +CMD $STI_SCRIPTS_PATH/usage diff --git a/1.26-minimal/Dockerfile.rhel11 b/1.26-minimal/Dockerfile.rhel11 new file mode 100644 index 00000000..f582d32b --- /dev/null +++ b/1.26-minimal/Dockerfile.rhel11 @@ -0,0 +1,91 @@ +FROM ubi10-minimal:latest + +EXPOSE 8080 +EXPOSE 8443 + +ENV NAME=nginx \ + NGINX_VERSION=1.26 \ + NGINX_SHORT_VER=126 \ + VERSION=0 + +ENV SUMMARY="Platform for running nginx $NGINX_VERSION or building nginx-based application" \ + DESCRIPTION="Nginx is a web server and a reverse proxy server for HTTP, SMTP, POP3 and IMAP \ +protocols, with a strong focus on high concurrency, performance and low memory usage. The container \ +image provides a containerized packaging of the nginx $NGINX_VERSION daemon. The image can be used \ +as a base image for other applications based on nginx $NGINX_VERSION web server. \ +Nginx server image can be extended using source-to-image tool." + +LABEL summary="${SUMMARY}" \ + description="${DESCRIPTION}" \ + io.k8s.description="${DESCRIPTION}" \ + io.k8s.display-name="Nginx ${NGINX_VERSION}" \ + io.openshift.expose-services="8080:http" \ + io.openshift.expose-services="8443:https" \ + io.openshift.tags="builder,${NAME},${NAME}-${NGINX_SHORT_VER}" \ + com.redhat.component="${NAME}-${NGINX_SHORT_VER}-container" \ + name="rhel11/${NAME}-${NGINX_SHORT_VER}-minimal" \ + version="1" \ + com.redhat.license_terms="https://www.redhat.com/en/about/red-hat-end-user-license-agreements#rhel" \ + maintainer="SoftwareCollections.org " \ + help="For more information visit https://github.com/sclorg/${NAME}-container" \ + usage="podman run -d --name nginx -p 8080:8080 rhel11/${NAME}-${NGINX_SHORT_VER}-minimal" + +# Install nginx and required packages using microdnf +RUN INSTALL_PKGS="nginx nss_wrapper-libs gettext hostname findutils tar" && \ + microdnf -y --setopt=tsflags=nodocs install $INSTALL_PKGS && \ + nginx -v 2>&1 | grep -qe "$NGINX_VERSION\." && echo "Found VERSION $NGINX_VERSION" && \ + microdnf -y clean all --enablerepo='*' + +# These variables are normally provided by s2i-core, but we're using minimal base +ENV HOME=/opt/app-root/src \ + STI_SCRIPTS_PATH=/usr/libexec/s2i \ + APP_ROOT=/opt/app-root + +ENV NGINX_CONFIGURATION_PATH=${APP_ROOT}/etc/nginx.d \ + NGINX_CONF_PATH=/etc/nginx/nginx.conf \ + NGINX_DEFAULT_CONF_PATH=${APP_ROOT}/etc/nginx.default.d \ + NGINX_CONTAINER_SCRIPTS_PATH=/usr/share/container-scripts/nginx \ + NGINX_APP_ROOT=${APP_ROOT} \ + NGINX_LOG_PATH=/var/log/nginx + +COPY $NGINX_VERSION/root / +COPY $NGINX_VERSION/s2i/bin/ $STI_SCRIPTS_PATH + +# Changing ownership and user rights to support following use-cases: +# 1) running container on OpenShift, whose default security model +# is to run the container under random UID, but GID=0 +# 2) for working root-less container with UID=1001, which does not have +# to have GID=0 +# 3) for default use-case, that is running container directly on operating system, +# with default UID and GID (1001:0) +# Supported combinations of UID:GID are thus following: +# UID=1001 && GID=0 +# UID=&& GID=0 +# UID=1001 && GID= +RUN sed -i -f ${NGINX_APP_ROOT}/nginxconf.sed ${NGINX_CONF_PATH} && \ + mkdir -p ${NGINX_APP_ROOT}/etc/nginx.d/ && \ + mkdir -p ${NGINX_APP_ROOT}/etc/nginx.default.d/ && \ + mkdir -p ${NGINX_APP_ROOT}/src/nginx-start/ && \ + mkdir -p ${NGINX_CONTAINER_SCRIPTS_PATH}/nginx-start && \ + mkdir -p ${NGINX_LOG_PATH} && \ + chown -R 1001:0 ${NGINX_CONF_PATH} && \ + chown -R 1001:0 ${NGINX_APP_ROOT}/etc && \ + chown -R 1001:0 ${NGINX_APP_ROOT}/src/nginx-start/ && \ + chown -R 1001:0 ${NGINX_CONTAINER_SCRIPTS_PATH}/nginx-start && \ + chown -R 1001:0 /var/lib/nginx /var/log/nginx /run && \ + chmod ug+rw ${NGINX_CONF_PATH} && \ + chmod -R ug+rwX ${NGINX_APP_ROOT}/etc && \ + chmod -R ug+rwX ${NGINX_APP_ROOT}/src/nginx-start/ && \ + chmod -R ug+rwX ${NGINX_CONTAINER_SCRIPTS_PATH}/nginx-start && \ + chmod -R ug+rwX /var/lib/nginx /var/log/nginx /run + +USER 1001 + +STOPSIGNAL SIGQUIT + +# Not using VOLUME statement since it's not working in OpenShift Online: +# https://github.com/sclorg/httpd-container/issues/30 +# VOLUME ["/usr/share/nginx/html"] +# VOLUME ["/var/log/nginx/"] + +CMD $STI_SCRIPTS_PATH/usage diff --git a/1.26-minimal/README.md b/1.26-minimal/README.md new file mode 100644 index 00000000..50be323e --- /dev/null +++ b/1.26-minimal/README.md @@ -0,0 +1,205 @@ +Nginx 1.26 server and a reverse proxy server container image +============================================================ +This container image includes Nginx 1.26 server and a reverse server for OpenShift and general usage. +Users can choose between RHEL, CentOS Stream and Fedora based images. +The RHEL images are available in the [Red Hat Container Catalog](https://access.redhat.com/containers/), +the CentOS Stream images are available in the [Quay.io](https://quay.io/organization/sclorg), +and the Fedora images are available in the [Quay.io](https://quay.io/organization/fedora). +The resulting image can be run using [podman](https://github.com/containers/libpod). + +Note: while the examples in this README are calling `podman`, you can replace any such calls by `docker` with the same arguments. + + +Description +----------- + +Nginx is a web server and a reverse proxy server for HTTP, SMTP, POP3 and IMAP +protocols, with a strong focus on high concurrency, performance and low memory usage. The container +image provides a containerized packaging of the nginx 1.26 daemon. The image can be used +as a base image for other applications based on nginx 1.26 web server. +Nginx server image can be extended using Openshift's `Source` build feature. + + +Usage in OpenShift +------------------ +In this example, we assume that you are using the `ubi9/nginx-126` image, available through the `nginx:1.26` imagestream tag in Openshift. +To build a simple [test-app](https://github.com/sclorg/nginx-container/tree/master/examples/1.26/test-app) application in Openshift: + +``` +oc new-app nginx:1.26~https://github.com/sclorg/nginx-container.git --context-dir=1.26/test/test-app/ +``` + +To access the application: +``` +$ oc get pods +$ oc exec -- curl 127.0.0.1:8080 +``` + + +Source-to-Image framework and scripts +------------------------------------- +This image supports the [Source-to-Image](https://docs.openshift.com/container-platform/4.14/openshift_images/create-images.html#images-create-s2i_create-images) +(S2I) strategy in OpenShift. The Source-to-Image is an OpenShift framework +which makes it easy to write images that take application source code as +an input, use a builder image like this Nginx container image, and produce +a new image that runs the assembled application as an output. + +In case of Nginx container image, the application source code is typically +either static HTML pages or configuration files. + +To support the Source-to-Image framework, important scripts are included in the builder image: + +* The `/usr/libexec/s2i/run` script is set as the default command in the resulting container image (the new image with the application artifacts). + +* The `/usr/libexec/s2i/assemble` script inside the image is run to produce a new image with the application artifacts. The script takes sources of a given application (HTML pages), Nginx configuration files, and places them into appropriate directories inside the image. The structure of nginx-app can look like this: + +**`./nginx.conf`**-- + The main nginx configuration file + +**`./nginx-cfg/*.conf`** + Should contain all nginx configuration we want to include into image + +**`./nginx-default-cfg/*.conf`** + Contains any nginx config snippets to include in the default server block + +**`./nginx-start/*.sh`** + Contains shell scripts that are sourced right before nginx is launched + +**`./nginx-perl/*.pm`** + Contains perl modules to be use by `perl_modules` and `perl_require` directives + +**`./`** + Should contain nginx application source code + + +Build an application using a Dockerfile +--------------------------------------- +Compared to the Source-to-Image strategy, using a Dockerfile is a more +flexible way to build an Nginx container image with an application. +Use a Dockerfile when Source-to-Image is not sufficiently flexible for you or +when you build the image outside of the OpenShift environment. + +To use the Nginx image in a Dockerfile, follow these steps: + +#### 1. Pull a base builder image to build on + +podman pull ubi9/nginx-126 + +#### 2. Pull an application code + +An example application available at https://github.com/sclorg/nginx-container.git is used here. To adjust the example application, clone the repository. + +``` +git clone https://github.com/sclorg/nginx-container.git nginx-container +cd nginx-container/examples/1.26/ +``` + +#### 3. Prepare an application inside a container + +This step usually consists of at least these parts: + +* putting the application source into the container +* moving configuration files to the correct place (if available in the application source code) +* setting the default command in the resulting image + +For all these three parts, you can either set up all manually and use the `nginx` command explicitly in the Dockerfile ([3.1.](#31-to-use-own-setup-create-a-dockerfile-with-this-content)), or you can use the Source-to-Image scripts inside the image ([3.2.](#32-to-use-the-source-to-image-scripts-and-build-an-image-using-a-dockerfile-create-a-dockerfile-with-this-content); see more about these scripts in the section "Source-to-Image framework and scripts" above), that already know how to set-up and run some common Nginx applications. + +##### 3.1. To use your own setup, create a Dockerfile with this content: + +``` +FROM registry.access.redhat.com/ubi9/nginx-126 + +# Add application sources +ADD test-app/nginx.conf "${NGINX_CONF_PATH}" +ADD test-app/nginx-default-cfg/*.conf "${NGINX_DEFAULT_CONF_PATH}" +ADD test-app/nginx-cfg/*.conf "${NGINX_CONFIGURATION_PATH}" +ADD test-app/*.html . + +# Run script uses standard ways to run the application +CMD nginx -g "daemon off;" +``` + +##### 3.2. To use the Source-to-Image scripts and build an image using a Dockerfile, create a Dockerfile with this content: + +``` +FROM registry.access.redhat.com/ubi9/nginx-126 + +# Add application sources to a directory where the assemble script expects them +# and set permissions so that the container runs without root access +# With older docker that does not support --chown option for ADD statement, +# use these statements instead: +# USER 0 +# ADD app-src /tmp/src +# RUN chown -R 1001:0 /tmp/src +# USER 1001 +ADD --chown=1001:0 app-src /tmp/src + +# Let the assemble script to install the dependencies +RUN /usr/libexec/s2i/assemble + +# Run script uses standard ways to run the application +CMD /usr/libexec/s2i/run +``` + +#### 4. Build a new image from a Dockerfile prepared in the previous step +``` +podman build -t nginx-app . +``` + +#### 5. Run the resulting image with the final application +``` +podman run -d nginx-app +``` + + +Direct usage with a mounted directory +------------------------------------- +An example of the data on the host for the following example: +``` +$ ls -lZ /wwwdata/html +-rw-r--r--. 1 1001 1001 54321 Jan 01 12:34 index.html +-rw-r--r--. 1 1001 1001 5678 Jan 01 12:34 page.html +``` + +If you want to run the image directly and mount the static pages available in the `/wwwdata/` directory on the host +as a container volume, execute the following command: + +``` +$ podman run -d --name nginx -p 8080:8080 -v /wwwdata:/opt/app-root/src:Z ubi9/nginx-126 nginx -g "daemon off;" +``` + +This creates a container named `nginx` running the Nginx server, serving data from +the `/wwwdata/` directory. Port 8080 is exposed and mapped to the host. +You can pull the data from the nginx container using this command: + +``` +$ curl -Lk 127.0.0.1:8080 +``` + +You can replace `/wwwdata/` with location of your web root. Please note that this has to be an **absolute** path, due to podman requirements. + + +Environment variables and volumes +--------------------------------- +The nginx container image supports the following configuration variable, which can be set by using the `-e` option with the podman run command: + + +**`NGINX_LOG_TO_VOLUME`** + When `NGINX_LOG_TO_VOLUME` is set, nginx logs into `/var/log/nginx/`. + + +Troubleshooting +--------------- +By default, nginx access logs are written to standard output and error logs are written to standard error, so both are available in the container log. The log can be examined by running: + + podman logs + +See also +-------- +Dockerfile and other sources for this container image are available on +https://github.com/sclorg/nginx-container. +In that repository you also can find another versions of Python environment Dockerfiles. +for RHEL8 it's `Dockerfile.rhel8`, Dockerfile for RHEL10 is called `Dockerfile.rhel10`, +Dockerfile for CentOS Stream 9 is called `Dockerfile.c9s`, +Dockerfile for CentOS Stream 10 is called `Dockerfile.c10s`, and the Fedora Dockerfile is called `Dockerfile.fedora`. + diff --git a/1.26-minimal/root/README.md b/1.26-minimal/root/README.md new file mode 100644 index 00000000..e997be14 --- /dev/null +++ b/1.26-minimal/root/README.md @@ -0,0 +1,233 @@ +Nginx 1.26 server and a reverse proxy server container image +============================================================ +This container image includes Nginx 1.26 server and a reverse server for OpenShift and general usage. +Users can choose between RHEL, CentOS Stream and Fedora based images. +The RHEL images are available in the [Red Hat Container Catalog](https://access.redhat.com/containers/), +the CentOS Stream images are available in the [Quay.io](https://quay.io/organization/sclorg), +and the Fedora images are available in the [Quay.io](https://quay.io/organization/fedora). +The resulting image can be run using [podman](https://github.com/containers/libpod). + +Note: while the examples in this README are calling `podman`, you can replace any such calls by `docker` with the same arguments. + + +Description +----------- + +Nginx is a web server and a reverse proxy server for HTTP, SMTP, POP3 and IMAP +protocols, with a strong focus on high concurrency, performance and low memory usage. The container +image provides a containerized packaging of the nginx 1.26 daemon. The image can be used +as a base image for other applications based on nginx 1.26 web server. +Nginx server image can be extended using Openshift's `Source` build feature. + + +Minimized Variant (Dockerfile.rhel11) +-------------------------------------- + +A **minimized variant** is available via `Dockerfile.rhel11` that provides significant size reduction: + +**Key Features:** +- **72% smaller image size** (81 MB vs 297 MB for standard variant) +- Built using multi-stage build: `ubi10/ubi → scratch` (not s2i-core) +- No package manager in final image (dnf/yum absent for enhanced security) +- Minimal package set: coreutils-single, glibc-minimal-langpack, nginx-core +- Same S2I functionality as standard builds +- Ideal for production, edge, and IoT deployments + +**Limitations:** +- No package manager available for runtime package installation +- Perl modules excluded (minimization priority) +- Limited extensibility compared to standard variant + +**Build the minimized variant:** +```bash +make build TARGET=rhel11 VERSIONS=1.26 +``` + +**When to use minimized vs standard:** +- **Use minimized** for: production deployments, edge/IoT, security-focused environments +- **Use standard** for: development, environments requiring runtime package installation, Perl module support + + +Usage in OpenShift +------------------ +In this example, we assume that you are using the `ubi9/nginx-126` image, available through the `nginx:1.26` imagestream tag in Openshift. +To build a simple [test-app](https://github.com/sclorg/nginx-container/tree/master/examples/1.26/test-app) application in Openshift: + +``` +oc new-app nginx:1.26~https://github.com/sclorg/nginx-container.git --context-dir=1.26/test/test-app/ +``` + +To access the application: +``` +$ oc get pods +$ oc exec -- curl 127.0.0.1:8080 +``` + + +Source-to-Image framework and scripts +------------------------------------- +This image supports the [Source-to-Image](https://docs.openshift.com/container-platform/4.14/openshift_images/create-images.html#images-create-s2i_create-images) +(S2I) strategy in OpenShift. The Source-to-Image is an OpenShift framework +which makes it easy to write images that take application source code as +an input, use a builder image like this Nginx container image, and produce +a new image that runs the assembled application as an output. + +In case of Nginx container image, the application source code is typically +either static HTML pages or configuration files. + +To support the Source-to-Image framework, important scripts are included in the builder image: + +* The `/usr/libexec/s2i/run` script is set as the default command in the resulting container image (the new image with the application artifacts). + +* The `/usr/libexec/s2i/assemble` script inside the image is run to produce a new image with the application artifacts. The script takes sources of a given application (HTML pages), Nginx configuration files, and places them into appropriate directories inside the image. The structure of nginx-app can look like this: + +**`./nginx.conf`**-- + The main nginx configuration file + +**`./nginx-cfg/*.conf`** + Should contain all nginx configuration we want to include into image + +**`./nginx-default-cfg/*.conf`** + Contains any nginx config snippets to include in the default server block + +**`./nginx-start/*.sh`** + Contains shell scripts that are sourced right before nginx is launched + +**`./nginx-perl/*.pm`** + Contains perl modules to be use by `perl_modules` and `perl_require` directives + +**`./`** + Should contain nginx application source code + + +Build an application using a Dockerfile +--------------------------------------- +Compared to the Source-to-Image strategy, using a Dockerfile is a more +flexible way to build an Nginx container image with an application. +Use a Dockerfile when Source-to-Image is not sufficiently flexible for you or +when you build the image outside of the OpenShift environment. + +To use the Nginx image in a Dockerfile, follow these steps: + +#### 1. Pull a base builder image to build on + +podman pull ubi9/nginx-126 + +#### 2. Pull an application code + +An example application available at https://github.com/sclorg/nginx-container.git is used here. To adjust the example application, clone the repository. + +``` +git clone https://github.com/sclorg/nginx-container.git nginx-container +cd nginx-container/examples/1.26/ +``` + +#### 3. Prepare an application inside a container + +This step usually consists of at least these parts: + +* putting the application source into the container +* moving configuration files to the correct place (if available in the application source code) +* setting the default command in the resulting image + +For all these three parts, you can either set up all manually and use the `nginx` command explicitly in the Dockerfile ([3.1.](#31-to-use-own-setup-create-a-dockerfile-with-this-content)), or you can use the Source-to-Image scripts inside the image ([3.2.](#32-to-use-the-source-to-image-scripts-and-build-an-image-using-a-dockerfile-create-a-dockerfile-with-this-content); see more about these scripts in the section "Source-to-Image framework and scripts" above), that already know how to set-up and run some common Nginx applications. + +##### 3.1. To use your own setup, create a Dockerfile with this content: + +``` +FROM registry.access.redhat.com/ubi9/nginx-126 + +# Add application sources +ADD test-app/nginx.conf "${NGINX_CONF_PATH}" +ADD test-app/nginx-default-cfg/*.conf "${NGINX_DEFAULT_CONF_PATH}" +ADD test-app/nginx-cfg/*.conf "${NGINX_CONFIGURATION_PATH}" +ADD test-app/*.html . + +# Run script uses standard ways to run the application +CMD nginx -g "daemon off;" +``` + +##### 3.2. To use the Source-to-Image scripts and build an image using a Dockerfile, create a Dockerfile with this content: + +``` +FROM registry.access.redhat.com/ubi9/nginx-126 + +# Add application sources to a directory where the assemble script expects them +# and set permissions so that the container runs without root access +# With older docker that does not support --chown option for ADD statement, +# use these statements instead: +# USER 0 +# ADD app-src /tmp/src +# RUN chown -R 1001:0 /tmp/src +# USER 1001 +ADD --chown=1001:0 app-src /tmp/src + +# Let the assemble script to install the dependencies +RUN /usr/libexec/s2i/assemble + +# Run script uses standard ways to run the application +CMD /usr/libexec/s2i/run +``` + +#### 4. Build a new image from a Dockerfile prepared in the previous step +``` +podman build -t nginx-app . +``` + +#### 5. Run the resulting image with the final application +``` +podman run -d nginx-app +``` + + +Direct usage with a mounted directory +------------------------------------- +An example of the data on the host for the following example: +``` +$ ls -lZ /wwwdata/html +-rw-r--r--. 1 1001 1001 54321 Jan 01 12:34 index.html +-rw-r--r--. 1 1001 1001 5678 Jan 01 12:34 page.html +``` + +If you want to run the image directly and mount the static pages available in the `/wwwdata/` directory on the host +as a container volume, execute the following command: + +``` +$ podman run -d --name nginx -p 8080:8080 -v /wwwdata:/opt/app-root/src:Z ubi9/nginx-126 nginx -g "daemon off;" +``` + +This creates a container named `nginx` running the Nginx server, serving data from +the `/wwwdata/` directory. Port 8080 is exposed and mapped to the host. +You can pull the data from the nginx container using this command: + +``` +$ curl -Lk 127.0.0.1:8080 +``` + +You can replace `/wwwdata/` with location of your web root. Please note that this has to be an **absolute** path, due to podman requirements. + + +Environment variables and volumes +--------------------------------- +The nginx container image supports the following configuration variable, which can be set by using the `-e` option with the podman run command: + + +**`NGINX_LOG_TO_VOLUME`** + When `NGINX_LOG_TO_VOLUME` is set, nginx logs into `/var/log/nginx/`. + + +Troubleshooting +--------------- +By default, nginx access logs are written to standard output and error logs are written to standard error, so both are available in the container log. The log can be examined by running: + + podman logs + +See also +-------- +Dockerfile and other sources for this container image are available on +https://github.com/sclorg/nginx-container. +In that repository you also can find another versions of Python environment Dockerfiles. +for RHEL8 it's `Dockerfile.rhel8`, Dockerfile for RHEL10 is called `Dockerfile.rhel10`, +Dockerfile for CentOS Stream 9 is called `Dockerfile.c9s`, +Dockerfile for CentOS Stream 10 is called `Dockerfile.c10s`, and the Fedora Dockerfile is called `Dockerfile.fedora`. + diff --git a/1.26-minimal/root/opt/app-root/etc/generate_container_user b/1.26-minimal/root/opt/app-root/etc/generate_container_user new file mode 100644 index 00000000..229b986a --- /dev/null +++ b/1.26-minimal/root/opt/app-root/etc/generate_container_user @@ -0,0 +1,9 @@ +# Set current user in nss_wrapper +PASSWD_DIR="/opt/app-root/etc" + +export USER_ID=$(id -u) +export GROUP_ID=$(id -g) +envsubst < ${PASSWD_DIR}/passwd.template > ${PASSWD_DIR}/passwd +export LD_PRELOAD=libnss_wrapper.so +export NSS_WRAPPER_PASSWD=${PASSWD_DIR}/passwd +export NSS_WRAPPER_GROUP=/etc/group diff --git a/1.26-minimal/root/opt/app-root/etc/passwd.template b/1.26-minimal/root/opt/app-root/etc/passwd.template new file mode 100644 index 00000000..7ad0b787 --- /dev/null +++ b/1.26-minimal/root/opt/app-root/etc/passwd.template @@ -0,0 +1,15 @@ +root:x:0:0:root:/root:/bin/bash +bin:x:1:1:bin:/bin:/sbin/nologin +daemon:x:2:2:daemon:/sbin:/sbin/nologin +adm:x:3:4:adm:/var/adm:/sbin/nologin +lp:x:4:7:lp:/var/spool/lpd:/sbin/nologin +sync:x:5:0:sync:/sbin:/bin/sync +shutdown:x:6:0:shutdown:/sbin:/sbin/shutdown +halt:x:7:0:halt:/sbin:/sbin/halt +mail:x:8:12:mail:/var/spool/mail:/sbin/nologin +operator:x:11:0:operator:/root:/sbin/nologin +games:x:12:100:games:/usr/games:/sbin/nologin +ftp:x:14:50:FTP User:/var/ftp:/sbin/nologin +nobody:x:99:99:Nobody:/:/sbin/nologin +default:x:${USER_ID}:${GROUP_ID}:Default Application User:${HOME}:/sbin/nologin +apache:x:48:48:Apache:/usr/share/httpd:/sbin/nologin diff --git a/1.26-minimal/root/opt/app-root/nginxconf-rhscl.sed b/1.26-minimal/root/opt/app-root/nginxconf-rhscl.sed new file mode 100644 index 00000000..ed31f84c --- /dev/null +++ b/1.26-minimal/root/opt/app-root/nginxconf-rhscl.sed @@ -0,0 +1,10 @@ +/listen/s%80%8080 default_server% +s/^user *nginx;// +s%/etc/nginx/conf.d/%/opt/app-root/etc/nginx.d/% +s%/etc/nginx/default.d/%/opt/app-root/etc/nginx.default.d/% +s%/usr/share/nginx/html%/opt/app-root/src% + +# See: https://github.com/sclorg/nginx-container/pull/69 +/error_page/d +/40x.html/,+1d +/50x.html/,+1d diff --git a/1.26-minimal/root/opt/app-root/nginxconf.sed b/1.26-minimal/root/opt/app-root/nginxconf.sed new file mode 100644 index 00000000..ed31f84c --- /dev/null +++ b/1.26-minimal/root/opt/app-root/nginxconf.sed @@ -0,0 +1,10 @@ +/listen/s%80%8080 default_server% +s/^user *nginx;// +s%/etc/nginx/conf.d/%/opt/app-root/etc/nginx.d/% +s%/etc/nginx/default.d/%/opt/app-root/etc/nginx.default.d/% +s%/usr/share/nginx/html%/opt/app-root/src% + +# See: https://github.com/sclorg/nginx-container/pull/69 +/error_page/d +/40x.html/,+1d +/50x.html/,+1d diff --git a/1.26-minimal/root/usr/share/container-scripts/nginx/common.sh b/1.26-minimal/root/usr/share/container-scripts/nginx/common.sh new file mode 100644 index 00000000..319219cd --- /dev/null +++ b/1.26-minimal/root/usr/share/container-scripts/nginx/common.sh @@ -0,0 +1,31 @@ +#!/bin/sh + +# get_matched_files finds file for image extending +function get_matched_files() { + local custom_dir default_dir + custom_dir="$1" + default_dir="$2" + files_matched="$3" + find "$default_dir" -maxdepth 1 -type f -name "$files_matched" -printf "%f\n" + [ -d "$custom_dir" ] && find "$custom_dir" -maxdepth 1 -type f -name "$files_matched" -printf "%f\n" +} + +# process_extending_files process extending files in $1 and $2 directories +# - source all *.sh files +# (if there are files with same name source only file from $1) +function process_extending_files() { + local custom_dir default_dir + custom_dir=$1 + default_dir=$2 + while read filename ; do + if [ $filename ]; then + echo "=> sourcing $filename ..." + # Custom file is prefered + if [ -f $custom_dir/$filename ]; then + source $custom_dir/$filename + elif [ -f $default_dir/$filename ]; then + source $default_dir/$filename + fi + fi + done <<<"$(get_matched_files "$custom_dir" "$default_dir" '*.sh' | sort -u)" +} \ No newline at end of file diff --git a/1.26-minimal/s2i/bin/assemble b/1.26-minimal/s2i/bin/assemble new file mode 100755 index 00000000..0efe737d --- /dev/null +++ b/1.26-minimal/s2i/bin/assemble @@ -0,0 +1,50 @@ +#!/bin/bash + +set -e + +echo "---> Installing application source" +cp -Rf /tmp/src/. ./ + +# Fix source directory permissions +fix-permissions ./ + +if [ -f ./nginx.conf ]; then + echo "---> Copying nginx.conf configuration file..." + cp -v ./nginx.conf "${NGINX_CONF_PATH}" + rm -f ./nginx.conf +fi + +if [ -d ./nginx-cfg ]; then + echo "---> Copying nginx configuration files..." + if [ "$(ls -A ./nginx-cfg/*.conf)" ]; then + cp -av ./nginx-cfg/*.conf "${NGINX_CONFIGURATION_PATH}" + rm -rf ./nginx-cfg + fi + chmod -Rf g+rw ${NGINX_CONFIGURATION_PATH} +fi + +if [ -d ./nginx-default-cfg ]; then + echo "---> Copying nginx default server configuration files..." + if [ "$(ls -A ./nginx-default-cfg/*.conf)" ]; then + cp -av ./nginx-default-cfg/*.conf "${NGINX_DEFAULT_CONF_PATH}" + rm -rf ./nginx-default-cfg + fi + chmod -Rf g+rw ${NGINX_DEFAULT_CONF_PATH} +fi + +if [ -d ./nginx-start ]; then + echo "---> Copying nginx start-hook scripts..." + if [ "$(ls -A ./nginx-start/* 2>/dev/null)" ]; then + cp -av ./nginx-start/* "${NGINX_CONTAINER_SCRIPTS_PATH}/nginx-start/" + rm -rf ./nginx-start + fi +fi + +if [ -n "${NGINX_PERL_MODULE_PATH}" ] && [ -d ./nginx-perl ]; then + echo "---> Copying nginx perl module files..." + if [ "$(ls -A ./nginx-perl/*.pm)" ]; then + cp -av ./nginx-perl/*.pm "${NGINX_PERL_MODULE_PATH}" + rm -rf ./nginx-perl + fi + chmod -Rf g+rw ${NGINX_PERL_MODULE_PATH} +fi diff --git a/1.26-minimal/s2i/bin/run b/1.26-minimal/s2i/bin/run new file mode 100755 index 00000000..fd24fa40 --- /dev/null +++ b/1.26-minimal/s2i/bin/run @@ -0,0 +1,16 @@ +#!/bin/bash + +source /opt/app-root/etc/generate_container_user + +set -e + +source ${NGINX_CONTAINER_SCRIPTS_PATH}/common.sh + +process_extending_files ${NGINX_APP_ROOT}/src/nginx-start ${NGINX_CONTAINER_SCRIPTS_PATH}/nginx-start + +if [ ! -v NGINX_LOG_TO_VOLUME -a -v NGINX_LOG_PATH ]; then + /bin/ln -sf /dev/stdout ${NGINX_LOG_PATH}/access.log + /bin/ln -sf /dev/stderr ${NGINX_LOG_PATH}/error.log +fi + +exec nginx -g "daemon off;" diff --git a/1.26-minimal/s2i/bin/usage b/1.26-minimal/s2i/bin/usage new file mode 100755 index 00000000..2abe6c1d --- /dev/null +++ b/1.26-minimal/s2i/bin/usage @@ -0,0 +1,19 @@ +#!/bin/sh + +DISTRO=`cat /etc/*-release | grep ^ID= | grep -Po '".*?"' | tr -d '"'` + +cat <