How to expose port from host to container in Docker? - docker

You can use EXPOSE in Docker for:
The EXPOSE instructions informs Docker that the container will listen
on the specified network ports at runtime.
Can I do the opposite? Can I expose port from my Ubuntu to the docker container?
Background: I'm trying to setup a simple php7-fpm as a docker image and I would like to expose port 3306 (MySQL service) to the docker container.
My Dockerfile:
FROM debian:jessie
# persistent / runtime deps
RUN apt-get update && apt-get install -y ca-certificates curl libpcre3 librecode0 libsqlite3-0 libxml2 --no-install-recommends && rm -r /var/lib/apt/lists/*
# phpize deps
RUN apt-get update && apt-get install -y autoconf file g++ gcc libc-dev make pkg-config re2c --no-install-recommends && rm -r /var/lib/apt/lists/*
ENV PHP_INI_DIR /usr/local/etc/php
RUN mkdir -p $PHP_INI_DIR/conf.d
##<autogenerated>##
ENV PHP_EXTRA_CONFIGURE_ARGS --enable-fpm --with-fpm-user=www-data --with-fpm-group=www-data
##</autogenerated>##
ENV PHP_VERSION 7.0.0RC2
# --enable-mysqlnd is included below because it's harder to compile after the fact the extensions are (since it's a plugin for several extensions, not an extension in itself)
RUN buildDeps=" \
$PHP_EXTRA_BUILD_DEPS \
libcurl4-openssl-dev \
libpcre3-dev \
libreadline6-dev \
librecode-dev \
libsqlite3-dev \
libssl-dev \
libxml2-dev \
xz-utils \
" \
&& set -x \
&& apt-get update && apt-get install -y $buildDeps --no-install-recommends && rm -rf /var/lib/apt/lists/* \
&& curl -SL "https://downloads.php.net/~ab/php-$PHP_VERSION.tar.xz" -o php.tar.xz \
&& mkdir -p /usr/src/php \
&& tar -xof php.tar.xz -C /usr/src/php --strip-components=1 \
&& rm php.tar.xz* \
&& cd /usr/src/php \
&& ./configure \
--with-config-file-path="$PHP_INI_DIR" \
--with-config-file-scan-dir="$PHP_INI_DIR/conf.d" \
$PHP_EXTRA_CONFIGURE_ARGS \
--disable-cgi \
--enable-mysqlnd \
--with-pdo-mysql \
--enable-mbstring \
--with-curl \
--with-openssl \
--with-pcre \
--with-readline \
--with-recode \
--with-zlib \
&& make -j"$(nproc)" \
&& make install \
&& { find /usr/local/bin /usr/local/sbin -type f -executable -exec strip --strip-all '{}' + || true; } \
&& apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false -o APT::AutoRemove::SuggestsImportant=false $buildDeps \
&& make clean
COPY docker-php-ext-* /usr/local/bin/
##<autogenerated>##
WORKDIR /var/www/html
COPY php-fpm.conf /usr/local/etc/
EXPOSE 9000
CMD ["php-fpm"]
##</autogenerated>##
This is the command I use to run my container:
docker run --name=php7-fpm -v /var/www/html/:/var/www/html/ -p 9002:9000 marty/php7
My PHP app database configuration:
database:
main:
host: 127.0.0.1
dbname: edu
user: root
password: myPassword
port: 3306

You can run container with --net=host then it will have access to the host's ports directly. See https://docs.docker.com/engine/reference/run/#network-settings

Related

Kartoza Geoserver on Heroku

I am new to docker and not an IT-specialist. I try to install Kartoza Geoserver in Docker on Heroku, but so far no success. Does anyone has experience with this and can explain me the settings in the dockerfile and the steps specifically for a Heroku install?
So far I tried a build with a modified dockerfile but I always get the same error (in the log trail) when opening/launching geoserver on Heroku:
"Error: groupadd: cannot open /etc/group".
I guess it is an permission/privileges issue.
Any sharing of experience on modifying the docker file so that the image is read by Heroku would be helpfull.
Modifying the settings in the dockerfile:
Removed the port forwarding from dockerfile
Add RUN adduser -D myuser USER myuser to dockerfile
Result dockerfile:
#--------- Generic stuff all our Dockerfiles should start with so we get caching ------------
ARG IMAGE_VERSION=9.0.65-jdk11-openjdk-slim-buster
ARG JAVA_HOME=/usr/local/openjdk-11
FROM tomcat:$IMAGE_VERSION
LABEL maintainer="Tim Sutton<tim#linfiniti.com>"
ARG GS_VERSION=2.22.0
ARG WAR_URL=https://downloads.sourceforge.net/project/geoserver/GeoServer/${GS_VERSION}/geoserver-${GS_VERSION}-war.zip
ARG STABLE_PLUGIN_BASE_URL=https://sourceforge.net/projects/geoserver/files/GeoServer
ARG DOWNLOAD_ALL_STABLE_EXTENSIONS=1
ARG DOWNLOAD_ALL_COMMUNITY_EXTENSIONS=1
ARG HTTPS_PORT=8443
ENV DEBIAN_FRONTEND=noninteractive
#Install extra fonts to use with sld font markers
RUN adduser -D myuser
USER myuser
RUN set -eux; \
apt-get update; \
apt-get -y --no-install-recommends install \
locales gnupg2 wget ca-certificates rpl pwgen software-properties-common iputils-ping \
apt-transport-https curl gettext fonts-cantarell lmodern ttf-aenigma \
ttf-bitstream-vera ttf-sjfonts tv-fonts libapr1-dev libssl-dev \
wget zip unzip curl xsltproc certbot cabextract gettext postgresql-client figlet gosu gdal-bin; \
# Install gdal3 - bullseye doesn't build libgdal-java anymore so we can't upgrade
curl https://deb.meteo.guru/velivole-keyring.asc | apt-key add - \
&& echo "deb https://deb.meteo.guru/debian buster main" > /etc/apt/sources.list.d/meteo.guru.list \
&& apt-get update \
&& apt-get -y --no-install-recommends install gdal-bin libgdal-java; \
dpkg-divert --local --rename --add /sbin/initctl \
&& (echo "Yes, do as I say!" | apt-get remove --force-yes login) \
&& apt-get clean \
&& rm -rf /var/lib/apt/lists/*; \
# verify that the binary works
gosu nobody true
ENV \
JAVA_HOME=${JAVA_HOME} \
DEBIAN_FRONTEND=noninteractive \
GEOSERVER_DATA_DIR=/opt/geoserver/data_dir \
GDAL_DATA=/usr/share/gdal \
LD_LIBRARY_PATH="$LD_LIBRARY_PATH:/usr/local/tomcat/native-jni-lib:/usr/lib/jni:/usr/local/apr/lib:/opt/libjpeg-turbo/lib64:/usr/lib:/usr/lib/x86_64-linux-gnu" \
FOOTPRINTS_DATA_DIR=/opt/footprints_dir \
GEOWEBCACHE_CACHE_DIR=/opt/geoserver/data_dir/gwc \
CERT_DIR=/etc/certs \
RANDFILE=/etc/certs/.rnd \
FONTS_DIR=/opt/fonts \
GEOSERVER_HOME=/geoserver \
EXTRA_CONFIG_DIR=/settings \
COMMUNITY_PLUGINS_DIR=/community_plugins \
STABLE_PLUGINS_DIR=/stable_plugins
WORKDIR /scripts
ADD resources /tmp/resources
ADD build_data /build_data
ADD scripts /scripts
RUN echo $GS_VERSION > /scripts/geoserver_version.txt ;\
chmod +x /scripts/*.sh;/scripts/setup.sh \
&& apt-get clean && rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/*
RUN echo 'figlet -t "Kartoza Docker GeoServer"' >> ~/.bashrc
WORKDIR ${GEOSERVER_HOME}
ENTRYPOINT ["/bin/bash", "/scripts/entrypoint.sh"]
Then build it with argument --platform linux/amd64 (I use arm64 architecture). Then pushed it to Heroku. All the time I get the same error.

docker-compose.yml - container with exited status on Ubuntu host

My docker-compose.yml:
version: "3.3"
services:
build_and_run_service:
image: myapp:0
build: .
network_mode: host
volumes:
- './bin/cookie:/app/cookie'
- './bin/logs:/app/logs'
- './bin/warehouse:/app/warehouse'
Dockerfile doesn't contain CMD and ENTRYPOINT, so when I execute commands in that order:
docker build --tag myapp:0 .
docker run -d -t myapp:0
docker exec -it <container_id> /bin/bash
It works as expected.
For some reason the container is not working when using docker compose...
Commands order:
docker-compose up -d --build
docker-compose run -d build_and_run_service bash
What's wrong?
Both cases work fine on Windows but not on Ubuntu...
#edit
Dockerfile:
FROM ubuntu:20.04 as runtime
LABEL description="Build and run container - myapp"
RUN apt-get update
RUN apt-get install -y software-properties-common
RUN apt-get install -y nano
RUN apt-get install -y wget
RUN apt-get install -y curl
RUN apt-get install -y make
RUN apt-get install -y build-essential
RUN apt-get install -y tcl zlib1g-dev libssl-dev tk libcurl4-gnutls-dev libexpat1-dev gettext dos2unix
# Compilers
RUN apt-get install -y gcc-10
RUN apt-get install -y g++-10
RUN rm /usr/bin/gcc \
&& ln -s /usr/bin/gcc-10 /usr/bin/gcc
RUN rm /usr/bin/g++ \
&& ln -s /usr/bin/g++-10 /usr/bin/g++
# Postgres dev
RUN sh -c 'echo "deb http://apt.postgresql.org/pub/repos/apt $(lsb_release -cs)-pgdg main" > /etc/apt/sources.list.d/pgdg.list'
RUN wget --no-check-certificate --quiet -O - https://www.postgresql.org/media/keys/ACCC4CF8.asc | apt-key add -
RUN apt-get update
RUN apt-get install -y libpq-dev postgresql-server-dev-13
RUN cd /tmp \
&& wget --no-check-certificate https://www.openssl.org/source/openssl-1.1.1g.tar.gz \
&& tar -zxf openssl-1.1.1g.tar.gz \
&& cd openssl-1.1.1g \
&& ./config \
&& make \
&& make install \
&& rm /usr/bin/openssl \
&& ln -s /usr/local/bin/openssl /usr/bin/openssl \
&& ldconfig
RUN cd /tmp \
&& wget --no-check-certificate https://cmake.org/files/v3.19/cmake-3.19.6-Linux-x86_64.tar.gz \
&& tar -zxf cmake-3.19.6-Linux-x86_64.tar.gz \
&& mv cmake-3.19.6-Linux-x86_64 /usr/local/ \
&& ln -s /usr/local/cmake-3.19.6-Linux-x86_64/bin/cmake /usr/bin/cmake
RUN cd /tmp \
&& wget --no-check-certificate https://mirrors.edge.kernel.org/pub/software/scm/git/git-2.31.0.tar.gz \
&& tar -zxf git-2.31.0.tar.gz \
&& cd git-2.31.0 \
&& make prefix=/usr/local all \
&& make prefix=/usr/local install
RUN cd /tmp \
&& wget --no-check-certificate https://boostorg.jfrog.io/artifactory/main/release/1.75.0/source/boost_1_75_0.tar.gz \
&& tar -zxf boost_1_75_0.tar.gz \
&& cd boost_1_75_0 \
&& ./bootstrap.sh \
&& ./b2 \
&& ./b2 install
VOLUME ["/app/cookie", "/app/logs", "/app/warehouse"]
WORKDIR /app
COPY . /src
RUN cd /src \
&& mkdir build \
&& cd build
# Some building command
## PRIVATE ##
# Removes tmp
RUN cd /tmp \
&& rm -r *

Sudo not available in docker image despite being installed in base image

I can't access Sudo from my container, despite it looking like the base image has it installed.
nistmni#ca5af2f4aace:~$ sudo echo x
bash: sudo: command not found
nistmni#ca5af2f4aace:~$ /bin/sudo
bash: /bin/sudo: No such file or directory
My Dockerfile is simple:
FROM nistmni/minc-toolkit
RUN mkdir ~/execute
COPY . ~/execute/
CMD /bin/bash
The Dockerfile for nistmni/minc-toolkit is:
FROM ubuntu:xenial
# install basic system packages
RUN apt-get -y update && \
apt-get -y dist-upgrade && \
apt-get install -y --no-install-recommends \
sudo \
build-essential g++ gfortran bc \
bison flex \
libx11-dev x11proto-core-dev \
libxi6 libxi-dev \
libxmu6 libxmu-dev libxmu-headers \
libgl1-mesa-dev libglu1-mesa-dev \
libjpeg-dev \
libssl-dev ccache libapt-inst2.0 git lsb-release \
curl ca-certificates unzip && \
apt-get autoclean && \
rm -rf /var/lib/apt/lists/*
# add user to build all tools
RUN useradd -ms /bin/bash nistmni && \
echo "nistmni ALL=(ALL) NOPASSWD: ALL" > /etc/sudoers.d/nistmni && \
chmod 0440 /etc/sudoers.d/nistmni
ENV PATH=/usr/lib/ccache:$PATH
# add new cmake
RUN mkdir src && \
cd src && \
curl -L --output cmake-3.14.5.tar.gz https://github.com/Kitware/CMake/releases/download/v3.14.5/cmake-3.14.5.tar.gz && \
tar zxf cmake-3.14.5.tar.gz && \
cd cmake-3.14.5 && \
./configure --prefix=/usr --no-qt-gui && \
make && \
make install && \
cd ../../ && \
rm -rf src
USER nistmni
ENV HOME /home/nistmni
WORKDIR /home/nistmni
Is this:
Some subtlety of base images I don't understand
Sudo is getting removed somewhere I'm not seeing
Not actually the Dockerfile being used to create the image
Thanks.

How to grant a container privilege to run in a normal user's session in dockerfile

Once building a docker image then use its images like
docker run -ti firefox-test:latest bash then i go to /usr/bin/ to open firefox :
root#...:cd /usr/bin
root#:/usr/bin/firefox
then it prompted me with this message:
Running Firefox as root in a regular user's session is not supported. ($HOME is /home/jenkins which is owned by jenkins.)
so, looks like running it within root authentication is not supported so i decided to put the --user <uid>:<gid> param to the docker command to run it then it can be launched with the given user uid&gid provided. without that params, it went to the root session and the message above would display.
So i wonder if there's any that i can do with building Dockerfile so that Firefox can be launched with either root or given user uid&gid so that i don't need to parse the param --user <uid>:<gid> to my docker run command?
FROM debian:stretch
#==========
# Ruby 2.5.1
#==========
# cf. Dockerfile for ruby:2.3
# https://github.com/docker-library/ruby/blob/master/2.3/Dockerfile
# Install Ruby Dependencies
# cf. https://gorails.com/setup/ubuntu/16.04
RUN apt-get update \
&& rubyBuildDeps=' \
build-essential \
curl \
git-core \
libcurl4-openssl-dev \
libffi-dev \
libreadline-dev \
libsqlite3-dev \
libssl-dev \
libxml2-dev \
libxslt1-dev \
libyaml-dev \
software-properties-common \
sqlite3 \
wget \
zlib1g-dev \
' \
&& apt-get install -y --no-install-recommends $rubyBuildDeps \
&& rm -rf /var/lib/apt/lists/*
# skip installing gem documentation
RUN mkdir -p /usr/local/etc \
&& { \
echo 'install: --no-document'; \
echo 'update: --no-document'; \
} >> /usr/local/etc/gemrc
ENV RUBY_MAJOR 2.5
ENV RUBY_VERSION 2.5.1
ENV RUBY_DOWNLOAD_SHA256 dac81822325b79c3ba9532b048c2123357d3310b2b40024202f360251d9829b1
ENV RUBYGEMS_VERSION 2.7.7
# some of ruby's build scripts are written in ruby
# we purge system ruby later to make sure our final image uses what we just built
RUN set -ex \
\
&& buildDeps=' \
bison \
libgdbm-dev \
ruby \
' \
&& apt-get update \
&& apt-get install -y --no-install-recommends $buildDeps \
&& rm -rf /var/lib/apt/lists/* \
\
&& wget -O ruby.tar.gz "https://cache.ruby-lang.org/pub/ruby/${RUBY_MAJOR%-rc}/ruby-$RUBY_VERSION.tar.gz" \
&& echo "$RUBY_DOWNLOAD_SHA256 *ruby.tar.gz" | sha256sum -c - \
\
&& mkdir -p /usr/src/ruby \
&& tar -xzf ruby.tar.gz -C /usr/src/ruby --strip-components=1 \
&& rm ruby.tar.gz \
\
&& cd /usr/src/ruby \
\
# hack in "ENABLE_PATH_CHECK" disabling to suppress:
# warning: Insecure world writable dir
&& { \
echo '#define ENABLE_PATH_CHECK 0'; \
echo; \
cat file.c; \
} > file.c.new \
&& mv file.c.new file.c \
\
&& ./configure --disable-install-doc \
&& make -j"$(nproc)" \
&& make install \
\
&& apt-get purge -y --auto-remove $buildDeps \
&& cd / \
&& rm -r /usr/src/ruby \
\
&& gem update --system "$RUBYGEMS_VERSION"
ENV BUNDLER_VERSION 2.0.1
RUN gem install bundler --version "$BUNDLER_VERSION" --force
# install things globally, for great justice
# and don't create ".bundle" in all our apps
ENV GEM_HOME /usr/local/bundle
ENV BUNDLE_PATH="$GEM_HOME" \
BUNDLE_BIN="$GEM_HOME/bin" \
BUNDLE_SILENCE_ROOT_WARNING=1 \
BUNDLE_APP_CONFIG="$GEM_HOME"
ENV PATH $GEM_HOME/bin:$BUNDLE_PATH/gems/bin:$PATH
RUN mkdir -p "$GEM_HOME" "$BUNDLE_BIN" \
&& chmod 777 "$GEM_HOME" "$BUNDLE_BIN"
#===============
# Gecko Driver
#===============
ENV GECKODRIVER_VERSION 0.24.0
RUN apt-get update && \
apt-get install -y --no-install-recommends unzip && \
apt-get install -y --no-install-recommends \
bzip2 \
libgconf-2-4 \
libglib2.0-dev \
libnss3-dev \
libxi6 \
xvfb \
&& \
rm -rf /var/lib/apt/lists/* \
/var/cache/apt/* && \
wget https://github.com/mozilla/geckodriver/releases/download/v$GECKODRIVER_VERSION/geckodriver-v$GECKODRIVER_VERSION-linux64.tar.gz && \
tar -zxvf geckodriver-v$GECKODRIVER_VERSION-linux64.tar.gz && \
mv geckodriver /usr/local/bin/ && \
chmod +x /usr/local/bin/geckodriver && \
rm geckodriver-v$GECKODRIVER_VERSION-linux64.tar.gz && \
apt-get purge -y --auto-remove bzip2
#==========
# Firefox
#==========
ENV FF_LANG="en-US" \
FF_BASE_URL="https://archive.mozilla.org/pub" \
FF_PLATFORM="linux-x86_64" \
FF_INNER_PATH="firefox/releases" \
FF_VERSION="67.0"
ENV FF_COMP="firefox-${FF_VERSION}.tar.bz2"
ENV FF_URL="${FF_BASE_URL}/${FF_INNER_PATH}/${FF_VERSION}/${FF_PLATFORM}/${FF_LANG}/${FF_COMP}"
RUN apt-get update && \
apt-get install -y --no-install-recommends unzip && \
apt-get install -y --no-install-recommends \
bzip2 \
&& \
rm -rf /var/lib/apt/lists/* /var/cache/apt/* && \
wget "${FF_URL}" \
-O /tmp/firefox-linux.tar.bz2 && \
tar -xvf /tmp/firefox-linux.tar.bz2 -C /opt && \
ln -s /opt/firefox/firefox /usr/bin/firefox && \
chmod +x /usr/bin/firefox && \
rm /tmp/firefox-linux.tar.bz2 && \
apt-get purge -y --auto-remove bzip2
#---------------------------
# Dependencies for headless
#---------------------------
RUN apt-get update && \
headlessDeps=' \
imagemagick \
xvfb \
' && \
apt-get install -y --no-install-recommends $headlessDeps && \
rm -rf /var/lib/apt/lists/* /var/cache/apt/*
#========================
# Font for Chinese
#========================
RUN apt-get update && \
apt-get install -y --no-install-recommends fonts-arphic-ukai fonts-arphic-uming && \
rm -rf /var/lib/apt/lists/* /var/cache/apt/*
#==============================================
# On advice from:
# https://github.com/SeleniumHQ/docker-selenium/issues/87
ENV DBUS_SESSION_BUS_ADDRESS /dev/null
#==============================================
# Jenkins Agent
#==============================================
# For the Amazon EC2 Container Service Plugin,
# we need the Docker image with an entryPoint which behaves as a
# Jenkins Agent.
# Instal OpenJDK-11
# cf. https://xmoexdev.com/wordpress/installing-openjdk-9-debian-stretch/
RUN echo deb http://http.debian.net/debian stretch-backports main >> /etc/apt/sources.list.d/stretch-backports.list && \
apt-get update && \
apt-get install -y --no-install-recommends -t stretch-backports openjdk-8-jdk && \
rm -rf /var/lib/apt/lists/* /var/cache/apt/*
# Adapted from Docker Image: jenkins/slave
# https://hub.docker.com/r/jenkins/slave/~/dockerfile/
ARG user=jenkins
ARG group=jenkins
ARG uid=10000
ARG gid=10000
ENV HOME /home/${user}
RUN groupadd -g ${gid} ${group}
RUN useradd -c "Jenkins user" -d $HOME -u ${uid} -g ${gid} -m ${user}
ARG JENKINS_REMOTING_VERSION=3.20
ARG AGENT_WORKDIR=/home/${user}/agent
RUN curl --create-dirs -sSLo /usr/share/jenkins/slave.jar \
https://repo.jenkins-ci.org/public/org/jenkins-ci/main/remoting/${JENKINS_REMOTING_VERSION}/remoting-${JENKINS_REMOTING_VERSION}.jar \
&& chmod 755 /usr/share/jenkins \
&& chmod 644 /usr/share/jenkins/slave.jar
# USER ${user}
ENV AGENT_WORKDIR=${AGENT_WORKDIR}
RUN mkdir /home/${user}/.jenkins && mkdir -p ${AGENT_WORKDIR}
VOLUME /home/${user}/.jenkins
VOLUME ${AGENT_WORKDIR}
# WORKDIR /home/${user}
# Docker Image: jenkins/jnlp-slave
# https://hub.docker.com/r/jenkinsci/jnlp-slave/~/dockerfile/
# uses the script from its git repository:
# https://github.com/jenkinsci/docker-jnlp-slave
# Docker builder can't copy files under 'config' directory,
# so keep jenkins-slave in top-level dir
COPY jenkins-slave /usr/local/bin/jenkins-slave
ENTRYPOINT ["jenkins-slave"]

creating a docker image with nginx compile options for Optional HTTP modules

I am trying to build an nginx image for installing nginx with the Module ngx_http_auth_request_module.
this is my current docker file:
#ubuntu OS
FROM ubuntu:14.04
#update apt-get non interactive and install nginx
RUN \
sudo apt-get -q -y update; \
sudo apt-get -q -y install nginx
#copy all mapping configurations for all environments
COPY ./resources/routing-configs/* /routing-configs/
#expose port for nginx
EXPOSE 80
#run task to copy only relevant mapping configuration to nginx and reload nginx service
COPY ./resources/start.sh /opt/mysite/router/start.sh
RUN sudo chmod 766 /opt/mysite/router/start.sh
CMD sudo -E sh /opt/mysite/router/start.sh
typically i would have compiled the nginx files locally like this:
sudo ./configure --with-http_auth_request_module
and then install nginx
sudo make install
but how can i do this with docker file?
please help
I'm somewhat of a noob with Docker, but I had to solve this same problem. I used this Dockerfile as a starting point.
FROM centos:centos7
WORKDIR /tmp
# Install prerequisites for Nginx compile
RUN yum install -y \
wget \
tar \
openssl-devel \
gcc \
gcc-c++ \
make \
zlib-devel \
pcre-devel \
gd-devel \
krb5-devel \
openldap-devel \
git
# Download Nginx and Nginx modules source
RUN wget http://nginx.org/download/nginx-1.9.3.tar.gz -O nginx.tar.gz && \
mkdir /tmp/nginx && \
tar -xzvf nginx.tar.gz -C /tmp/nginx --strip-components=1 &&\
git clone https://github.com/kvspb/nginx-auth-ldap.git /tmp/nginx/nginx-auth-ldap
# Build Nginx
WORKDIR /tmp/nginx
RUN ./configure \
--user=nginx \
--with-debug \
--group=nginx \
--prefix=/usr/share/nginx \
--sbin-path=/usr/sbin/nginx \
--conf-path=/etc/nginx/nginx.conf \
--pid-path=/run/nginx.pid \
--lock-path=/run/lock/subsys/nginx \
--error-log-path=/var/log/nginx/error.log \
--http-log-path=/var/log/nginx/access.log \
--with-http_gzip_static_module \
--with-http_stub_status_module \
--with-http_ssl_module \
--with-http_spdy_module \
--with-pcre \
--with-http_image_filter_module \
--with-file-aio \
--with-ipv6 \
--with-http_dav_module \
--with-http_flv_module \
--with-http_mp4_module \
--with-http_gunzip_module \
--add-module=nginx-auth-ldap && \
make && \
make install
WORKDIR /tmp
# Add nginx user
RUN adduser -c "Nginx user" nginx && \
setcap cap_net_bind_service=ep /usr/sbin/nginx
RUN touch /run/nginx.pid
RUN chown nginx:nginx /etc/nginx /etc/nginx/nginx.conf /var/log/nginx /usr/share/nginx /run/nginx.pid
# Cleanup after Nginx build
RUN yum remove -y \
wget \
tar \
gcc \
gcc-c++ \
make \
git && \
yum autoremove -y && \
rm -rf /tmp/*
# PORTS
EXPOSE 80
EXPOSE 443
USER nginx
CMD ["/usr/sbin/nginx", "-g", "daemon off;"]

Resources