FROM # set version label ARG BUILD_DATE ARG VERSION ARG CERTBOT_VERSION LABEL build_version=" version:- ${VERSION} Build-date:- ${BUILD_DATE}" LABEL maintainer="nemchik" # environment settings ENV DHLEVEL=2048 ONLY_SUBDOMAINS=false AWS_CONFIG_FILE=/config/dns-conf/route53.ini ENV S6_BEHAVIOUR_IF_STAGE2_FAILS=2 RUN \ echo "**** install build packages ****" && \ apk add --no-cache --virtual=build-dependencies \ cargo \ g++ \ gcc \ libffi-dev \ libxml2-dev \ libxslt-dev \ openssl-dev \ python3-dev && \ echo "**** install runtime packages ****" && \ apk add --no-cache --upgrade \ curl \ fail2ban \ gnupg \ memcached \ nginx \ nginx-mod-http-brotli \ nginx-mod-http-dav-ext \ nginx-mod-http-echo \ nginx-mod-http-fancyindex \ nginx-mod-http-geoip2 \ nginx-mod-http-headers-more \ nginx-mod-http-image-filter \ nginx-mod-http-nchan \ nginx-mod-http-perl \ nginx-mod-http-redis2 \ nginx-mod-http-set-misc \ nginx-mod-http-upload-progress \ nginx-mod-http-xslt-filter \ nginx-mod-mail \ nginx-mod-rtmp \ nginx-mod-stream \ nginx-mod-stream-geoip2 \ nginx-vim \ php8-bcmath \ php8-bz2 \ php8-ctype \ php8-curl \ php8-dom \ php8-exif \ php8-ftp \ php8-gd \ php8-gmp \ php8-iconv \ php8-imap \ php8-intl \ php8-ldap \ php8-mysqli \ php8-mysqlnd \ php8-opcache \ php8-pdo_mysql \ php8-pdo_odbc \ php8-pdo_pgsql \ php8-pdo_sqlite \ php8-pear \ php8-pecl-apcu \ php8-pecl-mailparse \ php8-pecl-mcrypt \ php8-pecl-memcached \ php8-pecl-redis \ php8-pgsql \ php8-phar \ php8-posix \ php8-soap \ php8-sockets \ php8-sodium \ php8-sqlite3 \ php8-tokenizer \ php8-xml \ php8-xmlreader \ php8-xsl \ php8-zip \ py3-cryptography \ py3-future \ py3-pip \ whois && \ apk add --no-cache \ --repository= \ php8-pecl-xmlrpc && \ echo "**** install certbot plugins ****" && \ if [ -z ${CERTBOT_VERSION+x} ]; then \ CERTBOT="certbot"; \ else \ CERTBOT="certbot==${CERTBOT_VERSION}"; \ fi && \ pip3 install -U \ pip wheel && \ pip install -U --find-links \ ${CERTBOT} \ certbot-dns-acmedns \ certbot-dns-aliyun \ certbot-dns-azure \ certbot-dns-cloudflare \ certbot-dns-cloudxns \ certbot-dns-cpanel \ certbot-dns-desec \ certbot-dns-digitalocean \ certbot-dns-directadmin \ certbot-dns-dnsimple \ certbot-dns-dnsmadeeasy \ certbot-dns-dnspod \ certbot-dns-do \ certbot-dns-domeneshop \ certbot-dns-dynu \ certbot-dns-google \ certbot-dns-he \ certbot-dns-hetzner \ certbot-dns-infomaniak \ certbot-dns-inwx \ certbot-dns-ionos \ certbot-dns-linode \ certbot-dns-loopia \ certbot-dns-luadns \ certbot-dns-netcup \ certbot-dns-njalla \ certbot-dns-nsone \ certbot-dns-ovh \ certbot-dns-rfc2136 \ certbot-dns-route53 \ certbot-dns-standalone \ certbot-dns-transip \ certbot-dns-vultr \ certbot-plugin-gandi \ cryptography \ requests && \ echo "**** enable OCSP stapling from base ****" && \ sed -i \ 's|#ssl_stapling on;|ssl_stapling on;|' \ /defaults/nginx/ssl.conf.sample && \ sed -i \ 's|#ssl_stapling_verify on;|ssl_stapling_verify on;|' \ /defaults/nginx/ssl.conf.sample && \ sed -i \ 's|#ssl_trusted_certificate /config/keys/cert.crt;|ssl_trusted_certificate /config/keys/cert.crt;|' \ /defaults/nginx/ssl.conf.sample && \ echo "**** correct ip6tables legacy issue ****" && \ rm \ /sbin/ip6tables && \ ln -s \ /sbin/ip6tables-nft /sbin/ip6tables && \ echo "**** remove unnecessary fail2ban filters ****" && \ rm \ /etc/fail2ban/jail.d/alpine-ssh.conf && \ echo "**** copy fail2ban default action and filter to /defaults ****" && \ mkdir -p /defaults/fail2ban && \ mv /etc/fail2ban/action.d /defaults/fail2ban/ && \ mv /etc/fail2ban/filter.d /defaults/fail2ban/ && \ echo "**** copy proxy confs to /defaults ****" && \ mkdir -p \ /defaults/nginx/proxy-confs && \ curl -o \ /tmp/proxy-confs.tar.gz -L \ "" && \ tar xf \ /tmp/proxy-confs.tar.gz -C \ /defaults/nginx/proxy-confs --strip-components=1 --exclude=linux*/.editorconfig --exclude=linux*/.gitattributes --exclude=linux*/.github --exclude=linux*/.gitignore --exclude=linux*/LICENSE && \ echo "**** cleanup ****" && \ apk del --purge \ build-dependencies && \ for cleanfiles in *.pyc *.pyo; \ do \ find /usr/lib/python3.* -iname "${cleanfiles}" -exec rm -f '{}' + \ ; done && \ rm -rf \ /tmp/* \ /root/.cache \ /root/.cargo # copy local files COPY root/ / # ports and volumes EXPOSE 80 443 VOLUME /config