Deploying NGINX and NGINX Plus with Docker<\/p>\n
\n<\/p>\n
Note<\/strong>: This post was updated in May 2020 to make the Docker commands comply with current standards and to provide an updated NGINX Plus Dockerfile for Debian and Alpine Linux distributions.<\/em><\/p>\n Docker<\/a>\u00a0is an\u00a0open platform for building, shipping, and running distributed applications as containers (lightweight, standalone, executable packages of software that include everything needed to run an application). Containers can in turn be deployed and orchestrated by container orchestration platforms such as Kubernetes. (In addition to the Docker container technology for NGINX Open Source and NGINX Plus discussed in this blog, NGINX provides the NGINX Open Source and NGINX Plus Ingress Controllers for Kubernetes<\/a>; for NGINX Plus subscribers, support is included at no extra cost.)<\/p>\n As software applications, NGINX Open Source and NGINX Plus are great use cases for Docker, and we publish an\u00a0NGINX Open Source image<\/a> on\u00a0Docker Hub<\/a>, the repository of Docker images. This article describes how you can deploy NGINX Open Source using this image from Docker Hub, or create and deploy your own Docker image of NGINX Plus.<\/p>\n The Docker open platform includes the Docker Engine –\u00a0the open source runtime that builds, runs, and orchestrates containers –\u00a0and Docker Hub, a hosted service where Dockerized applications are distributed, shared, and collaborated on by the entire development community or within the confines of a specific organization.<\/p>\n Docker containers enable developers to focus their efforts on application \u201ccontent\u201d by separating applications from the constraints of infrastructure. Dockerized applications are instantly portable to any infrastructure –\u00a0laptop, bare‑metal server, VM, or cloud –\u00a0making them modular components that can be readily assembled and reassembled into fully featured distributed applications and continuously innovated on in real time.<\/p>\n For more information about Docker, see\u00a0Why Docker?<\/a> or the full Docker\u00a0documentation<\/a>.<\/p>\n You can create an NGINX instance in a Docker container using the NGINX image<\/a> from Docker Hub.<\/p>\n Let’s start with a very simple example. To launch\u00a0an instance of NGINX running in a container and using the default NGINX configuration, run this command:<\/p>\n This command creates a container named mynginx1<\/strong> based on the NGINX\u00a0image. The command returns the long form of the container ID, which is used in the name of log files; see Managing Logging<\/a>.<\/p>\n The The To verify that the container was created and is running, and to see the port mappings, we run The So now we have a working NGINX Docker container, but how do we manage the content and the NGINX configuration? And what about logging?<\/p>\n It is common to enable SSH access to NGINX instances, but the NGINX image does not have OpenSSH installed, because Docker containers are generally intended to be for a single purpose (in this case running NGINX), and for normal operations there is no need to have shell access directly to the NGINX container. Instead we’ll use other methods supported by Docker. For a detailed discussion of alternatives to SSH access, see Why You Don’t Need to Run SSHd in Your Docker Containers<\/a>.<\/p>\n There are several ways you can manage both the content served by NGINX and the NGINX configuration files. Here we cover a few of the options.<\/p>\n When the container is created we\u00a0can tell Docker to mount a local directory on the Docker host to a directory in the container. The NGINX image uses the default NGINX configuration, which uses \/usr\/share\/nginx\/html<\/strong> as the container’s root directory and puts configuration files in \/etc\/nginx<\/strong>. For a Docker host with content in the local directory \/var\/www<\/strong> and configuration files in \/var\/nginx\/conf<\/strong>, run this command (which appears on multiple lines here only for legibility):<\/p>\n Now any change made to the files in the local directories \/var\/www<\/strong> and \/var\/nginx\/conf<\/strong> on the Docker host are reflected in the directories \/usr\/share\/nginx\/html<\/strong> and \/etc\/nginx<\/strong> in the container. The Another option is to have Docker copy the content and configuration files from a local directory on the Docker host during container creation. Once a\u00a0container is created, the files are maintained by creating a new container when files change or by modifying the files in the container. A simple way to copy the files is to create a Dockerfile<\/strong>\u00a0with commands that are run during generation of a new Docker image based on the NGINX image from Docker Hub. For the file‑copy ( In our example, the content is in the content<\/strong> directory and the configuration files are in the conf<\/strong> directory, both subdirectories of the directory where the Dockerfile<\/strong> is located. The NGINX image includes default NGINX configuration files as \/etc\/nginx\/nginx.conf<\/strong> and \/etc\/nginx\/conf.d\/default.conf<\/strong>. Because we instead want to use the configuration files from the host, we include We create our own NGINX image by running the following command from the directory where the Dockerfile<\/strong> is located. Note the period (“.”) at the end of the command. It defines the current directory as the build context, which contains the Dockerfile<\/strong> and the directories to be copied.<\/p>\n Now we run this command to create a container called mynginx3<\/strong> based on the mynginx_image1<\/strong> image:<\/p>\n If we want to make changes to the files in the container, we use a helper container as described in Option 3.<\/p>\n As mentioned in A Note About SSH<\/a>, we can’t use SSH to access the NGINX container, so if we want to edit the content or configuration files directly we have to create a helper container that\u00a0has shell access. For the helper container to have access to the files, we must create a new image that has the proper Docker data volumes<\/a> defined for the image. Assuming we want to copy files as in Option 2 while also defining volumes, we use the following Dockerfile<\/strong>:<\/p>\n We then create the new\u00a0NGINX image by running the following command (again note the final period):<\/p>\n Now we run this command to create an NGINX container (mynginx4<\/strong>) based on the mynginx_image2<\/strong> image:<\/p>\n We then run the following command to start a helper container mynginx4_files<\/strong> that has a shell, enabling us to access the content and configuration directories of the mynginx4<\/strong> container we just created:<\/p>\n The new\u00a0mynginx4_files<\/strong> helper container runs in the foreground with a\u00a0persistent standard input (the The To start and stop the container, run the following commands:<\/p>\n To exit the shell but leave the container running, press To exit the shell and terminate the container, run the Note:<\/strong> As an alternative to the preceding commands, you can run the following command to open an interactive shell to a running NGINX container. However, we recommend this only for advanced users.<\/p>\n On Debian systems:<\/p>\n On Alpine Linux systems:<\/p>\n You can configure either default or customized logging.<\/p>\n The NGINX image is configured to send the main NGINX access and error logs to the Docker log collector by default. This is done by linking them to You can use both the Docker command line and the Docker Engine API<\/a> to extract the log messages. <\/p>\n On the command line, run this command:<\/p>\n To use the Docker Remote API, issue a To include only access log messages in the output, include only If you want to implement another method of log collection, or if you want to configure logging differently in certain configuration blocks (such as For example, to configure NGINX to store log files in \/var\/log\/nginx\/log<\/strong>,\u00a0we can start with the Dockerfile<\/strong> from Option 3<\/a> and simply add a We\u00a0can then create an image as described above and use it to create an NGINX container and a helper container that have access to the logging directory. The helper container can have any desired logging tools installed.<\/p>\n Since we do not have direct access to the command line of the NGINX container, we cannot use the To reload the NGINX configuration, run this command:<\/p>\n To restart NGINX, run this command to restart the container:<\/p>\n So far we have discussed Docker for NGINX Open Source, but you can also use it with the commercial product, NGINX Plus. The difference is you first need to create an NGINX Plus image, because as a commercial offering NGINX Plus is not available at Docker Hub. Fortunately, this is quite easy to do.<\/p>\n Note<\/strong>: Never upload your NGINX Plus images to a public repository such as Docker Hub. Doing so violates your license agreement.<\/p>\n To generate\u00a0an NGINX Plus image, first create a Dockerfile<\/strong>. The examples we provide here use Debian 10 (Buster) Alpine Linux 3.11 as the base Docker image. Before you can create the NGINX Plus Docker image, you have to download your version of the nginx-repo.crt<\/span> and nginx-repo.key<\/span> files. NGINX Plus customers can find them at the customer portal, https:\/\/cs.nginx.com<\/a><\/strong>; if you are doing a free trial of NGINX Plus, they were provided with your trial package. Copy the files to the directory where the Dockerfile<\/strong> is located (the Docker build context).<\/p>\n As with NGINX Open Source, by default the NGINX Plus access and error logs are linked to the Docker log collector. No volumes are specified, but you can add them if desired, or each Dockerfile<\/strong> can be used to create base images from which you can create new images with volumes specified, as described previously.<\/p>\n We purposely do not specify an NGINX Plus version in the sample Dockerfiles, so that you don’t have to edit the file when you update to a new release of NGINX Plus. We have, however, included commented versions of the relevant instructions for you to uncomment if you want to make the file version‑specific.<\/p>\n Similarly, we’ve included commented version of instructions that install official dynamic modules for NGINX Plus<\/a>.<\/p>\n By default, no files are copied from the Docker host as a container is created. You can add LABEL maintainer="NGINX Docker Maintainers ”<\/p>\n # Define NGINX versions for NGINX Plus and NGINX Plus modules # Download certificate and key from the customer portal (https:\/\/cs.nginx.com) RUN set -x && echo “Acquire::https::plus-pkgs.nginx.com::Verify-Peer “true”;” >> \/etc\/apt\/apt.conf.d\/90nginx # Forward request logs to Docker log collector EXPOSE 80<\/p>\n STOPSIGNAL SIGTERM<\/p>\n CMD [“nginx”, “-g”, “daemon off;”] LABEL maintainer="NGINX Docker Maintainers ”<\/p>\n # Define NGINX versions for NGINX Plus and NGINX Plus modules # Download certificate and key from the customer portal (https:\/\/cs.nginx.com) RUN set -x && runDeps=”$( EXPOSE 80<\/p>\n STOPSIGNAL SIGTERM<\/p>\n CMD [“nginx”, “-g”, “daemon off;”]–><\/p>\n With the\u00a0Dockerfile<\/strong>, nginx-repo.crt<\/span>, and nginx-repo.key<\/span> files in the same directory, run the following command there to create a Docker image called nginxplus<\/strong> (as before, note the final period):<\/p>\n Note the Output like the following from the To create a container named mynginxplus<\/strong> based on this image, run this command:<\/p>\n You can control and manage NGINX Plus containers in the same way as NGINX containers.<\/p>\n NGINX, NGINX Plus, and Docker work extremely well together. Whether you use the NGINX Open Source image from Docker Hub or create your own NGINX Plus image, you can easily spin up new instances of NGINX and NGINX Plus in Docker containers and deploy them in your Kubernetes environment. You can also easily create new Docker images from the base images, making your containers even easier to control and manage. Make sure that all NGINX Plus instances running in your Docker containers are covered by your subscription. For details, please contact the NGINX sales team<\/a>.<\/p>\n There is much more to Docker than we have been able to cover in this article. For more information, download our free O’Reilly eBook – Container Networking: From Docker to Kubernetes<\/a> – or check out\u00a0www.docker.com<\/a>.<\/p>\n The post Deploying NGINX and NGINX Plus with Docker<\/a> appeared first on NGINX<\/a>.<\/p>\n Source: Deploying NGINX and NGINX Plus with Docker<\/a><\/p>\n","protected":false},"excerpt":{"rendered":" Deploying NGINX and NGINX Plus with Docker Note: This post was updated in May 2020 to make the Docker commands comply with current standards and to provide an updated NGINX Plus Dockerfile for Debian and Alpine Linux distributions. Docker\u00a0is an\u00a0open platform for building, shipping, and running distributed applications as containers (lightweight, standalone, executable packages of software that include everything needed to run an application). Containers can in turn be deployed and orchestrated by container orchestration platforms such as Kubernetes. (In addition to the Docker container technology for NGINX Open Source and NGINX Plus discussed in this blog, NGINX provides the NGINX Open Source and NGINX Plus Ingress Controllers for Kubernetes; for NGINX Plus subscribers, support is included at no extra cost.) As software applications, NGINX Open Source and NGINX Plus are great use cases for Docker, and we publish an\u00a0NGINX Open Source image on\u00a0Docker Hub, the repository [ more… ]<\/a><\/p>\n<\/div>","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[169],"tags":[652],"class_list":["post-37008","post","type-post","status-publish","format-standard","hentry","category-news","tag-nginx"],"amp_enabled":true,"_links":{"self":[{"href":"https:\/\/jirak.net\/wp\/wp-json\/wp\/v2\/posts\/37008","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/jirak.net\/wp\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/jirak.net\/wp\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/jirak.net\/wp\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/jirak.net\/wp\/wp-json\/wp\/v2\/comments?post=37008"}],"version-history":[{"count":1,"href":"https:\/\/jirak.net\/wp\/wp-json\/wp\/v2\/posts\/37008\/revisions"}],"predecessor-version":[{"id":37009,"href":"https:\/\/jirak.net\/wp\/wp-json\/wp\/v2\/posts\/37008\/revisions\/37009"}],"wp:attachment":[{"href":"https:\/\/jirak.net\/wp\/wp-json\/wp\/v2\/media?parent=37008"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/jirak.net\/wp\/wp-json\/wp\/v2\/categories?post=37008"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/jirak.net\/wp\/wp-json\/wp\/v2\/tags?post=37008"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}Introduction<\/h2>\n
Using the NGINX Docker Image<\/h2>\n
# docker run --name mynginx1 -p 80:80 -d nginx<\/strong>\r\nfcd1fb01b14557c7c9d991238f2558ae2704d129cf9fb97bb4fadf673a58580d<\/code><\/pre>\n-d<\/code> option<\/span> specifies that the container runs in detached mode, which means that it continues to run until stopped but does not respond to commands run on the command line. We discuss later<\/a> how to interact with the container. <\/p>\n-p<\/code> option<\/span> tells Docker to map the ports exposed in the container by the NGINX image – port 80 – to the specified port on the Docker host. The first parameter specifies the port in the Docker host, while the second parameter is mapped to the port exposed in the container.<\/p>\ndocker<\/code> ps<\/code><\/span>. (We’ve split the output across multiple lines here to make it easier to read.)<\/p>\n# docker ps<\/strong>\r\nCONTAINER\u00a0ID\u00a0 IMAGE\u00a0\u00a0\u00a0\u00a0\u00a0 \u00a0 COMMAND\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 CREATED\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 STATUS\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 ... \r\nfcd1fb01b145 nginx:latest \"nginx -g 'daemon of 16 seconds ago Up 15 seconds ... \r\n\r\n ... PORTS NAMES\r\n ... 0.0.0.0:80->80\/tcp mynginx1<\/code><\/pre>\nPORTS<\/code> field in the output reports that port 80 on the Docker host is mapped to port 80 in the container. Another way to verify that NGINX is running is to make an HTTP request to that port. The code for the default NGINX welcome page appears:<\/p>\n# curl http:\/\/localhost:49167<\/strong>\r\n<!DOCTYPE html>\r\n<html>\r\n<head>\r\n<title>Welcome to nginx!<\/title>\r\n<style>\r\n body {\r\n width: 35em;\r\n margin: 0 auto;\r\n font-family: Tahoma, Verdana, Arial, sans-serif;\r\n }\r\n<\/style>\r\n<\/head>\r\n<body>\r\n<h1>Welcome to nginx!<\/h1>\r\n<p>If you see this page, the nginx web server is successfully installed and\r\nworking. Further configuration is required.<\/p>\r\n\r\n<p>For online documentation and support please refer to\r\n<a href=\"http:\/\/nginx.org\/\">nginx.org<\/a>.<br\/>\r\nCommercial support is available at\r\n<a href=\"https:\/\/www.nginx.com\/\">nginx.com<\/a>.<\/p>\r\n\r\n<p><em>Thank you for using nginx.<\/em><\/p>\r\n<\/body>\r\n<\/html><\/code><\/pre>\nWorking with the NGINX Docker Container<\/h2>\n
A Note About SSH<\/h3>\n
Managing Content and Configuration Files<\/h3>\n
Option 1 – Maintain the Content and Configuration on the Docker Host<\/h4>\n
# docker run --name mynginx2 --mount type=bind source=\/var\/www,target=\/usr\/share\/nginx\/html,readonly --mount type=bind,source=\/var\/nginx\/conf,target=\/etc\/nginx\/conf,readonly -p 80:80 -d nginx<\/strong><\/code><\/pre>\nreadonly<\/code> option means these directories can be changed only on the Docker host, not from within the container.<\/p>\nOption 2 – Copy Files from the Docker Host<\/h4>\n
COPY<\/code>) commands in the Dockerfile<\/strong>, the local directory path is relative to the build context where the Dockerfile<\/strong>\u00a0is located.<\/p>\nRUN<\/code> commands that delete the default files:<\/p>\nFROM nginx\r\nRUN rm \/etc\/nginx\/nginx.conf \/etc\/nginx\/conf.d\/default.conf\r\nCOPY\u00a0content \/usr\/share\/nginx\/html\r\nCOPY\u00a0conf \/etc\/nginx<\/code><\/pre>\n# docker build -t mynginx_image1 .<\/strong><\/code><\/pre>\n# docker run --name mynginx3 -p 80:80 -d mynginx_image1<\/strong><\/code><\/pre>\nOption 3 – Maintain Files in the Container<\/h4>\n
FROM nginx\r\nCOPY content \/usr\/share\/nginx\/html\r\nCOPY conf \/etc\/nginx\r\nVOLUME \/usr\/share\/nginx\/html\r\nVOLUME \/etc\/nginx<\/code><\/pre>\n# docker build -t mynginx_image2 .<\/strong><\/code><\/pre>\n# docker run --name mynginx4 -p 80:80 -d mynginx_image2<\/strong><\/code><\/pre>\n# docker run -i -t --volumes-from mynginx4 --name mynginx4_files debian \/bin\/bash<\/strong>\r\nroot@b1cbbad63dd1:\/#<\/code><\/pre>\n-i<\/code> option<\/span>) and a tty (the -t<\/code> option).<\/span> All volumes defined in mynginx4<\/strong>\u00a0are mounted as local directories in the helper container.<\/p>\ndebian<\/code> argument means that the helper container uses the Debian image\u00a0from Docker Hub. Because the NGINX image also uses Debian (and all of our examples so far use the NGINX image), it is most efficient to use Debian for the helper container, rather than having Docker load another operating system. The \/bin\/bash<\/code> argument means that the bash<\/code> shell runs in the helper container, presenting a shell prompt that you can use to modify files as needed.<\/p>\n# docker start mynginx4_files<\/strong>\r\n# docker stop mynginx4_files<\/strong><\/code><\/pre>\nCtrl+p<\/code> followed by Ctrl+q<\/code>. To regain shell access to a\u00a0running container, run this command:<\/p>\n# docker attach mynginx4_files<\/strong><\/code><\/pre>\nexit<\/code> command.<\/p>\n\n
# docker exec -it NGINX_container_ID<\/em> bash<\/strong><\/code><\/pre>\n<\/li>\n# docker exec -it NGINX_container_ID<\/em> sh<\/strong><\/code><\/pre>\n<\/li>\n<\/ul>\nManaging Logging<\/h3>\n
Using Default Logging<\/h4>\n
stdout<\/code> and stderr<\/code>; all messages from both logs\u00a0are then written to the file \/var\/lib\/docker\/containers\/container-ID<\/em>\/container-ID<\/em>-json.log<\/span> on the Docker\u00a0host. The container‑ID<\/em><\/strong> is the long‑form ID returned when you create a container. To display it, run this command:<\/p>\n# docker inspect --format '{{ .Id }}' container-name<\/em><\/strong><\/code><\/pre>\n# docker logs container-name<\/em><\/strong><\/code><\/pre>\nGET<\/code> request using the Docker Unix sock:<\/p>\ncurl --unix-sock \/var\/run\/docker-sock http:\/\/localhost\/containers\/container-name<\/em>\/logs?stdout=1&stderr=1<\/code><\/pre>\nstdout=1<\/code>; to limit the output to error log messages, include only stderr=1<\/code>. To learn about other available options, see the Docker Engine API\u00a0documentation<\/a> (search for “Get container logs” on that page).<\/p>\nUsing Customized Logging<\/h4>\n
server{}<\/code> and location{}<\/code>), define a Docker volume for the directory or directories in which to store the log files in the container, create a helper container to access the log files, and use whatever logging tools you like. To implement this, create a new image that contains the volume or volumes for the logging files.<\/p>\nVOLUME<\/code> definition for this directory:<\/p>\nFROM nginx\r\nCOPY content \/usr\/share\/nginx\/html\r\nCOPY conf \/etc\/nginx\r\nVOLUME \/var\/log\/nginx\/log<\/code><\/pre>\nControlling NGINX<\/h3>\n
nginx<\/code> command to control NGINX. Fortunately we can use signals<\/a> to control NGINX, and Docker provides the kill<\/code> command for sending signals to a container.<\/p>\n# docker kill -s HUP container-name<\/em><\/strong><\/code><\/pre>\n# docker restart container-name<\/em><\/strong><\/code><\/pre>\nDeploying NGINX Plus with Docker<\/h2>\n
Creating a Docker Image of NGINX Plus<\/h3>\n
COPY<\/code> definitions to each Dockerfile<\/strong>, or the image you create can be used as the basis for another image as described above.<\/p>\nNGINX Plus Dockerfile (Debian 10)<\/h4>\n
<\/code><!– [config scrolling="true"]FROM debian:buster-slim<\/p>\n
\n# Uncomment this block and the versioned nginxPackages block in the main RUN
\n# instruction to install a specific release
\n# ENV NGINX_VERSION 21
\n# ENV NJS_VERSION 0.3.9
\n# ENV PKG_RELEASE 1~buster<\/p>\n
\n# and copy to the build context
\nCOPY nginx-repo.crt \/etc\/ssl\/nginx\/
\nCOPY nginx-repo.key \/etc\/ssl\/nginx\/<\/p>\n
\n# Create nginx user\/group first, to be consistent throughout Docker variants
\n && addgroup –system –gid 101 nginx
\n && adduser –system –disabled-login –ingroup nginx –no-create-home –home \/nonexistent –gecos “nginx user” –shell \/bin\/false –uid 101 nginx
\n && apt-get update
\n && apt-get install –no-install-recommends –no-install-suggests -y ca-certificates gnupg1
\n &&
\n NGINX_GPGKEY=573BFD6B3D8FBC641079A6ABABF5BD827BD9BF62;
\n found=”;
\n for server in
\n ha.pool.sks-keyservers.net
\n hkp:\/\/keyserver.ubuntu.com:80
\n hkp:\/\/p80.pool.sks-keyservers.net:80
\n pgp.mit.edu
\n ; do
\n echo “Fetching GPG key $NGINX_GPGKEY from $server”;
\n apt-key adv –keyserver “$server” –keyserver-options timeout=10 –recv-keys “$NGINX_GPGKEY” && found=yes && break;
\n done;
\n test -z “$found” && echo >&2 “error: failed to fetch GPG key $NGINX_GPGKEY” && exit 1;
\n apt-get remove –purge –auto-remove -y gnupg1 && rm -rf \/var\/lib\/apt\/lists\/*
\n# Install the latest release of NGINX Plus and\/or NGINX Plus modules
\n# Uncomment individual modules if necessary
\n# Use versioned packages over defaults to specify a release
\n && nginxPackages=”
\n nginx-plus
\n # nginx-plus=${NGINX_VERSION}-${PKG_RELEASE}
\n # nginx-plus-module-xslt
\n # nginx-plus-module-xslt=${NGINX_VERSION}-${PKG_RELEASE}
\n # nginx-plus-module-geoip
\n # nginx-plus-module-geoip=${NGINX_VERSION}-${PKG_RELEASE}
\n # nginx-plus-module-image-filter
\n # nginx-plus-module-image-filter=${NGINX_VERSION}-${PKG_RELEASE}
\n # nginx-plus-module-perl
\n # nginx-plus-module-perl=${NGINX_VERSION}-${PKG_RELEASE}
\n # nginx-plus-module-njs
\n # nginx-plus-module-njs=${NGINX_VERSION}+${NJS_VERSION}-${PKG_RELEASE}
\n ” <\/p>\n
\n && echo “Acquire::https::plus-pkgs.nginx.com::Verify-Host “true”;” >> \/etc\/apt\/apt.conf.d\/90nginx
\n && echo “Acquire::https::plus-pkgs.nginx.com::SslCert “\/etc\/ssl\/nginx\/nginx-repo.crt”;” >> \/etc\/apt\/apt.conf.d\/90nginx
\n && echo “Acquire::https::plus-pkgs.nginx.com::SslKey “\/etc\/ssl\/nginx\/nginx-repo.key”;” >> \/etc\/apt\/apt.conf.d\/90nginx
\n && printf “deb https:\/\/plus-pkgs.nginx.com\/debian buster nginx-plusn” > \/etc\/apt\/sources.list.d\/nginx-plus.list
\n && apt-get update
\n && apt-get install –no-install-recommends –no-install-suggests -y
\n $nginxPackages
\n gettext-base
\n curl
\n && apt-get remove –purge –auto-remove -y && rm -rf \/var\/lib\/apt\/lists\/* \/etc\/apt\/sources.list.d\/nginx-plus.list
\n && rm -rf \/etc\/apt\/apt.conf.d\/90nginx \/etc\/ssl\/nginx<\/p>\n
\nRUN ln -sf \/dev\/stdout \/var\/log\/nginx\/access.log
\n && ln -sf \/dev\/stderr \/var\/log\/nginx\/error.log<\/p>\n
\n[\/config] –><\/p>\nNGINX Plus Dockerfile (Alpine Linux 3.11)<\/h4>\n
<\/code><!– [config scrolling="true"]FROM alpine:3.11<\/p>\n
\n# Uncomment this block and the versioned nginxPackages in the main RUN
\n# instruction to install a specific release
\n# ENV NGINX_VERSION 21
\n# ENV NJS_VERSION 0.3.9
\n# ENV PKG_RELEASE 1<\/p>\n
\n# and copy to the build context
\nCOPY nginx-repo.crt \/etc\/apk\/cert.pem
\nCOPY nginx-repo.key \/etc\/apk\/cert.key<\/p>\n
\n# Create nginx user\/group first, to be consistent throughout Docker variants
\n && addgroup -g 101 -S nginx
\n && adduser -S -D -H -u 101 -h \/var\/cache\/nginx -s \/sbin\/nologin -G nginx -g nginx nginx
\n# Install the latest release of NGINX Plus and\/or NGINX Plus modules
\n# Uncomment individual modules if necessary
\n# Use versioned packages over defaults to specify a release
\n && nginxPackages=”
\n nginx-plus
\n # nginx-plus=${NGINX_VERSION}-${PKG_RELEASE}
\n # nginx-plus-module-xslt
\n # nginx-plus-module-xslt=${NGINX_VERSION}-${PKG_RELEASE}
\n # nginx-plus-module-geoip
\n # nginx-plus-module-geoip=${NGINX_VERSION}-${PKG_RELEASE}
\n # nginx-plus-module-image-filter
\n # nginx-plus-module-image-filter=${NGINX_VERSION}-${PKG_RELEASE}
\n # nginx-plus-module-perl
\n # nginx-plus-module-perl=${NGINX_VERSION}-${PKG_RELEASE}
\n # nginx-plus-module-njs
\n # nginx-plus-module-njs=${NGINX_VERSION}.${NJS_VERSION}-${PKG_RELEASE}
\n ”
\n KEY_SHA512=”e7fa8303923d9b95db37a77ad46c68fd4755ff935d0a534d26eba83de193c76166c68bfe7f65471bf8881004ef4aa6df3e34689c305662750c0172fca5d8552a *stdin”
\n && apk add –no-cache –virtual .cert-deps
\n openssl
\n && wget -O \/tmp\/nginx_signing.rsa.pub https:\/\/nginx.org\/keys\/nginx_signing.rsa.pub
\n && if [ “$(openssl rsa -pubin -in \/tmp\/nginx_signing.rsa.pub -text -noout | openssl sha512 -r)” = “$KEY_SHA512” ]; then
\n echo “key verification succeeded!”;
\n mv \/tmp\/nginx_signing.rsa.pub \/etc\/apk\/keys\/;
\n else
\n echo “key verification failed!”;
\n exit 1;
\n fi
\n && apk del .cert-deps
\n && apk add -X “https:\/\/plus-pkgs.nginx.com\/alpine\/v$(egrep -o ‘^[0-9]+.[0-9]+’ \/etc\/alpine-release)\/main” –no-cache $nginxPackages
\n && if [ -n “\/etc\/apk\/keys\/nginx_signing.rsa.pub” ]; then rm -f \/etc\/apk\/keys\/nginx_signing.rsa.pub; fi
\n && if [ -n “\/etc\/apk\/cert.key” && -n “\/etc\/apk\/cert.pem”]; then rm -f \/etc\/apk\/cert.key \/etc\/apk\/cert.pem; fi
\n# Bring in gettext so we can get `envsubst`, then throw
\n# the rest away. To do this, we need to install `gettext`
\n# then move `envsubst` out of the way so `gettext` can
\n# be deleted completely, then move `envsubst` back.
\n && apk add –no-cache –virtual .gettext gettext
\n && mv \/usr\/bin\/envsubst \/tmp\/ <\/p>\n
\n scanelf –needed –nobanner \/tmp\/envsubst
\n | awk ‘{ gsub(\/,\/, “nso:”, $2); print “so:” $2 }’
\n | sort -u
\n | xargs -r apk info –installed
\n | sort -u
\n )”
\n && apk add –no-cache $runDeps
\n && apk del .gettext
\n && mv \/tmp\/envsubst \/usr\/local\/bin\/
\n# Bring in tzdata so users could set the timezones through the environment
\n# variables
\n && apk add –no-cache tzdata
\n# Bring in curl and ca-certificates to make registering on DNS SD easier
\n && apk add –no-cache curl ca-certificates
\n# Forward request and error logs to Docker log collector
\n && ln -sf \/dev\/stdout \/var\/log\/nginx\/access.log
\n && ln -sf \/dev\/stderr \/var\/log\/nginx\/error.log<\/p>\nCreating the NGINX Plus Image<\/h4>\n
# docker build --no-cache -t nginxplus .<\/strong><\/code><\/pre>\n--no-cache<\/code> option<\/span>, which tells Docker to build the image from scratch and ensures the installation of the latest version of NGINX Plus. If the Dockerfile<\/strong> was previously used to build an image and you do not include the --no-cache<\/code> option<\/span>, the new image uses the version of NGINX Plus from the Docker cache. (We purposely do not specify a version in the Dockerfile<\/strong> so that the file does not need to change at every new release of NGINX Plus.) Omit the --no-cache<\/code> option<\/span> if it’s acceptable to use the NGINX Plus version from the previously built image.<\/p>\ndocker<\/code> images<\/code> nginxplus<\/code><\/span> command indicates that the image was created successfully:<\/p>\n# docker images nginxplus<\/strong>\r\nREPOSITORY TAG IMAGE ID CREATED VIRTUAL SIZE\r\nnginxplus latest ef2bf65931cf 6 seconds ago 91.2 MB<\/code><\/pre>\n# docker run --name mynginxplus -p 80:80 -d nginxplus<\/strong><\/code><\/pre>\nSummary<\/h2>\n