From e78ebf5652f871ea462419555b2b75e98eb4e688 Mon Sep 17 00:00:00 2001 From: ObserverOfTime Date: Sat, 20 Apr 2024 00:40:32 +0300 Subject: [PATCH] Update nginx to v1.25.5 --- Dockerfile | 216 +++++++++++++++++++++++++------------------------- arch/PKGBUILD | 8 +- 2 files changed, 114 insertions(+), 110 deletions(-) diff --git a/Dockerfile b/Dockerfile index 0aa5308..9e12e31 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,113 +1,117 @@ -FROM alpine:3.18 +FROM alpine:3.19 -ARG NGINX_VERSION=1.25.3 +ARG NGINX_VERSION=1.25.5 + +SHELL [ "/bin/ash", "-e", "-o", "pipefail", "-c" ] COPY patches /tmp/patches -# hadolint ignore=DL3003,DL3018,DL4006,SC2016 -RUN addgroup -S nginx \ - && adduser -D -S -h /var/cache/nginx -s /sbin/nologin -G nginx nginx \ - && apk add --no-cache \ - brotli-libs \ - libgcc \ - liburing \ - mimalloc2 \ - pcre2 \ - && apk add --no-cache -t .build-deps \ - brotli-dev \ - build-base \ - cmake \ - curl \ - git \ - liburing-dev \ - linux-headers \ - make \ - mimalloc2-dev \ - pcre2-dev \ - perl \ - tar \ - zlib-dev \ - zstd-dev \ - && mkdir -p /usr/src/nginx /etc/ssl /etc/letsencrypt /etc/nginx/sites-enabled \ - && git clone --depth=1 --branch=openssl-3.1.4+quic \ - https://github.com/quictls/openssl /usr/src/openssl \ - && git clone --depth=1 --shallow-submodules --recursive \ - https://github.com/google/ngx_brotli /usr/src/ngx_brotli \ - && git clone --depth=1 https://github.com/tokers/zstd-nginx-module /usr/src/ngx_zstd \ - && git clone --depth=1 https://github.com/grahamedgecombe/nginx-ct /usr/src/ngx_ct \ - && git clone --depth=1 https://github.com/vozlt/nginx-module-vts /usr/src/ngx_vts \ - && git clone --depth=1 https://github.com/openresty/memc-nginx-module /usr/src/ngx_memc \ - && git clone --depth=1 https://github.com/openresty/redis2-nginx-module /usr/src/ngx_redis2 \ - && curl -Ssf https://nginx.org/download/nginx-${NGINX_VERSION}.tar.gz \ - | tar xzf - -C /usr/src/nginx --strip-components=1 \ - && curl -Ssfo /etc/ssl/dhparam.pem https://2ton.com.au/dhparam/4096 \ - && cd /usr/src/nginx \ - && for f in /tmp/patches/*.patch; do patch -Np1 -i $f; done \ - && ./configure \ - --prefix=/etc/nginx \ - --sbin-path=/usr/sbin/nginx \ - --modules-path=/var/lib/nginx/modules \ - --conf-path=/etc/nginx/nginx.conf \ - --error-log-path=/var/log/nginx/error.log \ - --http-log-path=/var/log/nginx/access.log \ - --pid-path=/var/run/nginx.pid \ - --lock-path=/var/run/nginx.lock \ - --http-client-body-temp-path=/var/cache/nginx/client_temp \ - --http-proxy-temp-path=/var/cache/nginx/proxy_temp \ - --http-uwsgi-temp-path=/var/cache/nginx/uwsgi_temp \ - --user=nginx \ - --group=nginx \ - --with-compat \ - --with-file-aio \ - --with-threads \ - --with-pcre \ - --with-pcre-jit \ - --with-mail \ - --with-mail_ssl_module \ - --without-mail_pop3_module \ - --with-http_auth_request_module \ - --with-http_gunzip_module \ - --with-http_gzip_static_module \ - --with-http_realip_module \ - --with-http_slice_module \ - --with-http_ssl_module \ - --with-http_v2_module \ - --with-http_v3_module \ - --without-http_browser_module \ - --without-http_empty_gif_module \ - --without-http_fastcgi_module \ - --without-http_geo_module \ - --without-http_memcached_module \ - --without-http_mirror_module \ - --without-http_scgi_module \ - --without-http_split_clients_module \ - --without-http_userid_module \ - --with-openssl=/usr/src/openssl \ - --with-cc-opt='-O2 -pipe' \ - --with-ld-opt='-lmimalloc' \ - --add-dynamic-module=/usr/src/ngx_brotli \ - --add-dynamic-module=/usr/src/ngx_zstd \ - --add-dynamic-module=/usr/src/ngx_ct \ - --add-dynamic-module=/usr/src/ngx_vts \ - --add-dynamic-module=/usr/src/ngx_memc \ - --add-dynamic-module=/usr/src/ngx_redis2 \ - && make -j$(getconf _NPROCESSORS_ONLN) \ - && make install \ - && strip /usr/sbin/nginx objs/ngx_*_module.so \ - && cp -v objs/ngx_*_module.so /var/lib/nginx/modules \ - && rm -r /etc/nginx/html \ - /etc/nginx/*.default \ - /etc/nginx/koi-win \ - /etc/nginx/koi-utf \ - /etc/nginx/win-utf \ - /etc/nginx/scgi_params \ - /etc/nginx/fastcgi_params \ - /etc/nginx/fastcgi.conf \ - && printf >> /etc/nginx/uwsgi_params \ - '\nuwsgi_param HTTP_EARLY_DATA $ssl_early_data if_not_empty;\n' \ - && apk del .build-deps \ - && rm -rf /tmp/patches /usr/src \ - && nginx -Vt +# hadolint ignore=DL3003,DL3018,SC2016 +RUN <> /etc/nginx/uwsgi_params \ + '\nuwsgi_param HTTP_EARLY_DATA $ssl_early_data if_not_empty;\n' +apk del .build-deps +rm -rf /tmp/patches /usr/src +nginx -Vt +EOF COPY config /etc/nginx diff --git a/arch/PKGBUILD b/arch/PKGBUILD index 7783eab..3622e79 100644 --- a/arch/PKGBUILD +++ b/arch/PKGBUILD @@ -3,8 +3,8 @@ # shellcheck disable=SC2154,SC2016,SC2206,SC2046 pkgname=nginx-custom -pkgver=1.25.3 -pkgrel=2 +pkgver=1.25.5 +pkgrel=1 pkgdesc='Lightweight HTTP server and IMAP/POP3 proxy server (custom build)' arch=(x86_64) url='https://nginx.org' @@ -24,7 +24,7 @@ backup=(etc/nginx/nginx.conf etc/nginx/default.vhost etc/logrotate.d/nginx) source=(nginx-${pkgver}.tar.gz::https://nginx.org/download/nginx-${pkgver}.tar.gz - git+https://github.com/quictls/openssl#branch=openssl-3.1.4+quic + git+https://github.com/quictls/openssl#branch=openssl-3.1.5+quic ngx_brotli::git+https://github.com/google/ngx_brotli ngx_zstd::git+https://github.com/tokers/zstd-nginx-module ngx_ct::git+https://github.com/grahamedgecombe/nginx-ct @@ -41,7 +41,7 @@ source=(nginx-${pkgver}.tar.gz::https://nginx.org/download/nginx-${pkgver}.tar.g 002-no-server-header.patch 003-dynamic-tls.patch 004-limit-req-adjust.patch) -b2sums=('f7a77b92b80197ce6cff477dac42169d638f69a4a408e979daa4f5e87ca0e4d18e366b8c2b0fc686cd69f5f926b5b097a8893f3c5295387bcc6f174a2f72e7f4' +b2sums=('75ff068554d96063d1c7cb18d84df4fe8b820f6065f3464efde055c707e94ff13c45bea261619a453f04abed1fa3f9baccf81c29ca0e956ef0535e9a5c931dc6' 'SKIP' 'SKIP' 'SKIP' 'SKIP' 'SKIP' 'SKIP' 'SKIP' 'e5b3af3eba36bac8c281d773cd90efb8de977a1241e246060661d5c1d436d537ff74b03d137a2bb4a7752339e98e9073ab803bc214a84906498f2383ecad07ff' '5aa8dab4d6517fc09a96f2ced5c85a67a44878da4c5cde1031a089609d3d32505d0cb45e6842a1502cc6f09e03eef08ee0ce6826b73bcfdd8087b0b695f0801c'