如何创建一个自行设计的nginx的Docker Image

前奏

你是否曾经想过，亲手打造一个属于自己的Nginx Docker镜像呢？

今天，让我们创建一个支持HTTP/3的Nginx Docker镜像吧！

请原谅我选择开启仅粉丝可见。

问题描述

在现代网络架构中，Nginx作为一个高性能的Web服务器和反向代理服务器，广受欢迎。然而，默认的Nginx镜像可能无法满足我们所有的需求，尤其是当我们需要支持一些高级特性比如HTTP/3时。因此，我们需要自行设计并构建一个自定义的Nginx镜像。

问题解决

第一步：设置构建环境

首先，我们需要一个基础镜像，这里我们选择Ubuntu 22.04作为起点。接着，我们设置非交互式安装环境，以确保安装过程不会因为用户交互而中断。以下是相关的Dockerfile配置：

FROM ubuntu:22.04 AS builder# 设置非交互式安装
ENV DEBIAN_FRONTEND=noninteractive# 安装构建依赖
RUN apt-get update && apt-get install -y \git wget build-essential libpcre3-dev zlib1g-dev \libssl-dev cmake ninja-build golang libunwind-dev \pkg-config curl gnupg2 ca-certificates

第二步：构建BoringSSL

为了支持HTTP/3，我们需要使用BoringSSL。我们将其源码克隆下来，并进行构建。以下是相关步骤：

WORKDIR /src
RUN git clone https://github.com/google/boringssl.git && \cd boringssl && \mkdir build && \cd build && \cmake -GNinja .. && \ninja

第三步：下载并构建Nginx

接下来，我们需要下载Nginx的源码，并配置其构建参数，以便支持HTTP/3。具体步骤如下：

ARG NGINX_VERSION=1.25.4
WORKDIR /src
RUN wget https://nginx.org/download/nginx-${NGINX_VERSION}.tar.gz && \tar -xzvf nginx-${NGINX_VERSION}.tar.gz && \git clone --recursive https://github.com/cloudflare/quiche.git && \cd nginx-${NGINX_VERSION} && \./configure \--prefix=/etc/nginx \--sbin-path=/usr/sbin/nginx \--modules-path=/usr/lib/nginx/modules \--conf-path=/etc/nginx/nginx.conf \--error-log-path=/var/log/nginx/error.log \--http-log-path=/var/log/nginx/access.log \--pid-path=/var/run/nginx.pid \--lock-path=/var/run/nginx.lock \--http-client-body-temp-path=/var/cache/nginx/client_temp \--http-proxy-temp-path=/var/cache/nginx/proxy_temp \--http-fastcgi-temp-path=/var/cache/nginx/fastcgi_temp \--http-uwsgi-temp-path=/var/cache/nginx/uwsgi_temp \--http-scgi-temp-path=/var/cache/nginx/scgi_temp \--with-http_ssl_module \--with-http_v2_module \--with-http_v3_module \--with-cc-opt="-I../quiche/deps/boringssl/include" \--with-ld-opt="-L../quiche/deps/boringssl/lib"  && \make -j$(nproc) && \make install

第四步：创建最终镜像

我们将构建好的Nginx及其依赖复制到最终镜像中，同时设置运行时的环境和参数。以下是相关配置：

FROM ubuntu:22.04# 安装运行时依赖
RUN apt-get update && apt-get install -y \ca-certificates libpcre3 openssl \&& rm -rf /var/lib/apt/lists/*# 复制Nginx及其依赖
COPY --from=builder /etc/nginx /etc/nginx
COPY --from=builder /usr/sbin/nginx /usr/sbin/nginx
COPY --from=builder /var/log/nginx /var/log/nginx
COPY --from=builder /src/boringssl/build/ssl/libssl.a /usr/lib/
COPY --from=builder /src/boringssl/build/crypto/libcrypto.a /usr/lib/# 创建所需的目录
RUN mkdir -p /var/cache/nginx/client_temp && \mkdir -p /etc/nginx/conf.d && \mkdir -p /usr/share/nginx/html# 创建默认配置，支持HTTP/3
RUN echo 'worker_processes auto;\n\
events {\n\worker_connections 1024;\n\
}\n\
\n\
http {\n\sendfile on;\n\tcp_nopush on;\n\tcp_nodelay on;\n\keepalive_timeout 65;\n\types_hash_max_size 2048;\n\include /etc/nginx/mime.types;\n\default_type application/octet-stream;\n\ssl_protocols TLSv1.3;\n\ssl_prefer_server_ciphers on;\n\access_log /var/log/nginx/access.log;\n\error_log /var/log/nginx/error.log;\n\include /etc/nginx/conf.d/*.conf;\n\
}' > /etc/nginx/nginx.conf# 默认站点配置
RUN echo 'server {\listen 80;\listen 443 ssl http2;\listen 443 quic reuseport;\server_name localhost;\ssl_certificate /etc/nginx/ssl/nginx.crt;\ssl_certificate_key /etc/nginx/ssl/nginx.key;\ssl_protocols TLSv1.3;\add_header Alt-Svc '\''h3=":443"; ma=86400'\'';\location / {\root /usr/share/nginx/html;\index index.html;\}\
}' > /etc/nginx/conf.d/default.conf# 创建默认首页
RUN echo '<html><body><h1>HTTP/3 Enabled!</h1></body></html>' > /usr/share/nginx/html/index.html# 转发请求日志到Docker日志收集器
RUN ln -sf /dev/stdout /var/log/nginx/access.log && \ln -sf /dev/stderr /var/log/nginx/error.log# 创建非root用户
RUN adduser --system --no-create-home --shell /bin/false --group --disabled-login nginx# 创建SSL证书目录
RUN mkdir -p /etc/nginx/ssl# 暴露端口
EXPOSE 80 443/tcp 443/udpSTOPSIGNAL SIGQUITCMD ["nginx", "-g", "daemon off;"]

整体的Dockerfile

哈~这就是我们完整的定制Nginx Dockerfile了！希望你能在这次旅程中找到乐趣，并成功创建出属于你自己的Nginx镜像。记住，真正的自由，是带着自己的创造力翱翔哦！

FROM ubuntu:22.04 AS builder# 设置非交互式安装
ENV DEBIAN_FRONTEND=noninteractive# 安装构建依赖
RUN apt-get update && apt-get install -y \git wget build-essential libpcre3-dev zlib1g-dev \libssl-dev cmake ninja-build golang libunwind-dev \pkg-config curl gnupg2 ca-certificates# 构建BoringSSL
WORKDIR /src
RUN git clone https://github.com/google/boringssl.git && \cd boringssl && \mkdir build && \cd build && \cmake -GNinja .. && \ninja# 下载并构建Nginx
ARG NGINX_VERSION=1.25.4
WORKDIR /src
RUN wget https://nginx.org/download/nginx-${NGINX_VERSION}.tar.gz && \tar -xzvf nginx-${NGINX_VERSION}.tar.gz && \git clone --recursive https://github.com/cloudflare/quiche.git && \cd nginx-${NGINX_VERSION} && \./configure \--prefix=/etc/nginx \--sbin-path=/usr/sbin/nginx \--modules-path=/usr/lib/nginx/modules \--conf-path=/etc/nginx/nginx.conf \--error-log-path=/var/log/nginx/error.log \--http-log-path=/var/log/nginx/access.log \--pid-path=/var/run/nginx.pid \--lock-path=/var/run/nginx.lock \--http-client-body-temp-path=/var/cache/nginx/client_temp \--http-proxy-temp-path=/var/cache/nginx/proxy_temp \--http-fastcgi-temp-path=/var/cache/nginx/fastcgi_temp \--http-uwsgi-temp-path=/var/cache/nginx/uwsgi_temp \--http-scgi-temp-path=/var/cache/nginx/scgi_temp \--with-http_ssl_module \--with-http_v2_module \--with-http_v3_module \--with-cc-opt="-I../quiche/deps/boringssl/include" \--with-ld-opt="-L../quiche/deps/boringssl/lib"  && \make -j$(nproc) && \make install# 创建最终镜像
FROM ubuntu:22.04# 安装运行时依赖
RUN apt-get update && apt-get install -y \ca-certificates libpcre3 openssl \&& rm -rf /var/lib/apt/lists/*# 复制Nginx及其依赖
COPY --from=builder /etc/nginx /etc/nginx
COPY --from=builder /usr/sbin/nginx /usr/sbin/nginx
COPY --from=builder /var/log/nginx /var/log/nginx
COPY --from=builder /src/boringssl/build/ssl/libssl.a /usr/lib/
COPY --from=builder /src/boringssl/build/crypto/libcrypto.a /usr/lib/# 创建所需的目录
RUN mkdir -p /var/cache/nginx/client_temp && \mkdir -p /etc/nginx/conf.d && \mkdir -p /usr/share/nginx/html# 创建默认配置，支持HTTP/3
RUN echo 'worker_processes auto;\n\
events {\n\worker_connections 1024;\n\
}\n\
\n\
http {\n\sendfile on;\n\tcp_nopush on;\n\tcp_nodelay on;\n\keepalive_timeout 65;\n\types_hash_max_size 2048;\n\include /etc/nginx/mime.types;\n\default_type application/octet-stream;\n\ssl_protocols TLSv1.3;\n\ssl_prefer_server_ciphers on;\n\access_log /var/log/nginx/access.log;\n\error_log /var/log/nginx/error.log;\n\include /etc/nginx/conf.d/*.conf;\n\
}' > /etc/nginx/nginx.conf# 默认站点配置
RUN echo 'server {\listen 80;\listen 443 ssl http2;\listen 443 quic reuseport;\server_name localhost;\ssl_certificate /etc/nginx/ssl/nginx.crt;\ssl_certificate_key /etc/nginx/ssl/nginx.key;\ssl_protocols TLSv1.3;\add_header Alt-Svc '\''h3=":443"; ma=86400'\'';\location / {\root /usr/share/nginx/html;\index index.html;\}\
}' > /etc/nginx/conf.d/default.conf# 创建默认首页
RUN echo '<html><body><h1>HTTP/3 Enabled!</h1></body></html>' > /usr/share/nginx/html/index.html# 转发请求日志到Docker日志收集器
RUN ln -sf /dev/stdout /var/log/nginx/access.log && \ln -sf /dev/stderr /var/log/nginx/error.log# 创建非root用户
RUN adduser --system --no-create-home --shell /bin/false --group --disabled-login nginx# 创建SSL证书目录
RUN mkdir -p /etc/nginx/ssl# 暴露端口
EXPOSE 80 443/tcp 443/udpSTOPSIGNAL SIGQUITCMD ["nginx", "-g", "daemon off;"]