From 8da6844b915f71b283b75259bdbfdbb7c396e5ca Mon Sep 17 00:00:00 2001 From: Jamie Curnow Date: Sat, 11 Mar 2023 15:37:45 +1000 Subject: [PATCH] Install and build openssl Updated golang to 1.19.7 --- .jenkins/Jenkinsfile | 1 + docker/Dockerfile | 29 +++++++++++------ docker/Dockerfile.acmesh-golang | 2 +- docker/Dockerfile.certbot | 2 +- local-build.sh | 57 --------------------------------- scripts/buildx | 2 ++ scripts/install-openssl | 35 ++++++++++++++++++++ scripts/localbuild | 28 ++++++++++++++++ scripts/localbuildx | 14 ++++++++ 9 files changed, 102 insertions(+), 68 deletions(-) delete mode 100755 local-build.sh create mode 100755 scripts/install-openssl create mode 100755 scripts/localbuild create mode 100755 scripts/localbuildx diff --git a/.jenkins/Jenkinsfile b/.jenkins/Jenkinsfile index 747dc66..128d79b 100644 --- a/.jenkins/Jenkinsfile +++ b/.jenkins/Jenkinsfile @@ -19,6 +19,7 @@ pipeline { CROWDSEC_OPENRESTY_BOUNCER_VERSION = '0.1.7' LUA_VERSION = '5.1.5' LUAROCKS_VERSION = '3.3.1' + OPENSSL_VERSION = '1.1.1t' } stages { stage('Environment') { diff --git a/docker/Dockerfile b/docker/Dockerfile index ac8af5e..e711f84 100644 --- a/docker/Dockerfile +++ b/docker/Dockerfile @@ -2,11 +2,12 @@ # Nginx Builder ############# -FROM debian:buster-slim as nginxbuilder +FROM debian:bullseye-slim as nginxbuilder ARG OPENRESTY_VERSION ARG LUA_VERSION ARG LUAROCKS_VERSION +ARG OPENSSL_VERSION RUN apt-get update \ && apt-get install -y \ @@ -16,7 +17,7 @@ RUN apt-get update \ libpcre3-dev \ libreadline-dev \ libssl-dev \ - openssl unzip \ + unzip \ wget \ zlib1g-dev \ git @@ -25,7 +26,9 @@ RUN apt-get update \ COPY ./scripts/build-lua /tmp/build-lua RUN /tmp/build-lua -# Nginx build +# Build packages +COPY ./scripts/install-openssl /tmp/install-openssl +RUN /tmp/install-openssl COPY ./scripts/build-openresty /tmp/build-openresty RUN /tmp/build-openresty @@ -33,13 +36,13 @@ RUN /tmp/build-openresty # Final Image ############# -FROM debian:buster-slim +FROM debian:bullseye-slim LABEL maintainer="Jamie Curnow " SHELL ["/bin/bash", "-o", "pipefail", "-c"] ARG TARGETPLATFORM -RUN echo "Base: debian:buster-slim, ${TARGETPLATFORM:-linux/amd64}" > /built-for-arch +RUN echo "Base: debian:bullseye-slim, ${TARGETPLATFORM:-linux/amd64}" > /built-for-arch # OpenResty uses LuaJIT which has a dependency on GCC RUN apt-get update \ @@ -48,11 +51,13 @@ RUN apt-get update \ ca-certificates \ curl \ figlet \ + gcc \ jq \ libncurses6 \ libpcre3 \ - libreadline7 \ - openssl \ + libreadline8 \ + libc6-dev \ + make \ perl \ tzdata \ unzip \ @@ -66,6 +71,11 @@ RUN apt-get update \ COPY ./files/.bashrc /root/.bashrc +# build and install openssl +ARG OPENSSL_VERSION +COPY ./scripts/install-openssl /tmp/install-openssl +RUN /tmp/install-openssl + # Copy lua and luarocks builds from first image COPY --from=nginxbuilder /tmp/lua /tmp/lua COPY --from=nginxbuilder /tmp/luarocks /tmp/luarocks @@ -80,16 +90,17 @@ COPY ./scripts/install-crowdsec_openresty_bouncer /tmp/install-crowdsec_openrest ARG OPENRESTY_VERSION ARG CROWDSEC_OPENRESTY_BOUNCER_VERSION + ENV SSL_CERT_FILE=/etc/ssl/certs/ca-certificates.crt \ OPENRESTY_VERSION=${OPENRESTY_VERSION} \ + OPENSSL_VERSION=${OPENSSL_VERSION} \ CROWDSEC_OPENRESTY_BOUNCER_VERSION=${CROWDSEC_OPENRESTY_BOUNCER_VERSION} # Install openresty, lua, then clean up file system RUN apt-get update \ - && apt-get install -y gcc make socat git \ && /tmp/install-lua \ && /tmp/install-openresty \ - && apt-get remove -y make gcc git wget gettext \ + && apt-get remove -y make gcc git wget gettext libc6-dev \ && apt-get autoremove -y \ && apt-get clean \ && rm -rf /var/lib/apt/lists/* \ diff --git a/docker/Dockerfile.acmesh-golang b/docker/Dockerfile.acmesh-golang index 53af4fe..64f45af 100644 --- a/docker/Dockerfile.acmesh-golang +++ b/docker/Dockerfile.acmesh-golang @@ -1,4 +1,4 @@ -FROM golang:1.19.6 as go +FROM golang:1.19.7 as go FROM nginxproxymanager/nginx-full:${ACMESH_BASE_TAG:-acmesh} LABEL maintainer="Jamie Curnow " diff --git a/docker/Dockerfile.certbot b/docker/Dockerfile.certbot index 850caed..6871c5f 100644 --- a/docker/Dockerfile.certbot +++ b/docker/Dockerfile.certbot @@ -2,7 +2,7 @@ # Certbot Builder ############# -FROM debian:buster-slim as certbotbuilder +FROM debian:bullseye-slim as certbotbuilder SHELL ["/bin/bash", "-o", "pipefail", "-c"] diff --git a/local-build.sh b/local-build.sh deleted file mode 100755 index d652f37..0000000 --- a/local-build.sh +++ /dev/null @@ -1,57 +0,0 @@ -#!/bin/bash -e - -BLUE='\E[1;34m' -CYAN='\E[1;36m' -YELLOW='\E[1;33m' -GREEN='\E[1;32m' -RESET='\E[0m' - -DOCKER_IMAGE=nginxproxymanager/nginx-full - -export OPENRESTY_VERSION=1.21.4.1 -export CROWDSEC_OPENRESTY_BOUNCER_VERSION=0.1.7 -export LUA_VERSION=5.1.5 -export LUAROCKS_VERSION=3.3.1 - -# Builds - -echo -e "${BLUE}❯ ${CYAN}Building ${YELLOW}latest ${CYAN}...${RESET}" -docker build \ - --pull \ - --build-arg OPENRESTY_VERSION \ - --build-arg CROWDSEC_OPENRESTY_BOUNCER_VERSION \ - --build-arg LUA_VERSION \ - --build-arg LUAROCKS_VERSION \ - -t ${DOCKER_IMAGE}:latest \ - -f docker/Dockerfile \ - . - -echo -e "${BLUE}❯ ${CYAN}Building ${YELLOW}acmesh ${CYAN}...${RESET}" -docker build \ - --build-arg BASE_TAG=latest \ - -t ${DOCKER_IMAGE}:acmesh \ - -f docker/Dockerfile.acmesh \ - . - -echo -e "${BLUE}❯ ${CYAN}Building ${YELLOW}certbot ${CYAN}...${RESET}" -docker build \ - --build-arg BASE_TAG=latest \ - -t ${DOCKER_IMAGE}:certbot \ - -f docker/Dockerfile.certbot \ - . - -echo -e "${BLUE}❯ ${CYAN}Building ${YELLOW}acmesh-golang ${CYAN}...${RESET}" -docker build \ - --build-arg BASE_TAG=acmesh \ - -t ${DOCKER_IMAGE}:acmesh-golang \ - -f docker/Dockerfile.acmesh-golang \ - . - -echo -e "${BLUE}❯ ${CYAN}Building ${YELLOW}certbot-node ${CYAN}...${RESET}" -docker build \ - --build-arg BASE_TAG=certbot \ - -t ${DOCKER_IMAGE}:certbot-node \ - -f docker/Dockerfile.certbot-node \ - . - -echo -e "${BLUE}❯ ${GREEN}All done!${RESET}" diff --git a/scripts/buildx b/scripts/buildx index ffebd42..a4fc2b5 100755 --- a/scripts/buildx +++ b/scripts/buildx @@ -19,6 +19,7 @@ docker buildx build \ --platform linux/amd64,linux/arm64,linux/arm/7 \ --progress plain \ --pull \ + --no-cache \ --build-arg BASE_TAG \ --build-arg ACMESH_BASE_TAG \ --build-arg CERTBOT_BASE_TAG \ @@ -26,6 +27,7 @@ docker buildx build \ --build-arg LUA_VERSION \ --build-arg LUAROCKS_VERSION \ --build-arg CROWDSEC_OPENRESTY_BOUNCER_VERSION \ + --build-arg OPENSSL_VERSION \ $@ \ . diff --git a/scripts/install-openssl b/scripts/install-openssl new file mode 100755 index 0000000..aaa9e0b --- /dev/null +++ b/scripts/install-openssl @@ -0,0 +1,35 @@ +#!/bin/bash -e + +BLUE='\E[1;34m' +CYAN='\E[1;36m' +YELLOW='\E[1;33m' +GREEN='\E[1;32m' +RESET='\E[0m' + +echo -e "${BLUE}❯ ${CYAN}Building and installing openssl ${YELLOW}${OPENSSL_VERSION}...${RESET}" + +# remove previously installed openssl +if test -f "/usr/bin/openssl"; then + apt-get update + apt-get remove -y opensssl || true + apt-get clean + rm -rf /var/lib/apt/lists/* /var/cache/* +fi + +cd /tmp +wget "https://www.openssl.org/source/openssl-${OPENSSL_VERSION}.tar.gz" +tar -xzf "openssl-${OPENSSL_VERSION}.tar.gz" +mv "/tmp/openssl-${OPENSSL_VERSION}" /tmp/openssl +cd /tmp/openssl + +./config +make test +make install +rm -rf /usr/bin/openssl +ln -s /usr/local/bin/openssl /usr/bin/openssl +ldconfig + +cd /tmp +rm -rf /tmp/openssl /usr/local/share/docker/openssl + +echo -e "${BLUE}❯ ${GREEN}openssl install completed: ${YELLOW}$(openssl version)${RESET}" diff --git a/scripts/localbuild b/scripts/localbuild new file mode 100755 index 0000000..1ad3b08 --- /dev/null +++ b/scripts/localbuild @@ -0,0 +1,28 @@ +#!/bin/bash -e + +BLUE='\E[1;34m' +GREEN='\E[1;32m' +RESET='\E[0m' + +DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)" +cd "${DIR}/.." + +export BASE_TAG=latest +export OPENRESTY_VERSION=1.19.3.1 +export LUA_VERSION=5.1.5 +export LUAROCKS_VERSION=3.3.1 +export OPENSSL_VERSION=1.1.1t + +docker build \ + --pull \ + --no-cache \ + --build-arg BASE_TAG \ + --build-arg OPENRESTY_VERSION \ + --build-arg LUA_VERSION \ + --build-arg LUAROCKS_VERSION \ + --build-arg OPENSSL_VERSION \ + -t nginx-full:dev \ + -f docker/Dockerfile \ + . + +echo -e "${BLUE}❯ ${GREEN}Build Complete${RESET}" diff --git a/scripts/localbuildx b/scripts/localbuildx new file mode 100755 index 0000000..3246232 --- /dev/null +++ b/scripts/localbuildx @@ -0,0 +1,14 @@ +#!/bin/bash -e + +DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)" +cd "${DIR}/.." + +export IMAGE=nginx-full +export BASE_TAG=latest +export OPENRESTY_VERSION=1.19.3.1 +export LUA_VERSION=5.1.5 +export LUAROCKS_VERSION=3.3.1 +export OPENSSL_VERSION=1.1.1t + +#./scripts/buildx --push -f docker/Dockerfile -t docker.io/nginxproxymanager/${IMAGE}:${BASE_TAG} +./scripts/buildx --push -f docker/Dockerfile -t docker.io/nginxproxymanager/${IMAGE}:latest