-
Notifications
You must be signed in to change notification settings - Fork 2
/
Dockerfile
94 lines (81 loc) · 2.85 KB
/
Dockerfile
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
FROM alpine:3.20.2
RUN \
# Update and install system applications
apk add --update --no-cache \
bind-tools=9.18.27-r0 \
certbot=2.10.0-r1 \
curl=8.9.1-r1 \
libcap=2.70-r0 \
lua-resty-core=0.1.28-r0 \
nginx=1.26.2-r0 \
nginx-mod-http-fancyindex=1.26.2-r0 \
nginx-mod-http-headers-more=1.26.2-r0 \
nginx-mod-http-lua=1.26.2-r0 \
openssl=3.3.1-r3 \
shadow=4.15.1-r0 \
tini=0.19.0-r3 && \
# Remove default NGINX vHosts and websites
rm -f /etc/nginx/sites-enabled/default && \
rm -f /etc/nginx/sites-available/default && \
rm -rf /var/www/* && \
mkdir -p /var/www && \
# Setup templates directory
mkdir -p /etc/nginx/templates/sites-available && \
chmod 755 /etc/nginx/templates && \
chmod 755 /etc/nginx/templates/sites-available && \
# Setup enabled vHost directory
mkdir -p /etc/nginx/sites-enabled && \
chmod 755 /etc/nginx/sites-enabled && \
# Setup enabled modules directory
mkdir -p /etc/nginx/modules-enabled && \
chmod 755 /etc/nginx/modules-enabled && \
# Setup folders for certs
mkdir -p /etc/nginx/certs/private && \
chmod 755 /etc/nginx/certs && \
chmod 710 /etc/nginx/certs/private && \
# Setup logging directory
mkdir -p /var/log/nginx && \
# Allown nginx to use privileged ports without root
setcap 'cap_net_bind_service=+ep' /usr/sbin/nginx && \
# Change nginx user's uid/gid
groupmod -g 10001 nginx && \
usermod -u 10000 nginx
# Copy LICENSE to container
COPY LICENSE /LICENSE
# Copy NGINX global settings to container
COPY nginx/nginx.conf /etc/nginx/templates/
COPY nginx/general.conf /etc/nginx/templates/
COPY nginx/error.conf /etc/nginx/templates/
# Copy NGINX vHosts to container
COPY nginx/vhosts* /etc/nginx/templates/sites-available/
# Copy entrypoint script to container
COPY entrypoint.sh /entrypoint.sh
# Copy HEALTHCHECK script to container
COPY healthcheck.sh /healthcheck.sh
# Copy system update metadata files
COPY ps-sys-updates /srv/ps-sys-updates
# Copy system update files (PUPs)
COPY PUPs /srv/PUPs
# Set permissions on copied files
RUN \
mkdir -p \
/var/www/cache \
/var/www/exploits \
/var/www/themes/default && \
echo "Exploit Landing Page" > /var/www/themes/default/index.html && \
chmod -R 644 \
/etc/nginx/templates/nginx.conf \
/etc/nginx/templates/general.conf \
/etc/nginx/templates/error.conf \
/etc/nginx/templates/sites-available/* && \
chmod +x \
/entrypoint.sh \
/healthcheck.sh
# Open HTTP(S) ports
EXPOSE 80/tcp 443/tcp
# Start entrypoint script
ENTRYPOINT ["/sbin/tini", "--", "/entrypoint.sh", "/usr/sbin/nginx"]
# Add HEALTHCHECK directive
HEALTHCHECK CMD [ "/healthcheck.sh" ]
# Set default command for container
CMD ["-e", "/dev/stderr", "-g", "daemon off;"]