rework using debian thing

.gitlab-ci.yml

@@ -26,7 +26,7 @@ build-arm:
   tags: 
     - docker-arm
   script:
-    - docker build --pull -f Dockerfile.arm -t $CONTAINER_TEST_ARM_IMAGE .
+    - docker build -t $CONTAINER_TEST_ARM_IMAGE .
     - docker push $CONTAINER_TEST_ARM_IMAGE
 
 combine:

Dockerfile

-FROM archlinux/archlinux:base-devel
-
-RUN set -x \
-    && echo 'Server = https://mirrors.aliyun.com/archlinux/$repo/os/$arch' > /etc/pacman.d/mirrorlist \
-    && groupadd --gid 101 --system nginx \
-    && useradd --uid 101 --gid nginx --system --create-home --home-dir /var/cache/nginx --shell /sbin/nologin nginx \
-    && echo "nginx ALL=(ALL) NOPASSWD:ALL" > /etc/sudoers.d/nginx \
-    && pacman --noconfirm -Sy glibc lib32-glibc git \
-    && mkdir -m 777 /aur \
-    && su nginx -s /bin/sh -c " \
-        cd /aur \
-        && git clone https://aur.archlinux.org/nginx-quic.git \
-        && cd nginx-quic \
-        && makepkg -scri --noconfirm \
-    " \
-    && rm -f /etc/sudoers.d/nginx \
-    && rm -rf /aur \
-    && rm -rf /var/cache/pacman/pkg/*
-RUN openssl req -x509 -newkey rsa:4096 -days 365 -subj '/CN=localhost/O=localhost/C=US' \
-      -nodes -keyout /etc/nginx/cert.key -out /etc/nginx/cert.pem \
-    && ln -sf /dev/stdout /var/log/nginx/access.log \
-    && ln -sf /dev/stderr /var/log/nginx/error.log
-
-COPY nginx.conf /etc/nginx/nginx.conf
-
-EXPOSE 80
-EXPOSE 443/tcp
-EXPOSE 443/udp
-
-STOPSIGNAL SIGQUIT
+FROM debian:buster-slim AS builder
+
+ENV NGINX_PATH /etc/nginx
+ENV NGINX_VERSION 1.19.6
+
+WORKDIR /opt
+
+RUN apt-get update && \
+    DEBIAN_FRONTEND=noninteractive apt-get install -y libpcre3 libpcre3-dev zlib1g-dev zlib1g golang-go build-essential git curl cmake;
+
+RUN curl -O https://nginx.org/download/nginx-$NGINX_VERSION.tar.gz && \
+    tar xvzf nginx-$NGINX_VERSION.tar.gz && \
+    git clone --recursive https://github.com/cloudflare/quiche && \
+    git clone --recursive https://github.com/google/ngx_brotli.git && \
+    cd nginx-$NGINX_VERSION && \
+    patch -p01 < ../quiche/extras/nginx/nginx-1.16.patch && \ 
+    curl https://sh.rustup.rs -sSf | sh -s -- -y -q && \
+    export PATH="$HOME/.cargo/bin:$PATH" && \
+    ./configure            	\
+    --prefix=$NGINX_PATH \
+    --sbin-path=/usr/sbin/nginx \
+    --modules-path=/usr/lib/nginx/modules \
+    --conf-path=$NGINX_PATH/nginx.conf \
+    --error-log-path=/var/log/nginx/error.log \
+    --http-log-path=/var/log/nginx/access.log \
+    --pid-path=/var/run/nginx.pid \
+    --lock-path=/var/run/nginx.lock \
+    --http-client-body-temp-path=/var/cache/nginx/client_temp \
+    --http-proxy-temp-path=/var/cache/nginx/proxy_temp \
+    --http-fastcgi-temp-path=/var/cache/nginx/fastcgi_temp \
+    --http-uwsgi-temp-path=/var/cache/nginx/uwsgi_temp \
+    --http-scgi-temp-path=/var/cache/nginx/scgi_temp \
+    --user=nginx \
+    --group=nginx  \
+    --with-compat \
+    --with-file-aio \
+    --with-threads \
+    --with-http_addition_module \
+    --with-http_auth_request_module \
+    --with-http_dav_module \
+    --with-http_flv_module \
+    --with-http_gunzip_module \
+    --with-http_gzip_static_module \
+    --with-http_mp4_module \
+    --with-http_random_index_module \
+    --with-http_realip_module \
+    --with-http_secure_link_module \
+    --with-http_slice_module \
+    --with-http_ssl_module \
+    --with-http_stub_status_module \
+    --with-http_sub_module \
+    --with-http_v2_module \
+    --with-mail \
+    --with-mail_ssl_module \
+    --with-stream \
+    --with-stream_realip_module \
+    --with-stream_ssl_module \
+    --with-stream_ssl_preread_module \
+    --add-module=/opt/ngx_brotli \
+    --with-http_v3_module 	\
+    --with-openssl=/opt/quiche/deps/boringssl \
+    --build="quiche-$(git --git-dir=../quiche/.git rev-parse --short HEAD)" \
+    --with-quiche=/opt/quiche &&\
+    make -j$(nproc) && \
+    make install;
+
+FROM debian:buster-slim
+
+COPY --from=builder /usr/sbin/nginx /usr/sbin/
+COPY --from=builder /etc/nginx/ /etc/nginx/
+
+
+RUN groupadd -g 101 nginx \
+  && useradd -m -u 101 -d /var/cache/nginx -s /sbin/nologin -g nginx nginx \
+  # forward request and error logs to docker log collector
+  && mkdir -p /var/log/nginx \
+  && touch /var/log/nginx/access.log /var/log/nginx/error.log \
+  && chown nginx: /var/log/nginx/access.log /var/log/nginx/error.log \
+  && ln -sf /dev/stdout /var/log/nginx/access.log \
+  && ln -sf /dev/stderr /var/log/nginx/error.log
+
+EXPOSE 80 443
+
+STOPSIGNAL SIGTERM
 
 CMD ["nginx", "-g", "daemon off;"]

Dockerfile.arm

-FROM lopsided/archlinux:devel
-
-RUN set -x \
-    && echo 'Server = https://mirrors.aliyun.com/archlinuxarm/$arch/$repo/' > /etc/pacman.d/mirrorlist \
-    && groupadd --gid 101 --system nginx \
-    && useradd --uid 101 --gid nginx --system --create-home --home-dir /var/cache/nginx --shell /sbin/nologin nginx \
-    && echo "nginx ALL=(ALL) NOPASSWD:ALL" > /etc/sudoers.d/nginx \
-    && pacman --noconfirm -Sy glibc lib32-glibc git \
-    && mkdir -m 777 /aur \
-    && su nginx -s /bin/sh -c " \
-        cd /aur \
-        && git clone https://aur.archlinux.org/nginx-quic.git \
-        && cd nginx-quic \
-        && makepkg -scri --noconfirm \
-    " \
-    && rm -f /etc/sudoers.d/nginx \
-    && rm -rf /aur \
-    && rm -rf /var/cache/pacman/pkg/*
-RUN openssl req -x509 -newkey rsa:4096 -days 365 -subj '/CN=localhost/O=localhost/C=US' \
-      -nodes -keyout /etc/nginx/cert.key -out /etc/nginx/cert.pem \
-    && ln -sf /dev/stdout /var/log/nginx/access.log \
-    && ln -sf /dev/stderr /var/log/nginx/error.log
-
-COPY nginx.conf /etc/nginx/nginx.conf
-
-EXPOSE 80
-EXPOSE 443/tcp
-EXPOSE 443/udp
-
-STOPSIGNAL SIGQUIT
-
-CMD ["nginx", "-g", "daemon off;"]

build.sh

-#!/bin/bash
-
-set -ex
-
-export FULL_VERSION=$(curl --silent "https://aur.archlinux.org/rpc.php?type=info&arg=nginx-quic" | jq -r '.results.Version')
-export VERSION=${FULL_VERSION%-*}
-
-echo "FULL_VERSION=$FULL_VERSION" > $CI_ENV_FILE && echo "VERSION=$VERSION" >> $CI_ENV_FILE
-
-if [[ -f $LAST_VERSION_FILE ]]; then
-  export LAST_VERSION=$(<$LAST_VERSION_FILE)
-fi
-if [[ -n $LAST_VERSION && $LAST_VERSION != $FULL_VERSION ]]; then
-  export CI_USE_CACHE=false
-fi
-params=()
-export params
-
-# https://gitlab.com/gitlab-org/gitlab-foss/-/issues/17861#note_19140733
-if [[ $CI_USE_CACHE == true ]]; then
-  if docker pull "$CI_IMAGE_TAG"; then
-    echo "Using existing image $CI_IMAGE_TAG as cache source"
-    params+=(--cache-from "$CI_IMAGE_TAG")
-  elif docker pull "$CI_REGISTRY_IMAGE:master"; then
-    echo "Falling back to $CI_REGISTRY_IMAGE:master as cache source"
-    params+=(--cache-from "$CI_REGISTRY_IMAGE:master")
-  else
-    echo "No available cache source found, building fresh"
-    params+=(--no-cache)
-  fi
-else
-  echo "CI_USE_CACHE is false"
-  params+=(--no-cache)
-fi
-
-docker build "${params[@]}" -t "${CI_IMAGE_TAG}" .

nginx.conf

-
-#user  nobody;
-worker_processes  1;
-
-#error_log  logs/error.log;
-#error_log  logs/error.log  notice;
-#error_log  logs/error.log  info;
-
-#pid        logs/nginx.pid;
-
-
-events {
-    worker_connections  1024;
-}
-
-
-http {
-    include       mime.types;
-    default_type  application/octet-stream;
-
-    #log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
-    #                  '$status $body_bytes_sent "$http_referer" '
-    #                  '"$http_user_agent" "$http_x_forwarded_for"';
-
-    #access_log  logs/access.log  main;
-
-    sendfile        on;
-    #tcp_nopush     on;
-
-    #keepalive_timeout  0;
-    keepalive_timeout  65;
-
-    #gzip  on;
-
-    server {
-        listen       80;
-        server_name  localhost;
-
-        #charset koi8-r;
-
-        #access_log  logs/host.access.log  main;
-
-        location / {
-            add_header Alt-Svc '$http3=":443"; ma=86400';
-            root   /usr/share/nginx/html;
-            index  index.html index.htm;
-        }
-
-        #error_page  404              /404.html;
-
-        # redirect server error pages to the static page /50x.html
-        #
-        error_page   500 502 503 504  /50x.html;
-        location = /50x.html {
-            root   /usr/share/nginx/html;
-        }
-
-        # proxy the PHP scripts to Apache listening on 127.0.0.1:80
-        #
-        #location ~ \.php$ {
-        #    proxy_pass   http://127.0.0.1;
-        #}
-
-        # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
-        #
-        #location ~ \.php$ {
-        #    root           html;
-        #    fastcgi_pass   127.0.0.1:9000;
-        #    fastcgi_index  index.php;
-        #    fastcgi_param  SCRIPT_FILENAME  /scripts$fastcgi_script_name;
-        #    include        fastcgi_params;
-        #}
-
-        # deny access to .htaccess files, if Apache's document root
-        # concurs with nginx's one
-        #
-        #location ~ /\.ht {
-        #    deny  all;
-        #}
-    }
-
-
-    # HTTPS server
-    server {
-        listen       443 ssl http2;
-        listen       [::]:443 ssl http2;
-        listen       443 http3 reuseport;
-        listen       [::]:443 http3 reuseport;        
-
-        server_name  localhost;
-
-        ssl_certificate      cert.pem;
-        ssl_certificate_key  cert.key;
-
-        ssl_session_cache    shared:SSL:1m;
-        ssl_session_timeout  5m;
-
-        ssl_protocols        TLSv1.3 TLSv1.2;
-        ssl_ciphers          HIGH:!aNULL:!MD5;
-        ssl_prefer_server_ciphers  on;
-
-        location / {
-            add_header Alt-Svc '$http3=":443"; ma=86400';
-            root   /usr/share/nginx/html;
-            index  index.html index.htm;
-        }
-
-        error_page   500 502 503 504  /50x.html;
-        location = /50x.html {
-            root   /usr/share/nginx/html;
-        }
-    }
-
-
-    # another virtual host using mix of IP-, name-, and port-based configuration
-    #
-    #server {
-    #    listen       8000;
-    #    listen       somename:8080;
-    #    server_name  somename  alias  another.alias;
-
-    #    location / {
-    #        root   html;
-    #        index  index.html index.htm;
-    #    }
-    #}
-
-}