nginx: Update to version 1.25, move to Quadlet
This commit is contained in:
parent
3943c51181
commit
15b41eee1a
|
@ -74,11 +74,16 @@ systemd:
|
|||
- name: populate-volume.conf
|
||||
contents: |
|
||||
[Service]
|
||||
ExecStartPre=/bin/podman volume create static.localhost
|
||||
ExecStartPre=/bin/podman volume create --ignore static.localhost
|
||||
ExecStartPre=/bin/sh -c "V=$(podman volume mount static.localhost) && echo 'Hello World!' > $V/index.html"
|
||||
ExecStartPost=/bin/podman volume unmount static.localhost
|
||||
- name: nginx-proxy-http@static.localhost.service
|
||||
enabled: true
|
||||
dropins:
|
||||
- name: volume-upstream.conf
|
||||
contents: |
|
||||
[Service]
|
||||
Environment=UPSTREAM_HOST=nginx-serve-volume-static.localhost UPSTREAM_PORT=8080
|
||||
|
||||
- name: nginx-serve-php@php.localhost.service
|
||||
enabled: true
|
||||
|
|
|
@ -1,4 +1,12 @@
|
|||
FROM docker.io/nginx:1.23
|
||||
FROM docker.io/debian:bookworm-slim
|
||||
ARG VERSION=1.25
|
||||
|
||||
RUN apt-get update -y && apt-get install -y --no-install-recommends ca-certificates
|
||||
ADD --chown=_apt https://nginx.org/keys/nginx_signing.key /etc/apt/trusted.gpg.d/nginx.asc
|
||||
|
||||
RUN echo "deb https://nginx.org/packages/mainline/debian bookworm nginx" > /etc/apt/sources.list.d/nginx.list && \
|
||||
apt-get update && apt-get install -y --no-install-recommends nginx="${VERSION}*" && \
|
||||
rm -Rf /etc/nginx
|
||||
|
||||
RUN addgroup --system --gid 10000 nginx-shared
|
||||
RUN gpasswd --add nginx nginx-shared
|
||||
|
@ -9,4 +17,6 @@ COPY container/run-nginx /run-nginx
|
|||
RUN nginx -t
|
||||
|
||||
EXPOSE 80 443
|
||||
STOPSIGNAL SIGQUIT
|
||||
|
||||
ENTRYPOINT ["/run-nginx"]
|
||||
|
|
|
@ -37,7 +37,7 @@ events {
|
|||
# This is only used when you don't override it on a `server` level
|
||||
# Default: logs/error.log error
|
||||
# https://nginx.org/en/docs/ngx_core_module.html#error_log
|
||||
error_log /var/log/nginx/error.log warn;
|
||||
error_log /dev/stderr warn;
|
||||
|
||||
# The file storing the process ID of the main process
|
||||
# Default: logs/nginx.pid
|
||||
|
@ -89,7 +89,7 @@ http {
|
|||
# This is only used when you don't override it on a `server` level
|
||||
# Default: logs/access.log combined
|
||||
# https://nginx.org/en/docs/http/ngx_http_log_module.html#access_log
|
||||
access_log /var/log/nginx/access.log main;
|
||||
access_log /dev/stdout main;
|
||||
|
||||
# How long to allow each connection to stay idle.
|
||||
# Longer values are better for each individual client, particularly for SSL,
|
||||
|
|
|
@ -0,0 +1,20 @@
|
|||
[Unit]
|
||||
Description=NGINX Web Server
|
||||
Wants=container-build@%N.service
|
||||
After=container-build@%N.service
|
||||
|
||||
[Container]
|
||||
ContainerName=%N
|
||||
Image=localhost/%N:latest
|
||||
Network=internal
|
||||
PublishPort=80:80
|
||||
PublishPort=443:443
|
||||
Volume=nginx-conf:/etc/nginx/conf.d:z
|
||||
Volume=letsencrypt:/etc/ssl/private:z,rshared,ro
|
||||
|
||||
[Service]
|
||||
Restart=on-failure
|
||||
ExecReload=/bin/podman exec %N nginx -s reload
|
||||
|
||||
[Install]
|
||||
WantedBy=multi-user.target
|
|
@ -6,7 +6,5 @@ storage:
|
|||
local: service/nginx/
|
||||
- path: /etc/systemd/system
|
||||
local: service/nginx/systemd/
|
||||
systemd:
|
||||
units:
|
||||
- name: nginx.service
|
||||
enabled: true
|
||||
- path: /etc/containers/systemd
|
||||
local: service/nginx/quadlet/
|
||||
|
|
|
@ -9,8 +9,8 @@ RemainAfterExit=true
|
|||
SyslogIdentifier=%N
|
||||
Environment=SERVER_NAME=%i SSL_CERT_NAME=%i UPSTREAM_HOST=%i UPSTREAM_PORT=8080 UPSTREAM_PATH=
|
||||
Environment=NGINX_CONF=%E/coreos-home-server/nginx/service/%p.conf.template
|
||||
ExecStart=/bin/sh -c "envsubst '$SERVER_NAME $SERVER_NAME_ALT $SSL_CERT_NAME $UPSTREAM_HOST $UPSTREAM_PORT $UPSTREAM_PATH' < ${NGINX_CONF} > /tmp/%i.conf"
|
||||
ExecStartPost=/bin/sh -c 'podman cp /tmp/%i.conf nginx:/etc/nginx/conf.d/%i.conf && rm -f /tmp/%i.conf'
|
||||
ExecStart=/bin/sh -c "envsubst '$SERVER_NAME $SERVER_NAME_ALT $SSL_CERT_NAME $UPSTREAM_HOST $UPSTREAM_PORT $UPSTREAM_PATH' < ${NGINX_CONF} > /tmp/%N.conf"
|
||||
ExecStartPost=/bin/sh -c 'podman cp /tmp/%N.conf nginx:/etc/nginx/conf.d/%i.conf && rm -f /tmp/%N.conf'
|
||||
ExecStartPost=/bin/podman exec nginx nginx -s reload
|
||||
ExecStop=/bin/podman exec nginx rm --force /etc/nginx/conf.d/%i.conf
|
||||
ExecStopPost=/bin/podman exec nginx nginx -s reload
|
||||
|
|
|
@ -21,8 +21,8 @@ ExecStartPre=/bin/podman init %i-php
|
|||
ExecStartPre=/bin/podman create --replace --name %i-nginx --pod %i --sdnotify=conmon \
|
||||
--volumes-from=%i-php:z,ro \
|
||||
localhost/nginx:latest
|
||||
ExecStartPre=/bin/sh -c "envsubst '$SERVER_NAME' < ${NGINX_CONF} > /tmp/%i.conf"
|
||||
ExecStartPre=/bin/sh -c 'podman cp /tmp/%i.conf %i-nginx:/etc/nginx/conf.d/%i.conf && rm -f /tmp/%i.conf'
|
||||
ExecStartPre=/bin/sh -c "envsubst '$SERVER_NAME' < ${NGINX_CONF} > /tmp/%N.conf"
|
||||
ExecStartPre=/bin/sh -c 'podman cp /tmp/%N.conf %i-nginx:/etc/nginx/conf.d/%i.conf && rm -f /tmp/%N.conf'
|
||||
ExecStart=/bin/sh -c 'podman pod start %i && podman start --attach %i-php'
|
||||
ExecStop=/bin/podman pod stop --ignore --time 10 %i
|
||||
ExecStopPost=/bin/podman pod rm --ignore --force %i
|
||||
|
|
|
@ -14,8 +14,8 @@ Environment=NGINX_CONF=%E/coreos-home-server/nginx/service/%p.conf.template
|
|||
ExecStartPre=/bin/podman create --replace --name $SERVER_NAME --net internal --sdnotify=conmon \
|
||||
--volume %i:/srv:z,ro \
|
||||
localhost/nginx:latest
|
||||
ExecStartPre=/bin/sh -c "envsubst '$SERVER_NAME $SERVER_ROOT' < ${NGINX_CONF} > /tmp/%i.conf"
|
||||
ExecStartPre=/bin/sh -c 'podman cp /tmp/%i.conf ${SERVER_NAME}:/etc/nginx/conf.d/%i.conf && rm -f /tmp/%i.conf'
|
||||
ExecStartPre=/bin/sh -c "envsubst '$SERVER_NAME $SERVER_ROOT' < ${NGINX_CONF} > /tmp/%N.conf"
|
||||
ExecStartPre=/bin/sh -c 'podman cp /tmp/%N.conf ${SERVER_NAME}:/etc/nginx/conf.d/%i.conf && rm -f /tmp/%N.conf'
|
||||
ExecStart=/bin/podman start --attach $SERVER_NAME
|
||||
ExecStop=/bin/podman stop --ignore --time 10 $SERVER_NAME
|
||||
ExecStopPost=/bin/podman rm --ignore --force $SERVER_NAME
|
||||
|
|
|
@ -1,22 +0,0 @@
|
|||
[Unit]
|
||||
Description=NGINX Web Server
|
||||
Wants=container-build@%N.service
|
||||
After=container-build@%N.service
|
||||
|
||||
[Service]
|
||||
Type=notify
|
||||
NotifyAccess=all
|
||||
SyslogIdentifier=%N
|
||||
Restart=on-failure
|
||||
Environment=PODMAN_SYSTEMD_UNIT=%n
|
||||
ExecStart=/bin/podman run --replace --name %N --net internal --sdnotify=conmon \
|
||||
--publish 80:80 --publish 443:443 \
|
||||
--volume nginx-conf:/etc/nginx/conf.d:z \
|
||||
--volume letsencrypt:/etc/ssl/private:z,rshared,ro \
|
||||
localhost/%N:latest
|
||||
ExecStop=/bin/podman stop --ignore --time 10 %N
|
||||
ExecStopPost=/bin/podman rm --ignore --force %N
|
||||
ExecReload=/bin/podman exec %N %N -s reload
|
||||
|
||||
[Install]
|
||||
WantedBy=multi-user.target
|
Loading…
Reference in New Issue