11# syntax=docker/dockerfile:1.2
22ARG BUILD_OS=debian
3+ ARG NGINX_PLUS_VERSION=r24
34
45# ############################################ Base image for Debian #############################################
56FROM nginx:1.19.10 AS debian
@@ -20,8 +21,7 @@ RUN apk add --no-cache libcap \
2021# ############################################ Base image for Debian with NGINX Plus #############################################
2122FROM debian:buster-slim AS debian-plus
2223ARG IC_VERSION
23- ENV NGINX_PLUS_VERSION 23-1~buster
24- ENV NGINX_NJS_VERSION 23+0.5.0-1~buster
24+ ARG NGINX_PLUS_VERSION
2525
2626RUN --mount=type=secret,id=nginx-repo.crt,dst=/etc/ssl/nginx/nginx-repo.crt,mode=0644 \
2727 --mount=type=secret,id=nginx-repo.key,dst=/etc/ssl/nginx/nginx-repo.key,mode=0644 \
@@ -33,9 +33,10 @@ RUN --mount=type=secret,id=nginx-repo.crt,dst=/etc/ssl/nginx/nginx-repo.crt,mode
3333 && gpg --no-default-keyring --keyring nginx_keyring.gpg --export > /etc/apt/trusted.gpg.d/nginx_signing.gpg \
3434 && wget -P /etc/apt/apt.conf.d https://cs.nginx.com/static/files/90pkgs-nginx \
3535 && echo "Acquire::https::pkgs.nginx.com::User-Agent \" k8s-ic-$IC_VERSION-apt\" ;" >> /etc/apt/apt.conf.d/90pkgs-nginx \
36- && printf "deb https://pkgs.nginx.com/plus/debian buster nginx-plus\n " > /etc/apt/sources.list.d/nginx-plus.list \
37- && apt-get update && apt-get install --no-install-recommends --no-install-suggests -y \
38- nginx-plus=${NGINX_PLUS_VERSION} nginx-plus-module-njs=${NGINX_NJS_VERSION} \
36+ && printf "%s\n " "deb https://pkgs.nginx.com/plus/debian buster nginx-plus" > /etc/apt/sources.list.d/nginx-plus.list \
37+ && apt-get update \
38+ && apt-get install --no-install-recommends --no-install-suggests -y \
39+ nginx-plus-${NGINX_PLUS_VERSION} nginx-plus-module-njs-${NGINX_PLUS_VERSION} \
3940 && apt-get purge --auto-remove -y apt-transport-https gnupg wget \
4041 && rm -rf /var/lib/apt/lists/*
4142
@@ -45,13 +46,7 @@ COPY --chown=nginx:0 internal/configs/oidc/* /etc/nginx/oidc/
4546# ############################################ Base image for Debian with NGINX Plus and App Protect #############################################
4647FROM debian-plus as debian-plus-nap
4748ARG IC_VERSION
48-
49- ENV APPPROTECT_MODULE_VERSION 23+3.462.0-1~buster
50- ENV APPPROTECT_PLUGIN_VERSION 3.462.0-1~buster
51- ENV APPPROTECT_ENGINE_VERSION 6.53.1-1~buster
52- ENV APPPROTECT_COMPILER_VERSION 6.53.1-1~buster
53- ENV APPPROTECT_SIG_VERSION 2021.02.26-1~buster
54- ENV APPPROTECT_THREAT_CAMPAIGNS_VERSION 2021.03.02-1~buster
49+ ARG NGINX_PLUS_VERSION
5550
5651RUN --mount=type=secret,id=nginx-repo.crt,dst=/etc/ssl/nginx/nginx-repo.crt,mode=0644 \
5752 --mount=type=secret,id=nginx-repo.key,dst=/etc/ssl/nginx/nginx-repo.key,mode=0644 \
@@ -63,16 +58,21 @@ RUN --mount=type=secret,id=nginx-repo.crt,dst=/etc/ssl/nginx/nginx-repo.crt,mode
6358 && gpg --no-default-keyring --keyring app_protect_keyring.gpg --export > /etc/apt/trusted.gpg.d/nginx_app_signing.gpg \
6459 && sed -i '$ d' /etc/apt/apt.conf.d/90pkgs-nginx \
6560 && echo "Acquire::https::pkgs.nginx.com::User-Agent \" k8s-ic-$IC_VERSION-nap-$APPPROTECT_MODULE_VERSION-apt\" ;" >> /etc/apt/apt.conf.d/90pkgs-nginx \
66- && printf "deb https://pkgs.nginx.com/app-protect/debian buster nginx-plus\n " | tee /etc/apt/sources.list.d/nginx-app-protect.list \
67- && printf "deb https://pkgs.nginx.com/app-protect-security-updates/debian buster nginx-plus\n " | tee -a /etc/apt/sources.list.d/nginx-app-protect.list \
68- && apt-get update && apt-get install --no-install-recommends --no-install-suggests -y \
69- nginx-plus-module-appprotect=$APPPROTECT_MODULE_VERSION \
70- app-protect-plugin=$APPPROTECT_PLUGIN_VERSION \
71- app-protect-engine=$APPPROTECT_ENGINE_VERSION \
72- app-protect-compiler=$APPPROTECT_COMPILER_VERSION \
73- app-protect=$APPPROTECT_MODULE_VERSION \
74- && apt-get install -y app-protect-attack-signatures${APPPROTECT_SIG_VERSION:+=$APPPROTECT_SIG_VERSION} \
75- && apt-get install -y app-protect-threat-campaigns${APPPROTECT_THREAT_CAMPAIGNS_VERSION:+=$APPPROTECT_THREAT_CAMPAIGNS_VERSION} \
61+ && printf "%s\n " "deb https://pkgs.nginx.com/app-protect/debian buster nginx-plus" \
62+ "deb https://pkgs.nginx.com/app-protect-security-updates/debian buster nginx-plus" > /etc/apt/sources.list.d/nginx-app-protect.list \
63+ && apt-get update \
64+ # searching apt-cache for the latest version of NAP packages compatible with the $NGINX_PLUS_VERSION
65+ && module_version=$(apt-cache showpkg nginx-plus-module-appprotect | awk -v ver="nginx-plus-$NGINX_PLUS_VERSION" '{ if ($6 == ver) {print $1; exit}}' ) \
66+ engine_version=$(apt-cache showpkg app-protect | awk -v ver="$module_version" '{ if ($1 == ver && $3 == "nginx-plus-module-appprotect") {print substr($NF, 1, length($NF)-1); exit}}' ) \
67+ plugin=$(apt-cache showpkg nginx-plus-module-appprotect | awk -v ver="nginx-plus-$NGINX_PLUS_VERSION" '{ if ($6 == ver) {print substr($NF, 1, length($NF)-1); exit}}' ) \
68+ && apt-get install --no-install-recommends --no-install-suggests -y \
69+ nginx-plus-module-appprotect=${module_version} \
70+ app-protect-plugin=${plugin} \
71+ app-protect-engine=${engine_version} \
72+ app-protect-compiler=${engine_version} \
73+ app-protect=${module_version} \
74+ && apt-get install -y app-protect-attack-signatures \
75+ && apt-get install -y app-protect-threat-campaigns \
7676 && apt-get purge --auto-remove -y apt-transport-https gnupg wget \
7777 && rm -rf /var/lib/apt/lists/* \
7878 && rm /etc/apt/sources.list.d/nginx-app-protect.list
@@ -134,8 +134,7 @@ RUN rpm --import https://nginx.org/keys/nginx_signing.key \
134134
135135# ############################################ Base image for UBI with NGINX Plus #############################################
136136FROM ubi-base AS ubi-plus
137-
138- ENV NGINX_PLUS_VERSION r23
137+ ARG NGINX_PLUS_VERSION
139138
140139RUN --mount=type=secret,id=nginx-repo.crt,dst=/etc/ssl/nginx/nginx-repo.crt,mode=0644 \
141140 --mount=type=secret,id=nginx-repo.key,dst=/etc/ssl/nginx/nginx-repo.key,mode=0644 \
@@ -219,14 +218,13 @@ RUN ldconfig
219218
220219# ############################################ Build image for Opentracing with NGINX Plus #############################################
221220FROM debian-plus as opentracing-plus
222-
223- ENV NGINX_OPENTRACING_MODULE_VERSION 23+0.9.0-1~buster
221+ ARG NGINX_PLUS_VERSION
224222
225223RUN --mount=type=secret,id=nginx-repo.crt,dst=/etc/ssl/nginx/nginx-repo.crt,mode=0644 \
226224 --mount=type=secret,id=nginx-repo.key,dst=/etc/ssl/nginx/nginx-repo.key,mode=0644 \
227- apt-get update && \
228- apt-get install --no-install-recommends --no-install-suggests -y nginx-plus-module-opentracing=${NGINX_OPENTRACING_MODULE_VERSION} && \
229- rm -rf /var/lib/apt/lists/*
225+ apt-get update \
226+ && apt-get install --no-install-recommends --no-install-suggests -y nginx-plus-module-opentracing-${NGINX_PLUS_VERSION} \
227+ && rm -rf /var/lib/apt/lists/*
230228
231229COPY --from=tracer-downloader /usr/local/lib/libjaegertracing_plugin.so /usr/local/lib/libjaegertracing_plugin.so
232230
0 commit comments