11# syntax=docker/dockerfile:1.2
22ARG BUILD_OS=debian
3+ ARG NGINX_PLUS_VERSION=r24
34
45# ############################################ Base image for Debian #############################################
56FROM nginx:1.19.10 AS debian
@@ -20,8 +21,7 @@ RUN apk add --no-cache libcap \
2021# ############################################ Base image for Debian with NGINX Plus #############################################
2122FROM debian:buster-slim AS debian-plus
2223ARG IC_VERSION
23- ENV NGINX_PLUS_VERSION 23-1~buster
24- ENV NGINX_NJS_VERSION 23+0.5.0-1~buster
24+ ARG NGINX_PLUS_VERSION
2525
2626RUN --mount=type=secret,id=nginx-repo.crt,dst=/etc/ssl/nginx/nginx-repo.crt,mode=0644 \
2727 --mount=type=secret,id=nginx-repo.key,dst=/etc/ssl/nginx/nginx-repo.key,mode=0644 \
@@ -34,8 +34,10 @@ RUN --mount=type=secret,id=nginx-repo.crt,dst=/etc/ssl/nginx/nginx-repo.crt,mode
3434 && wget -P /etc/apt/apt.conf.d https://cs.nginx.com/static/files/90pkgs-nginx \
3535 && echo "Acquire::https::pkgs.nginx.com::User-Agent \" k8s-ic-$IC_VERSION-apt\" ;" >> /etc/apt/apt.conf.d/90pkgs-nginx \
3636 && printf "deb https://pkgs.nginx.com/plus/debian buster nginx-plus\n " > /etc/apt/sources.list.d/nginx-plus.list \
37- && apt-get update && apt-get install --no-install-recommends --no-install-suggests -y \
38- nginx-plus=${NGINX_PLUS_VERSION} nginx-plus-module-njs=${NGINX_NJS_VERSION} \
37+ && apt-get update \
38+ && apt-get install --no-install-recommends --no-install-suggests -y \
39+ nginx-plus=$(apt-cache showpkg nginx-plus-$NGINX_PLUS_VERSION | awk '{ if ($1 == "nginx-plus") {print $2; exit}}' ) \
40+ nginx-plus-module-njs=$(apt-cache showpkg nginx-plus-module-njs-$NGINX_PLUS_VERSION | awk '{ if ($1 == "nginx-plus-module-njs") {print $2; exit}}' ) \
3941 && apt-get purge --auto-remove -y apt-transport-https gnupg wget \
4042 && rm -rf /var/lib/apt/lists/*
4143
@@ -45,13 +47,7 @@ COPY --chown=nginx:0 internal/configs/oidc/* /etc/nginx/oidc/
4547# ############################################ Base image for Debian with NGINX Plus and App Protect #############################################
4648FROM debian-plus as debian-plus-nap
4749ARG IC_VERSION
48-
49- ENV APPPROTECT_MODULE_VERSION 23+3.462.0-1~buster
50- ENV APPPROTECT_PLUGIN_VERSION 3.462.0-1~buster
51- ENV APPPROTECT_ENGINE_VERSION 6.53.1-1~buster
52- ENV APPPROTECT_COMPILER_VERSION 6.53.1-1~buster
53- ENV APPPROTECT_SIG_VERSION 2021.02.26-1~buster
54- ENV APPPROTECT_THREAT_CAMPAIGNS_VERSION 2021.03.02-1~buster
50+ ARG NGINX_PLUS_VERSION
5551
5652RUN --mount=type=secret,id=nginx-repo.crt,dst=/etc/ssl/nginx/nginx-repo.crt,mode=0644 \
5753 --mount=type=secret,id=nginx-repo.key,dst=/etc/ssl/nginx/nginx-repo.key,mode=0644 \
@@ -65,14 +61,17 @@ RUN --mount=type=secret,id=nginx-repo.crt,dst=/etc/ssl/nginx/nginx-repo.crt,mode
6561 && echo "Acquire::https::pkgs.nginx.com::User-Agent \" k8s-ic-$IC_VERSION-nap-$APPPROTECT_MODULE_VERSION-apt\" ;" >> /etc/apt/apt.conf.d/90pkgs-nginx \
6662 && printf "deb https://pkgs.nginx.com/app-protect/debian buster nginx-plus\n " | tee /etc/apt/sources.list.d/nginx-app-protect.list \
6763 && printf "deb https://pkgs.nginx.com/app-protect-security-updates/debian buster nginx-plus\n " | tee -a /etc/apt/sources.list.d/nginx-app-protect.list \
68- && apt-get update && apt-get install --no-install-recommends --no-install-suggests -y \
69- nginx-plus-module-appprotect=$APPPROTECT_MODULE_VERSION \
70- app-protect-plugin=$APPPROTECT_PLUGIN_VERSION \
71- app-protect-engine=$APPPROTECT_ENGINE_VERSION \
72- app-protect-compiler=$APPPROTECT_COMPILER_VERSION \
73- app-protect=$APPPROTECT_MODULE_VERSION \
74- && apt-get install -y app-protect-attack-signatures${APPPROTECT_SIG_VERSION:+=$APPPROTECT_SIG_VERSION} \
75- && apt-get install -y app-protect-threat-campaigns${APPPROTECT_THREAT_CAMPAIGNS_VERSION:+=$APPPROTECT_THREAT_CAMPAIGNS_VERSION} \
64+ && apt-get update \
65+ && module_version=$(apt-cache showpkg nginx-plus-module-appprotect | awk -v ver="nginx-plus-$NGINX_PLUS_VERSION" '{ if ($6 == ver) {print $1; exit}}' ) \
66+ engine_version=$(apt-cache showpkg app-protect | awk -v ver="$module_version" '{ if ($1 == ver && $3 == "nginx-plus-module-appprotect") {print substr($NF, 1, length($NF)-1); exit}}' ) \
67+ && apt-get install --no-install-recommends --no-install-suggests -y \
68+ nginx-plus-module-appprotect=${module_version} \
69+ app-protect-plugin=$(apt-cache showpkg nginx-plus-module-appprotect | awk -v ver="nginx-plus-$NGINX_PLUS_VERSION" '{ if ($6 == ver) {print substr($NF, 1, length($NF)-1); exit}}' ) \
70+ app-protect-engine=${engine_version} \
71+ app-protect-compiler=${engine_version} \
72+ app-protect=${module_version} \
73+ && apt-get install -y app-protect-attack-signatures \
74+ && apt-get install -y app-protect-threat-campaigns \
7675 && apt-get purge --auto-remove -y apt-transport-https gnupg wget \
7776 && rm -rf /var/lib/apt/lists/* \
7877 && rm /etc/apt/sources.list.d/nginx-app-protect.list
@@ -134,8 +133,7 @@ RUN rpm --import https://nginx.org/keys/nginx_signing.key \
134133
135134# ############################################ Base image for UBI with NGINX Plus #############################################
136135FROM ubi-base AS ubi-plus
137-
138- ENV NGINX_PLUS_VERSION r23
136+ ARG NGINX_PLUS_VERSION
139137
140138RUN --mount=type=secret,id=nginx-repo.crt,dst=/etc/ssl/nginx/nginx-repo.crt,mode=0644 \
141139 --mount=type=secret,id=nginx-repo.key,dst=/etc/ssl/nginx/nginx-repo.key,mode=0644 \
@@ -219,13 +217,13 @@ RUN ldconfig
219217
220218# ############################################ Build image for Opentracing with NGINX Plus #############################################
221219FROM debian-plus as opentracing-plus
222-
223- ENV NGINX_OPENTRACING_MODULE_VERSION 23+0.9.0-1~buster
220+ ARG NGINX_PLUS_VERSION
224221
225222RUN --mount=type=secret,id=nginx-repo.crt,dst=/etc/ssl/nginx/nginx-repo.crt,mode=0644 \
226223 --mount=type=secret,id=nginx-repo.key,dst=/etc/ssl/nginx/nginx-repo.key,mode=0644 \
227224 apt-get update && \
228- apt-get install --no-install-recommends --no-install-suggests -y nginx-plus-module-opentracing=${NGINX_OPENTRACING_MODULE_VERSION} && \
225+ apt-get install --no-install-recommends --no-install-suggests -y \
226+ nginx-plus-module-opentracing=$(apt-cache showpkg nginx-plus-module-opentracing-$NGINX_PLUS_VERSION | awk '{ if ($1 == "nginx-plus-module-opentracing") {print $2; exit}}' ) && \
229227 rm -rf /var/lib/apt/lists/*
230228
231229COPY --from=tracer-downloader /usr/local/lib/libjaegertracing_plugin.so /usr/local/lib/libjaegertracing_plugin.so
0 commit comments