11# syntax=docker/dockerfile:1.2
22ARG BUILD_OS=debian
3+ ARG NGINX_PLUS_VERSION=r24
34
45# ############################################ Base image for Debian #############################################
56FROM nginx:1.21.0 AS debian
@@ -33,8 +34,7 @@ COPY --chown=nginx:0 internal/configs/oidc/* /etc/nginx/oidc/
3334# ############################################ Base image for Debian with NGINX Plus #############################################
3435FROM debian:buster-slim AS debian-plus
3536ARG IC_VERSION
36- ENV NGINX_PLUS_VERSION 23-1~buster
37- ENV NGINX_NJS_VERSION 23+0.5.0-1~buster
37+ ARG NGINX_PLUS_VERSION
3838
3939RUN --mount=type=secret,id=nginx-repo.crt,dst=/etc/ssl/nginx/nginx-repo.crt,mode=0644 \
4040 --mount=type=secret,id=nginx-repo.key,dst=/etc/ssl/nginx/nginx-repo.key,mode=0644 \
@@ -46,9 +46,10 @@ RUN --mount=type=secret,id=nginx-repo.crt,dst=/etc/ssl/nginx/nginx-repo.crt,mode
4646 && gpg --no-default-keyring --keyring nginx_keyring.gpg --export > /etc/apt/trusted.gpg.d/nginx_signing.gpg \
4747 && wget -P /etc/apt/apt.conf.d https://cs.nginx.com/static/files/90pkgs-nginx \
4848 && echo "Acquire::https::pkgs.nginx.com::User-Agent \" k8s-ic-$IC_VERSION-apt\" ;" >> /etc/apt/apt.conf.d/90pkgs-nginx \
49- && printf "deb https://pkgs.nginx.com/plus/debian buster nginx-plus\n " > /etc/apt/sources.list.d/nginx-plus.list \
50- && apt-get update && apt-get install --no-install-recommends --no-install-suggests -y \
51- nginx-plus=${NGINX_PLUS_VERSION} nginx-plus-module-njs=${NGINX_NJS_VERSION} \
49+ && printf "%s\n " "deb https://pkgs.nginx.com/plus/debian buster nginx-plus" > /etc/apt/sources.list.d/nginx-plus.list \
50+ && apt-get update \
51+ && apt-get install --no-install-recommends --no-install-suggests -y \
52+ nginx-plus-${NGINX_PLUS_VERSION} nginx-plus-module-njs-${NGINX_PLUS_VERSION} \
5253 && apt-get purge --auto-remove -y apt-transport-https gnupg wget \
5354 && rm -rf /var/lib/apt/lists/*
5455
@@ -58,13 +59,7 @@ COPY --chown=nginx:0 internal/configs/oidc/* /etc/nginx/oidc/
5859# ############################################ Base image for Debian with NGINX Plus and App Protect #############################################
5960FROM debian-plus as debian-plus-nap
6061ARG IC_VERSION
61-
62- ENV APPPROTECT_MODULE_VERSION 23+3.462.0-1~buster
63- ENV APPPROTECT_PLUGIN_VERSION 3.462.0-1~buster
64- ENV APPPROTECT_ENGINE_VERSION 6.53.1-1~buster
65- ENV APPPROTECT_COMPILER_VERSION 6.53.1-1~buster
66- ENV APPPROTECT_SIG_VERSION 2021.02.26-1~buster
67- ENV APPPROTECT_THREAT_CAMPAIGNS_VERSION 2021.03.02-1~buster
62+ ARG NGINX_PLUS_VERSION
6863
6964RUN --mount=type=secret,id=nginx-repo.crt,dst=/etc/ssl/nginx/nginx-repo.crt,mode=0644 \
7065 --mount=type=secret,id=nginx-repo.key,dst=/etc/ssl/nginx/nginx-repo.key,mode=0644 \
@@ -76,16 +71,21 @@ RUN --mount=type=secret,id=nginx-repo.crt,dst=/etc/ssl/nginx/nginx-repo.crt,mode
7671 && gpg --no-default-keyring --keyring app_protect_keyring.gpg --export > /etc/apt/trusted.gpg.d/nginx_app_signing.gpg \
7772 &
8000
amp;& sed -i '$ d' /etc/apt/apt.conf.d/90pkgs-nginx \
7873 && echo "Acquire::https::pkgs.nginx.com::User-Agent \" k8s-ic-$IC_VERSION-nap-$APPPROTECT_MODULE_VERSION-apt\" ;" >> /etc/apt/apt.conf.d/90pkgs-nginx \
79- && printf "deb https://pkgs.nginx.com/app-protect/debian buster nginx-plus\n " | tee /etc/apt/sources.list.d/nginx-app-protect.list \
80- && printf "deb https://pkgs.nginx.com/app-protect-security-updates/debian buster nginx-plus\n " | tee -a /etc/apt/sources.list.d/nginx-app-protect.list \
81- && apt-get update && apt-get install --no-install-recommends --no-install-suggests -y \
82- nginx-plus-module-appprotect=$APPPROTECT_MODULE_VERSION \
83- app-protect-plugin=$APPPROTECT_PLUGIN_VERSION \
84- app-protect-engine=$APPPROTECT_ENGINE_VERSION \
85- app-protect-compiler=$APPPROTECT_COMPILER_VERSION \
86- app-protect=$APPPROTECT_MODULE_VERSION \
87- && apt-get install -y app-protect-attack-signatures${APPPROTECT_SIG_VERSION:+=$APPPROTECT_SIG_VERSION} \
88- && apt-get install -y app-protect-threat-campaigns${APPPROTECT_THREAT_CAMPAIGNS_VERSION:+=$APPPROTECT_THREAT_CAMPAIGNS_VERSION} \
74+ && printf "%s\n " "deb https://pkgs.nginx.com/app-protect/debian buster nginx-plus" \
75+ "deb https://pkgs.nginx.com/app-protect-security-updates/debian buster nginx-plus" > /etc/apt/sources.list.d/nginx-app-protect.list \
76+ && apt-get update \
77+ # searching apt-cache for the latest version of NAP packages compatible with the $NGINX_PLUS_VERSION
78+ && module_version=$(apt-cache showpkg nginx-plus-module-appprotect | awk -v ver="nginx-plus-$NGINX_PLUS_VERSION" '{ if ($6 == ver) {print $1; exit}}' ) \
79+ engine_version=$(apt-cache showpkg app-protect | awk -v ver="$module_version" '{ if ($1 == ver && $3 == "nginx-plus-module-appprotect") {print substr($NF, 1, length($NF)-1); exit}}' ) \
80+ plugin=$(apt-cache showpkg nginx-plus-module-appprotect | awk -v ver="nginx-plus-$NGINX_PLUS_VERSION" '{ if ($6 == ver) {print substr($NF, 1, length($NF)-1); exit}}' ) \
81+ && apt-get install --no-install-recommends --no-install-suggests -y \
82+ nginx-plus-module-appprotect=${module_version} \
83+ app-protect-plugin=${plugin} \
84+ app-protect-engine=${engine_version} \
85+ app-protect-compiler=${engine_version} \
86+ app-protect=${module_version} \
87+ && apt-get install -y app-protect-attack-signatures \
88+ && apt-get install -y app-protect-threat-campaigns \
8989 && apt-get purge --auto-remove -y apt-transport-https gnupg wget \
9090 && rm -rf /var/lib/apt/lists/* \
9191 && rm /etc/apt/sources.list.d/nginx-app-protect.list
@@ -147,8 +147,7 @@ RUN rpm --import https://nginx.org/keys/nginx_signing.key \
147147
148148# ############################################ Base image for UBI with NGINX Plus #############################################
149149FROM ubi-base AS ubi-plus
150-
151- ENV NGINX_PLUS_VERSION r23
150+ ARG NGINX_PLUS_VERSION
152151
153152RUN --mount=type=secret,id=nginx-repo.crt,dst=/etc/ssl/nginx/nginx-repo.crt,mode=0644 \
154153 --mount=type=secret,id=nginx-repo.key,dst=/etc/ssl/nginx/nginx-repo.key,mode=0644 \
@@ -232,14 +231,13 @@ RUN ldconfig
232231
233232# ############################################ Build image for Opentracing with NGINX Plus #############################################
234233FROM debian-plus as opentracing-plus
235-
236- ENV NGINX_OPENTRACING_MODULE_VERSION 23+0.9.0-1~buster
234+ ARG NGINX_PLUS_VERSION
237235
238236RUN --mount=type=secret,id=nginx-repo.crt,dst=/etc/ssl/nginx/nginx-repo.crt,mode=0644 \
239237 --mount=type=secret,id=nginx-repo.key,dst=/etc/ssl/nginx/nginx-repo.key,mode=0644 \
240- apt-get update && \
241- apt-get install --no-install-recommends --no-install-suggests -y nginx-plus-module-opentracing=${NGINX_OPENTRACING_MODULE_VERSION} && \
242- rm -rf /var/lib/apt/lists/*
238+ apt-get update \
239+ && apt-get install --no-install-recommends --no-install-suggests -y nginx-plus-module-opentracing-${NGINX_PLUS_VERSION} \
240+ && rm -rf /var/lib/apt/lists/*
243241
244242COPY --from=tracer-downloader /usr/local/lib/libjaegertracing_plugin.so /usr/local/lib/libjaegertracing_plugin.so
245243
0 commit comments