dockerfile实例--openresety

erwewwe

# Dockerfile to build openresety Installed Containers
FROM 192.168.1.67/library/centos7.4:v1
MAINTAINER xiayun <xiay@baomihua.com>

#Install necessary tools
RUN yum install -y pcre-devel wget net-tools gcc zlib zlib-devel make openssl-devel unzip python-devel
#download tar.gz
ADD https://openresty.org/download/openresty-1.11.2.5.tar.gz .
ADD http://labs.frickle.com/files/ngx_cache_purge-2.3.tar.gz .
ADD https://github.com/loveshell/ngx_lua_waf/archive/master.zip .
#unzip
RUN tar zxvf ngx_cache_purge-2.3.tar.gz
RUN tar -zxvf openresty-1.11.2.5.tar.gz
RUN unzip master.zip
#install openresety
RUN cd openresty-1.11.2.5 && ./configure --prefix=/usr/local/openresty --with-luajit --with-http_stub_status_module --with-pcre --with-pcre-jit --add-module=../ngx_cache_purge-2.3/ && gmake && gmake install
RUN mkdir /usr/local/openresty/nginx/conf/waf/
RUN mkdir /usr/local/openresty/nginx/logs/hack/
RUN cp -r /ngx_lua_waf-master/* /usr/local/openresty/nginx/conf/waf/
RUN mv /usr/local/openresty/nginx/conf/nginx.conf /usr/local/openresty/nginx/conf/nginx.conf.bak
RUN mv /usr/local/openresty/nginx/conf/waf/config.lua /usr/local/openresty/nginx/conf/waf/config.bak
COPY .nginx_conf /usr/local/openresty/nginx/conf/nginx.conf
COPY config.lua /usr/local/openresty/nginx/conf/waf/config.lua
#add user nginx
RUN useradd -s /sbin/nologin nginx
#chown nginx
RUN chown  -R nginx.nginx /usr/local/openresty/
RUN chown  -R nginx.nginx /ngx_cache_purge-2.3
#Expose ports for 80
EXPOSE 80
#start openresty
CMD /usr/local/openresty/nginx/sbin/nginx -g "daemon off;"

附1：.nginx_conf 与Dockerfile在同一路径

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69

user  nginx nginx; worker_processes 2; error_log  /usr/local/openresty/nginx/logs/nginx_error.log  error; pid        /usr/local/openresty/nginx/nginx.pid; worker_rlimit_nofile 65535; events { use epoll; worker_connections 65535; } http { lua_package_path "/usr/local/openresty/nginx/conf/waf/?.lua"; lua_shared_dict limit 10m; init_by_lua_file  /usr/local/openresty/nginx/conf/waf/init.lua; access_by_lua_file /usr/local/openresty/nginx/conf/waf/waf.lua; include       mime.types; default_type  application/octet-stream; charset   utf-8; server_tokens off; log_format main '$host $status [$time_local] $upstream_addr $remote_addr - $remote_user [$time_local] $request_uri ' '"$http_referer" "$http_user_agent" "$http_x_forwarded_for" ' '$bytes_sent $request_time $sent_http_x_cache_hit "$upstream_cache_status"'; log_format log404 '$status [$time_local] $remote_addr $host$request_uri $sent_http_location'; server_names_hash_bucket_size 128; client_header_buffer_size 32k; large_client_header_buffers 4 32k; client_max_body_size 300m; sendfile on; fastcgi_intercept_errors on; tcp_nopush     on; keepalive_timeout 20; tcp_nodelay on; client_body_timeout 10; client_body_buffer_size  512k; gzip on; gzip_min_length  1k; gzip_buffers     4 16k; gzip_http_version 1.1; gzip_comp_level 2; gzip_types       text/plain application/x-javascript text/css application/xml; gzip_vary on; send_timeout 60; open_file_cache max=200000 inactive=20s; open_file_cache_valid 30s; open_file_cache_min_uses 2; open_file_cache_errors on; ssi on; ssi_silent_errors on; ssi_types text/shtml; server { listen       80; server_name  localhost; index index.html index.htm index.shtml index.php;     root /usr/local/openresty/nginx/html;       if ($http_user_agent ~* "Baiduspider-render|qihoobot|Baiduspider|Googlebot|Googlebot-Mobile|Googlebot-Image|Mediapartners-Google|Adsbot-Google|Feedfetcher-Google|Yahoo! Slurp|Yahoo! Slurp China|YoudaoBot|Sosospider|Sogou spider|Sogou web spider|MSNBot|ia_archiver|Tomato Bot") { return 403; } location ~ \.php$ { include fastcgi_params; fastcgi_pass unix:/tmp/php-fcgi.sock; fastcgi_index index.php; fastcgi_param SCRIPT_FILENAME /usr/local/nginx/html$fastcgi_script_name; } } }

附2：config.lua与Dockerfile同一路径

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45

RulePath = "/usr/local/openresty/nginx/conf/waf/wafconf/" attacklog = "on" logdir = "/usr/local/openresty/nginx/logs/hack/" UrlDeny="off" Redirect="off" CookieMatch="off" postMatch="off" whiteModule="off" black_fileExt={"php","jsp"} ipWhitelist={"127.0.0.1","192.168.20.25"} ipBlocklist={} CCDeny="off" CCrate="100/60" html=[[ <html xmlns="http://www.w3.org/1999/xhtml"><head> <meta http-equiv="Content-Type" content="text/html; charset=utf-8"> <title>网站防火墙</title> <style> p {         line-height:20px; } ul{ list-style-type:none;} li{ list-style-type:none;} </style> </head> <body style=" padding:0; margin:0; font:14px/1.5 Microsoft Yahei, 宋体,sans-serif; color:#555;"> <div style="margin: 0 auto; width:1000px; padding-top:70px; overflow:hidden;">           <div style="width:600px; float:left;">     <div style=" height:40px; line-height:40px; color:#fff; font-size:16px; overflow:hidden; background:#6bb3f6; padding-left:20px;">网站防火墙 </div>     <div style="border:1px dashed #cdcece; border-top:none; font-size:14px; background:#fff; color:#555; line-height:24px; height:220px; padding:20px 20px 0 20px; overflow-y:auto;background:#f3f7f9;">       <p style=" margin-top:0px; margin-bottom:0px; margin-left:0px; margin-right:0px; -qt-block-indent:0; text-indent:0px;"><span style=" font-weight:600; color:#fc4f03;">您的请求带有不合法参数，已被网站管理员设置拦截！</span></p> <p style=" margin-top:0px; margin-bottom:0px; margin-left:0px; margin-right:0px; -qt-block-indent:0; text-indent:0px;">可能原因：您提交的内容包含危险的攻击请求</p> <p style=" margin-top:12px; margin-bottom:12px; margin-left:0px; margin-right:0px; -qt-block-indent:1; text-indent:0px;">如何解决：</p> <ul style="margin-top: 0px; margin-bottom: 0px; margin-left: 0px; margin-right: 0px; -qt-list-indent: 1;"><li style=" margin-top:12px; margin-bottom:0px; margin-left:0px; margin-right:0px; -qt-block-indent:0; text-indent:0px;">1）检查提交内容；</li> <li style=" margin-top:0px; margin-bottom:0px; margin-left:0px; margin-right:0px; -qt-block-indent:0; text-indent:0px;">2）如网站托管，请联系空间提供商；</li> <li style=" margin-top:0px; margin-bottom:0px; margin-left:0px; margin-right:0px; -qt-block-indent:0; text-indent:0px;">3）普通网站访客，请联系网站管理员；</li></ul>     </div>   </div> </div> </body></html> ]]

yfhmmx

实际生产中，nginx做docker其实没有太大必要