Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Optimized/Enhanced Dockerfile #12

Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

Optimized/Enhanced Dockerfile #12

Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
132 changes: 77 additions & 55 deletions Dockerfile
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,76 +1,98 @@
FROM martenseemann/quic-network-simulator-endpoint:latest AS builder

ARG DEBIAN_FRONTEND=noninteractive
RUN apt-get update
RUN apt-get install -qy mercurial build-essential libpcre3 libpcre3-dev zlib1g zlib1g-dev curl git cmake ninja-build gnutls-bin iptables

RUN useradd nginx
# Installing required packages + Adding nginx user
RUN apt-get update \
&& apt-get install -qy \
mercurial \
build-essential \
libpcre3 \
libpcre3-dev \
zlib1g \
zlib1g-dev \
curl \
git \
cmake \
ninja-build \
gnutls-bin \
iptables \
&& \

echo "Cleaning up cache" \
&& apt-get autoremove \
&& apt-get clean \
&& rm -rf /var/lib/apt/lists/* && \

echo "Adding nginx user" \
&& useradd nginx

COPY --from=golang:latest /usr/local/go/ /usr/local/go/
ENV PATH="/usr/local/go/bin:${PATH}"

RUN git clone --depth=1 https://github.com/google/boringssl.git

RUN cd boringssl && \
mkdir build && \
cd build && \
cmake -GNinja .. && \
ninja && \
cd ../.. && \
mkdir -p boringssl/.openssl/lib && \
cp boringssl/build/crypto/libcrypto.a boringssl/build/ssl/libssl.a boringssl/.openssl/lib && \
cd boringssl/.openssl && \
ln -s ../include . && \
cd ../..

RUN touch 'boringssl/.openssl/include/openssl/ssl.h'

RUN hg clone http://hg.nginx.org/nginx

RUN cd nginx && \
./auto/configure --prefix=/etc/nginx \
--build=$(hg tip | head -n 1 | awk '{ print $2 }') \
--sbin-path=/usr/sbin/nginx \
--modules-path=/usr/lib/nginx/modules \
--conf-path=/etc/nginx/nginx.conf \
--error-log-path=/var/log/nginx/error.log \
--http-log-path=/var/log/nginx/access.log \
--pid-path=/run/nginx.pid \
--lock-path=/run/nginx.lock \
--http-client-body-temp-path=/var/cache/nginx/client_temp \
--http-proxy-temp-path=/var/cache/nginx/proxy_temp \
--http-fastcgi-temp-path=/var/cache/nginx/fastcgi_temp \
--http-uwsgi-temp-path=/var/cache/nginx/uwsgi_temp \
--http-scgi-temp-path=/var/cache/nginx/scgi_temp \
--user=nginx \
--group=nginx \
--with-compat \
--with-debug \
--with-http_ssl_module \
--with-http_v2_module \
--with-http_v3_module \
--with-cc=c++ \
--with-cc-opt='-I/boringssl/include -O0 -fno-common -fno-omit-frame-pointer -DNGX_QUIC_DRAFT_VERSION=29 -DNGX_HTTP_V3_HQ=1 -x c' \
--with-ld-opt='-L/boringssl/build/ssl -L/boringssl/build/crypto'

RUN cd nginx && make -j$(nproc)
RUN cd nginx && make install


# Cloning + preparing repo
RUN git clone --depth=1 https://github.com/google/boringssl.git \
&& cd boringssl \
&& mkdir build \
&& cd build \
&& cmake -GNinja .. \
&& ninja \
&& cd ../.. \
&& mkdir -p boringssl/.openssl/lib \
&& cp boringssl/build/crypto/libcrypto.a boringssl/build/ssl/libssl.a boringssl/.openssl/lib \
&& cd boringssl/.openssl \
&& ln -s ../include . \
&& cd ../.. \
&& touch 'boringssl/.openssl/include/openssl/ssl.h' \
&& hg clone http://hg.nginx.org/nginx

# Configuring + Building
RUN echo "Configuring" \
&& cd nginx \
&& ./auto/configure --prefix=/etc/nginx \
--build=$(hg tip | head -n 1 | awk '{ print $2 }') \
--sbin-path=/usr/sbin/nginx \
--modules-path=/usr/lib/nginx/modules \
--conf-path=/etc/nginx/nginx.conf \
--error-log-path=/var/log/nginx/error.log \
--http-log-path=/var/log/nginx/access.log \
--pid-path=/run/nginx.pid \
--lock-path=/run/nginx.lock \
--http-client-body-temp-path=/var/cache/nginx/client_temp \
--http-proxy-temp-path=/var/cache/nginx/proxy_temp \
--http-fastcgi-temp-path=/var/cache/nginx/fastcgi_temp \
--http-uwsgi-temp-path=/var/cache/nginx/uwsgi_temp \
--http-scgi-temp-path=/var/cache/nginx/scgi_temp \
--user=nginx \
--group=nginx \
--with-compat \
--with-debug \
--with-http_ssl_module \
--with-http_v2_module \
--with-http_v3_module \
--with-cc=c++ \
--with-cc-opt='-I/boringssl/include -O0 -fno-common -fno-omit-frame-pointer -DNGX_QUIC_DRAFT_VERSION=29 -DNGX_HTTP_V3_HQ=1 -x c' \
--with-ld-opt='-L/boringssl/build/ssl -L/boringssl/build/crypto' && \

echo "\n\n Building" \
&& make -j$(nproc) \
&& make install


# Main stage
FROM martenseemann/quic-network-simulator-endpoint:latest

COPY --from=builder /usr/sbin/nginx /usr/sbin/
COPY --from=builder /etc/nginx /etc/nginx

RUN useradd nginx
RUN mkdir -p /var/cache/nginx /var/log/nginx/
RUN useradd nginx && \
mkdir -p /var/cache/nginx /var/log/nginx/

COPY nginx.conf nginx.conf.retry nginx.conf.http3 nginx.conf.nodebug /etc/nginx/

COPY run_endpoint.sh .
RUN chmod +x run_endpoint.sh

EXPOSE 443/udp
EXPOSE 443/tcp
EXPOSE 443/udp 443/tcp

ENTRYPOINT [ "./run_endpoint.sh" ]