New base image

- add brotli support to nginx
- update imagemagick
- update phantomjs to safe version

diff --git a/image/base/.gitignore b/image/base/.gitignore
new file mode 100644 (file)
index 0000000..1dd5bce
--- /dev/null
+++ b/image/base/.gitignore
@@ -0,0 +1 @@
+phantomjs

diff --git a/image/base/Dockerfile b/image/base/Dockerfile
index b1232c58aa31000909a280d3eaeab09b9f2813aa..5a57d2c6986b6fcbd58b1d8bd645988b0e6c6043 100644 (file)
--- a/image/base/Dockerfile
+++ b/image/base/Dockerfile
@@ -1,5 +1,5 @@
-# NAME:     discourse_base
-# VERSION:  1.3.3
+# NAME:     discourse/base
+# VERSION:  1.3.4
 
 FROM ubuntu:16.04
 
@@ -8,7 +8,7 @@ ENV PG_VERSION 9.5.3-1.pgdg16.04+1
 
 MAINTAINER Sam Saffron "https://twitter.com/samsaffron"
 
-RUN echo "1.3.3" > /VERSION
+RUN echo "1.3.4" > /VERSION
 
 RUN apt-get update && apt-get install -y lsb-release sudo curl
 RUN echo "debconf debconf/frontend select Teletype" | debconf-set-selections
@@ -20,7 +20,6 @@ RUN sh -c "fping proxy && echo 'Acquire { Retries \"0\"; HTTP { Proxy \"http://p
 RUN apt-get -y install software-properties-common
 RUN apt-mark hold initscripts
 RUN apt-get -y upgrade
-RUN add-apt-repository -y ppa:nginx/development
 RUN curl http://apt.postgresql.org/pub/repos/apt/ACCC4CF8.asc | apt-key add -
 RUN echo "deb http://apt.postgresql.org/pub/repos/apt/ $(lsb_release -sc)-pgdg main" | \
         tee /etc/apt/sources.list.d/postgres.list
@@ -32,8 +31,8 @@ RUN apt-get -y install build-essential git wget \
                        libxml2-dev gawk parallel \
                        postgresql-${PG_MAJOR}=${PG_VERSION} postgresql-client-${PG_MAJOR}=${PG_VERSION} \
                        postgresql-contrib-${PG_MAJOR}=${PG_VERSION} libpq-dev libreadline-dev \
-                       nginx language-pack-en cron anacron \
-                       psmisc rsyslog vim whois
+                       language-pack-en cron anacron \
+                       psmisc rsyslog vim whois brotli
 RUN sed -i -e 's/start -q anacron/anacron -s/' /etc/cron.d/anacron
 RUN sed -i.bak 's/$ModLoad imklog/#$ModLoad imklog/' /etc/rsyslog.conf
 RUN dpkg-divert --local --rename --add /sbin/initctl
@@ -48,6 +47,10 @@ RUN cd / &&\
     apt-get install -y nodejs &&\
     npm install uglify-js -g &&\
     npm install svgo -g
+
+ADD install-nginx /tmp/install-nginx
+RUN /tmp/install-nginx
+
 RUN apt-get -y install advancecomp jhead jpegoptim libjpeg-turbo-progs optipng
 
 
@@ -82,8 +85,11 @@ RUN /tmp/install-gifsicle
 ADD install-pngquant /tmp/install-pngquant
 RUN /tmp/install-pngquant
 
-RUN cd tmp && wget https://bitbucket.org/ariya/phantomjs/downloads/phantomjs-2.1.1-linux-x86_64.tar.bz2
-RUN cd tmp && tar jxf phantomjs-2.1.1-linux-x86_64.tar.bz2 && mv /tmp/phantomjs-2.1.1-linux-x86_64/bin/phantomjs /usr/local/bin
+ADD phantomjs /usr/local/bin/phantomjs
+
+# Not using the official repo until they compile against a recent openssl
+# RUN cd tmp && wget https://bitbucket.org/ariya/phantomjs/downloads/phantomjs-2.1.1-linux-x86_64.tar.bz2
+# RUN cd tmp && tar jxf phantomjs-2.1.1-linux-x86_64.tar.bz2 && mv /tmp/phantomjs-2.1.1-linux-x86_64/bin/phantomjs /usr/local/bin
 
 # clean up for docker squash
 RUN   rm -fr /usr/share/man &&\

diff --git a/image/base/download_phantomjs b/image/base/download_phantomjs
new file mode 100755 (executable)
index 0000000..84dc2f0
--- /dev/null
+++ b/image/base/download_phantomjs
@@ -0,0 +1,3 @@
+#!/bin/bash
+
+docker run --rm -it -v `pwd`:/tmp samsaffron/phantomjs cp /usr/bin/phantomjs /tmp

diff --git a/image/base/install-imagemagick b/image/base/install-imagemagick
index 8be617c7322d6520db7a953e5cf44a927ed76d31..4a62e1ecbb55f075b3e3a5e8d3d7bc0ca7239a6e 100755 (executable)
--- a/image/base/install-imagemagick
+++ b/image/base/install-imagemagick
@@ -19,7 +19,7 @@ make all && make install
 
 
 # Build and install ImageMagick
-wget -O $WDIR/ImageMagick.tar.gz "http://www.imagemagick.org/download/ImageMagick-6.9.4-4.tar.gz"
+wget -O $WDIR/ImageMagick.tar.gz "http://www.imagemagick.org/download/ImageMagick-6.9.4-7.tar.gz"
 IMDIR=$WDIR/$(tar tzf $WDIR/ImageMagick.tar.gz --wildcards "ImageMagick-*/configure" |cut -d/ -f1)
 tar zxf $WDIR/ImageMagick.tar.gz -C $WDIR
 cd $IMDIR

diff --git a/image/base/install-nginx b/image/base/install-nginx
new file mode 100755 (executable)
index 0000000..a9a516d
--- /dev/null
+++ b/image/base/install-nginx
@@ -0,0 +1,36 @@
+#!/bin/bash
+set -e
+VERSION=1.10.1
+cd /tmp
+
+apt-get install -y autoconf
+
+
+git clone https://github.com/bagder/libbrotli
+cd libbrotli
+./autogen.sh
+./configure
+make install
+
+cd /tmp
+
+
+# this is the reason we are compiling by hand...
+git clone https://github.com/google/ngx_brotli.git
+
+curl -O https://nginx.org/download/nginx-$VERSION.tar.gz
+tar zxf nginx-$VERSION.tar.gz
+cd nginx-$VERSION
+
+# so we get nginx user and so on
+apt-get install -y nginx libpcre3 libpcre3-dev
+# we don't want to accidentally upgrade nginx and undo our work
+apt-mark hold nginx
+
+./configure --with-cc-opt='-g -O2 -fPIE -fstack-protector-strong -Wformat -Werror=format-security -Wdate-time -D_FORTIFY_SOURCE=2' --with-ld-opt='-Wl,-Bsymbolic-functions -fPIE -pie -Wl,-z,relro -Wl,-z,now' --prefix=/usr/share/nginx --conf-path=/etc/nginx/nginx.conf --http-log-path=/var/log/nginx/access.log --error-log-path=/var/log/nginx/error.log --lock-path=/var/lock/nginx.lock --pid-path=/run/nginx.pid --http-client-body-temp-path=/var/lib/nginx/body --http-fastcgi-temp-path=/var/lib/nginx/fastcgi --http-proxy-temp-path=/var/lib/nginx/proxy --http-scgi-temp-path=/var/lib/nginx/scgi --http-uwsgi-temp-path=/var/lib/nginx/uwsgi --with-debug --with-pcre-jit --with-ipv6 --with-http_ssl_module --with-http_stub_status_module --with-http_realip_module --with-http_auth_request_module --with-http_addition_module --with-http_dav_module --with-http_gunzip_module --with-http_gzip_static_module --with-http_v2_module --with-http_sub_module --with-stream --with-stream_ssl_module --with-mail --with-mail_ssl_module --with-threads --add-module=/tmp/ngx_brotli
+
+make install
+cd /
+rm -fr /tmp/nginx
+rm -fr /tmp/libbrotli
+rm -fr /tmp/ngx_brotli

diff --git a/image/build.rb b/image/build.rb
index 03f2e2bfd9edfd38b64b9f7be4197f1934c084c7..f940f84320ae67916b049a4253116c2c473df901 100644 (file)
--- a/image/build.rb
+++ b/image/build.rb
@@ -47,6 +47,8 @@ def build(path, tag, is_base)
   run("docker save #{img} | ./docker-squash -t #{tag} -verbose #{is_base && "-from root"} | docker load")
 end
 
+run "(cd base && ./download_phantomjs)"
+
 build("base",$base_image,true)
 build("discourse",$image,false)
 build("discourse_test",$test,false)

diff --git a/image/discourse/Dockerfile b/image/discourse/Dockerfile
index 23dee6f20a54735c67c3f91805e259d40a434ba0..483fb3da1e4eece6cd58380706fd18c76ac7d116 100644 (file)
--- a/image/discourse/Dockerfile
+++ b/image/discourse/Dockerfile
@@ -1,5 +1,5 @@
-# Current version 1.3.3
-FROM discourse/base:1.3.3
+# Current version 1.3.4
+FROM discourse/base:1.3.4
 
 MAINTAINER Sam Saffron "https://twitter.com/samsaffron"
 

diff --git a/image/discourse_test/Dockerfile b/image/discourse_test/Dockerfile
index e98255ab3f18ff4ac98dd2c5da2eea7fed8f65cd..bce540b5bb74989eeadec1dde87f8128f8ff1ad2 100644 (file)
--- a/image/discourse_test/Dockerfile
+++ b/image/discourse_test/Dockerfile
@@ -1,4 +1,4 @@
-FROM discourse/discourse:1.3.3
+FROM discourse/discourse:1.3.4
 
 MAINTAINER Sam Saffron "https://twitter.com/samsaffron"