From e8b9677b79e06b8864d87407b77e7800dc6c10f5 Mon Sep 17 00:00:00 2001 From: Sam Date: Tue, 7 Jun 2016 16:13:02 +1000 Subject: [PATCH] New base image - add brotli support to nginx - update imagemagick - update phantomjs to safe version --- image/base/.gitignore | 1 + image/base/Dockerfile | 22 ++++++++++++-------- image/base/download_phantomjs | 3 +++ image/base/install-imagemagick | 2 +- image/base/install-nginx | 36 +++++++++++++++++++++++++++++++++ image/build.rb | 2 ++ image/discourse/Dockerfile | 4 ++-- image/discourse_test/Dockerfile | 2 +- 8 files changed, 60 insertions(+), 12 deletions(-) create mode 100644 image/base/.gitignore create mode 100755 image/base/download_phantomjs create mode 100755 image/base/install-nginx diff --git a/image/base/.gitignore b/image/base/.gitignore new file mode 100644 index 0000000..1dd5bce --- /dev/null +++ b/image/base/.gitignore @@ -0,0 +1 @@ +phantomjs diff --git a/image/base/Dockerfile b/image/base/Dockerfile index b1232c5..5a57d2c 100644 --- a/image/base/Dockerfile +++ b/image/base/Dockerfile @@ -1,5 +1,5 @@ -# NAME: discourse_base -# VERSION: 1.3.3 +# NAME: discourse/base +# VERSION: 1.3.4 FROM ubuntu:16.04 @@ -8,7 +8,7 @@ ENV PG_VERSION 9.5.3-1.pgdg16.04+1 MAINTAINER Sam Saffron "https://twitter.com/samsaffron" -RUN echo "1.3.3" > /VERSION +RUN echo "1.3.4" > /VERSION RUN apt-get update && apt-get install -y lsb-release sudo curl RUN echo "debconf debconf/frontend select Teletype" | debconf-set-selections @@ -20,7 +20,6 @@ RUN sh -c "fping proxy && echo 'Acquire { Retries \"0\"; HTTP { Proxy \"http://p RUN apt-get -y install software-properties-common RUN apt-mark hold initscripts RUN apt-get -y upgrade -RUN add-apt-repository -y ppa:nginx/development RUN curl http://apt.postgresql.org/pub/repos/apt/ACCC4CF8.asc | apt-key add - RUN echo "deb http://apt.postgresql.org/pub/repos/apt/ $(lsb_release -sc)-pgdg main" | \ tee /etc/apt/sources.list.d/postgres.list @@ -32,8 +31,8 @@ RUN apt-get -y install build-essential git wget \ libxml2-dev gawk parallel \ postgresql-${PG_MAJOR}=${PG_VERSION} postgresql-client-${PG_MAJOR}=${PG_VERSION} \ postgresql-contrib-${PG_MAJOR}=${PG_VERSION} libpq-dev libreadline-dev \ - nginx language-pack-en cron anacron \ - psmisc rsyslog vim whois + language-pack-en cron anacron \ + psmisc rsyslog vim whois brotli RUN sed -i -e 's/start -q anacron/anacron -s/' /etc/cron.d/anacron RUN sed -i.bak 's/$ModLoad imklog/#$ModLoad imklog/' /etc/rsyslog.conf RUN dpkg-divert --local --rename --add /sbin/initctl @@ -48,6 +47,10 @@ RUN cd / &&\ apt-get install -y nodejs &&\ npm install uglify-js -g &&\ npm install svgo -g + +ADD install-nginx /tmp/install-nginx +RUN /tmp/install-nginx + RUN apt-get -y install advancecomp jhead jpegoptim libjpeg-turbo-progs optipng @@ -82,8 +85,11 @@ RUN /tmp/install-gifsicle ADD install-pngquant /tmp/install-pngquant RUN /tmp/install-pngquant -RUN cd tmp && wget https://bitbucket.org/ariya/phantomjs/downloads/phantomjs-2.1.1-linux-x86_64.tar.bz2 -RUN cd tmp && tar jxf phantomjs-2.1.1-linux-x86_64.tar.bz2 && mv /tmp/phantomjs-2.1.1-linux-x86_64/bin/phantomjs /usr/local/bin +ADD phantomjs /usr/local/bin/phantomjs + +# Not using the official repo until they compile against a recent openssl +# RUN cd tmp && wget https://bitbucket.org/ariya/phantomjs/downloads/phantomjs-2.1.1-linux-x86_64.tar.bz2 +# RUN cd tmp && tar jxf phantomjs-2.1.1-linux-x86_64.tar.bz2 && mv /tmp/phantomjs-2.1.1-linux-x86_64/bin/phantomjs /usr/local/bin # clean up for docker squash RUN rm -fr /usr/share/man &&\ diff --git a/image/base/download_phantomjs b/image/base/download_phantomjs new file mode 100755 index 0000000..84dc2f0 --- /dev/null +++ b/image/base/download_phantomjs @@ -0,0 +1,3 @@ +#!/bin/bash + +docker run --rm -it -v `pwd`:/tmp samsaffron/phantomjs cp /usr/bin/phantomjs /tmp diff --git a/image/base/install-imagemagick b/image/base/install-imagemagick index 8be617c..4a62e1e 100755 --- a/image/base/install-imagemagick +++ b/image/base/install-imagemagick @@ -19,7 +19,7 @@ make all && make install # Build and install ImageMagick -wget -O $WDIR/ImageMagick.tar.gz "http://www.imagemagick.org/download/ImageMagick-6.9.4-4.tar.gz" +wget -O $WDIR/ImageMagick.tar.gz "http://www.imagemagick.org/download/ImageMagick-6.9.4-7.tar.gz" IMDIR=$WDIR/$(tar tzf $WDIR/ImageMagick.tar.gz --wildcards "ImageMagick-*/configure" |cut -d/ -f1) tar zxf $WDIR/ImageMagick.tar.gz -C $WDIR cd $IMDIR diff --git a/image/base/install-nginx b/image/base/install-nginx new file mode 100755 index 0000000..a9a516d --- /dev/null +++ b/image/base/install-nginx @@ -0,0 +1,36 @@ +#!/bin/bash +set -e +VERSION=1.10.1 +cd /tmp + +apt-get install -y autoconf + + +git clone https://github.com/bagder/libbrotli +cd libbrotli +./autogen.sh +./configure +make install + +cd /tmp + + +# this is the reason we are compiling by hand... +git clone https://github.com/google/ngx_brotli.git + +curl -O https://nginx.org/download/nginx-$VERSION.tar.gz +tar zxf nginx-$VERSION.tar.gz +cd nginx-$VERSION + +# so we get nginx user and so on +apt-get install -y nginx libpcre3 libpcre3-dev +# we don't want to accidentally upgrade nginx and undo our work +apt-mark hold nginx + +./configure --with-cc-opt='-g -O2 -fPIE -fstack-protector-strong -Wformat -Werror=format-security -Wdate-time -D_FORTIFY_SOURCE=2' --with-ld-opt='-Wl,-Bsymbolic-functions -fPIE -pie -Wl,-z,relro -Wl,-z,now' --prefix=/usr/share/nginx --conf-path=/etc/nginx/nginx.conf --http-log-path=/var/log/nginx/access.log --error-log-path=/var/log/nginx/error.log --lock-path=/var/lock/nginx.lock --pid-path=/run/nginx.pid --http-client-body-temp-path=/var/lib/nginx/body --http-fastcgi-temp-path=/var/lib/nginx/fastcgi --http-proxy-temp-path=/var/lib/nginx/proxy --http-scgi-temp-path=/var/lib/nginx/scgi --http-uwsgi-temp-path=/var/lib/nginx/uwsgi --with-debug --with-pcre-jit --with-ipv6 --with-http_ssl_module --with-http_stub_status_module --with-http_realip_module --with-http_auth_request_module --with-http_addition_module --with-http_dav_module --with-http_gunzip_module --with-http_gzip_static_module --with-http_v2_module --with-http_sub_module --with-stream --with-stream_ssl_module --with-mail --with-mail_ssl_module --with-threads --add-module=/tmp/ngx_brotli + +make install +cd / +rm -fr /tmp/nginx +rm -fr /tmp/libbrotli +rm -fr /tmp/ngx_brotli diff --git a/image/build.rb b/image/build.rb index 03f2e2b..f940f84 100644 --- a/image/build.rb +++ b/image/build.rb @@ -47,6 +47,8 @@ def build(path, tag, is_base) run("docker save #{img} | ./docker-squash -t #{tag} -verbose #{is_base && "-from root"} | docker load") end +run "(cd base && ./download_phantomjs)" + build("base",$base_image,true) build("discourse",$image,false) build("discourse_test",$test,false) diff --git a/image/discourse/Dockerfile b/image/discourse/Dockerfile index 23dee6f..483fb3d 100644 --- a/image/discourse/Dockerfile +++ b/image/discourse/Dockerfile @@ -1,5 +1,5 @@ -# Current version 1.3.3 -FROM discourse/base:1.3.3 +# Current version 1.3.4 +FROM discourse/base:1.3.4 MAINTAINER Sam Saffron "https://twitter.com/samsaffron" diff --git a/image/discourse_test/Dockerfile b/image/discourse_test/Dockerfile index e98255a..bce540b 100644 --- a/image/discourse_test/Dockerfile +++ b/image/discourse_test/Dockerfile @@ -1,4 +1,4 @@ -FROM discourse/discourse:1.3.3 +FROM discourse/discourse:1.3.4 MAINTAINER Sam Saffron "https://twitter.com/samsaffron" -- 2.25.1