WIP: install openresty

Dockerfile

@@ -1,37 +1,79 @@
-FROM openresty/openresty:bookworm-buildpack
+# FROM openresty/openresty:bookworm-buildpack
+FROM buildpack-deps:trixie
 
-WORKDIR /opt/app
-
-ARG version=3.7.0.1
+ARG version=3.8.2.1
 ARG pkgname=pandoc-$version-1-amd64.deb
 ARG pkgurl=https://github.com/jgm/pandoc/releases/download/$version/$pkgname
 
+ARG RESTY_DEB_FLAVOR=""
+ARG RESTY_DEB_VERSION="=1.27.1.2-1~bookworm1"
+ARG RESTY_LUAROCKS_VERSION="3.12.2"
+
 RUN apt-get update && apt-get install -y \
-        python3-pygments lua-inotify wget && \
+        python3-pygments lua-inotify wget curl tar make && \
         wget -q -O $pkgname $pkgurl && dpkg -i $pkgname && rm $pkgname
 
-RUN luarocks install sitegen
+WORKDIR /opt/app
+
+# COPY openresty.source /etc/apt/sources.list.d/
+# RUN cat openresty.source >> /etc/apt/sources.list.d/debian.sources
+# RUN echo "$(cat openresty.source)" >> /etc/apt/sources.list.d/debian.sources
+
+RUN wget -qO - https://openresty.org/package/pubkey.gpg | gpg --dearmor > /etc/apt/trusted.gpg.d/openresty-keyring.gpg \
+    && chown root:root /etc/apt/trusted.gpg.d/openresty-keyring.gpg \
+    && chmod ugo+r /etc/apt/trusted.gpg.d/openresty-keyring.gpg \
+    && chmod go-w /etc/apt/trusted.gpg.d/openresty-keyring.gpg \
+    && echo "Types: deb\nURIs: https://openresty.org/package/debian\nSuites: bookworm\nComponents: openresty\nEnabled: yes\nSigned-By: /etc/apt/trusted.gpg.d/openresty-keyring.gpg" >> /etc/apt/sources.list.d/debian.sources \
+    && echo "$(cat /etc/apt/sources.list.d/debian.sources)" \
+    && DEBIAN_FRONTEND=noninteractive apt-get update \
+    && DEBIAN_FRONTEND=noninteractive apt-get install -y --no-install-recommends \
+        openresty${RESTY_DEB_FLAVOR}${RESTY_DEB_VERSION} \
+        openresty-resty${RESTY_DEB_FLAVOR}${RESTY_DEB_VERSION} \
+        openresty-opm${RESTY_DEB_FLAVOR}${RESTY_DEB_VERSION} \
+        openresty-openssl3${RESTY_DEB_FLAVOR}-dev \
+        openresty-pcre2${RESTY_DEB_FLAVOR}-dev \
+        openresty-zlib${RESTY_DEB_FLAVOR}-dev \
+    && mkdir -p /var/run/openresty \
+    && ln -sf /dev/stdout /usr/local/openresty${RESTY_DEB_FLAVOR}/nginx/logs/access.log \
+    && ln -sf /dev/stderr /usr/local/openresty${RESTY_DEB_FLAVOR}/nginx/logs/error.log
+
+# Install LuaRocks
+# RUN curl -fSL https://luarocks.github.io/luarocks/releases/luarocks-${RESTY_LUAROCKS_VERSION}.tar.gz -o luarocks-${RESTY_LUAROCKS_VERSION}.tar.gz \
+#     && tar xzf luarocks-${RESTY_LUAROCKS_VERSION}.tar.gz \
+#     && cd luarocks-${RESTY_LUAROCKS_VERSION} \
+#     && mkdir -p /usr/local/openresty/luajit \
+#     && ./configure \
+#         --prefix=/usr/local/openresty/luajit \
+#         --with-lua=/usr/local/openresty/luajit \
+#         --with-lua-include=/usr/local/openresty/luajit/include/luajit-2.1 \
+#     && make build \
+#     && make install \
+#     && cd /tmp \
+#     && rm -rf luarocks-${RESTY_LUAROCKS_VERSION} luarocks-${RESTY_LUAROCKS_VERSION}.tar.gz
+
+# RUN luarocks install sitegen
 
 # needed for sitegen watcher
-RUN luarocks install inotify INOTIFY_INCDIR=/usr/include/x86_64-linux-gnu/
+# RUN luarocks install inotify INOTIFY_INCDIR=/usr/include/x86_64-linux-gnu/
 
 # needed for testing
-RUN luarocks install busted
-RUN luarocks install luajit-curl
-RUN luarocks install luasocket # needed for testing nginx reverse proxy
+# RUN luarocks install busted
+# RUN luarocks install luajit-curl
+# RUN luarocks install luasocket # needed for testing nginx reverse proxy
 
-RUN mkdir -p /var/www/certs/miti.sh \
-    && openssl req -x509 -newkey rsa:4096 -nodes \
-      -keyout /var/www/certs/miti.sh/privkey.pem \
-      -out /var/www/certs/miti.sh/fullchain.pem \
-      -sha256 -days 365 -subj '/CN=miti.sh' \
-      -addext "subjectAltName=DNS:miti.sh,DNS:git.miti.sh,DNS:apps.miti.sh"
+# RUN mkdir -p /var/www/certs/miti.sh \
+#     && openssl req -x509 -newkey rsa:4096 -nodes \
+#       -keyout /var/www/certs/miti.sh/privkey.pem \
+#       -out /var/www/certs/miti.sh/fullchain.pem \
+#       -sha256 -days 365 -subj '/CN=miti.sh' \
+#       -addext "subjectAltName=DNS:miti.sh,DNS:git.miti.sh,DNS:apps.miti.sh"
 
-RUN mkdir -p /var/www/certs/webdevcat.me \
-    && openssl req -x509 -newkey rsa:4096 -nodes \
-      -keyout /var/www/certs/webdevcat.me/privkey.pem \
-      -out /var/www/certs/webdevcat.me/fullchain.pem \
-      -sha256 -days 365 -subj '/CN=webdevcat.me' \
-      -addext "subjectAltName=DNS:webdevcat.me,DNS:git.webdevcat.me,DNS:apps.webdevcat.me"
+# RUN mkdir -p /var/www/certs/webdevcat.me \
+#     && openssl req -x509 -newkey rsa:4096 -nodes \
+#       -keyout /var/www/certs/webdevcat.me/privkey.pem \
+#       -out /var/www/certs/webdevcat.me/fullchain.pem \
+#       -sha256 -days 365 -subj '/CN=webdevcat.me' \
+#       -addext "subjectAltName=DNS:webdevcat.me,DNS:git.webdevcat.me,DNS:apps.webdevcat.me"
 
-CMD ["sh", "-c", "openresty -p `pwd` -g 'daemon off;'"]
+# CMD ["sh", "-c", "openresty -p `pwd` -g 'daemon off;'"]
+CMD ["bash"]

Dockerfile.buildpack

@@ -0,0 +1,82 @@
+# Dockerfile - buildpack-deps
+# https://github.com/openresty/docker-openresty
+
+ARG RESTY_IMAGE_BASE="buildpack-deps"
+ARG RESTY_IMAGE_TAG="bookworm"
+
+FROM ${RESTY_IMAGE_BASE}:${RESTY_IMAGE_TAG}
+
+LABEL maintainer="Evan Wies <evan@neomantra.net>"
+
+# RESTY_DEB_FLAVOR build argument is used to select other
+# OpenResty Debian package variants.
+# For example: "-debug" or "-valgrind"
+ARG RESTY_DEB_FLAVOR=""
+ARG RESTY_DEB_VERSION="=1.27.1.2-1~bookworm1"
+ARG RESTY_APT_REPO="https://openresty.org/package/debian"
+ARG RESTY_APT_PGP="https://openresty.org/package/pubkey.gpg"
+ARG RESTY_APT_ARCH="amd64"
+ARG RESTY_IMAGE_BASE="buildpack-deps"
+ARG RESTY_IMAGE_TAG="bookworm"
+
+ARG RESTY_LUAROCKS_VERSION="3.12.2"
+
+LABEL resty_image_base="${RESTY_IMAGE_BASE}"
+LABEL resty_image_tag="${RESTY_IMAGE_TAG}"
+LABEL resty_apt_repo="${RESTY_APT_REPO}"
+LABEL resty_apt_pgp="${RESTY_APT_PGP}"
+LABEL resty_apt_arch="${RESTY_APT_ARCH}"
+LABEL resty_deb_flavor="${RESTY_DEB_FLAVOR}"
+LABEL resty_deb_version="${RESTY_DEB_VERSION}"
+LABEL resty_luarocks_version="${RESTY_LUAROCKS_VERSION}}"
+
+# Install OpenResty
+RUN wget -qO - ${RESTY_APT_PGP} | gpg --dearmor > /etc/apt/trusted.gpg.d/openresty-keyring.gpg \
+    && chown root:root /etc/apt/trusted.gpg.d/openresty-keyring.gpg \
+    && chmod ugo+r /etc/apt/trusted.gpg.d/openresty-keyring.gpg \
+    && chmod go-w /etc/apt/trusted.gpg.d/openresty-keyring.gpg \
+    && echo "deb [arch=$RESTY_APT_ARCH signed-by=/etc/apt/trusted.gpg.d/openresty-keyring.gpg] $RESTY_APT_REPO $(grep -Po 'VERSION="[0-9]+ \(\K[^)]+' /etc/os-release) openresty" | tee /etc/apt/sources.list.d/openresty.list \
+    && DEBIAN_FRONTEND=noninteractive apt-get update \
+    && DEBIAN_FRONTEND=noninteractive apt-get install -y --no-install-recommends \
+        openresty${RESTY_DEB_FLAVOR}${RESTY_DEB_VERSION} \
+        openresty-resty${RESTY_DEB_FLAVOR}${RESTY_DEB_VERSION} \
+        openresty-opm${RESTY_DEB_FLAVOR}${RESTY_DEB_VERSION} \
+        openresty-openssl3${RESTY_DEB_FLAVOR}-dev \
+        openresty-pcre2${RESTY_DEB_FLAVOR}-dev \
+        openresty-zlib${RESTY_DEB_FLAVOR}-dev \
+    && mkdir -p /var/run/openresty \
+    && ln -sf /dev/stdout /usr/local/openresty${RESTY_DEB_FLAVOR}/nginx/logs/access.log \
+    && ln -sf /dev/stderr /usr/local/openresty${RESTY_DEB_FLAVOR}/nginx/logs/error.log
+
+# Install LuaRocks
+RUN  curl -fSL https://luarocks.github.io/luarocks/releases/luarocks-${RESTY_LUAROCKS_VERSION}.tar.gz -o luarocks-${RESTY_LUAROCKS_VERSION}.tar.gz \
+    && tar xzf luarocks-${RESTY_LUAROCKS_VERSION}.tar.gz \
+    && cd luarocks-${RESTY_LUAROCKS_VERSION} \
+    && ./configure \
+        --prefix=/usr/local/openresty/luajit \
+        --with-lua=/usr/local/openresty/luajit \
+        --with-lua-include=/usr/local/openresty/luajit/include/luajit-2.1 \
+    && make build \
+    && make install \
+    && cd /tmp \
+    && rm -rf luarocks-${RESTY_LUAROCKS_VERSION} luarocks-${RESTY_LUAROCKS_VERSION}.tar.gz
+
+# Add additional binaries into PATH for convenience
+ENV PATH="$PATH:/usr/local/openresty${RESTY_DEB_FLAVOR}/luajit/bin:/usr/local/openresty${RESTY_DEB_FLAVOR}/nginx/sbin:/usr/local/openresty${RESTY_DEB_FLAVOR}/bin"
+
+# Add LuaRocks paths
+# If OpenResty changes, these may need updating:
+#    /usr/local/openresty/bin/resty -e 'print(package.path)'
+#    /usr/local/openresty/bin/resty -e 'print(package.cpath)'
+ENV LUA_PATH="/usr/local/openresty/site/lualib/?.ljbc;/usr/local/openresty/site/lualib/?/init.ljbc;/usr/local/openresty/lualib/?.ljbc;/usr/local/openresty/lualib/?/init.ljbc;/usr/local/openresty/site/lualib/?.lua;/usr/local/openresty/site/lualib/?/init.lua;/usr/local/openresty/lualib/?.lua;/usr/local/openresty/lualib/?/init.lua;./?.lua;/usr/local/openresty/luajit/share/luajit-2.1/?.lua;/usr/local/share/lua/5.1/?.lua;/usr/local/share/lua/5.1/?/init.lua;/usr/local/openresty/luajit/share/lua/5.1/?.lua;/usr/local/openresty/luajit/share/lua/5.1/?/init.lua"
+ENV LUA_CPATH="/usr/local/openresty/site/lualib/?.so;/usr/local/openresty/lualib/?.so;./?.so;/usr/local/lib/lua/5.1/?.so;/usr/local/openresty/luajit/lib/lua/5.1/?.so;/usr/local/lib/lua/5.1/loadall.so;/usr/local/openresty/luajit/lib/lua/5.1/?.so"
+
+# Copy nginx configuration files
+COPY nginx.conf /usr/local/openresty${RESTY_DEB_FLAVOR}/nginx/conf/nginx.conf
+COPY nginx.vh.default.conf /etc/nginx/conf.d/default.conf
+
+CMD ["/usr/bin/openresty", "-g", "daemon off;"]
+
+# Use SIGQUIT instead of default SIGTERM to cleanly drain requests
+# See https://github.com/openresty/docker-openresty/blob/master/README.md#tips--pitfalls
+STOPSIGNAL SIGQUIT