59 lines
1.4 KiB
Plaintext
59 lines
1.4 KiB
Plaintext
FROM node:25-alpine3.22 AS build-page
|
|
|
|
COPY . /src
|
|
|
|
RUN cd /src \
|
|
&& apk add pnpm \
|
|
&& pnpm install \
|
|
&& pnpm run build
|
|
|
|
# Stage 1: build
|
|
|
|
FROM debian:13 AS build-server
|
|
|
|
ARG NGINX_VERSION=1.30.0
|
|
ARG ZSTD_MODULE_VERSION=0.1.1
|
|
|
|
RUN apt-get update && apt-get install -y --no-install-recommends \
|
|
build-essential \
|
|
ca-certificates \
|
|
curl \
|
|
libpcre2-dev \
|
|
libssl-dev \
|
|
zlib1g-dev \
|
|
libzstd-dev \
|
|
tar \
|
|
&& rm -rf /var/lib/apt/lists/*
|
|
|
|
WORKDIR /build
|
|
|
|
RUN curl -fsSLO "https://nginx.org/download/nginx-${NGINX_VERSION}.tar.gz" \
|
|
&& tar -xzf "nginx-${NGINX_VERSION}.tar.gz" \
|
|
&& curl -fsSL "https://github.com/tokers/zstd-nginx-module/archive/refs/tags/${ZSTD_MODULE_VERSION}.tar.gz" -o zstd-nginx-module.tar.gz \
|
|
&& tar -xzf zstd-nginx-module.tar.gz
|
|
|
|
WORKDIR /build/nginx-${NGINX_VERSION}
|
|
|
|
RUN ./configure \
|
|
--prefix=/etc/nginx \
|
|
--sbin-path=/usr/sbin/nginx \
|
|
--conf-path=/etc/nginx/nginx.conf \
|
|
--pid-path=/run/nginx.pid \
|
|
--with-http_ssl_module \
|
|
--with-http_v2_module \
|
|
--with-http_gzip_static_module \
|
|
--add-module=/build/zstd-nginx-module-${ZSTD_MODULE_VERSION} \
|
|
&& make -j"$(nproc)" \
|
|
&& make install
|
|
|
|
# Stage 2: hardened runtime
|
|
|
|
FROM dhi.io/nginx:1.30.0-debian13
|
|
|
|
COPY --from=build-server /usr/sbin/nginx /usr/sbin/nginx
|
|
COPY --from=build-server /etc/nginx /etc/nginx
|
|
COPY --from=build-page /src/dist /usr/share/nginx/html
|
|
|
|
EXPOSE 80 443
|
|
|
|
CMD ["-g", "daemon off;"] |