epikur (5ed2394a6dbdedacf9dccdd3f10dc25633efc5f1)

Published 2026-04-22 13:02:43 +02:00 by l0rn

Installation

docker pull forgejo.zint.de/l0rn/epikur:5ed2394a6dbdedacf9dccdd3f10dc25633efc5f1
sha256:87ac35a8f0f15b24642cbd041bdb22a562442dba82bd1f1dd4b2609a2a029a82

Image layers

ADD alpine-minirootfs-3.23.4-x86_64.tar.gz / # buildkit
CMD ["/bin/sh"]
LABEL maintainer=NGINX Docker Maintainers <docker-maint@nginx.com>
ENV NGINX_VERSION=1.29.8
ENV PKG_RELEASE=1
ENV DYNPKG_RELEASE=1
RUN /bin/sh -c set -x && addgroup -g 101 -S nginx && adduser -S -D -H -u 101 -h /var/cache/nginx -s /sbin/nologin -G nginx -g nginx nginx && apkArch="$(cat /etc/apk/arch)" && nginxPackages=" nginx=${NGINX_VERSION}-r${PKG_RELEASE} " && apk add --no-cache --virtual .checksum-deps openssl && case "$apkArch" in x86_64|aarch64) set -x && KEY_SHA512="e09fa32f0a0eab2b879ccbbc4d0e4fb9751486eedda75e35fac65802cc9faa266425edf83e261137a2f4d16281ce2c1a5f4502930fe75154723da014214f0655" && wget -O /tmp/nginx_signing.rsa.pub https://nginx.org/keys/nginx_signing.rsa.pub && if echo "$KEY_SHA512 */tmp/nginx_signing.rsa.pub" | sha512sum -c -; then echo "key verification succeeded!"; mv /tmp/nginx_signing.rsa.pub /etc/apk/keys/; else echo "key verification failed!"; exit 1; fi && DEPS=$(apk query --summarize depends --recursive --no-cache --repository "@nginxorg https://nginx.org/packages/mainline/alpine/v$(egrep -o '^[0-9]+\.[0-9]+' /etc/alpine-release)/main" ${nginxPackages/=/@nginxorg=}) && apk add --no-cache $DEPS && apk add --repositories-file /dev/null -X "https://nginx.org/packages/mainline/alpine/v$(egrep -o '^[0-9]+\.[0-9]+' /etc/alpine-release)/main" --no-cache $nginxPackages ;; *) set -x && tempDir="$(mktemp -d)" && chown nobody:nobody $tempDir && apk add --no-cache --virtual .build-deps gcc libc-dev make openssl-dev pcre2-dev zlib-dev linux-headers bash alpine-sdk findutils curl && su nobody -s /bin/sh -c " export HOME=${tempDir} && cd ${tempDir} && curl -f -L -O https://github.com/nginx/pkg-oss/archive/${NGINX_VERSION}-${PKG_RELEASE}.tar.gz && PKGOSSCHECKSUM=\"7074c3ba1ece708140afd0220b16df77651fbb56cc012e901bc1c4a80531872b7a58ad97a28357646575ce625e94a0540796c045f95d33e40e6d3874ce7b3d79 *${NGINX_VERSION}-${PKG_RELEASE}.tar.gz\" && if [ \"\$(openssl sha512 -r ${NGINX_VERSION}-${PKG_RELEASE}.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then echo \"pkg-oss tarball checksum verification succeeded!\"; else echo \"pkg-oss tarball checksum verification failed!\"; exit 1; fi && tar xzvf ${NGINX_VERSION}-${PKG_RELEASE}.tar.gz && cd pkg-oss-${NGINX_VERSION}-${PKG_RELEASE} && cd alpine && make base && apk index --allow-untrusted -o ${tempDir}/packages/alpine/${apkArch}/APKINDEX.tar.gz ${tempDir}/packages/alpine/${apkArch}/*.apk && abuild-sign -k ${tempDir}/.abuild/abuild-key.rsa ${tempDir}/packages/alpine/${apkArch}/APKINDEX.tar.gz " && cp ${tempDir}/.abuild/abuild-key.rsa.pub /etc/apk/keys/ && apk del --no-network .build-deps && DEPS=$(apk query --summarize depends --recursive --no-cache --repository "@nginxorg ${tempDir}/packages/alpine/" ${nginxPackages/=/@nginxorg=}) && apk add --no-cache $DEPS && apk add --repositories-file /dev/null -X ${tempDir}/packages/alpine/ --no-cache $nginxPackages ;; esac && apk del --no-network .checksum-deps && if [ -n "$tempDir" ]; then rm -rf "$tempDir"; fi && if [ -f "/etc/apk/keys/abuild-key.rsa.pub" ]; then rm -f /etc/apk/keys/abuild-key.rsa.pub; fi && apk add --no-cache gettext-envsubst && apk add --no-cache tzdata && ln -sf /dev/stdout /var/log/nginx/access.log && ln -sf /dev/stderr /var/log/nginx/error.log && mkdir /docker-entrypoint.d # buildkit
COPY docker-entrypoint.sh / # buildkit
COPY 10-listen-on-ipv6-by-default.sh /docker-entrypoint.d # buildkit
COPY 15-local-resolvers.envsh /docker-entrypoint.d # buildkit
COPY 20-envsubst-on-templates.sh /docker-entrypoint.d # buildkit
COPY 30-tune-worker-processes.sh /docker-entrypoint.d # buildkit
ENTRYPOINT ["/docker-entrypoint.sh"]
EXPOSE map[80/tcp:{}]
STOPSIGNAL SIGQUIT
CMD ["nginx" "-g" "daemon off;"]
ENV NJS_VERSION=0.9.6
ENV NJS_RELEASE=1
ENV ACME_VERSION=0.3.1
RUN /bin/sh -c set -x && apkArch="$(cat /etc/apk/arch)" && nginxPackages=" nginx=${NGINX_VERSION}-r${PKG_RELEASE} nginx-module-xslt=${NGINX_VERSION}-r${DYNPKG_RELEASE} nginx-module-geoip=${NGINX_VERSION}-r${DYNPKG_RELEASE} nginx-module-image-filter=${NGINX_VERSION}-r${DYNPKG_RELEASE} nginx-module-njs=${NGINX_VERSION}.${NJS_VERSION}-r${NJS_RELEASE} nginx-module-acme=${NGINX_VERSION}.${ACME_VERSION}-r${PKG_RELEASE} " && apk add --no-cache --virtual .checksum-deps openssl && case "$apkArch" in x86_64|aarch64) apk add -X "https://nginx.org/packages/mainline/alpine/v$(egrep -o '^[0-9]+\.[0-9]+' /etc/alpine-release)/main" --no-cache $nginxPackages ;; *) set -x && tempDir="$(mktemp -d)" && chown nobody:nobody $tempDir && apk add --no-cache --virtual .build-deps gcc libc-dev make openssl-dev pcre2-dev zlib-dev linux-headers libxslt-dev gd-dev geoip-dev libedit-dev bash alpine-sdk findutils curl cargo clang-libclang && su nobody -s /bin/sh -c " export HOME=${tempDir} && cd ${tempDir} && curl -f -L -O https://github.com/nginx/pkg-oss/archive/${NGINX_VERSION}-${PKG_RELEASE}.tar.gz && PKGOSSCHECKSUM=\"7074c3ba1ece708140afd0220b16df77651fbb56cc012e901bc1c4a80531872b7a58ad97a28357646575ce625e94a0540796c045f95d33e40e6d3874ce7b3d79 *${NGINX_VERSION}-${PKG_RELEASE}.tar.gz\" && if [ \"\$(openssl sha512 -r ${NGINX_VERSION}-${PKG_RELEASE}.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then echo \"pkg-oss tarball checksum verification succeeded!\"; else echo \"pkg-oss tarball checksum verification failed!\"; exit 1; fi && tar xzvf ${NGINX_VERSION}-${PKG_RELEASE}.tar.gz && cd pkg-oss-${NGINX_VERSION}-${PKG_RELEASE} && cd alpine && export BUILDTARGET=\"module-geoip module-image-filter module-njs module-xslt module-acme\" && if [ \"\$(apk --print-arch)\" = \"armhf\" ]; then BUILDTARGET=\"\$( echo \$BUILDTARGET | sed 's,module-acme,,' )\"; fi && make \$BUILDTARGET && apk index --allow-untrusted -o ${tempDir}/packages/alpine/${apkArch}/APKINDEX.tar.gz ${tempDir}/packages/alpine/${apkArch}/*.apk && abuild-sign -k ${tempDir}/.abuild/abuild-key.rsa ${tempDir}/packages/alpine/${apkArch}/APKINDEX.tar.gz " && cp ${tempDir}/.abuild/abuild-key.rsa.pub /etc/apk/keys/ && apk del --no-network .build-deps && if [ "$apkArch" = "armhf" ]; then nginxPackages="$( echo $nginxPackages | sed 's,nginx-module-acme=.*,,')"; fi && apk add -X ${tempDir}/packages/alpine/ --no-cache $nginxPackages ;; esac && apk del --no-network .checksum-deps && if [ -n "$tempDir" ]; then rm -rf "$tempDir"; fi && if [ -f "/etc/apk/keys/abuild-key.rsa.pub" ]; then rm -f /etc/apk/keys/abuild-key.rsa.pub; fi && apk add --no-cache curl ca-certificates # buildkit
ARG VERSION
ARG APP_SERVER_URL VERSION
ARG APP_SERVER_URL PRETALX_URL VERSION
ARG APP_SERVER_URL PRETALX_TOKEN PRETALX_URL VERSION
ARG APP_SERVER_URL EVENT_SLUG PRETALX_TOKEN PRETALX_URL VERSION
|5 APP_SERVER_URL=https://app.hedonist-international.org EVENT_SLUG=congress11 PRETALX_TOKEN=cqofnhjy5otutzrdgg9aiu16qq6pksrpwat74zfobcyqlg2r5ilyaaj0cm62zj8z PRETALX_URL=https://pretalx.hedonist-international.org VERSION=5ed2394a6dbdedacf9dccdd3f10dc25633efc5f1 /bin/sh -c apk add --no-cache openssl
COPY dir:26b3e1801644a2831cb0a276361f67ff8ed410ccc28559a2d06dc4bba2a71feb in /usr/share/nginx/html
COPY dir:fd4b4aac0a1e60fe29c73f1e2a488f2d5375e49dd65334bc26bbcdb4fb2ec754 in /usr/share/nginx/html/downloads/
|5 APP_SERVER_URL=https://app.hedonist-international.org EVENT_SLUG=congress11 PRETALX_TOKEN=cqofnhjy5otutzrdgg9aiu16qq6pksrpwat74zfobcyqlg2r5ilyaaj0cm62zj8z PRETALX_URL=https://pretalx.hedonist-international.org VERSION=5ed2394a6dbdedacf9dccdd3f10dc25633efc5f1 /bin/sh -c printf '{"version":"%s","apkUrl":"/downloads/app-release.apk","pretalxUrl":"%s","eventSlug":"%s"}\n' "${VERSION}" "${APP_SERVER_URL}" "${EVENT_SLUG}" > /usr/share/nginx/html/version.json
|5 APP_SERVER_URL=https://app.hedonist-international.org EVENT_SLUG=congress11 PRETALX_TOKEN=cqofnhjy5otutzrdgg9aiu16qq6pksrpwat74zfobcyqlg2r5ilyaaj0cm62zj8z PRETALX_URL=https://pretalx.hedonist-international.org VERSION=5ed2394a6dbdedacf9dccdd3f10dc25633efc5f1 /bin/sh -c set -e; PRETALX_HOST=$(printf '%s' "${PRETALX_URL}" | sed 's|^https\?://||' | cut -d/ -f1); { echo 'server {'; echo ' listen 80;'; echo ' root /usr/share/nginx/html;'; echo ' index index.html;'; echo ' # Basic auth — controlled at runtime via BASIC_AUTH_USER/BASIC_AUTH_PASS.'; echo ' # auth.conf contains either "auth_basic off" or live credentials.'; echo ' # OPTIONS preflights bypass this because the if-return in /api/ runs'; echo ' # in the rewrite phase, before the access phase where auth is checked.'; echo ' include /etc/nginx/conf.d/auth.conf;'; if [ -n "${PRETALX_URL}" ]; then echo ' location /api/ {'; echo ' # Answer CORS preflights directly — no upstream round-trip.'; echo ' if ($request_method = OPTIONS) {'; echo " add_header 'Access-Control-Allow-Origin' '*';"; echo " add_header 'Access-Control-Allow-Methods' 'GET, POST, PUT, PATCH, DELETE, OPTIONS';"; echo " add_header 'Access-Control-Allow-Headers' 'Authorization, Content-Type, Accept';"; echo " add_header 'Access-Control-Max-Age' 86400;"; echo " add_header 'Content-Length' 0;"; echo ' return 204;'; echo ' }'; printf ' proxy_pass %s/api/;\n' "${PRETALX_URL}"; printf ' proxy_set_header Host %s;\n' "${PRETALX_HOST}"; echo ' proxy_set_header X-Real-IP $remote_addr;'; echo ' proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;'; echo ' proxy_ssl_server_name on;'; if [ -n "${PRETALX_TOKEN}" ]; then printf ' proxy_set_header Authorization "Token %s";\n' "${PRETALX_TOKEN}"; fi; echo ' }'; fi; echo ' location /downloads/ {'; echo ' types { application/vnd.android.package-archive apk; }'; echo ' default_type application/octet-stream;'; echo ' add_header Content-Disposition "attachment";'; echo ' }'; echo ' location /version.json {'; echo ' add_header Cache-Control "no-cache, no-store, must-revalidate";'; echo ' add_header Access-Control-Allow-Origin "*";'; echo ' }'; echo ' location /map.json {'; echo ' add_header Cache-Control "no-cache, no-store, must-revalidate";'; echo ' add_header Access-Control-Allow-Origin "*";'; echo ' }'; echo ' # Service worker must never be cached — browser needs the latest version'; echo ' # to detect when new app content is available.'; echo ' location = /flutter_service_worker.js {'; echo ' add_header Cache-Control "no-cache, no-store, must-revalidate";'; echo ' }'; echo ' location = /flutter_bootstrap.js {'; echo ' add_header Cache-Control "no-cache, no-store, must-revalidate";'; echo ' }'; echo ' location / {'; echo ' try_files $uri $uri/ /index.html;'; echo ' }'; echo '}'; } > /etc/nginx/conf.d/default.conf
|5 APP_SERVER_URL=https://app.hedonist-international.org EVENT_SLUG=congress11 PRETALX_TOKEN=cqofnhjy5otutzrdgg9aiu16qq6pksrpwat74zfobcyqlg2r5ilyaaj0cm62zj8z PRETALX_URL=https://pretalx.hedonist-international.org VERSION=5ed2394a6dbdedacf9dccdd3f10dc25633efc5f1 /bin/sh -c echo 'auth_basic off;' > /etc/nginx/conf.d/auth.conf
|5 APP_SERVER_URL=https://app.hedonist-international.org EVENT_SLUG=congress11 PRETALX_TOKEN=cqofnhjy5otutzrdgg9aiu16qq6pksrpwat74zfobcyqlg2r5ilyaaj0cm62zj8z PRETALX_URL=https://pretalx.hedonist-international.org VERSION=5ed2394a6dbdedacf9dccdd3f10dc25633efc5f1 /bin/sh -c printf '%s\n' '#!/bin/sh' 'set -e' 'if [ -n "${BASIC_AUTH_USER}" ] && [ -n "${BASIC_AUTH_PASS}" ]; then' ' echo "Basic auth: enabling for user ${BASIC_AUTH_USER}"' ' printf '"'"'%s:%s\n'"'"' "${BASIC_AUTH_USER}" \' ' "$(openssl passwd -apr1 "${BASIC_AUTH_PASS}")" \' ' > /etc/nginx/htpasswd' ' printf '"'"'auth_basic "Protected";\nauth_basic_user_file /etc/nginx/htpasswd;\n'"'"' \' ' > /etc/nginx/conf.d/auth.conf' 'else' ' echo "Basic auth: disabled"' ' echo '"'"'auth_basic off;'"'"' > /etc/nginx/conf.d/auth.conf' 'fi' > /docker-entrypoint.d/40-basic-auth.sh && chmod +x /docker-entrypoint.d/40-basic-auth.sh
EXPOSE 80

Labels

Key Value
io.buildah.version 1.41.8
maintainer NGINX Docker Maintainers <docker-maint@nginx.com>
Details
Container
2026-04-22 13:02:43 +02:00
0
OCI / Docker
linux/amd64
77 MiB
Versions (61) View all