mirror of
https://github.com/NginxProxyManager/nginx-proxy-manager.git
synced 2026-05-23 09:08:57 +01:00
Jamie Curnow
45 lines
1.5 KiB
Docker
45 lines
1.5 KiB
Docker
FROM nginxproxymanager/testca AS testca
|
|
FROM nginxproxymanager/nginx-full:certbot-node
|
|
LABEL maintainer="Jamie Curnow <jc@jc21.com>"
|
|
|
|
SHELL ["/bin/bash", "-o", "pipefail", "-c"]
|
|
|
|
ENV SUPPRESS_NO_CONFIG_WARNING=1 \
|
|
S6_BEHAVIOUR_IF_STAGE2_FAILS=1 \
|
|
S6_CMD_WAIT_FOR_SERVICES_MAXTIME=0 \
|
|
S6_FIX_ATTRS_HIDDEN=1 \
|
|
S6_KILL_FINISH_MAXTIME=10000 \
|
|
S6_VERBOSITY=2 \
|
|
NODE_OPTIONS="--openssl-legacy-provider"
|
|
|
|
RUN echo "fs.file-max = 65535" > /etc/sysctl.conf \
|
|
&& apt-get update \
|
|
&& apt-get install -y jq python3-pip logrotate moreutils \
|
|
&& apt-get clean \
|
|
&& rm -rf /var/lib/apt/lists/*
|
|
|
|
# acme crypto_util.py references crypto.X509Extension which was removed in pyOpenSSL 24+.
|
|
# Wrap it as a string annotation (lazy eval) then recompile to invalidate any stale .pyc.
|
|
RUN find /opt/certbot -path "*/acme/crypto_util.py" \
|
|
-exec sed -i 's/Optional\[List\[crypto\.X509Extension\]\]/"Optional[List[crypto.X509Extension]]"/g' {} \; \
|
|
&& /opt/certbot/bin/python3 -m compileall -q /opt/certbot/lib/python3.13/site-packages/acme/
|
|
|
|
# Task
|
|
WORKDIR /usr
|
|
RUN curl -sL https://taskfile.dev/install.sh | sh
|
|
WORKDIR /root
|
|
|
|
COPY rootfs /
|
|
COPY scripts/install-s6 /tmp/install-s6
|
|
RUN rm -f /etc/nginx/conf.d/production.conf \
|
|
&& chmod 644 /etc/logrotate.d/nginx-proxy-manager \
|
|
&& /tmp/install-s6 "${TARGETPLATFORM}" \
|
|
&& rm -f /tmp/install-s6 \
|
|
&& chmod 644 -R /root/.cache
|
|
|
|
# Certs for testing purposes
|
|
COPY --from=testca /home/step/certs/root_ca.crt /etc/ssl/certs/NginxProxyManager.crt
|
|
|
|
EXPOSE 80 81 443
|
|
ENTRYPOINT [ "/init" ]
|