Merge pull request #25 from NginxProxyManager/bookworm

Bookworm

Author: jc21

.jenkins/Jenkinsfile

@@ -11,14 +11,15 @@ pipeline {
 		ansiColor('xterm')
 	}
 	environment {
-		IMAGE        = 'nginx-full'
-		BUILDX_NAME  = "${IMAGE}_${GIT_BRANCH}"
-		BRANCH_LOWER = "${BRANCH_NAME.toLowerCase().replaceAll('/', '-')}"
+		DOCKERHUB_NAMESPACE = 'nginxproxymanager'
+		IMAGE               = 'nginx-full'
+		BUILDX_NAME         = "${IMAGE}_${GIT_BRANCH}"
+		BRANCH_LOWER        = "${BRANCH_NAME.toLowerCase().replaceAll('/', '-')}"
 		// Software versions; OpenResty does not support Lua >= 5.2
-		OPENRESTY_VERSION = '1.21.4.3'
+		OPENRESTY_VERSION                  = '1.21.4.3'
 		CROWDSEC_OPENRESTY_BOUNCER_VERSION = '0.1.7'
-		LUA_VERSION       = '5.1.5'
-		LUAROCKS_VERSION  = '3.3.1'
+		LUA_VERSION                        = '5.1.5'
+		LUAROCKS_VERSION                   = '3.3.1'
 	}
 	stages {
 		stage('Environment') {
@@ -29,12 +30,12 @@ pipeline {
 					}
 					steps {
 						script {
-							env.BASE_TAG                       = 'latest'
-							env.BUILDX_PUSH_TAGS               = "-t docker.io/jc21/${IMAGE}:${BASE_TAG}"
-							env.BUILDX_PUSH_TAGS_ACMESH        = "-t docker.io/jc21/${IMAGE}:acmesh"
-							env.BUILDX_PUSH_TAGS_CERTBOT       = "-t docker.io/jc21/${IMAGE}:certbot"
-							env.BUILDX_PUSH_TAGS_ACMESH_GOLANG = "-t docker.io/jc21/${IMAGE}:acmesh-golang"
-							env.BUILDX_PUSH_TAGS_CERTBOT_NODE  = "-t docker.io/jc21/${IMAGE}:certbot-node"
+							env.BASE_IMAGE                     = "${DOCKERHUB_NAMESPACE}/${IMAGE}:latest"
+							env.BUILDX_PUSH_TAGS               = "-t ${BASE_IMAGE}"
+							env.BUILDX_PUSH_TAGS_ACMESH        = "-t ${DOCKERHUB_NAMESPACE}/${IMAGE}:acmesh"
+							env.BUILDX_PUSH_TAGS_CERTBOT       = "-t ${DOCKERHUB_NAMESPACE}/${IMAGE}:certbot"
+							env.BUILDX_PUSH_TAGS_ACMESH_GOLANG = "-t ${DOCKERHUB_NAMESPACE}/${IMAGE}:acmesh-golang"
+							env.BUILDX_PUSH_TAGS_CERTBOT_NODE  = "-t ${DOCKERHUB_NAMESPACE}/${IMAGE}:certbot-node"
 						}
 					}
 				}
@@ -47,10 +48,10 @@ pipeline {
 					steps {
 						script {
 							// Defaults to the Branch name, which is applies to all branches AND pr's
-							env.BASE_TAG                       = "github-${BRANCH_LOWER}"
-							env.ACMESH_BASE_TAG                = "github-${BRANCH_LOWER}-acmesh"
-							env.CERTBOT_BASE_TAG               = "github-${BRANCH_LOWER}-certbot"
-							env.BUILDX_PUSH_TAGS               = "-t docker.io/jc21/${IMAGE}:${BASE_TAG}"
+							env.BASE_IMAGE                     = "${DOCKERHUB_NAMESPACE}/${IMAGE}:github-${BRANCH_LOWER}"
+							env.ACMESH_IMAGE                   = "${BASE_IMAGE}-acmesh"
+							env.CERTBOT_IMAGE                  = "${BASE_IMAGE}-certbot"
+							env.BUILDX_PUSH_TAGS               = "-t ${BASE_IMAGE}"
 							env.BUILDX_PUSH_TAGS_ACMESH        = "${BUILDX_PUSH_TAGS}-acmesh"
 							env.BUILDX_PUSH_TAGS_CERTBOT       = "${BUILDX_PUSH_TAGS}-certbot"
 							env.BUILDX_PUSH_TAGS_ACMESH_GOLANG = "${BUILDX_PUSH_TAGS}-acmesh-golang"
@@ -106,13 +107,13 @@ pipeline {
 			}
 			steps {
 				script {
-					def comment = pullRequest.comment("""Docker Image for build ${BUILD_NUMBER} is available on [DockerHub](https://cloud.docker.com/repository/docker/jc21/${IMAGE}) as:
+					def comment = pullRequest.comment("""Docker Image for build ${BUILD_NUMBER} is available on [DockerHub](https://cloud.docker.com/repository/docker/${DOCKERHUB_NAMESPACE}/${IMAGE}) as:
 
-- `jc21/${IMAGE}:github-${BRANCH_LOWER}`
-- `jc21/${IMAGE}:github-${BRANCH_LOWER}-certbot`
-- `jc21/${IMAGE}:github-${BRANCH_LOWER}-certbot-node`
-- `jc21/${IMAGE}:github-${BRANCH_LOWER}-acmesh`
-- `jc21/${IMAGE}:github-${BRANCH_LOWER}-acmesh-golang`
+- `${DOCKERHUB_NAMESPACE}/${IMAGE}:github-${BRANCH_LOWER}`
+- `${DOCKERHUB_NAMESPACE}/${IMAGE}:github-${BRANCH_LOWER}-certbot`
+- `${DOCKERHUB_NAMESPACE}/${IMAGE}:github-${BRANCH_LOWER}-certbot-node`
+- `${DOCKERHUB_NAMESPACE}/${IMAGE}:github-${BRANCH_LOWER}-acmesh`
+- `${DOCKERHUB_NAMESPACE}/${IMAGE}:github-${BRANCH_LOWER}-acmesh-golang`
 """)
 				}
 			}

README.md

@@ -4,11 +4,11 @@
   <img src="https://img.shields.io/badge/openresty-1.21.4.3-green.svg?style=for-the-badge">
   <img src="https://img.shields.io/badge/lua-5.1.5-green.svg?style=for-the-badge">
   <img src="https://img.shields.io/badge/luarocks-3.3.1-green.svg?style=for-the-badge">
-  <a href="https://hub.docker.com/repository/docker/jc21/nginx-full">
-    <img src="https://img.shields.io/docker/stars/jc21/nginx-full.svg?style=for-the-badge">
+  <a href="https://hub.docker.com/repository/docker/nginxproxymanager/nginx-full">
+    <img src="https://img.shields.io/docker/stars/nginxproxymanager/nginx-full.svg?style=for-the-badge">
   </a>
-  <a href="https://hub.docker.com/repository/docker/jc21/nginx-full">
-    <img src="https://img.shields.io/docker/pulls/jc21/nginx-full.svg?style=for-the-badge">
+  <a href="https://hub.docker.com/repository/docker/nginxproxymanager/nginx-full">
+    <img src="https://img.shields.io/docker/pulls/nginxproxymanager/nginx-full.svg?style=for-the-badge">
   </a>
 </p>
 
@@ -46,7 +46,7 @@ The following architectures are supported for all images:
 ### Usage:
 
 ```
-FROM jc21/nginx-full:latest
+FROM nginxproxymanager/nginx-full:latest
 
 ...
 ```
@@ -56,7 +56,6 @@ FROM jc21/nginx-full:latest
 ```
 docker run \
   -v /path/to/local/acme-data:/data/.acme.sh \
-  jc21/nginx-full:acmesh \
+  nginxproxymanager/nginx-full:acmesh \
   acme.sh -h
 ```
-

docker/Dockerfile

@@ -2,7 +2,7 @@
 # Nginx Builder
 #############
 
-FROM debian:buster-slim as nginxbuilder
+FROM debian:bookworm-slim as nginxbuilder
 
 ARG OPENRESTY_VERSION
 ARG LUA_VERSION
@@ -33,13 +33,13 @@ RUN /tmp/build-openresty
 # Final Image
 #############
 
-FROM debian:buster-slim
+FROM debian:bookworm-slim as final
 LABEL maintainer="Jamie Curnow <[email protected]>"
 
 SHELL ["/bin/bash", "-o", "pipefail", "-c"]
 
 ARG TARGETPLATFORM
-RUN echo "Base: debian:buster-slim, ${TARGETPLATFORM:-linux/amd64}" > /built-for-arch
+RUN echo "Base: debian:bookworm-slim, ${TARGETPLATFORM:-linux/amd64}" > /built-for-arch
 
 # OpenResty uses LuaJIT which has a dependency on GCC
 RUN apt-get update \
@@ -51,7 +51,7 @@ RUN apt-get update \
 	jq \
 	libncurses6 \
 	libpcre3 \
-	libreadline7 \
+	libreadline8 \
 	openssl \
 	perl \
 	tzdata \
@@ -101,4 +101,4 @@ LABEL org.label-schema.schema-version="1.0" \
 	org.label-schema.description="A base image for use by Nginx Proxy Manager" \
 	org.label-schema.url="https://github.com/nginxproxymanager/docker-nginx-full" \
 	org.label-schema.vcs-url="https://github.com/nginxproxymanager/docker-nginx-full.git" \
-	org.label-schema.cmd="docker run --rm -ti jc21/nginx-full:latest"
+	org.label-schema.cmd="docker run --rm -ti nginxproxymanager/nginx-full:latest"

docker/Dockerfile.acmesh

@@ -1,8 +1,11 @@
-FROM jc21/nginx-full:${BASE_TAG:-latest}
+ARG BASE_IMAGE=nginxproxymanager/nginx-full:latest
+FROM $BASE_IMAGE as final
+ARG BASE_IMAGE
+ARG TARGETPLATFORM
+
 LABEL maintainer="Jamie Curnow <[email protected]>"
 
-ARG TARGETPLATFORM
-RUN echo "Acme.sh: jc21/nginx-full:${BASE_TAG:-latest}, ${TARGETPLATFORM:-linux/amd64}" >> /built-for-arch
+RUN echo "Acme.sh: $BASE_IMAGE, ${TARGETPLATFORM:-linux/amd64}" >> /built-for-arch
 
 ENV CURL_CA_BUNDLE=/etc/ssl/certs/ca-certificates.crt
 
@@ -24,5 +27,5 @@ COPY ./files/acme.sh-wrapper /bin/acme.sh
 # Test that the wrapper script is working
 RUN /bin/acme.sh -h
 
-LABEL org.label-schema.cmd="docker run --rm -ti jc21/nginx-full:acmesh"
+LABEL org.label-schema.cmd="docker run --rm -ti nginxproxymanager/nginx-full:acmesh"
 

docker/Dockerfile.acmesh-golang

@@ -1,9 +1,12 @@
-FROM golang:1.20 as go
-FROM jc21/nginx-full:${ACMESH_BASE_TAG:-acmesh}
+ARG ACMESH_IMAGE=nginxproxymanager/nginx-full:acmesh
+FROM golang:1.21 as go
+FROM $ACMESH_IMAGE as final
+ARG ACMESH_IMAGE
+ARG TARGETPLATFORM
+
 LABEL maintainer="Jamie Curnow <[email protected]>"
 
-ARG TARGETPLATFORM
-RUN echo "Golang: jc21/nginx-full:${BASE_TAG:-acmesh}, ${TARGETPLATFORM:-linux/amd64}" >> /built-for-arch
+RUN echo "Golang: $ACMESH_IMAGE, ${TARGETPLATFORM:-linux/amd64}" >> /built-for-arch
 
 RUN apt-get update \
 	&& apt-get install -y wget gcc g++ make git sqlite3 jq \
@@ -30,12 +33,11 @@ WORKDIR /root
 COPY ./files/.bashrc.acmesh-golang /root/.bashrc
 
 # Gotools
-RUN cd /usr && wget -O- -nv https://raw.githubusercontent.com/golangci/golangci-lint/master/install.sh | sh -s v1.52.2
+RUN cd /usr && wget -O- -nv https://raw.githubusercontent.com/golangci/golangci-lint/master/install.sh | sh -s v1.55.2
 RUN go install github.com/kyoh86/richgo@latest \
-	&& go install github.com/sonatype-nexus-community/nancy@latest \
 	&& go install github.com/mfridman/tparse@latest \
 	&& go install golang.org/x/vuln/cmd/govulncheck@latest \
 	&& rm -rf /root/.cache/go-build
 
-LABEL org.label-schema.cmd="docker run --rm -ti jc21/nginx-full:acmesh-golang"
+LABEL org.label-schema.cmd="docker run --rm -ti nginxproxymanager/nginx-full:acmesh-golang"
 

docker/Dockerfile.certbot

@@ -1,22 +1,26 @@
+ARG BASE_IMAGE=nginxproxymanager/nginx-full:latest
+
 #############
 # Certbot Builder
 #############
 
-FROM debian:buster-slim as certbotbuilder
+FROM debian:bookworm-slim as certbotbuilder
 
 SHELL ["/bin/bash", "-o", "pipefail", "-c"]
 
 RUN apt-get update
 RUN apt-get install -y \
 	build-essential \
+	ca-certificates \
 	curl \
 	libaugeas0 \
-	python3 \
-	python3-dev \
 	libffi-dev \
 	libssl-dev \
-	python3-venv \
-	ca-certificates
+	openssl \
+	pkg-config \
+	python3 \
+	python3-dev \
+	python3-venv
 
 ENV SSL_CERT_FILE=/etc/ssl/certs/ca-certificates.crt
 
@@ -30,26 +34,20 @@ ENV PATH="/opt/certbot/bin:$PATH"
 
 RUN curl -L 'https://bootstrap.pypa.io/get-pip.py' | python3
 
-# Handle an extremely specific issue when building the cryptography package for
-# 32-bit architectures within QEMU running on a 64-bit host
-# Special thanks to https://github.com/JonasAlfredsson/docker-nginx-certbot
-RUN if [ "$(getconf LONG_BIT)" = "32" ]; then \
-	pip3 install --no-cache-dir -U cryptography==3.3.2; \
-	fi
-
-RUN pip install cryptography==2.8 \
-	pip install --no-cache-dir cffi certbot \
+RUN pip install --no-cache-dir --upgrade pyopenssl \
+	&& pip install --no-cache-dir cffi certbot cryptography \
 	&& pip install tldextract
 
 #############
 # Final Image
 #############
+FROM $BASE_IMAGE as final
+ARG BASE_IMAGE
+ARG TARGETPLATFORM
 
-FROM jc21/nginx-full:${BASE_TAG:-latest}
 LABEL maintainer="Jamie Curnow <[email protected]>"
 
-ARG TARGETPLATFORM
-RUN echo "Certbot: jc21/nginx-full:${BASE_TAG:-latest}, ${TARGETPLATFORM:-linux/amd64}" >> /built-for-arch
+RUN echo "Certbot: $BASE_IMAGE, ${TARGETPLATFORM:-linux/amd64}" >> /built-for-arch
 
 COPY scripts/install-cert-prune /tmp/install-cert-prune
 RUN /tmp/install-cert-prune "${TARGETPLATFORM:-linux/amd64}" && rm -f /tmp/install-cert-prune
@@ -67,9 +65,12 @@ COPY ./files/.bashrc.certbot /root/.bashrc
 
 # Copy certbot
 COPY --from=certbotbuilder /opt/certbot /opt/certbot
-RUN curl -L 'https://bootstrap.pypa.io/get-pip.py' | python3 \
-	&& python3 -m venv /opt/certbot/ \
+
+ENV PATH="/opt/certbot/bin:$PATH"
+
+RUN python3 -m venv /opt/certbot/ \
+	&& curl -L 'https://bootstrap.pypa.io/get-pip.py' | /opt/certbot/bin/python3 \
 	&& sed -i 's/include-system-site-packages = false/include-system-site-packages = true/g' -i /opt/certbot/pyvenv.cfg \
 	&& ln -s /opt/certbot/bin/certbot /usr/bin/certbot
 
-LABEL org.label-schema.cmd="docker run --rm -ti jc21/nginx-full:certbot"
+LABEL org.label-schema.cmd="docker run --rm -ti nginxproxymanager/nginx-full:certbot"

docker/Dockerfile.certbot-node

@@ -1,12 +1,15 @@
-FROM jc21/nginx-full:${CERTBOT_BASE_TAG:-certbot}
+ARG CERTBOT_IMAGE=nginxproxymanager/nginx-full:certbot
+FROM $CERTBOT_IMAGE as final
+ARG CERTBOT_IMAGE
+ARG TARGETPLATFORM
+
 LABEL maintainer="Jamie Curnow <[email protected]>"
 
-ARG TARGETPLATFORM
-RUN echo "Node: jc21/nginx-full:${BASE_TAG:-certbot}, ${TARGETPLATFORM:-linux/amd64}" >> /built-for-arch
+RUN echo "Node: $CERTBOT_IMAGE, ${TARGETPLATFORM:-linux/amd64}" >> /built-for-arch
 
 ENV CURL_CA_BUNDLE=/etc/ssl/certs/ca-certificates.crt
 
-RUN curl -fsSL https://deb.nodesource.com/setup_16.x | bash - \
+RUN curl -fsSL https://deb.nodesource.com/setup_20.x | bash - \
 	&& apt-get update \
 	&& apt-get install -y gcc make g++ git nodejs \
 	&& apt-get clean \
@@ -21,5 +24,4 @@ COPY ./files/test.js /tmp/test.js
 RUN node /tmp/test.js \
 	&& rm -f /tmp/test.js
 
-LABEL org.label-schema.cmd="docker run --rm -ti jc21/nginx-full:certbot-node"
-
+LABEL org.label-schema.cmd="docker run --rm -ti nginxproxymanager/nginx-full:certbot-node"

local-build.sh

@@ -6,13 +6,20 @@ YELLOW='\E[1;33m'
 GREEN='\E[1;32m'
 RESET='\E[0m'
 
-DOCKER_IMAGE=jc21/nginx-full
+REGISTRY=${REGISTRY:-}
+DOCKER_IMAGE="${REGISTRY}nginxproxymanager/nginx-full"
 
 export OPENRESTY_VERSION=1.21.4.3
 export CROWDSEC_OPENRESTY_BOUNCER_VERSION=0.1.7
 export LUA_VERSION=5.1.5
 export LUAROCKS_VERSION=3.3.1
 
+export BASE_IMAGE="${DOCKER_IMAGE}:latest"
+export ACMESH_IMAGE="${DOCKER_IMAGE}:acmesh"
+export CERTBOT_IMAGE="${DOCKER_IMAGE}:certbot"
+export CERTBOT_NODE_IMAGE="${DOCKER_IMAGE}:certbot-node"
+export ACMESH_GOLANG_IMAGE="${DOCKER_IMAGE}:acmesh-golang"
+
 # Builds
 
 echo -e "${BLUE}❯ ${CYAN}Building ${YELLOW}latest ${CYAN}...${RESET}"
@@ -22,35 +29,35 @@ docker build \
 	--build-arg CROWDSEC_OPENRESTY_BOUNCER_VERSION \
 	--build-arg LUA_VERSION \
 	--build-arg LUAROCKS_VERSION \
-	-t ${DOCKER_IMAGE}:latest \
+	-t "$BASE_IMAGE" \
 	-f docker/Dockerfile \
 	.
 
 echo -e "${BLUE}❯ ${CYAN}Building ${YELLOW}acmesh ${CYAN}...${RESET}"
 docker build \
-	--build-arg BASE_TAG=latest \
-	-t ${DOCKER_IMAGE}:acmesh \
+	--build-arg BASE_IMAGE \
+	-t "$ACMESH_IMAGE" \
 	-f docker/Dockerfile.acmesh \
 	.
 
 echo -e "${BLUE}❯ ${CYAN}Building ${YELLOW}certbot ${CYAN}...${RESET}"
 docker build \
-	--build-arg BASE_TAG=latest \
-	-t ${DOCKER_IMAGE}:certbot \
+	--build-arg BASE_IMAGE \
+	-t "$CERTBOT_IMAGE" \
 	-f docker/Dockerfile.certbot \
 	.
 
 echo -e "${BLUE}❯ ${CYAN}Building ${YELLOW}acmesh-golang ${CYAN}...${RESET}"
 docker build \
-	--build-arg BASE_TAG=acmesh \
-	-t ${DOCKER_IMAGE}:acmesh-golang \
+	--build-arg ACMESH_IMAGE \
+	-t "$ACMESH_GOLANG_IMAGE" \
 	-f docker/Dockerfile.acmesh-golang \
 	.
 
 echo -e "${BLUE}❯ ${CYAN}Building ${YELLOW}certbot-node ${CYAN}...${RESET}"
 docker build \
-	--build-arg BASE_TAG=certbot \
-	-t ${DOCKER_IMAGE}:certbot-node \
+	--build-arg CERTBOT_IMAGE \
+	-t "$CERTBOT_NODE_IMAGE" \
 	-f docker/Dockerfile.certbot-node \
 	.