FROM centos
LABEL maintainer “awen Email: <hi@awen.me>”
WORKDIR /opt/
COPY CentOS7-Base-163.repo /etc/yum.repos.d/CentOS-Base.repo
COPY nginx /etc/init.d/nginx
ENV NGINX_V=1.13.5 \
OPENSSL_V=1.0.2l \
PCRE_V=8.41 \
ZLIB_V=1.2.11
RUN yum -y update \
&& yum -y install openssh-server openssl gcc gcc-c++ pcre-devel openssl-devel zlib-devel wget make perl tar net-tools \
&& wget -c -4 https://nginx.org/download/nginx-$NGINX_V.tar.gz \
&& wget -c -4 https://www.openssl.org/source/openssl-$OPENSSL_V.tar.gz \
&& wget -c -4 ftp://ftp.csx.cam.ac.uk/pub/software/programming/pcre/pcre-$PCRE_V.tar.gz \
&& wget -c -4 http://zlib.net/zlib-$ZLIB_V.tar.gz \
&& groupadd -r www && useradd -r -g www www \
&& tar zxvf zlib-$ZLIB_V.tar.gz \
&& cd zlib-$ZLIB_V \
&& ./configure \
&& make \
&& make install \
&& cd /opt \
&& tar zxvf pcre-$PCRE_V.tar.gz \
&& cd pcre-$PCRE_V \
&& ./configure \
&& make \
&& make install \
&& cd /opt \
&& tar zxvf openssl-$OPENSSL_V.tar.gz \
&& tar zxvf nginx-$NGINX_V.tar.gz \
&& cd nginx-$NGINX_V \
&& ./configure –prefix=/usr/local/nginx –user=www –group=www –with-pcre=/opt/pcre-$PCRE_V –with-http_ssl_module –with-zlib=/opt/zlib-$ZLIB_V –with-openssl=/opt/openssl-$OPENSSL_V –with-http_v2_module –with-http_ssl_module \
&& make \
&& make install \
&& rm -rf /opt/* \
&& mkdir -p /usr/local/nginx/ssl \
&& mkdir -p /usr/local/nginx/conf/vhost \
&& mkdir -p /var/log/wwwlogs/ \
&& mkdir -p /www/ \
&& ssh-keygen -t rsa -f /etc/ssh/ssh_host_rsa_key -N \
&& ssh-keygen -t dsa -f /etc/ssh/ssh_host_dsa_key -N \
&& ssh-keygen -t ecdsa -f /etc/ssh/ssh_host_ecdsa_key -N \
&& ssh-keygen -t ed25519 -f /etc/ssh/ssh_host_ed25519_key -N \
&& echo “RSAAuthentication yes” >> /etc/ssh/sshd_config \
&& echo “PubkeyAuthentication yes” >> /etc/ssh/sshd_config \
&& sed -i “s/PasswordAuthentication yes/PasswordAuthentication no/g” /etc/ssh/sshd_config \
&& sed -i “s/UsePAM yes/UsePAM no/g” /etc/ssh/sshd_config \
&& sed -i “s/#Port 22/Port 65422/g” /etc/ssh/sshd_config \
&& yum clean all \
&& mkdir /var/run/sshd \
&& chmod +x /etc/init.d/nginx \
&& rm -rf /root/*.cfg \
&& echo “Asia/Shanghai” > /etc/localtime
COPY ssl/* /usr/local/nginx/ssl/
COPY vhost/* /usr/local/nginx/conf/vhost/
COPY nginx.conf /usr/local/nginx/conf/
COPY ssh/* /root/.ssh/
VOLUME [“/www”,”/var/log/wwwlogs”,”/usr/local/nginx/ssl”,”/usr/local/nginx/conf/vhost”]
EXPOSE 65422 80 443
HEALTHCHECK CMD curl -fs http://localhost/ || exit 1
ENTRYPOINT /etc/init.d/nginx start && chown -R www:www /var/log/wwwlogs/ && /usr/sbin/sshd -D