This is a Dockerfile to build a container image for nginx only, with the ability to pull website code from git.

This is for hosting static pages only and can be used as a template to build other nginx dockerfiles.

The source files for this project can be found here: https://github.com/ngineered/nginx-static

If you have any improvements please submit a pull request.

| Tag | Nginx | Alpine | |-----|-------|-----|--------| | latest | 1.10.1 | 3.4 |

To build from source you need to clone the git repo and run docker build:

git clone https://github.com/ngineered/nginx-static
.git
docker build -t nginx-static:latest .

docker pull richarvey/nginx-static

To simply run the container:

sudo docker run -d richarvey/nginx-static

You can then browse to https://<DOCKER_HOST>:8080 to view the default install files. To find your DOCKER_HOST use the docker inspect to get the IP address.

The following flags are a list of all the currently supported options that can be changed by passing in the variables to docker with the -e flag.

• GIT_REPO : URL to the repository containing your source code. If you are using a personal token, this is the https URL without https://, e.g github.com/project/ for ssh prepend with git@ e.g [email protected]:project.git
• GIT_BRANCH : Select a specific branch (optional)
• GIT_EMAIL : Set your email for code pushing (required for git to work)
• GIT_NAME : Set your name for code pushing (required for git to work)
• SSH_KEY : Private SSH deploy key for your repository base64 encoded (requires write permissions for pushing)
• GIT_PERSONAL_TOKEN : Personal access token for your git account (required for HTTPS git access)
• GIT_USERNAME : Git username for use with personal tokens. (required for HTTPS git access)
• WEBROOT : Change the default webroot directory from /var/www/html to your own setting
• HIDE_NGINX_HEADERS : Disable by setting to 0, default behavior is to hide nginx version in headers
• DOMAIN : Set domain name for Lets Encrypt scripts
• RUN_SCRIPTS : Set to 1 to execute scripts

One of the nice features of this container is its ability to pull code from a git repository with a couple of environmental variables passed at run time. Please take a look at our recommended repo layout guidelines.

There are two methods of pulling code from git, you can either use a Personal Token (recommended method) or an SSH key.

Note: We would recommend using a git personal token over an SSH key as it simplifies the set up process. To create a personal access token on Github follow this guide.

You can pass the container your personal access token from your git account using the GIT_PERSONAL_TOKEN flag. This token must be setup with the correct permissions in git in order to push and pull code.

Since the access token acts as a password with limited access, the git push/pull uses HTTPS to authenticate. You will need to specify your GIT_USERNAME and GIT_PERSONAL_TOKEN variables to push and pull. You'll need to also have the GIT_EMAIL, GIT_NAME and GIT_REPO common variables defined.

docker run -d -e 'GIT_EMAIL=email_address' -e 'GIT_NAME=full_name' -e 'GIT_USERNAME=git_username' -e 'GIT_REPO=github.com/project' -e 'GIT_PERSONAL_TOKEN=<long_token_string_here>' richarvey/nginx-static:latest

To pull a repository and specify a branch add the GIT_BRANCH environment variable:

docker run -d -e 'GIT_EMAIL=email_address' -e 'GIT_NAME=full_name' -e 'GIT_USERNAME=git_username' -e 'GIT_REPO=github.com/project' -e 'GIT_PERSONAL_TOKEN=<long_token_string_here>' -e 'GIT_BRANCH=stage' richarvey/nginx-static:latest

The container has the option for you to pass it the SSH_KEY variable with a base64 encoded private key. First generate your key and then make sure to add it to github and give it write permissions if you want to be able to push code from the container. Then run:

base64 -w 0 /path_to_your_key

Note: Copy the output, but be careful not to copy your prompt

To run the container and pull code simply specify the GIT_REPO URL including git@ and then make sure you have also supplied your base64 version of your ssh deploy key:

sudo docker run -d -e 'GIT_NAME=full_name' -e 'GIT_USERNAME=git_username' -e 'GIT_REPO=github.com/project' -e 'SSH_KEY=BIG_LONG_BASE64_STRING_GOES_IN_HERE' richarvey/nginx-static:latest

To pull a repository and specify a branch add the GIT_BRANCH environment variable:

sudo docker run -d -e 'GIT_NAME=full_name' -e 'GIT_USERNAME=git_username' -e 'GIT_REPO=github.com/project' -e 'SSH_KEY=BIG_LONG_BASE64_STRING_GOES_IN_HERE' -e 'GIT_BRANCH=stage' richarvey/nginx-static:latest

Sometimes you need a custom config file for nginx to do rewrites or password protection, etc. For this reason we've included the ability to have custom nginx configs pulled directly from your git source. Please have a read of the repo layout guidelines for more information. Its pretty simple to enable this, all you need to do is include a folder in the root of your repository called conf/nginx/ within this folder you need to include a file called nginx-site.conf which will contain your default nginx site config. If you wish to have a custom file for SSL you simply include a file called nginx-site-ssl.conf in the same directory. These files will then be swapped in after you code is cloned.

There is often an occasion where you need to run a script on code to do a transformation once code lands in the container. For this reason we have developed scripting support. By including a scripts folder in your git repository and passing the RUN_SCRIPTS=1 flag to your command line the container will execute your scripts. Please see the repo layout guidelines for more details on how to organise this.

You can either map a local folder containing your configs to /etc/nginx or (recommended method) edit the files within the conf directory in a copy of this git repo, and then rebuilding the base image.

You can use Lets Encrypt to secure your container. Make sure you start the container with the DOMAIN, GIT_EMAIL and WEBROOT variables set to enable this functionality. Then run:

sudo docker exec -t <CONTAINER_NAME> /usr/bin/letsencrypt-setup

Ensure your container is accessible on the DOMAIN you supplied in order for this to work

Lets Encrypt certs expire every 90 days, to renew simply run:

sudo docker exec -t <CONTAINER_NAME> /usr/bin/letsencrypt-renew

Specify the GIT_EMAIL and GIT_NAME variables for this to work. They are used to set up git correctly and allow the following commands to work.

To push code changes made within the container back to git run:

sudo docker exec -t -i <CONTAINER_NAME> /usr/bin/push

In order to refresh the code in a container and pull newer code from git run:

sudo docker exec -t -i <CONTAINER_NAME> /usr/bin/pull

To set the variables pass them in as environment variables on the docker command line.

Example:

sudo docker run -d -e 'YOUR_VAR=VALUE' richarvey/nginx-static

All logs should now print out in stdout/stderr and are available via the docker logs command:

docker logs <CONTAINER_NAME>

You can set your webroot in the container to anything you want using the WEBROOT variable e.g -e "WEBROOT=/var/www/html/public". By default code is checked out into /var/www/html/ so if your git repository does not have code in the root you'll need to use this variable.