Upgrade nginx

.github/workflows/managed_build.yaml

@@ -0,0 +1,15 @@
+name: Build, Publish and Scan (Managed)
+on:
+  workflow_dispatch:
+  push:
+    branches: ["main", "master", "develop"]
+  pull_request:
+    branches: ["main", "master", "develop"]
+  release:
+    types: [published]
+jobs:
+  build-publish-scan:
+    uses: BERDataLakehouse/.github/.github/workflows/build_publish_scan.yaml@main
+    permissions:
+      contents: read
+      packages: write

Dockerfile

@@ -1,51 +1,29 @@
-FROM openresty/openresty:buster
-
-# These ARGs values are passed in via the docker build command
-ARG BUILD_DATE
-ARG VCS_REF
-ARG BRANCH
-
-COPY deployment/ /kb/deployment/
-
-#RUN cp /kb/deployment/conf/sources.list /etc/apt/sources.list && \
-RUN DEBIAN_FRONTEND=noninteractive apt-get update && \
-    DEBIAN_FRONTEND=noninteractive apt-get upgrade -y && \
-    DEBIAN_FRONTEND=noninteractive apt-get install -y \
-        software-properties-common ca-certificates apt-transport-https curl net-tools wget
-
-RUN rm -rf /etc/nginx && \
-    ln -s /usr/local/openresty/nginx/conf /etc/nginx && \
-    cd /etc/nginx && \
-    mkdir ssl /var/log/nginx && \
-    mkdir /usr/local/openresty/nginx/conf/conf.d && \
-    openssl req -x509 -newkey rsa:4096 -keyout ssl/key.pem -out ssl/cert.pem -days 365 -nodes \
-       -subj '/C=US/ST=California/L=Berkeley/O=Lawrence Berkeley National Lab/OU=KBase/CN=localhost' && \
-    cd /tmp && \
-	wget -N https://github.com/kbase/dockerize/raw/master/dockerize-linux-amd64-v0.6.1.tar.gz && \
-	tar xvzf dockerize-linux-amd64-v0.6.1.tar.gz && \
-    rm dockerize-linux-amd64-v0.6.1.tar.gz && \
-	mv dockerize /kb/deployment/bin
-
-COPY nginx-sites.d/ /usr/local/openresty/nginx/conf/sites-enabled
-
-
-# The BUILD_DATE value seem to bust the docker cache when the timestamp changes, move to
-# the end
-LABEL org.label-schema.build-date=$BUILD_DATE \
-      org.label-schema.vcs-url="https://github.com/kbase/nginx.git" \
-      org.label-schema.vcs-ref=$VCS_REF \
-      org.label-schema.schema-version="1.0.0-rc1" \
-      us.kbase.vcs-branch=$BRANCH \
-      maintainer="Steve Chan sychan@lbl.gov"
-
-
-ENTRYPOINT [ "/kb/deployment/bin/dockerize" ]
-
-# Here are some default params passed to dockerize. They would typically
-# be overidden by docker-compose at startup
-CMD [ "-template", "/kb/deployment/conf/.templates/openresty.conf.templ:/etc/nginx/nginx.conf", \
-      "-template", "/kb/deployment/conf/.templates/minikb-narrative.templ:/etc/nginx/sites-enabled/minikb-narrative", \
-      "-env", "/kb/deployment/conf/localhost.ini", \
-      "-stdout", "/var/log/nginx/access.log", \
-      "-stdout", "/var/log/nginx/error.log", \
-       "nginx" ]
+FROM openresty/openresty:1.29.2.4-alpine-fat@sha256:af355ebd6f01e580823b6718e8a2e39be3b45d9437fc92144e43ac72020f7461
+ENV DEBIAN_FRONTEND=noninteractive
+
+COPY deployment /kb/deployment
+
+RUN apk update && \
+    apk upgrade && \
+    apk add --no-cache \
+        curl vim htop wget \
+        pcre openssl zlib ca-certificates && \
+    rm -rf /var/cache/apk/*
+
+RUN mkdir -p /etc/nginx/ssl /etc/nginx/conf.d /etc/nginx/sites-enabled /var/log/nginx && \
+    touch /var/log/nginx/access.log /var/log/nginx/error.log
+
+RUN rm -f /usr/local/openresty/nginx/conf/nginx.conf \
+          /etc/nginx/conf.d/default.conf
+
+RUN ln -s /usr/local/openresty/nginx/conf/mime.types /etc/nginx/mime.types
+
+
+RUN mkdir -p /kb/deployment/bin && \
+    wget -O /tmp/dockerize.tar.gz \
+      https://github.com/kbase/dockerize/raw/master/dockerize-linux-amd64-v0.6.1.tar.gz && \
+    tar xzf /tmp/dockerize.tar.gz -C /tmp && \
+    mv /tmp/dockerize /kb/deployment/bin/ && \
+    rm /tmp/dockerize.tar.gz
+
+ENTRYPOINT [ "/kb/deployment/bin/dockerize" ]

README.md

@@ -1,6 +1 @@
-# nginx
-Version of standard nginx image that supports KBase configuration
-
-# Passing environment variables through Nginx to the narrative containers
-
-This section is no longer relevant.  Narrative containers (and their environment variables) are managed by traefiker.
+# NGINX