From fbf5a0b7b6fc6332e8b07536d4197bf08fa2b467 Mon Sep 17 00:00:00 2001 From: Felipe Zipitria Date: Sat, 4 Jan 2025 10:30:16 -0300 Subject: [PATCH] fix: add nginx dynamic modules as variable Signed-off-by: Felipe Zipitria --- docker-bake.hcl | 6 ++++-- nginx/Dockerfile | 13 +++++++------ nginx/Dockerfile-alpine | 11 ++++++----- 3 files changed, 17 insertions(+), 13 deletions(-) diff --git a/docker-bake.hcl b/docker-bake.hcl index a5d636e..e7c6cb5 100644 --- a/docker-bake.hcl +++ b/docker-bake.hcl @@ -147,8 +147,9 @@ target "nginx" { inherits = ["platforms-base"] dockerfile="nginx/Dockerfile" args = { - NGINX_VERSION = "${nginx-version}" LUA_MODULES = join(" ", lua-modules-debian) + NGINX_VERSION = "${nginx-version}" + NGINX_DYNAMIC_MODULES = join(" ", nginx-dynamic-modules) } tags = concat(tag("nginx"), vtag("${crs-version}", "nginx") @@ -159,8 +160,9 @@ target "nginx-alpine" { inherits = ["platforms-base"] dockerfile="nginx/Dockerfile-alpine" args = { - NGINX_VERSION = "${nginx-version}" LUA_MODULES = join(" ", lua-modules-alpine) + NGINX_DYNAMIC_MODULES = join(" ", nginx-dynamic-modules) + NGINX_VERSION = "${nginx-version}" } tags = concat(tag("nginx-alpine"), vtag("${crs-version}", "nginx-alpine") diff --git a/nginx/Dockerfile b/nginx/Dockerfile index e963880..ba662a6 100644 --- a/nginx/Dockerfile +++ b/nginx/Dockerfile @@ -44,6 +44,7 @@ RUN set -eux; \ make -C lmdb/libraries/liblmdb install; \ strip /usr/local/lib/liblmdb*.so* + RUN set -eux; \ git clone https://github.com/owasp-modsecurity/ModSecurity --branch "v${MODSEC3_VERSION}" --depth 1 --recursive; \ cd ModSecurity; \ @@ -57,17 +58,17 @@ RUN set -eux; \ # Build modules RUN set -eux; \ - declare -a modules; \ + modules=""; \ for module in ${NGINX_DYNAMIC_MODULES}; \ do \ - repo=$(awk -F'/' '{print $2}' <<< "${module}"); \ - git clone -b master --depth 1 https://github.com/${module}.git; \ - modules+=("--add-dynamic-module=../${repo}"); \ + repo=$(echo "${module}" | awk -F'/' '{print $2}'); \ + git clone -b master --depth 1 "https://github.com/${module}.git" ; \ + modules="${modules} --add-dynamic-module=../${repo}"; \ done; \ - curl -sSL https://nginx.org/download/nginx-${NGINX_VERSION}.tar.gz -o nginx-${NGINX_VERSION}.tar.gz; \ + curl -sSL "https://nginx.org/download/nginx-${NGINX_VERSION}.tar.gz" -o nginx-${NGINX_VERSION}.tar.gz; \ tar -xzf nginx-${NGINX_VERSION}.tar.gz; \ cd ./nginx-${NGINX_VERSION}; \ - ./configure --with-compat ${modules[@]}; \ + ./configure --with-compat ${modules}; \ make modules; \ strip objs/*.so; \ cp objs/*.so /etc/nginx/modules/; \ diff --git a/nginx/Dockerfile-alpine b/nginx/Dockerfile-alpine index fa4ef27..6779e59 100644 --- a/nginx/Dockerfile-alpine +++ b/nginx/Dockerfile-alpine @@ -4,6 +4,7 @@ FROM nginxinc/nginx-unprivileged:${NGINX_VERSION}-alpine AS build ARG MODSEC3_VERSION="n/a" ARG LUA_VERSION="n/a" +ARG NGINX_DYNAMIC_MODULES="n/a" USER root @@ -53,17 +54,17 @@ RUN set -eux; \ # Build modules RUN set -eux; \ - declare -a modules; \ + modules=""; \ for module in ${NGINX_DYNAMIC_MODULES}; \ do \ - repo=$(awk -F'/' '{print $2}' <<< "${module}"); \ - git clone -b master --depth 1 https://github.com/${module}.git; \ - modules+=("--add-dynamic-module=../${repo}"); \ + repo=$(echo "${module}" | awk -F'/' '{print $2}'); \ + git clone -b master --depth 1 "https://github.com/${module}.git" ; \ + modules="${modules} --add-dynamic-module=../${repo}"; \ done; \ curl -sSL https://nginx.org/download/nginx-${NGINX_VERSION}.tar.gz -o nginx-${NGINX_VERSION}.tar.gz; \ tar -xzf nginx-${NGINX_VERSION}.tar.gz; \ cd ./nginx-${NGINX_VERSION}; \ - ./configure --with-compat ${modules[@]};\ + ./configure --with-compat ${modules}; \ make modules; \ strip objs/*.so; \ cp objs/*.so /etc/nginx/modules/; \