Installing webdav support make nginx binary unreachable about docker-nginx-certbot HOT 5 CLOSED

Thanks you for your detailed answer.
You are true about the error message, I had the missing binary when installing only webdav extension (not nginx-extras). Thanks to your explanations, I understand what is happening when I install the extension and what I did wrong.
I will read more on how to load dynamic modules in nginx.

from docker-nginx-certbot.

Hi fabien-michel

I am not entirely sure what you mean with "making the nginx binary unreachable", since I tested this and an instance of Nginx was started. However, the server fails almost immediately, so I took a quick look at what is happening and I don't think what you are doing is the best method of achieving your end goal.

Because if you look in the installation output you see something interesting in the uninstall part:

Reading state information...
The following additional packages will be installed:
  libgdbm-compat4 libgdbm6 libhiredis0.14 libluajit-5.1-2 libluajit-5.1-common
  libnginx-mod-http-auth-pam libnginx-mod-http-cache-purge
  libnginx-mod-http-echo libnginx-mod-http-fancyindex libnginx-mod-http-geoip
  libnginx-mod-http-headers-more-filter libnginx-mod-http-image-filter
  libnginx-mod-http-lua libnginx-mod-http-ndk libnginx-mod-http-perl
  libnginx-mod-http-subs-filter libnginx-mod-http-uploadprogress
  libnginx-mod-http-upstream-fair libnginx-mod-http-xslt-filter
  libnginx-mod-mail libnginx-mod-nchan libnginx-mod-stream libperl5.28 netbase
  nginx-common perl perl-modules-5.28
Suggested packages:
  gdbm-l10n fcgiwrap nginx-doc ssl-cert perl-doc libterm-readline-gnu-perl
  | libterm-readline-perl-perl make libb-debug-perl liblocale-codes-perl
The following packages will be REMOVED:
  nginx nginx-module-geoip nginx-module-image-filter nginx-module-njs          <--------------------HERE
  nginx-module-xslt
The following NEW packages will be installed:
  libgdbm-compat4 libgdbm6 libhiredis0.14 libluajit-5.1-2 libluajit-5.1-common
  libnginx-mod-http-auth-pam libnginx-mod-http-cache-purge
  libnginx-mod-http-dav-ext libnginx-mod-http-echo
  libnginx-mod-http-fancyindex libnginx-mod-http-geoip
  libnginx-mod-http-headers-more-filter libnginx-mod-http-image-filter
  libnginx-mod-http-lua libnginx-mod-http-ndk libnginx-mod-http-perl
  libnginx-mod-http-subs-filter libnginx-mod-http-uploadprogress
  libnginx-mod-http-upstream-fair libnginx-mod-http-xslt-filter
  libnginx-mod-mail libnginx-mod-nchan libnginx-mod-stream libperl5.28 netbase
  nginx-common nginx-extras perl perl-modules-5.28
0 upgraded, 29 newly installed, 5 to remove and 1 not upgraded.
Need to get 10.2 MB of archives.

So this command actually uninstalls Nginx and then installs another version of it afterwards. This new version is the Debian default version which does things differently than the official upstream Nginx image and is bad. You don't see this issue when building from the official image since that one has nothing else than Nginx installed, and the uninstall step removes all of it so you end up with basically an empty container. However, in mine I have a lot of extra stuff that depends on Nginx from the parent image being untouched, and this change breaks this.

I get this error when trying out your change:

Starting the Nginx service
Starting the certbot autorenewal service
2021/06/03 12:08:31 [emerg] 160#160: a duplicate default server for 0.0.0.0:80 in /etc/nginx/sites-enabled/default:22
nginx: [emerg] a duplicate default server for 0.0.0.0:80 in /etc/nginx/sites-enabled/default:22

which means the binary works, but the layout of the files is different than in the parent container, and I don't expect this.

Without knowing your end goal I would say your approach is not suited for Docker use, since with this the following steps will happen:

• Download Nginx parent image and its layers
• Download this image which adds layers on top of parent image
• Your "remove" everything from the parent layers (but the data is still present in the final image's history)
• You install a new version of Nginx

This goes against the Docker layer strategy, and creates an unnecessary large final image. The appropriate way seems to be to use Nginx dynamic modules if you want to add anything. You can read more on how to include them inside your image from these following links:

• https://gist.github.com/hermanbanken/96f0ff298c162a522ddbba44cad31081
• https://stackoverflow.com/questions/57739560/what-do-i-need-to-change-in-nginx-official-dockers-image-to-have-the-set-misc-n

Whit this you would instead only to these steps:

• Download Nginx parent image and its layers
• Download this image which adds layers on top of parent image
• Add the dynamic module

This will only add new data, and not overwrite anything used by the parent layers.

I hope this is what you are trying to achieve, else please elaborate on your end goal and I will see if I can help you further :)

from docker-nginx-certbot.

I just managed to get this open sourced, so you can look at how I added the LDAP module to the Nginx container without touching anything else: https://github.com/AxisCommunications/docker-nginx-ldap

from docker-nginx-certbot.

Bump - I would like to add nginx-extras to this package without downloading the source of this package and building the entire package from scratch. How can I do this?

from docker-nginx-certbot.

This issue is closed and will not receive much attention.
Is there a particular module you are interested in, and did you look at the link on how to include the dynamic LDAP module?

from docker-nginx-certbot.