Comments (5)
Thanks you for your detailed answer.
You are true about the error message, I had the missing binary when installing only webdav extension (not nginx-extras). Thanks to your explanations, I understand what is happening when I install the extension and what I did wrong.
I will read more on how to load dynamic modules in nginx.
from docker-nginx-certbot.
Hi fabien-michel
I am not entirely sure what you mean with "making the nginx binary unreachable", since I tested this and an instance of Nginx was started. However, the server fails almost immediately, so I took a quick look at what is happening and I don't think what you are doing is the best method of achieving your end goal.
Because if you look in the installation output you see something interesting in the uninstall part:
Reading state information...
The following additional packages will be installed:
libgdbm-compat4 libgdbm6 libhiredis0.14 libluajit-5.1-2 libluajit-5.1-common
libnginx-mod-http-auth-pam libnginx-mod-http-cache-purge
libnginx-mod-http-echo libnginx-mod-http-fancyindex libnginx-mod-http-geoip
libnginx-mod-http-headers-more-filter libnginx-mod-http-image-filter
libnginx-mod-http-lua libnginx-mod-http-ndk libnginx-mod-http-perl
libnginx-mod-http-subs-filter libnginx-mod-http-uploadprogress
libnginx-mod-http-upstream-fair libnginx-mod-http-xslt-filter
libnginx-mod-mail libnginx-mod-nchan libnginx-mod-stream libperl5.28 netbase
nginx-common perl perl-modules-5.28
Suggested packages:
gdbm-l10n fcgiwrap nginx-doc ssl-cert perl-doc libterm-readline-gnu-perl
| libterm-readline-perl-perl make libb-debug-perl liblocale-codes-perl
The following packages will be REMOVED:
nginx nginx-module-geoip nginx-module-image-filter nginx-module-njs <--------------------HERE
nginx-module-xslt
The following NEW packages will be installed:
libgdbm-compat4 libgdbm6 libhiredis0.14 libluajit-5.1-2 libluajit-5.1-common
libnginx-mod-http-auth-pam libnginx-mod-http-cache-purge
libnginx-mod-http-dav-ext libnginx-mod-http-echo
libnginx-mod-http-fancyindex libnginx-mod-http-geoip
libnginx-mod-http-headers-more-filter libnginx-mod-http-image-filter
libnginx-mod-http-lua libnginx-mod-http-ndk libnginx-mod-http-perl
libnginx-mod-http-subs-filter libnginx-mod-http-uploadprogress
libnginx-mod-http-upstream-fair libnginx-mod-http-xslt-filter
libnginx-mod-mail libnginx-mod-nchan libnginx-mod-stream libperl5.28 netbase
nginx-common nginx-extras perl perl-modules-5.28
0 upgraded, 29 newly installed, 5 to remove and 1 not upgraded.
Need to get 10.2 MB of archives.
So this command actually uninstalls Nginx and then installs another version of it afterwards. This new version is the Debian default version which does things differently than the official upstream Nginx image and is bad. You don't see this issue when building from the official image since that one has nothing else than Nginx installed, and the uninstall step removes all of it so you end up with basically an empty container. However, in mine I have a lot of extra stuff that depends on Nginx from the parent image being untouched, and this change breaks this.
I get this error when trying out your change:
Starting the Nginx service
Starting the certbot autorenewal service
2021/06/03 12:08:31 [emerg] 160#160: a duplicate default server for 0.0.0.0:80 in /etc/nginx/sites-enabled/default:22
nginx: [emerg] a duplicate default server for 0.0.0.0:80 in /etc/nginx/sites-enabled/default:22
which means the binary works, but the layout of the files is different than in the parent container, and I don't expect this.
Without knowing your end goal I would say your approach is not suited for Docker use, since with this the following steps will happen:
- Download Nginx parent image and its layers
- Download this image which adds layers on top of parent image
- Your "remove" everything from the parent layers (but the data is still present in the final image's history)
- You install a new version of Nginx
This goes against the Docker layer strategy, and creates an unnecessary large final image. The appropriate way seems to be to use Nginx dynamic modules if you want to add anything. You can read more on how to include them inside your image from these following links:
- https://gist.github.com/hermanbanken/96f0ff298c162a522ddbba44cad31081
- https://stackoverflow.com/questions/57739560/what-do-i-need-to-change-in-nginx-official-dockers-image-to-have-the-set-misc-n
Whit this you would instead only to these steps:
- Download Nginx parent image and its layers
- Download this image which adds layers on top of parent image
- Add the dynamic module
This will only add new data, and not overwrite anything used by the parent layers.
I hope this is what you are trying to achieve, else please elaborate on your end goal and I will see if I can help you further :)
from docker-nginx-certbot.
I just managed to get this open sourced, so you can look at how I added the LDAP module to the Nginx container without touching anything else: https://github.com/AxisCommunications/docker-nginx-ldap
from docker-nginx-certbot.
Bump - I would like to add nginx-extras
to this package without downloading the source of this package and building the entire package from scratch. How can I do this?
from docker-nginx-certbot.
This issue is closed and will not receive much attention.
Is there a particular module you are interested in, and did you look at the link on how to include the dynamic LDAP module?
from docker-nginx-certbot.
Related Issues (20)
- Failed to establish a new connection: [Errno -3] Temporary failure in name resolution HOT 5
- Certificate Authority failed to download the temporary challenge files created by Certbot. HOT 4
- Running with Dockerfile HOT 6
- Feature request: Fail2ban HOT 1
- Test nginx config on SIGHUP HOT 4
- [Third-party] Cloudflare proxy DNS, SSL encryption mode must be set to "Full" (or Full strict) HOT 3
- config file not being discovered HOT 4
- Update Dockerhub Image HOT 4
- Improve Azure File Share support HOT 2
- Conflicting servername xxx on 0.0.0.0:443 HOT 2
- Speed up DH generation HOT 4
- Standard nginx "docker-entrypoint.sh" not being used HOT 7
- Renewal failed on challenge webroot HOT 5
- Add support for Bunny.net authenticator plugin for DNS-01 HOT 7
- How is log rotation handled? HOT 2
- Publish v5.0.1 to address CVE-2024-24989 and CVE-2024-24990 HOT 2
- Reload nginx config without forced certificat renewal? HOT 7
- no alternative certificate subject name matches target host name HOT 2
- High CVE present on latest (jonasal/nginx-certbot:5.0.1-nginx1.25.4) HOT 1
- adding additional info in the http directive HOT 4
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from docker-nginx-certbot.