ldap lua compiled

2021-05-14 09:04:40 +00:00
parent e9b7cef838
commit 467cf12a52
2 changed files with 131 additions and 3 deletions
--- a/19
+++ b/19
@@ -47,6 +47,7 @@ ARG RESTY_CONFIG_OPTIONS="\
    --with-stream \
    --with-stream_ssl_module \
    --with-threads \
+    --add-module=/tmp/nginx-auth-ldap-master \
    "
 WORKDIR /tmp
 # Get the openresty /nginx source
@@ -61,16 +62,28 @@ RUN wget https://github.com/kvspb/nginx-auth-ldap/archive/refs/heads/master.zip
 RUN apt-get update && \
    apt-get install -y libpcre3-dev \
    libssl-dev zlib1g-dev libxslt-dev \
-    libgd-dev libgeoip-dev \
+    libgd-dev libgeoip-dev 	libldap2-dev\
    && rm -rf /var/lib/apt/lists/*
    
 RUN cd openresty && \
     ./configure ${RESTY_CONFIG_OPTIONS} \
    && make && make install
 RUN ln -sf /dev/stdout /usr/local/openresty/nginx/logs/access.log \
-    && ln -sf /dev/stderr /usr/local/openresty/nginx/logs/error.log
+    && ln -sf /dev/stderr /usr/local/openresty/nginx/logs/error.log \
+    && mkdir -p /var/run/openresty
 
 RUN apt-get update && \
-    apt-get install -y procps \
+    apt-get install -y procps luarocks \
    && rm -rf /var/lib/apt/lists/*
+COPY nginx.conf /usr/local/openresty/nginx/conf/nginx.conf
+#RUN apt-get install liblua5.3-dev
+
+RUN  luarocks install --tree lua_modules luaposix && \
+  luarocks install --tree lua_modules etlua && \
+  luarocks install --tree lua_modules luafilesystem  && \\
+  luarocks install lua-resty-auto-ssl
+
+RUN mkdir /etc/resty-auto-ssl \\
+    && chown www-data /etc/resty-auto-ssl
+
 CMD ["/usr/local/openresty/bin/openresty", "-g" ,"daemon off;"];
--- a/nginx.conf
+++ b/nginx.conf
@@ -0,0 +1,115 @@
+# nginx.conf  --  docker-openresty
+#
+# This file is installed to:
+#   `/usr/local/openresty/nginx/conf/nginx.conf`
+# and is the file loaded by nginx at startup,
+# unless the user specifies otherwise.
+#
+# It tracks the upstream OpenResty's `nginx.conf`, but removes the `server`
+# section and adds this directive:
+#     `include /etc/nginx/conf.d/*.conf;`
+#
+# The `docker-openresty` file `nginx.vh.default.conf` is copied to
+# `/etc/nginx/conf.d/default.conf`.  It contains the `server section
+# of the upstream `nginx.conf`.
+#
+# See https://github.com/openresty/docker-openresty/blob/master/README.md#nginx-config-files
+#
+
+#user  nobody;
+#worker_processes 1;
+
+# Enables the use of JIT for regular expressions to speed-up their processing.
+pcre_jit on;
+
+
+
+#error_log  logs/error.log;
+#error_log  logs/error.log  notice;
+#error_log  logs/error.log  info;
+
+#pid        logs/nginx.pid;
+
+
+events {
+    worker_connections  1024;
+}
+
+
+http {
+    include       mime.types;
+    default_type  application/octet-stream;
+
+    # Enables or disables the use of underscores in client request header fields.
+    # When the use of underscores is disabled, request header fields whose names contain underscores are marked as invalid and become subject to the ignore_invalid_headers directive.
+    # underscores_in_headers off;
+
+    #log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
+    #                  '$status $body_bytes_sent "$http_referer" '
+    #                  '"$http_user_agent" "$http_x_forwarded_for"';
+
+    #access_log  logs/access.log  main;
+
+        # Log in JSON Format
+        # log_format nginxlog_json escape=json '{ "timestamp": "$time_iso8601", '
+        # '"remote_addr": "$remote_addr", '
+        #  '"body_bytes_sent": $body_bytes_sent, '
+        #  '"request_time": $request_time, '
+        #  '"response_status": $status, '
+        #  '"request": "$request", '
+        #  '"request_method": "$request_method", '
+        #  '"host": "$host",'
+        #  '"upstream_addr": "$upstream_addr",'
+        #  '"http_x_forwarded_for": "$http_x_forwarded_for",'
+        #  '"http_referrer": "$http_referer", '
+        #  '"http_user_agent": "$http_user_agent", '
+        #  '"http_version": "$server_protocol", '
+        #  '"nginx_access": true }';
+        # access_log /dev/stdout nginxlog_json;
+
+    # See Move default writable paths to a dedicated directory (#119)
+    # https://github.com/openresty/docker-openresty/issues/119
+    client_body_temp_path /var/run/openresty/nginx-client-body;
+    proxy_temp_path       /var/run/openresty/nginx-proxy;
+    fastcgi_temp_path     /var/run/openresty/nginx-fastcgi;
+    uwsgi_temp_path       /var/run/openresty/nginx-uwsgi;
+    scgi_temp_path        /var/run/openresty/nginx-scgi;
+
+    sendfile        on;
+    #tcp_nopush     on;
+
+    #keepalive_timeout  0;
+    keepalive_timeout  65;
+
+    #gzip  on;
+# The "auto_ssl" shared dict should be defined with enough storage space to
+  # hold your certificate data. 1MB of storage holds certificates for
+  # approximately 100 separate domains.
+  lua_shared_dict auto_ssl 1m;
+  # The "auto_ssl_settings" shared dict is used to temporarily store various settings
+  # like the secret used by the hook server on port 8999. Do not change or
+  # omit it.
+  lua_shared_dict auto_ssl_settings 64k;
+
+# Initial setup tasks.
+  init_by_lua_block {
+    auto_ssl = (require "resty.auto-ssl").new()
+
+    -- Define a function to determine which SNI domains to automatically handle
+    -- and register new certificates for. Defaults to not allowing any domains,
+    -- so this must be configured.
+    auto_ssl:set("allow_domain", function(domain)
+      return true
+    end)
+
+    auto_ssl:init()
+  }
+
+  init_worker_by_lua_block {
+    auto_ssl:init_worker()
+  }
+    include /etc/nginx/conf.d/*.conf;
+
+    # Don't reveal OpenResty version to clients.
+    # server_tokens off;
+}