Bump nginx to 1.29.3 and refactor the building/testing

.github/workflows/main.yml

@@ -10,19 +10,19 @@ jobs:
   tests:
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v3
+      - uses: actions/checkout@v5
 
       - name: shellcheck
-        uses: azohra/shell-linter@v0.4.0
+        uses: azbagheri/shell-linter@latest
 
       - name: hadolint
         uses: brpaz/hadolint-action@master
 
       - name: Build image
-        run: ./build.sh
+        run: make build
 
       - name: Run tests
-        run: ./tests/test.sh
+        run: make tests
 
   deploy:
     runs-on: ubuntu-latest
@@ -30,10 +30,10 @@ jobs:
       - tests
     if: github.event_name == 'push'
     steps:
-      - uses: actions/checkout@v3
+      - uses: actions/checkout@v5
 
       - name: Log in to dockerhub
         run: echo "${{ secrets.DOCKERHUB_TOKEN }}" | docker login -u ${{ secrets.DOCKERHUB_USERNAME }} --password-stdin
 
       - name: Deploy image
-        run: ./build.sh --push --latest
+        run: make push-latest

Dockerfile

@@ -1,4 +1,4 @@
-FROM alpine:3.19
+FROM alpine:3.22
 
 ARG ARG_NGINX_VERSION
 
@@ -13,7 +13,8 @@ RUN CONFIG=" \
         --without-http_autoindex_module \
         --without-http_browser_module \
         --without-http_empty_gif_module \
-        --without-http_limit_conn_module \
+        --without-http_geo_module \
+        --without-http_grpc_module \
         --without-http_map_module \
         --without-http_memcached_module \
         --without-http_referer_module \

Makefile

@@ -0,0 +1,16 @@
+include conf.env
+
+build:
+	docker build --build-arg=ARG_NGINX_VERSION="$(NGINX_VERSION)" \
+	             -t "$(DOCKER_IMAGE):$(NGINX_VERSION)" .
+
+build-latest: build
+	docker tag "$(DOCKER_IMAGE):$(NGINX_VERSION)" "$(DOCKER_IMAGE):latest"
+
+push-latest: build-latest
+	docker push "$(DOCKER_IMAGE):$(NGINX_VERSION)"
+	docker push "$(DOCKER_IMAGE):latest"
+
+.PHONY: tests
+tests:
+	./tests/test.sh

README.md

@@ -17,7 +17,7 @@ Edit [conf.env](conf.env)
 
 ```bash
 NGINX_VERSION=x.xx.x          # Nginx version to build from
-DOCKER_IMAGE=dcarrillo/nginx  # Docker image
+DOCKER_IMAGE=dcarrillo/nginx  # Docker image target
 ```
 
 ## Build
@@ -25,19 +25,13 @@ DOCKER_IMAGE=dcarrillo/nginx  # Docker image
 Build locally:
 
 ```bash
-./build.sh
+make build
 ```
 
-Build locally and upload the image to a registry (you must be logged in to the registry)
+Push image (it includes latest tag):
 
 ```bash
-./build.sh --push
+make push-latest
-```
-
-Build locally, tag the image as latest and upload it to a registry (you must be logged in to the registry)
-
-```bash
-./build.sh --push --latest
 ```
 
 ## Testing
@@ -49,9 +43,5 @@ Prerequisites:
 - curl
 
 ```bash
-# build local image
+make tests
-./build.sh
-
-# run tests
-./tests/test.sh
 ```

build.sh

@@ -1,34 +0,0 @@
-#!/usr/bin/env sh
-
-set -e
-
-# shellcheck disable=SC1090
-. "$(dirname "$0")"/conf.env
-
-while [ $# -gt 0 ]; do
-    case $1 in
-        --push)
-            PUSH=true
-            shift
-            ;;
-        --latest)
-            LATEST=true
-            shift
-            ;;
-        *)
-            shift
-            ;;
-    esac
-done
-
-docker build --build-arg=ARG_NGINX_VERSION="$NGINX_VERSION" \
-             -t "$DOCKER_IMAGE":"$NGINX_VERSION" .
-
-if [ x$PUSH = "xtrue" ]; then
-    docker push "$DOCKER_IMAGE":"$NGINX_VERSION"
-fi
-
-if [ x$LATEST = "xtrue" ]; then
-    docker tag "$DOCKER_IMAGE":"$NGINX_VERSION" "$DOCKER_IMAGE":latest
-    [ x$PUSH = "xtrue" ] && docker push "$DOCKER_IMAGE":latest
-fi

conf.env

@@ -1,2 +1,2 @@
-NGINX_VERSION=1.28.0
+NGINX_VERSION=1.29.3
 DOCKER_IMAGE=dcarrillo/nginx

tests/docker-compose.yml

@@ -0,0 +1,14 @@
+services:
+  nginx:
+    build:
+      context: ..
+      args:
+        ARG_NGINX_VERSION: ${NGINX_VERSION}
+    volumes:
+      - ./nginx.conf:/usr/local/nginx/conf/nginx.conf:ro
+      - /tmp/nginx-ssl/cert.pem:/tmp/cert.pem:ro
+      - /tmp/nginx-ssl/cert.key:/tmp/cert.key:ro
+      - /tmp/nginx-ssl/dhparams.pem:/tmp/dhparams.pem:ro
+    ports:
+      - 80:80
+      - 443:443

tests/nginx.conf

@@ -49,18 +49,13 @@ http {
     #######################################################
     server {
         listen 80 default_server;
-        listen 443 http2 ssl;
+        listen 443 ssl;
+        http2 on;
         server_name     _ "";
         access_log /dev/fd/1;
 
         location = /nginx_status {
             stub_status on;
         }
-
-        location = /phpfpm_status {
-            include /usr/local/nginx/conf/fastcgi_params;
-            fastcgi_pass   php:9000;
-            fastcgi_param  SCRIPT_FILENAME  $document_root$fastcgi_script_name;
-        }
     }
 }

tests/test.sh

@@ -2,45 +2,36 @@
 
 set -e
 
-if [ x"$DEBUG" = xtrue ]; then
-    set -x
-fi
-
 # shellcheck disable=SC2039
-trap _catch_err ERR
+trap catch_err ERR
-trap _cleanup EXIT
+trap cleanup EXIT
 
-ALPINE_VERSION="alpine:3.19"
+TMP_DIR=$(mkdir /tmp/nginx-ssl && echo /tmp/nginx-ssl)
 LOCAL_DIR="$(cd "$(dirname "$0")" ; pwd -P)"
-# shellcheck disable=SC1090
-. "$LOCAL_DIR"/../conf.env
 
-TMP_DIR=$(mktemp -d)
+catch_err()
-
-_catch_err()
 {
     echo "Test FAILED"
 }
 
-_cleanup()
+cleanup()
 {
     echo "Cleaning up..."
-    docker rm -f "${NGINX_VERSION}"_test > /dev/null 2>&1
+    docker compose down
-    docker rm -f "${NGINX_VERSION}"_requester > /dev/null 2>&1
-    docker rm -f php > /dev/null 2>&1
     rm -rf "$TMP_DIR"
+    popd > /dev/null
 }
 
-_setup_crypto_stuff()
+setup_crypto()
 {
     echo "Generating SSL files..."
-    openssl dhparam -out "$TMP_DIR"/dhparams.pem 1024 > /dev/null 2>&1
+    openssl dhparam -out "$TMP_DIR"/dhparams.pem 2048 > /dev/null 2>&1
     openssl req -new -newkey rsa:4096 -days 365 -nodes -x509 \
         -subj "/C=ES/ST=Madrid/L=Madrid/O=dcarrillo/CN=localhost" \
         -keyout "$TMP_DIR"/cert.key -out "$TMP_DIR"/cert.pem > /dev/null 2>&1
 }
 
-_check_status_code()
+check_status_code()
 {
     if [ "$1" != 200 ]; then
         printf "Test failed, status code %s is not 200\n" "$STATUS_CODE"
@@ -50,39 +41,19 @@ _check_status_code()
     fi
 }
 
-_setup_crypto_stuff
+setup_crypto
+pushd "$LOCAL_DIR" > /dev/null
+ln -s ../conf.env .env &>/dev/null || true
+docker compose up --build --detach
 
-echo "Preparing php"
-docker run --name php --rm -d php:fpm-alpine > /dev/null
-docker exec -i php sh -c "echo 'pm.status_path = /phpfpm_status' \
-                         >> /usr/local/etc/php-fpm.d/www.conf \
-                         && kill -USR2 1"
-
-echo "Running container to be tested..."
-docker run --name "${NGINX_VERSION}"_test --rm --link php \
-           -v "$LOCAL_DIR"/nginx.conf:/usr/local/nginx/conf/nginx.conf:ro \
-           -v "$TMP_DIR"/cert.pem:/tmp/cert.pem:ro \
-           -v "$TMP_DIR"/cert.key:/tmp/cert.key:ro \
-           -v "$TMP_DIR"/dhparams.pem:/tmp/dhparams.pem:ro \
-           -d "${DOCKER_IMAGE}":"${NGINX_VERSION}" > /dev/null
-
-echo "Preparing requester container..."
-docker run --name "${NGINX_VERSION}"_requester --rm --link "${NGINX_VERSION}"_test \
-           -i -d $ALPINE_VERSION sh > /dev/null
-exec_docker="docker exec -i ${NGINX_VERSION}_requester"
-$exec_docker apk add curl > /dev/null
-
-## Test 1-4 http/https/fastcgipass
 requests="
-http://${NGINX_VERSION}_test/nginx_status
+http://localhost/nginx_status
-https://${NGINX_VERSION}_test/nginx_status
+https://localhost/nginx_status
-http://${NGINX_VERSION}_test/phpfpm_status
-https://${NGINX_VERSION}_test/phpfpm_status
 "
 for request in $requests; do
     printf "\nRequesting %s\n" "$request"
-    STATUS_CODE=$($exec_docker curl -s -k -m 5 -o /dev/null -w "%{http_code}" "$request")
+    STATUS_CODE=$(curl -s -k -m 5 -o /dev/null -w "%{http_code}" "$request")
-    _check_status_code "$STATUS_CODE"
+    check_status_code "$STATUS_CODE"
 done
 
 echo "All tests succeeded !"