pin versions

Signed-off-by: Zoey <[email protected]>
ZoeyVid · Dec 6, 2023 · 4cef66a · 4cef66a
1 parent 0f45315
commit 4cef66a
Showing 1 changed file with 31 additions and 18 deletions.
diff --git a/Dockerfile b/Dockerfile
@@ -3,16 +3,32 @@ ARG BUILD
 
 ARG LUAJIT_INC=/usr/include/luajit-2.1
 ARG LUAJIT_LIB=/usr/lib
+
 ARG NGINX_VER=1.25.3
+ARG OPENSSL_VER=openssl-3.1.4+quic
+ARG MODSEC_VER=v3.0.11
+
+ARG DTR_VER=1.25.1
+ARG RCP_VER=1.25.3
+
+ARG NB_VER=master
+ARG NF_VER=master
+ARG NJS_VER=0.8.2
+ARG NDK_VER=v0.3.3
+ARG LNM_VER=v0.10.25
+ARG MODSECNGX_VER=v1.0.3
+ARG LRC_VER=v0.1.27
+ARG LRL_VER=v0.13
+ARG NHG2M_VER=3.4
 
 WORKDIR /src
 # Requirements
 RUN apk add --no-cache ca-certificates build-base patch cmake git libtool autoconf automake \
     libatomic_ops-dev zlib-dev luajit-dev pcre2-dev linux-headers yajl-dev libxml2-dev libxslt-dev perl-dev curl-dev lmdb-dev lua5.1-dev lmdb-dev geoip-dev libmaxminddb-dev
 # Openssl
-RUN git clone --recursive https://github.com/quictls/openssl --branch openssl-3.1.4+quic /src/openssl
+RUN git clone --recursive https://github.com/quictls/openssl --branch "$OPENSSL_VER" /src/openssl
 # modsecurity
-RUN git clone --recursive https://github.com/SpiderLabs/ModSecurity /src/ModSecurity && \
+RUN git clone --recursive https://github.com/SpiderLabs/ModSecurity --branch "$MODSEC_VER" /src/ModSecurity && \
     cd /src/ModSecurity && \
     /src/ModSecurity/build.sh && \
     /src/ModSecurity/configure --with-pcre2 --with-lmdb && \
@@ -22,8 +38,8 @@ RUN git clone --recursive https://github.com/SpiderLabs/ModSecurity /src/ModSecu
 # Nginx
 RUN wget https://nginx.org/download/nginx-"$NGINX_VER".tar.gz -O - | tar xzC /src && \
     mv /src/nginx-"$NGINX_VER" /src/nginx && \
-    wget https://raw.githubusercontent.com/nginx-modules/ngx_http_tls_dyn_size/master/nginx__dynamic_tls_records_1.25.1%2B.patch -O /src/nginx/1.patch && \
-    wget https://raw.githubusercontent.com/openresty/openresty/master/patches/nginx-1.23.0-resolver_conf_parsing.patch -O /src/nginx/2.patch && \
+    wget https://raw.githubusercontent.com/nginx-modules/ngx_http_tls_dyn_size/master/nginx__dynamic_tls_records_"$DTR_VER"%2B.patch -O /src/nginx/1.patch && \
+    wget https://raw.githubusercontent.com/openresty/openresty/master/patches/nginx-"$RCP_VER"-resolver_conf_parsing.patch -O /src/nginx/2.patch && \
     sed -i "s|nginx/|NPMplus/|g" /src/nginx/src/core/nginx.h && \
     sed -i "s|Server: nginx|Server: NPMplus|g" /src/nginx/src/http/ngx_http_header_filter_module.c && \
     sed -i "s|<hr><center>nginx</center>|<hr><center>NPMplus</center>|g" /src/nginx/src/http/ngx_http_special_response.c && \
@@ -32,21 +48,20 @@ RUN wget https://nginx.org/download/nginx-"$NGINX_VER".tar.gz -O - | tar xzC /sr
     patch -p1 </src/nginx/2.patch && \
     rm /src/nginx/*.patch && \
 # modules
-    git clone --recursive https://github.com/google/ngx_brotli /src/ngx_brotli && \
-    git clone --recursive https://github.com/aperezdc/ngx-fancyindex /src/ngx-fancyindex && \
-    git clone --recursive https://github.com/openresty/headers-more-nginx-module /src/headers-more-nginx-module && \
-#    git clone --recursive https://github.com/nginx-modules/ngx_http_limit_traffic_ratefilter_module /src/ngx_http_limit_traffic_ratefilter_module && \
-    git clone --recursive https://github.com/nginx/njs /src/njs && \
-    git clone --recursive https://github.com/vision5/ngx_devel_kit /src/ngx_devel_kit && \
-    git clone --recursive https://github.com/openresty/lua-nginx-module /src/lua-nginx-module && \
-    git clone --recursive https://github.com/SpiderLabs/ModSecurity-nginx /src/ModSecurity-nginx && \
-    git clone --recursive https://github.com/openresty/lua-resty-core /src/lua-resty-core && \
-    git clone --recursive https://github.com/openresty/lua-resty-lrucache /src/lua-resty-lrucache && \
-    git clone --recursive https://github.com/leev/ngx_http_geoip2_module /src/ngx_http_geoip2_module && \
+    git clone --recursive https://github.com/google/ngx_brotli --branch "$NB_VER" /src/ngx_brotli && \
+    git clone --recursive https://github.com/aperezdc/ngx-fancyindex --branch "$NF_VER" /src/ngx-fancyindex && \
+    git clone --recursive https://github.com/openresty/headers-more-nginx-module --branch "$HMNM_VER" /src/headers-more-nginx-module && \
+    git clone --recursive https://github.com/nginx/njs --branch "$NJS_VER" /src/njs && \
+    git clone --recursive https://github.com/vision5/ngx_devel_kit --branch "$NDK_VER" /src/ngx_devel_kit && \
+    git clone --recursive https://github.com/openresty/lua-nginx-module --branch "$LNM_VER" /src/lua-nginx-module && \
+    git clone --recursive https://github.com/SpiderLabs/ModSecurity-nginx --branch "$MODSECNGX_VER" /src/ModSecurity-nginx && \
+    git clone --recursive https://github.com/openresty/lua-resty-core --branch "$LRC_VER" /src/lua-resty-core && \
+    git clone --recursive https://github.com/openresty/lua-resty-lrucache --branch "$LRL_VER" /src/lua-resty-lrucache && \
+    git clone --recursive https://github.com/leev/ngx_http_geoip2_module --branch "$NHG2M_VER" /src/ngx_http_geoip2_module && \
 # Configure
     cd /src/nginx && \
     /src/nginx/configure \
-    --build=${BUILD} \
+    --build="$BUILD" \
     --with-compat \
     --with-threads \
     --with-file-aio \
@@ -56,7 +71,6 @@ RUN wget https://nginx.org/download/nginx-"$NGINX_VER".tar.gz -O - | tar xzC /sr
     --without-poll_module \
     --without-select_module \
     --with-openssl="/src/openssl" \
-#    --with-openssl-opt="no-ssl3 no-ssl3-method no-weak-ssl-ciphers" \
     --with-mail \
     --with-mail_ssl_module \
     --with-stream \
@@ -75,7 +89,6 @@ RUN wget https://nginx.org/download/nginx-"$NGINX_VER".tar.gz -O - | tar xzC /sr
     --add-module=/src/ngx_brotli \
     --add-module=/src/ngx-fancyindex \
     --add-module=/src/headers-more-nginx-module \
-#    --add-module=/src/ngx_http_limit_traffic_ratefilter_module \
     --add-module=/src/njs/nginx \
     --add-module=/src/ngx_devel_kit \
     --add-module=/src/lua-nginx-module \