docker-nginx
bypass4netns
docker-nginx | bypass4netns | |
---|---|---|
14 | 3 | |
3,110 | 108 | |
0.8% | 4.6% | |
7.7 | 8.6 | |
11 days ago | 4 days ago | |
Shell | Go | |
BSD 2-clause "Simplified" License | Apache License 2.0 |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
docker-nginx
-
Nginx exit (1) when using podman-compose
Add a brief sleep to the Nginx container's CMD. The default is CMD ["nginx", "-g", "daemon off;"], so something like command: ["sleep", "4", "&&", "nginx", "-g", "daemon off;"]. Didn't try this so not sure whether it'll work or not. Glancing at their docker-entrypoint.sh this will disable autoconfiguration from /docker-entrypoint.d/ (sigh).
-
The standard ENTRYPOINT behavior of official docker images.
A few time ago, I created the this post about nginx official image ENTRYPOINT "issue": https://github.com/nginxinc/docker-nginx/pull/752 .
- Issue in official nginx docker image with custom CMD
-
Creating multiple docker images from one dockerfile with a Github Action
An alternative to this approach, you could also write a template Dockerfile and then write some shell script that you would run locally to take that template and then write/generate Dockerfiles for each. Many of the official Docker images are setup and built this way. Here is an easy example of the nginx Docker image repository. https://github.com/nginxinc/docker-nginx It has three different templates in the root of the repository and has the update.sh script that is run to take those and write them out to a directory and essentially do a find and replace on the templates in the template. Those generated directories are then committed to the repository and pushed up to be built and published as Docker images.
-
Signal TLS Proxy
It's a bit odd to use a custom docker image, rather than the one maintained by nginx Inc though:
https://github.com/signalapp/Signal-TLS-Proxy/blob/main/ngin...
Vs
https://github.com/nginxinc/docker-nginx
For one, this is 5 versions behind (1.18 vs 1.23).
In general seems caddy or haproxy might be a better fit - but nginx is a perfectly fine choice I suppose.
-
docker Vs podman - Which one is worth doing a dive in?
The container image docker.io/library/nginx will hopefully soon have support for socket activation. My PR got merged 9 days ago but the current image does not yet have the funcationality.
- How to run an Nginx container with socket activation and rootless Podman? (I only got it working with a simplified Nginx container image)
- Beginner Docker questions
-
Epic Bug in Nginx for Docker
} ``` I have fixed the templates at https://github.com/nginxinc/docker-nginx/pull/533
bypass4netns
-
How to run an Nginx container with socket activation and rootless Podman? (I only got it working with a simplified Nginx container image)
Socket activation should be the fastest alternative as then there is no need to process and interpret the network traffic that is sent over the socket. Both slirp4netns and netavark process the traffic. If I understand correctly the network driver bypass4netns could have similar performance as socket activation. The current bypass4netns implementation has some security problems but it seems that could be fixed.
-
Podman 4.2.0
(That could a be cool feature)
Also interesting would be to fix the security considerations of using bypass4netns:
"However, it is probably possible to connect to host loopback IPs by exploiting TOCTOU of struct sockaddr * pointers."
There seems to be an implementation idea for how the problem could be fixed:
https://github.com/rootless-containers/bypass4netns/issues/2...
-
Minikube now supports rootless podman driver for running Kubernetes
The filesystem performance degradation was resolved in kernel 5.11 which added support for rootless overlayfs.
The network performance is caused by slirp (usermode TCP/IP) but it is being resolved too : https://github.com/rootless-containers/bypass4netns
What are some alternatives?
httpd - Docker Official Image packaging for Apache HTTP Server
podman-nginx-socket-activation - Demo of how to run socket-activated nginx with Podman
podman-deb - This has been archived because I had a fundamental misunderstanding of the unstable repos provided @lsm5.
Signal-TLS-Proxy
Fedora-Remix-for-WSL - Fedora Remix for Windows Subsystem for Linux.
podman - Management of podman, including systemd services that use podman
buildah - A tool that facilitates building OCI images.
podman-compose - a script to run docker-compose.yml using podman
FedoraWSL - Fedora as a WSL Instance. Supports multiple install.
redis-docker - Docker Official Image packaging for Redis
kubernetes - Production-Grade Container Scheduling and Management