init

Author: abmmhasan

.dockerignore

@@ -0,0 +1,28 @@
+# Ignore version control files
+.git
+.gitignore
+.github
+
+# Ignore documentation and metadata files
+LICENSE
+*.md
+
+# Ignore environment files
+.env
+.env.*
+
+# Ignore Node.js modules
+node_modules
+npm-debug.log
+
+# Ignore temporary and cache files
+tmp/
+cache/
+
+# Ignore build artifacts and archives
+*.tar
+*.zip
+
+# Ignore Docker Compose files
+docker-compose.yml
+docker-compose*.yaml

.gitattributes

@@ -0,0 +1 @@
+*   text    eol=lf

.github/workflows/docker.publish.yml

@@ -0,0 +1,66 @@
+name: Docker Publish
+
+on:
+  release:
+    types: [published]
+
+jobs:
+  push_to_registries:
+    name: Push Docker image to Docker Hub and GHCR
+    runs-on: ubuntu-latest
+    permissions:
+      contents: read
+      packages: write
+      attestations: write
+      id-token: write
+
+    steps:
+      - name: Check out the repo
+        uses: actions/checkout@v4
+
+      - name: Log in to Docker Hub
+        uses: docker/login-action@v3
+        with:
+          registry: docker.io
+          username: ${{ secrets.DOCKER_USERNAME }}
+          password: ${{ secrets.DOCKER_PASSWORD }}
+
+      - name: Log in to GitHub Container Registry (GHCR)
+        uses: docker/login-action@v3
+        with:
+          registry: ghcr.io
+          username: ${{ github.actor }}
+          password: ${{ secrets.GH_TOKEN }}
+
+      - name: Extract metadata (tags, labels) for Docker
+        id: meta
+        uses: docker/metadata-action@v5
+        with:
+          images: |
+            docker.io/infocyph/nginx
+            ghcr.io/infocyph/nginx
+
+      - name: Build and push Docker images
+        id: push
+        uses: docker/build-push-action@v6
+        with:
+          context: .
+          push: true
+          tags: ${{ steps.meta.outputs.tags }}
+          labels: ${{ steps.meta.outputs.labels }}
+
+      - name: Generate artifact attestation for Docker Hub
+        uses: actions/attest-build-provenance@v2
+        with:
+          subject-name: docker.io/infocyph/nginx
+          subject-digest: ${{ steps.push.outputs.digest }}
+          push-to-registry: true
+          github-token: ${{ secrets.GH_TOKEN }}
+
+      - name: Generate artifact attestation for GHCR
+        uses: actions/attest-build-provenance@v2
+        with:
+          subject-name: ghcr.io/infocyph/nginx
+          subject-digest: ${{ steps.push.outputs.digest }}
+          push-to-registry: true
+          github-token: ${{ secrets.GH_TOKEN }}

.gitignore

@@ -0,0 +1,2 @@
+.idea
+*~

Dockerfile

@@ -0,0 +1,14 @@
+FROM nginx:mainline-alpine
+LABEL org.opencontainers.image.source="https://github.com/infocyph/docker-nginx"
+LABEL org.opencontainers.image.description="NGINX with updated params"
+LABEL org.opencontainers.image.licenses="MIT"
+LABEL org.opencontainers.image.authors="infocyph,abmmhasan"
+RUN apk add --no-cache bash
+COPY scripts/fcgi-params.sh /usr/local/bin/fcgi_params.sh
+COPY scripts/proxy-params.sh /usr/local/bin/proxy_params.sh
+RUN mkdir -p /etc/share/rootCA /etc/mkcert && \
+    chmod +x /usr/local/bin/fcgi_params.sh /usr/local/bin/proxy_params.sh && \
+    /usr/local/bin/fcgi_params.sh && \
+    /usr/local/bin/proxy_params.sh
+EXPOSE 80 443
+CMD ["nginx", "-g", "daemon off;"]

LICENSE

@@ -0,0 +1,21 @@
+MIT License
+
+Copyright (c) 2025 Infocyph
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.

scripts/fcgi-params.sh

@@ -0,0 +1,48 @@
+#!/bin/bash
+
+FASTCGI_PARAMS_FILE="/etc/nginx/fastcgi_params"
+
+# Declare required headers
+declare -A fastcgi_params=(
+    ["HTTP_CLIENT_IP"]='$http_client_ip'
+    ["HTTP_X_FORWARDED_FOR"]='$http_x_forwarded_for'
+    ["HTTP_CF_CONNECTING_IP"]='$http_cf_connecting_ip'
+    ["HTTP_FASTLY_CLIENT_IP"]='$http_fastly_client_ip'
+    ["HTTP_TRUE_CLIENT_IP"]='$http_true_client_ip'
+    ["HTTP_AKAMAI_EDGE_CLIENT_IP"]='$http_akamai_edge_client_ip'
+    ["HTTP_X_AZURE_CLIENTIP"]='$http_x_azure_clientip'
+    ["HTTP_X_APPENGINE_USER_IP"]='$http_x_appengine_user_ip'
+    ["HTTP_X_REAL_IP"]='$http_x_real_ip'
+    ["HTTP_X_CLUSTER_CLIENT_IP"]='$http_x_cluster_client_ip'
+#    ["HTTP_X_FLY_CLIENT_IP"]='$fly_client_ip'
+    ["HTTP_ALI_CLIENT_IP"]='$http_ali_client_ip'
+    ["HTTP_X_ORACLE_CLIENT_IP"]='$http_x_oracle_client_ip'
+    ["HTTP_X_STACKPATH_EDGE_IP"]='$http_x_stackpath_edge_ip'
+    ["HTTP_USER_AGENT"]='$http_user_agent'
+    ["HTTP_ACCEPT"]='$http_accept'
+    ["HTTP_ACCEPT_LANGUAGE"]='$http_accept_language'
+    ["HTTP_REFERER"]='$http_referer'
+    ["SERVER_ADDR"]='$server_addr'
+    ["SERVER_PORT"]='$server_port'
+    ["SERVER_PROTOCOL"]='$server_protocol'
+    ["SERVER_NAME"]='$server_name'
+    ["DOCUMENT_ROOT"]='$document_root'
+    ["REQUEST_SCHEME"]='$scheme'
+    ["REQUEST_METHOD"]='$request_method'
+    ["REQUEST_URI"]='$request_uri'
+    ["QUERY_STRING"]='$query_string'
+    ["REMOTE_ADDR"]='$remote_addr'
+    ["REMOTE_PORT"]='$remote_port'
+    ["REMOTE_USER"]='$remote_user'
+)
+
+# Check and append missing headers in fastcgi_params
+for key in "${!fastcgi_params[@]}"; do
+    if ! grep -q "^fastcgi_param $key " "$FASTCGI_PARAMS_FILE"; then
+        echo "Adding missing FastCGI param: $key"
+        echo "fastcgi_param $key ${fastcgi_params[$key]};" >> "$FASTCGI_PARAMS_FILE"
+    fi
+done
+
+echo "✅ FastCGI parameters updated"
+rm -f -- "$0"

scripts/proxy-params.sh

@@ -0,0 +1,49 @@
+#!/bin/bash
+
+# Define the output file location
+PROXY_PARAMS_FILE="/etc/nginx/proxy_params"
+
+# Backup existing file if it exists
+if [[ -f "$PROXY_PARAMS_FILE" ]]; then
+    cp "$PROXY_PARAMS_FILE" "${PROXY_PARAMS_FILE}.bak"
+fi
+
+# Write the proxy parameters to the file
+cat <<EOF > "$PROXY_PARAMS_FILE"
+# Essential Proxy Headers
+proxy_set_header Host \$host;
+proxy_set_header X-Real-IP \$remote_addr;
+proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for;
+proxy_set_header X-Forwarded-Proto \$scheme;
+
+# Forwarding Additional Headers
+proxy_set_header HTTP_CLIENT_IP \$http_client_ip;
+proxy_set_header HTTP_X_FORWARDED_FOR \$http_x_forwarded_for;
+proxy_set_header HTTP_CF_CONNECTING_IP \$http_cf_connecting_ip;
+proxy_set_header HTTP_FASTLY_CLIENT_IP \$http_fastly_client_ip;
+proxy_set_header HTTP_TRUE_CLIENT_IP \$http_true_client_ip;
+proxy_set_header HTTP_AKAMAI_EDGE_CLIENT_IP \$http_akamai_edge_client_ip;
+proxy_set_header HTTP_X_AZURE_CLIENTIP \$http_x_azure_clientip;
+proxy_set_header HTTP_X_APPENGINE_USER_IP \$http_x_appengine_user_ip;
+proxy_set_header HTTP_X_REAL_IP \$http_x_real_ip;
+proxy_set_header HTTP_X_CLUSTER_CLIENT_IP \$http_x_cluster_client_ip;
+proxy_set_header HTTP_ALI_CLIENT_IP \$http_ali_client_ip;
+proxy_set_header HTTP_X_ORACLE_CLIENT_IP \$http_x_oracle_client_ip;
+proxy_set_header HTTP_X_STACKPATH_EDGE_IP \$http_x_stackpath_edge_ip;
+proxy_set_header HTTP_USER_AGENT \$http_user_agent;
+proxy_set_header HTTP_ACCEPT \$http_accept;
+proxy_set_header HTTP_ACCEPT_LANGUAGE \$http_accept_language;
+proxy_set_header HTTP_REFERER \$http_referer;
+
+# Essential Server Headers
+proxy_set_header SERVER_ADDR \$server_addr;
+proxy_set_header SERVER_PORT \$server_port;
+proxy_set_header SERVER_NAME \$server_name;
+proxy_set_header REMOTE_ADDR \$remote_addr;
+proxy_set_header REMOTE_PORT \$remote_port;
+proxy_set_header REMOTE_USER \$remote_user;
+EOF
+
+# Display confirmation message
+echo "✅ Proxy parameters successfully written to $PROXY_PARAMS_FILE"
+rm -f -- "$0"