From e1ec74a5dc0ce95157c03eb59cac6dd12a486d64 Mon Sep 17 00:00:00 2001
From: Rustam Tagaev <rustam.tagaev@avroid.tech>
Date: Wed, 5 Feb 2025 16:30:30 +0300
Subject: [PATCH 1/3] [DO-1579]  start project

---
 .gitea/workflows/check-license.yml   | 29 +++++++++++++++++++
 CHANGELOG.md                         |  7 +++++
 Dockerfile                           | 26 +++++++++++++++++
 Makefile                             | 33 +++++++++++++++++++++
 README.md                            | 27 +++++++++++++++++
 rootfs/etc/nginx/conf.d/default.conf | 43 ++++++++++++++++++++++++++++
 rootfs/etc/nginx/nginx.conf          | 35 ++++++++++++++++++++++
 7 files changed, 200 insertions(+)
 create mode 100644 .gitea/workflows/check-license.yml
 create mode 100644 CHANGELOG.md
 create mode 100644 Dockerfile
 create mode 100644 Makefile
 create mode 100644 rootfs/etc/nginx/conf.d/default.conf
 create mode 100644 rootfs/etc/nginx/nginx.conf

diff --git a/.gitea/workflows/check-license.yml b/.gitea/workflows/check-license.yml
new file mode 100644
index 0000000..113054b
--- /dev/null
+++ b/.gitea/workflows/check-license.yml
@@ -0,0 +1,29 @@
+# Copyright Avroid, Ltd.  2023-2024
+#
+# You can not use the contents of the file in any way without
+# AVROID, Ltd. written permission.
+#
+# To obtain such a permit, you should contact AVROID, Ltd.
+# at https://avroid.ru
+
+---
+name: Check license
+run-name: ${{ gitea.actor }} is start check sources
+on: [pull_request]
+
+jobs:
+  scan-secrets:
+    name: Check license
+    runs-on: docker
+    container:
+      image: harbor.avroid.tech/devops/node:20-alpine3.19-0
+    steps:
+      - run: echo "Start job on ${{ runner.name }} with os ${{ runner.os }}"
+      - run: echo "Work with branch ${{ gitea.ref }} repository ${{ gitea.repository }}"
+      - name: Check out repository code
+        uses: https://gitea:${{ secrets.CI_TOKEN }}@git.avroid.tech/Mirrors/github-actions-checkout.git@v4
+        with:
+          fetch-depth: 0 # for work tj-actions/changed-files
+          persist-credentials: false # for work tj-actions/changed-files
+      - name: Check license
+        uses: https://gitea:${{ secrets.CI_TOKEN }}@git.avroid.tech/Actions/addlicense-docker-action.git@v1
diff --git a/CHANGELOG.md b/CHANGELOG.md
new file mode 100644
index 0000000..723c6b1
--- /dev/null
+++ b/CHANGELOG.md
@@ -0,0 +1,7 @@
+# Changelog
+
+## [05.02.2025] - node:1.27.3-alpine3.20
+
+ADD:
+
+* nginx-1.27.3-alpine3.20
diff --git a/Dockerfile b/Dockerfile
new file mode 100644
index 0000000..2c4fc00
--- /dev/null
+++ b/Dockerfile
@@ -0,0 +1,26 @@
+# Copyright Avroid, Ltd.  2023-2025
+#
+# You can not use the contents of the file in any way without
+# AVROID, Ltd. written permission.
+#
+# To obtain such a permit, you should contact AVROID, Ltd.
+# at https://avroid.ru
+
+ARG DOCKER_REGISTRY=harbor.avroid.tech/docker-hub-proxy/library
+
+ARG IMAGE_TAG=""
+
+FROM ${DOCKER_REGISTRY}/nginx:${IMAGE_TAG}
+
+LABEL description="Nginx rootless"
+
+LABEL app.nginx.version="${IMAGE_TAG}"
+
+COPY rootfs /
+
+RUN ln -s /dev/stderr /tmp/error.log \
+    && ln -s /dev/stdout /tmp/access.log
+
+EXPOSE 8080
+
+USER nginx
diff --git a/Makefile b/Makefile
new file mode 100644
index 0000000..da4afba
--- /dev/null
+++ b/Makefile
@@ -0,0 +1,33 @@
+.PHONY: all build push clean
+
+IMAGE_NAME = nginx
+IMAGE_GROUP = devops
+IMAGE_TAG = 1.27.3-alpine3.20
+REVISION =
+DOCKER_REGISTRY = harbor.avroid.tech
+
+all:
+	@echo 'DEFAULT:'
+	@echo '   make build'
+	@echo '   make push'
+	@echo '   make getTag'
+	@echo '   make clean'
+
+build:
+	DOCKER_BUILDKIT=1 docker build \
+					-f Dockerfile \
+					--platform linux/amd64 \
+					--build-arg IMAGE_TAG=$(IMAGE_TAG) \
+					-t $(DOCKER_REGISTRY)/$(IMAGE_GROUP)/$(IMAGE_NAME):$(IMAGE_TAG)$(REVISION) .
+
+push:
+ifeq ($(CI), false)
+	docker login https://$(DOCKER_REGISTRY)
+endif
+	docker push $(DOCKER_REGISTRY)/$(IMAGE_GROUP)/$(IMAGE_NAME):$(IMAGE_TAG)$(REVISION)
+
+getTag:
+	@echo $(IMAGE_TAG)
+
+clean:
+	docker rmi $(DOCKER_REGISTRY)/$(IMAGE_GROUP)/$(IMAGE_NAME):$(IMAGE_TAG)$(REVISION)
diff --git a/README.md b/README.md
index f17ba80..31258c6 100644
--- a/README.md
+++ b/README.md
@@ -1,2 +1,29 @@
 # nginx
 
+## Данный репозиторий используется как основа для остальных репозиториев
+
+Для сборки образа выполните
+
+```bash
+make build
+```
+
+Для загрузки образа в harbor выполните
+
+```bash
+make push
+```
+
+Для вывода тега докер образа выполните
+
+```bash
+make getTag
+```
+
+Для удаления образа из системы выполните
+
+```bash
+make clean
+```
+
+За версию докер образа отвечает переменная IMAGE_TAG в [Makefile](./Makefile#L5)
diff --git a/rootfs/etc/nginx/conf.d/default.conf b/rootfs/etc/nginx/conf.d/default.conf
new file mode 100644
index 0000000..f7dbd82
--- /dev/null
+++ b/rootfs/etc/nginx/conf.d/default.conf
@@ -0,0 +1,43 @@
+server {
+    listen       8080;
+    server_name  localhost;
+
+    #access_log  /var/log/nginx/host.access.log  main;
+
+    location / {
+        root   /usr/share/nginx/html;
+        index  index.html index.htm;
+    }
+
+    #error_page  404              /404.html;
+
+    # redirect server error pages to the static page /50x.html
+    #
+    error_page   500 502 503 504  /50x.html;
+    location = /50x.html {
+        root   /usr/share/nginx/html;
+    }
+
+    # proxy the PHP scripts to Apache listening on 127.0.0.1:80
+    #
+    #location ~ \.php$ {
+    #    proxy_pass   http://127.0.0.1;
+    #}
+
+    # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
+    #
+    #location ~ \.php$ {
+    #    root           html;
+    #    fastcgi_pass   127.0.0.1:9000;
+    #    fastcgi_index  index.php;
+    #    fastcgi_param  SCRIPT_FILENAME  /scripts$fastcgi_script_name;
+    #    include        fastcgi_params;
+    #}
+
+    # deny access to .htaccess files, if Apache's document root
+    # concurs with nginx's one
+    #
+    #location ~ /\.ht {
+    #    deny  all;
+    #}
+}
diff --git a/rootfs/etc/nginx/nginx.conf b/rootfs/etc/nginx/nginx.conf
new file mode 100644
index 0000000..2981491
--- /dev/null
+++ b/rootfs/etc/nginx/nginx.conf
@@ -0,0 +1,35 @@
+user  nginx;
+worker_processes  auto;
+
+error_log  /tmp/error.log notice;
+pid        /tmp/nginx.pid;
+
+events {
+    worker_connections  1024;
+}
+
+http {
+    client_body_temp_path /tmp/client_temp;
+    proxy_temp_path       /tmp/proxy_temp_path;
+    fastcgi_temp_path     /tmp/fastcgi_temp;
+    uwsgi_temp_path       /tmp/uwsgi_temp;
+    scgi_temp_path        /tmp/scgi_temp;
+
+    include       /etc/nginx/mime.types;
+    default_type  application/octet-stream;
+
+    log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
+                      '$status $body_bytes_sent "$http_referer" '
+                      '"$http_user_agent" "$http_x_forwarded_for"';
+
+    access_log  /tmp/access.log  main;
+
+    sendfile        on;
+    #tcp_nopush     on;
+
+    keepalive_timeout  65;
+
+    #gzip  on;
+
+    include /etc/nginx/conf.d/*.conf;
+}

From 5c156670b61cda8f6c3dc016031b9cbd2a6920b0 Mon Sep 17 00:00:00 2001
From: Rustam Tagaev <rustam.tagaev@avroid.tech>
Date: Wed, 5 Feb 2025 16:52:18 +0300
Subject: [PATCH 2/3] [DO-1579]  change default.conf

---
 rootfs/etc/nginx/conf.d/default.conf | 36 +---------------------------
 1 file changed, 1 insertion(+), 35 deletions(-)

diff --git a/rootfs/etc/nginx/conf.d/default.conf b/rootfs/etc/nginx/conf.d/default.conf
index f7dbd82..91c1a35 100644
--- a/rootfs/etc/nginx/conf.d/default.conf
+++ b/rootfs/etc/nginx/conf.d/default.conf
@@ -2,42 +2,8 @@ server {
     listen       8080;
     server_name  localhost;
 
-    #access_log  /var/log/nginx/host.access.log  main;
-
     location / {
-        root   /usr/share/nginx/html;
+        root   /srv;
         index  index.html index.htm;
     }
-
-    #error_page  404              /404.html;
-
-    # redirect server error pages to the static page /50x.html
-    #
-    error_page   500 502 503 504  /50x.html;
-    location = /50x.html {
-        root   /usr/share/nginx/html;
-    }
-
-    # proxy the PHP scripts to Apache listening on 127.0.0.1:80
-    #
-    #location ~ \.php$ {
-    #    proxy_pass   http://127.0.0.1;
-    #}
-
-    # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
-    #
-    #location ~ \.php$ {
-    #    root           html;
-    #    fastcgi_pass   127.0.0.1:9000;
-    #    fastcgi_index  index.php;
-    #    fastcgi_param  SCRIPT_FILENAME  /scripts$fastcgi_script_name;
-    #    include        fastcgi_params;
-    #}
-
-    # deny access to .htaccess files, if Apache's document root
-    # concurs with nginx's one
-    #
-    #location ~ /\.ht {
-    #    deny  all;
-    #}
 }

From 1aa258298b978512496ed3499a761674f52c49c8 Mon Sep 17 00:00:00 2001
From: Rustam Tagaev <rustam.tagaev@avroid.tech>
Date: Thu, 6 Feb 2025 13:54:38 +0300
Subject: [PATCH 3/3] [DO-1579]  change url for checkout to mirrors host

---
 .gitea/workflows/check-license.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.gitea/workflows/check-license.yml b/.gitea/workflows/check-license.yml
index 113054b..cc28722 100644
--- a/.gitea/workflows/check-license.yml
+++ b/.gitea/workflows/check-license.yml
@@ -21,7 +21,7 @@ jobs:
       - run: echo "Start job on ${{ runner.name }} with os ${{ runner.os }}"
       - run: echo "Work with branch ${{ gitea.ref }} repository ${{ gitea.repository }}"
       - name: Check out repository code
-        uses: https://gitea:${{ secrets.CI_TOKEN }}@git.avroid.tech/Mirrors/github-actions-checkout.git@v4
+        uses: https://git-mirrors.avroid.tech/Mirrors-actions/checkout.git@v4
         with:
           fetch-depth: 0 # for work tj-actions/changed-files
           persist-credentials: false # for work tj-actions/changed-files