feat(library): Introduce Nginx 1.25 as library (#27)

Reviewed-by: Felipe Huici [email protected]
Approved-by: Felipe Huici [email protected]

.github/workflows/library-nginx1.25.yaml

@@ -0,0 +1,75 @@
+name: library/nginx1.25
+
+on:
+  schedule:
+  - cron: '0 0 * * *' # Everyday at 12AM
+
+  push:
+    branches: [main]
+    paths:
+    - 'library/nginx/1.25/**'
+    - '.github/workflows/library-nginx1.25.yaml'
+    - '!library/nginx/1.25/README.md'
+
+  pull_request:
+    types: [opened, synchronize, reopened]
+    branches: [main]
+    paths:
+    - 'library/nginx/1.25/**'
+    - '.github/workflows/library-nginx1.25.yaml'
+    - '!library/nginx/1.25/README.md'
+
+jobs:
+  build:
+    strategy:
+      fail-fast: false
+      matrix:
+        include:
+        - plat: qemu
+          arch: x86_64
+        - plat: fc
+          arch: x86_64
+
+    runs-on: ubuntu-latest
+
+    steps:
+    - uses: actions/checkout@v3
+
+    - name: Build nginx1.25
+      uses: unikraft/kraftkit@staging
+      with:
+        loglevel: debug
+        workdir: library/nginx/1.25
+        runtimedir: /github/workspace/.kraftkit
+        plat: ${{ matrix.plat }}
+        arch: ${{ matrix.arch }}
+        push: false
+        output: oci://index.unikraft.io/unikraft.org/nginx:1.25
+
+    - name: Archive OCI digests
+      uses: actions/upload-artifact@v3
+      with:
+        name: oci-digests-${{ matrix.arch }}-${{ matrix.plat }}
+        path: ${{ github.workspace }}/.kraftkit/oci/digests
+        if-no-files-found: error
+
+  push:
+    if: ${{ github.event_name == 'push' || github.event_name == 'schedule' }}
+    needs: [ build ]
+    runs-on: ubuntu-latest
+
+    steps:
+    - uses: actions/checkout@v3
+
+    - name: Login to OCI registry
+      uses: docker/login-action@v2
+      with:
+        registry: index.unikraft.io
+        username: ${{ secrets.REG_USERNAME }}
+        password: ${{ secrets.REG_TOKEN }}
+
+    - name: Retrieve, merge and push OCI digests
+      uses: ./.github/actions/merge-oci-digests
+      with:
+        name: index.unikraft.io/unikraft.org/nginx:1.25
+        push: true

README.md

@@ -38,6 +38,7 @@ kraft pkg ls --apps --update
 | [![](https://github.com/unikraft/catalog/actions/workflows/library-base.yaml/badge.svg)](https://github.com/unikraft/catalog/actions/workflows/library-base.yaml) | [`unikraft.org/base:latest`](library/base) |
 | [![](https://github.com/unikraft/catalog/actions/workflows/library-helloworld.yaml/badge.svg)](https://github.com/unikraft/catalog/actions/workflows/library-helloworld.yaml) | [`unikraft.org/helloworld:latest`](library/helloworld) |
 | [![](https://github.com/unikraft/catalog/actions/workflows/library-nginx1.15.yaml/badge.svg)](https://github.com/unikraft/catalog/actions/workflows/library-nginx1.15.yaml) | [`unikraft.org/nginx:1.15`](library/nginx/1.15) |
+| [![](https://github.com/unikraft/catalog/actions/workflows/library-nginx1.25.yaml/badge.svg)](https://github.com/unikraft/catalog/actions/workflows/library-nginx1.25.yaml) | [`unikraft.org/nginx:1.25`](library/nginx/1.25) |
 | [![](https://github.com/unikraft/catalog/actions/workflows/library-python3.10.yaml/badge.svg)](https://github.com/unikraft/catalog/actions/workflows/library-python3.10.yaml) | [`unikraft.org/python:3.10`](library/python/3.10) |
 | [![](https://github.com/unikraft/catalog/actions/workflows/library-redis7.0.yaml/badge.svg)](https://github.com/unikraft/catalog/actions/workflows/library-redis7.0.yaml) | [`unikraft.org/redis:7.0`](library/redis/7.0) |
 | [![](https://github.com/unikraft/catalog/actions/workflows/library-lua5.4.yaml/badge.svg)](https://github.com/unikraft/catalog/actions/workflows/library-lua5.4.yaml) | [`unikraft.org/lua:5.4`](library/lua/5.4) |

library/nginx/1.25/Dockerfile

@@ -0,0 +1,35 @@
+FROM nginx:1.25.3-bookworm AS build
+
+# These are normally syminks to /dev/stdout and /dev/stderr, which don't
+# (currently) work with Unikraft. We remove them, such that Nginx will create
+# them by hand.
+RUN rm /var/log/nginx/error.log
+RUN rm /var/log/nginx/access.log
+
+FROM scratch
+
+# Nginx binaries, modules, configuration, log and runtime files
+COPY --from=build /usr/sbin/nginx /usr/bin/nginx
+COPY --from=build /usr/lib/nginx /usr/lib/nginx
+COPY --from=build /etc/nginx /etc/nginx
+COPY --from=build /etc/passwd /etc/passwd
+COPY --from=build /etc/group /etc/group
+COPY --from=build /var/log/nginx /var/log/nginx
+COPY --from=build /var/cache/nginx /var/cache/nginx
+COPY --from=build /var/run /var/run
+
+# Libraries
+COPY --from=build /lib/x86_64-linux-gnu/libcrypt.so.1 /lib/x86_64-linux-gnu/libcrypt.so.1
+COPY --from=build /lib/x86_64-linux-gnu/libpcre2-8.so.0 /lib/x86_64-linux-gnu/libpcre2-8.so.0
+COPY --from=build /lib/x86_64-linux-gnu/libssl.so.3 /lib/x86_64-linux-gnu/libssl.so.3
+COPY --from=build /lib/x86_64-linux-gnu/libcrypto.so.3 /lib/x86_64-linux-gnu/libcrypto.so.3
+COPY --from=build /lib/x86_64-linux-gnu/libz.so.1 /lib/x86_64-linux-gnu/libz.so.1
+COPY --from=build /lib/x86_64-linux-gnu/libc.so.6 /lib/x86_64-linux-gnu/libc.so.6
+COPY --from=build /lib64/ld-linux-x86-64.so.2 /lib64/ld-linux-x86-64.so.2
+COPY --from=build /etc/ld.so.cache /etc/ld.so.cache
+
+# Custom configuration files, including using a single process for Nginx
+COPY ./conf/nginx.conf /etc/nginx/nginx.conf
+
+# Web root
+COPY ./wwwroot /wwwroot

library/nginx/1.25/Kraftfile

@@ -0,0 +1,140 @@
+spec: v0.6
+
+name: nginx
+
+rootfs: ./Dockerfile
+
+cmd: ["/usr/bin/nginx"]
+
+template:
+  source: https://github.com/unikraft/app-elfloader.git
+  version: staging
+
+unikraft:
+  version: staging
+  kconfig:
+    # Configurations options for app-elfloader
+    # (they can't be part of the template atm)
+    CONFIG_APPELFLOADER_ARCH_PRCTL: 'y'
+    CONFIG_APPELFLOADER_BRK: 'y'
+    CONFIG_APPELFLOADER_CUSTOMAPPNAME: 'y'
+    CONFIG_APPELFLOADER_STACK_NBPAGES: 128
+    CONFIG_APPELFLOADER_VFSEXEC_EXECBIT: 'n'
+    CONFIG_APPELFLOADER_VFSEXEC: 'y'
+    CONFIG_APPELFLOADER_HFS: 'y'
+    CONFIG_APPELFLOADER_HFS_ETCRESOLVCONF: 'y'
+    CONFIG_APPELFLOADER_HFS_ETCHOSTS: 'y'
+    CONFIG_APPELFLOADER_HFS_ETCHOSTNAME: 'y'
+    CONFIG_APPELFLOADER_HFS_REPLACEEXIST: 'y'
+    # Unikraft options
+    CONFIG_HAVE_PAGING_DIRECTMAP: 'y'
+    CONFIG_HAVE_PAGING: 'y'
+    CONFIG_I8042: 'y'
+    CONFIG_LIBDEVFS_AUTOMOUNT: 'y'
+    CONFIG_LIBDEVFS_DEV_NULL: 'y'
+    CONFIG_LIBDEVFS_DEV_STDOUT: 'y'
+    CONFIG_LIBDEVFS_DEV_ZERO: 'y'
+    CONFIG_LIBDEVFS: 'y'
+    CONFIG_LIBPOSIX_ENVIRON_ENVP0: "PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
+    CONFIG_LIBPOSIX_ENVIRON_ENVP1: "LD_LIBRARY_PATH=/usr/local/lib:/usr/lib:/lib"
+    CONFIG_LIBPOSIX_ENVIRON_ENVP2: "HOME=/"
+    CONFIG_LIBPOSIX_ENVIRON: 'y'
+    CONFIG_LIBPOSIX_EVENTFD: 'y'
+    CONFIG_LIBPOSIX_FDIO: 'y'
+    CONFIG_LIBPOSIX_FDTAB: 'y'
+    CONFIG_LIBPOSIX_FUTEX: 'y'
+    CONFIG_LIBPOSIX_MMAP: 'y'
+    CONFIG_LIBPOSIX_NETLINK: 'y'
+    CONFIG_LIBPOSIX_PIPE: 'y'
+    CONFIG_LIBPOSIX_POLL: 'y'
+    CONFIG_LIBPOSIX_PROCESS_CLONE: 'y'
+    CONFIG_LIBPOSIX_SOCKET: 'y'
+    CONFIG_LIBPOSIX_SYSINFO: 'y'
+    CONFIG_LIBPOSIX_TIME: 'y'
+    CONFIG_LIBPOSIX_TIMERFD: 'y'
+    CONFIG_LIBPOSIX_UNIXSOCKET: 'y'
+    CONFIG_LIBPOSIX_USER_GID: 0
+    CONFIG_LIBPOSIX_USER_GROUPNAME: "root"
+    CONFIG_LIBPOSIX_USER_UID: 0
+    CONFIG_LIBPOSIX_USER_USERNAME: "root"
+    CONFIG_LIBPOSIX_USER: 'y'
+    CONFIG_LIBRAMFS: 'y'
+    CONFIG_LIBSYSCALL_SHIM_HANDLER_ULTLS: 'y'
+    CONFIG_LIBSYSCALL_SHIM_HANDLER: 'y'
+    CONFIG_LIBSYSCALL_SHIM_LEGACY_VERBOSE: 'y'
+    CONFIG_LIBSYSCALL_SHIM: 'y'
+    CONFIG_LIBUKALLOCPOOL: 'y'
+    CONFIG_LIBUKBLKDEV_SYNC_IO_BLOCKED_WAITING: 'y'
+    CONFIG_LIBUKBLKDEV: 'y'
+    CONFIG_LIBUKBOOT_BANNER_MINIMAL: 'y'
+    CONFIG_LIBUKBOOT_HEAP_BASE: '0x400000000'
+    CONFIG_LIBUKBOOT_MAINTHREAD: 'y'
+    CONFIG_LIBUKBOOT_SHUTDOWNREQ_HANDLER: 'y'
+    CONFIG_LIBUKCPIO: 'y'
+    CONFIG_LIBUKDEBUG_CRASH_SCREEN: 'y'
+    CONFIG_LIBUKDEBUG_ENABLE_ASSERT: 'y'
+    CONFIG_LIBUKDEBUG_PRINT_SRCNAME: 'n'
+    CONFIG_LIBUKDEBUG_PRINT_TIME: 'y'
+    CONFIG_LIBUKDEBUG_PRINTK_ERR: 'y'
+    CONFIG_LIBUKDEBUG_PRINTK: 'y'
+    CONFIG_LIBUKDEBUG: 'y'
+    CONFIG_LIBUKFALLOC: 'y'
+    CONFIG_LIBUKMPI: 'n'
+    CONFIG_LIBUKSIGNAL: 'y'
+    CONFIG_LIBUKSWRAND_DEVFS: 'y'
+    CONFIG_LIBUKSWRAND: 'y'
+    CONFIG_LIBUKVMEM_DEFAULT_BASE: '0x0000001000000000'
+    CONFIG_LIBUKVMEM_DEMAND_PAGE_IN_SIZE: 12
+    CONFIG_LIBUKVMEM_PAGEFAULT_HANDLER_PRIO: 4
+    CONFIG_LIBUKVMEM: 'y'
+    CONFIG_LIBVFSCORE_AUTOMOUNT_CI_EINITRD: 'y'
+    CONFIG_LIBVFSCORE_AUTOMOUNT_CI: 'y'
+    CONFIG_LIBVFSCORE_AUTOMOUNT_UP: 'y'
+    CONFIG_LIBVFSCORE_AUTOMOUNT: 'y'
+    CONFIG_LIBVFSCORE_NONLARGEFILE: 'y'
+    CONFIG_LIBVFSCORE_ROOTFS_EINITRD: 'y'
+    CONFIG_LIBVFSCORE: 'y'
+    CONFIG_OPTIMIZE_DEADELIM: 'y'
+    CONFIG_OPTIMIZE_LTO: 'y'
+    CONFIG_PAGING: 'y'
+    CONFIG_STACK_SIZE_PAGE_ORDER: 4 # 128 * 4K = 512K
+    CONFIG_UKPLAT_KSP_SIZE: 32768
+    CONFIG_UKPLAT_MEMREGION_MAX_COUNT: 64
+    CONFIG_LIBUKNETDEV_EINFO_LIBPARAM: 'y'
+
+    # Debug options
+    # CONFIG_LIBUKDEBUG_PRINTD: 'y'
+    # CONFIG_LIBUKDEBUG_PRINTK_INFO: 'y'
+    # CONFIG_LIBSYSCALL_SHIM_STRACE: 'y'
+    # CONFIG_LIBSYSCALL_SHIM_DEBUG: 'y'
+
+libraries:
+  lwip:
+    source: https://github.com/unikraft/lib-lwip.git
+    version: staging
+    kconfig:
+      CONFIG_LWIP_LOOPIF: 'y'
+      CONFIG_LWIP_UKNETDEV: 'y'
+      CONFIG_LWIP_LOOPBACK: 'y'
+      CONFIG_LWIP_TCP: 'y'
+      CONFIG_LWIP_UDP: 'y'
+      CONFIG_LWIP_RAW: 'y'
+      CONFIG_LWIP_WND_SCALE: 'y'
+      CONFIG_LWIP_TCP_KEEPALIVE: 'y'
+      CONFIG_LWIP_THREADS: 'y'
+      CONFIG_LWIP_HEAP: 'y'
+      CONFIG_LWIP_SOCKET: 'y'
+      CONFIG_LWIP_AUTOIFACE: 'y'
+      CONFIG_LWIP_IPV4: 'y'
+      CONFIG_LWIP_DHCP: 'y'
+      CONFIG_LWIP_DNS: 'y'
+      CONFIG_LWIP_NUM_TCPCON: 64
+      CONFIG_LWIP_NUM_TCPLISTENERS: 64
+      CONFIG_LWIP_ICMP: 'y'
+  libelf:
+    source: https://github.com/unikraft/lib-libelf.git
+    version: staging
+
+targets:
+- fc/x86_64
+- qemu/x86_64

library/nginx/1.25/README.md

@@ -0,0 +1,21 @@
+# Nginx 1.25
+
+This directory contains the definition for the `unikraft.org/nginx:1.25` image running Nginx.
+
+To run this image, [install Unikraft's companion command-line toolchain `kraft`](https://unikraft.org/docs/cli) and then you can run:
+
+```console
+kraft run -p 8080:80 unikraft.org/nginx:1.25
+```
+
+Query the server using:
+
+```console
+curl localhost:8080
+```
+
+You will get a simple index web page from Nginx.
+
+## See also
+
+- [How to run unikernels locally in Unikraft's Documentation](https://unikraft.org/docs/cli/running).

library/nginx/1.25/conf/nginx.conf

@@ -0,0 +1,33 @@
+worker_processes  1;
+daemon            off;
+master_process    off;
+user root root;
+
+events {
+  worker_connections  64;
+}
+
+http {
+  include mime.types;
+  default_type application/octet-stream;
+
+  open_file_cache           max=10000 inactive=30s;
+  open_file_cache_min_uses  2;
+  open_file_cache_errors    on;
+
+  error_log stderr error;
+  access_log off;
+
+  keepalive_timeout     10s;
+  keepalive_requests    10000;
+  send_timeout          10s;
+
+  server {
+    listen              80;
+
+    server_name         localhost;
+
+    root                /wwwroot;
+    index               index.html;
+  }
+}

library/nginx/1.25/wwwroot/index.html

@@ -0,0 +1,25 @@
+<!DOCTYPE html>
+<html>
+<head>
+<title>Welcome to nginx!</title>
+<style>
+    body {
+        width: 35em;
+        margin: 0 auto;
+        font-family: Tahoma, Verdana, Arial, sans-serif;
+    }
+</style>
+</head>
+<body>
+<h1>Welcome to nginx!</h1>
+<p>If you see this page, the nginx web server is successfully installed and
+working. Further configuration is required.</p>
+
+<p>For online documentation and support please refer to
+<a href="http://nginx.org/">nginx.org</a>.<br/>
+Commercial support is available at
+<a href="http://nginx.com/">nginx.com</a>.</p>
+
+<p><em>Thank you for using nginx.</em></p>
+</body>
+</html>