From cda364b9d98d06fb43da8cf6082d6dcf2246761a Mon Sep 17 00:00:00 2001
From: jiaominchao <jiaominchao@qq.com>
Date: Fri, 11 Jul 2025 14:38:03 +0800
Subject: [PATCH] feat: add nginx_optimized_a8 Dockerfile

Signed-off-by: jiaominchao <jiaominchao@qq.com>
---
 OTHER/nginx_optimized_a8/buildspec.yml        | 34 ++++++++
 .../v1.1/anolis8/Dockerfile                   | 22 +++++
 .../v1.1/anolis8/nginx.conf                   | 84 +++++++++++++++++++
 .../v1.1/anolis8/nginx_keentune.sh            |  9 ++
 OTHER/nginx_optimized_a8/version.yml          |  8 ++
 5 files changed, 157 insertions(+)
 create mode 100644 OTHER/nginx_optimized_a8/buildspec.yml
 create mode 100644 OTHER/nginx_optimized_a8/v1.1/anolis8/Dockerfile
 create mode 100644 OTHER/nginx_optimized_a8/v1.1/anolis8/nginx.conf
 create mode 100755 OTHER/nginx_optimized_a8/v1.1/anolis8/nginx_keentune.sh
 create mode 100644 OTHER/nginx_optimized_a8/version.yml

diff --git a/OTHER/nginx_optimized_a8/buildspec.yml b/OTHER/nginx_optimized_a8/buildspec.yml
new file mode 100644
index 0000000..ee0c8f1
--- /dev/null
+++ b/OTHER/nginx_optimized_a8/buildspec.yml
@@ -0,0 +1,34 @@
+name: &NAME
+version: &VERSION
+image_type: &IMAGE_TYPE
+baseos_version: &BASEOS_VERSION
+
+# 定义镜像仓库信息
+repository_info:
+  acr_alinux: &ACR_ALINUX alibaba-cloud-linux-3-registry.cn-hangzhou.cr.aliyuncs.com/alinux3
+  acr_anolis: &ACR_ANOLIS anolis-registry.cn-zhangjiakou.cr.aliyuncs.com/openanolis
+
+# 定义镜像测试信息
+t-one:
+  # 配置测试信息 workspace 和模版
+  workspace: &WORKSPACE container_ci_test 
+  project: &PROJECT default_container_ci_test
+  test_suite: &TEST_SUITE image-ci-test
+  test_conf: &TEST_CONF group=application_container_func_test
+  test_case: &TEST_CASE application_container_func_test_default
+  cloud_server_tag: &CLOUD_SERVER_TAG [anolis-container-ci-x86, anolis-container-ci-arm]
+
+# 构建镜像配置
+images:
+  # 分组名称，支持自定义
+  BuildNginxKeenTuneECSApplicationDockerImage:
+  	# 定义是否构建参数
+    build: true
+    docker_file:
+      path: OTHER/nginx_optimized_a8/v1.1/anolis8/Dockerfile
+      scene:
+        args: []
+        tags: [20250711-1.14.1-2.4.0]
+        registry: [*ACR_ANOLIS]
+      # 测试配置
+      test_config: [(*WORKSPACE, *PROJECT, *TEST_SUITE, *TEST_CONF, *TEST_CASE, *CLOUD_SERVER_TAG[0], ''), (*WORKSPACE, *PROJECT, *TEST_SUITE, *TEST_CONF, *TEST_CASE, *CLOUD_SERVER_TAG[1], '')]
diff --git a/OTHER/nginx_optimized_a8/v1.1/anolis8/Dockerfile b/OTHER/nginx_optimized_a8/v1.1/anolis8/Dockerfile
new file mode 100644
index 0000000..4927e78
--- /dev/null
+++ b/OTHER/nginx_optimized_a8/v1.1/anolis8/Dockerfile
@@ -0,0 +1,22 @@
+FROM registry.openanolis.cn/openanolis/anolisos:8.10
+
+LABEL \
+        org.opencontainers.image.title="nginx_optimized_a8" \
+        org.opencontainers.image.version="20250711-1.14.1-2.4.0" \
+        maintainer="OpenAnolis KeenTune SIG"
+
+COPY nginx_keentune.sh /usr/local/bin/
+COPY nginx.conf nginx.conf
+
+RUN yum install epel-release -y \
+    && sed -i "s/enabled=0/enabled=1/" /etc/yum.repos.d/AnolisOS-Plus.repo; yum clean all; yum makecache
+RUN yum install nginx systemd procps-ng ethtool pciutils python36 polkit irqbalance git keentuned keentune-target -y
+RUN python3 -m pip install --upgrade pip -i https://pypi.tuna.tsinghua.edu.cn/simple
+RUN pip3 install pynginxconfig pyudev requests -i https://pypi.tuna.tsinghua.edu.cn/simple \
+    && mkdir /etc/pki/nginx/  /etc/pki/nginx/private -p \
+    && /bin/bash -c "openssl req -x509 -sha256 -nodes -days 365 -newkey ec:<(openssl ecparam -name prime256v1) -keyout ecdsa.key -out ecdsa.crt -subj \"/C=CN/ST=Beijing/L=Beijing/O=Example Inc./OU=WebSecurity/CN=example1.com\"" \
+    && mv ecdsa.crt /etc/pki/nginx/ \
+    && mv ecdsa.key /etc/pki/nginx/private \
+    && mv nginx.conf /etc/nginx/nginx.conf \
+    && touch /usr/share/nginx/html/0kb.bin
+
diff --git a/OTHER/nginx_optimized_a8/v1.1/anolis8/nginx.conf b/OTHER/nginx_optimized_a8/v1.1/anolis8/nginx.conf
new file mode 100644
index 0000000..e8011a9
--- /dev/null
+++ b/OTHER/nginx_optimized_a8/v1.1/anolis8/nginx.conf
@@ -0,0 +1,84 @@
+# For more information on configuration, see:
+#   * Official English Documentation: http://nginx.org/en/docs/
+#   * Official Russian Documentation: http://nginx.org/ru/docs/
+
+user nginx;
+worker_processes auto;
+error_log /var/log/nginx/error.log;
+pid /run/nginx.pid;
+
+# Load dynamic modules. See /usr/share/doc/nginx/README.dynamic.
+include /usr/share/nginx/modules/*.conf;
+
+events {
+    worker_connections 1024;
+}
+
+http {
+    log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
+                      '$status $body_bytes_sent "$http_referer" '
+                      '"$http_user_agent" "$http_x_forwarded_for"';
+
+    access_log  /var/log/nginx/access.log  main;
+
+    sendfile            on;
+    tcp_nopush          on;
+    tcp_nodelay         on;
+    keepalive_timeout   65;
+    types_hash_max_size 4096;
+
+    include             /etc/nginx/mime.types;
+    default_type        application/octet-stream;
+
+    # Load modular configuration files from the /etc/nginx/conf.d directory.
+    # See http://nginx.org/en/docs/ngx_core_module.html#include
+    # for more information.
+    include /etc/nginx/conf.d/*.conf;
+
+    server {
+        listen       80;
+        listen       [::]:80;
+        server_name  _;
+        root         /usr/share/nginx/html;
+
+        # Load configuration files for the default server block.
+        include /etc/nginx/default.d/*.conf;
+
+        error_page 404 /404.html;
+            location = /40x.html {
+        }
+
+        error_page 500 502 503 504 /50x.html;
+            location = /50x.html {
+        }
+    }
+
+# Settings for a TLS enabled server.
+
+    server {
+        listen       443 ssl http2;
+        listen       [::]:443 ssl http2;
+        server_name  _;
+        root         /usr/share/nginx/html;
+
+        ssl_certificate "/etc/pki/nginx/ecdsa.crt";
+        ssl_certificate_key "/etc/pki/nginx/private/ecdsa.key";
+        ssl_session_cache shared:SSL:1m;
+        ssl_session_timeout  10m;
+        ssl_ciphers PROFILE=SYSTEM;
+        ssl_prefer_server_ciphers on;
+
+        # Load configuration files for the default server block.
+        include /etc/nginx/default.d/*.conf;
+
+        error_page 404 /404.html;
+            location = /40x.html {
+        }
+
+        error_page 500 502 503 504 /50x.html;
+            location = /50x.html {
+        }
+    }
+
+}
+
diff --git a/OTHER/nginx_optimized_a8/v1.1/anolis8/nginx_keentune.sh b/OTHER/nginx_optimized_a8/v1.1/anolis8/nginx_keentune.sh
new file mode 100755
index 0000000..92d0744
--- /dev/null
+++ b/OTHER/nginx_optimized_a8/v1.1/anolis8/nginx_keentune.sh
@@ -0,0 +1,9 @@
+#!/bin/bash
+
+sed -i 's/\(.*sysCommand("systemctl restart nginx".*\)/# \1/' /usr/lib/python3.6/site-packages/agent/domain/nginx.py
+nohup keentuned > /dev/null &
+nohup keentune-target > /dev/null &
+sleep 5
+keentune profile set nginx.conf
+
+nginx -g "daemon off;"
diff --git a/OTHER/nginx_optimized_a8/version.yml b/OTHER/nginx_optimized_a8/version.yml
new file mode 100644
index 0000000..03dedf1
--- /dev/null
+++ b/OTHER/nginx_optimized_a8/version.yml
@@ -0,0 +1,8 @@
+# 版本关系依赖表，默认继承 version-base.yml 配置，可重写覆盖
+BaseDependency: ../version-base.yml
+Dependency:
+  name: nginx_optimized_a8
+  image_type: other
+  versions:
+    20250711-1.14.1-2.4.0:
+      baseos_version: *AnolisOS8.10
-- 
Gitee