- Shell 75.8%
- Dockerfile 24.2%
| .forgejo | ||
| scripts | ||
| .dockerignore | ||
| .gitignore | ||
| Dockerfile | ||
| README.md | ||
ninginx — Custom nginx Build
Builds nginx from source with OpenSSL 4.x, Brotli compression, and all optional modules. Multi-arch Docker images and standalone binaries for Linux and Windows.
Quick Start
# Build locally
docker build --build-arg NGINX_VERSION=1.30.2 --build-arg OPENSSL_VERSION=4.0.0 -t ninginx .
docker run --rm ninginx nginx -v
See .forgejo/SECRETS-SETUP.md for CI setup.
Architecture Overview
The CI/CD pipeline runs on Forgejo Actions and is defined in .forgejo/workflows/build.yml.
Triggers:
- Daily cron at 06:00 UTC
- Manual
workflow_dispatchwith optional parameters
Two tracks:
- stable — latest even minor version (e.g., 1.30.x)
- mainline — latest odd minor version (e.g., 1.31.x)
The pipeline auto-detects the latest nginx release from nginx.org and the latest OpenSSL 4.x from GitHub releases. A version override can skip auto-detection entirely.
Jobs:
detect-versions → build-docker ─→ push-registries
↘ build-windows ─→ create-release
- detect-versions — Fetches latest nginx and OpenSSL versions, decides which tracks need building
- build-docker — Builds per-platform Docker images (linux/amd64, linux/arm64, linux/arm/v7) with QEMU + Buildx, runs in parallel for both tracks
- build-windows — Cross-compiles standalone Windows binaries via MinGW (amd64 + arm64, best-effort)
- push-registries — Creates multi-arch manifests and pushes to all three registries with full tagging
- create-release — Gathers all binary artifacts and publishes a Forgejo release
Three registries (all receive the same images):
| Registry | URL |
|---|---|
| Forgejo | hangar.nixthedev.ru |
| Docker Hub | docker.io |
| GHCR | ghcr.io |
Skip-build logic: The pipeline checks whether a version already exists in the registry before building. If all tags are present, the build is skipped.
Required Repository Secrets
| Secret | Purpose | Where to Get |
|---|---|---|
GITHUB_TOKEN |
Forgejo registry auth — auto-provided (built-in token) | No setup needed |
DOCKER_USERNAME |
Docker Hub login | Docker Hub username |
DOCKER_PASSWORD |
Docker Hub auth | https://hub.docker.com/settings/security — access token |
GHCR_TOKEN |
GitHub Container Registry auth | https://github.com/settings/tokens — PAT with write:packages + repo scopes |
Note: Forgejo auto-provides ${{ secrets.GITHUB_TOKEN }}. You do not need to create it. Secrets cannot start with FORGEJO_, GITHUB_, or GITEA_ prefixes.
Tag Reference
| Tag | Example | Track | Description |
|---|---|---|---|
{version} |
1.30.2 |
Stable | Full semver, pinned |
{major}.{minor} |
1.30 |
Stable | Minor cutoff, updates with latest patch |
{major} |
1 |
Stable | Major cutoff, updates with latest minor |
stable |
stable |
Stable | Latest stable, moving |
mainline |
mainline |
Mainline | Latest mainline, moving |
latest |
latest |
Mainline | Always points to mainline |
Platform Support
| Platform | Docker Image | Standalone Binary |
|---|---|---|
| linux/amd64 | Multi-arch | .tar.gz |
| linux/arm64 | Multi-arch | .tar.gz |
| linux/arm/v7 | Multi-arch | .tar.gz |
| windows/amd64 | — | .zip (best-effort) |
| windows/arm64 | — | .zip (best-effort) |
Manual Trigger
# Via Forgejo UI: Actions → Build nginx Docker Images → Run workflow
# Or via Forgejo CLI:
# forgejo actions generate-workflow -r NiXTheDev/ninginx -w build.yml
Parameters:
nginx_version_override— Build a specific version (e.g.,1.30.2) instead of auto-detectingforce— Force rebuild even if version already exists in registry