version='1.8.0'
apt-get install -y wget unzip make gcc libzip-dev libssl-dev libpcre3-dev libldap2-dev
mkdir build && cd build
wget https://github.com/kvspb/nginx-auth-ldap/archive/master.zip
unzip master.zip
wget http://nginx.org/download/nginx-${version}.tar.gz
tar xvf nginx-${version}.tar.gz && cd nginx-${version}
./configure \
--prefix=/etc/nginx \
--sbin-path=/usr/sbin/nginx \
--conf-path=/etc/nginx/nginx.conf \
--error-log-path=/var/log/nginx/error.log \
--http-log-path=/var/log/nginx/access.log \
--pid-path=/var/run/nginx.pid \
--lock-path=/var/run/nginx.lock \
--http-client-body-temp-path=/var/cache/nginx/client_temp \
--http-proxy-temp-path=/var/cache/nginx/proxy_temp \
--http-fastcgi-temp-path=/var/cache/nginx/fastcgi_temp \
--http-uwsgi-temp-path=/var/cache/nginx/uwsgi_temp \
--http-scgi-temp-path=/var/cache/nginx/scgi_temp \
--user=nginx \
--group=nginx \
--with-http_ssl_module \
--with-http_realip_module \
--with-http_addition_module \
--with-http_sub_module \
--with-http_dav_module \
--with-http_flv_module \
--with-http_mp4_module \
--with-http_gunzip_module \
--with-http_gzip_static_module \
--with-http_random_index_module \
--with-http_secure_link_module \
--with-http_stub_status_module \
--with-http_auth_request_module \
--with-mail \
--with-mail_ssl_module \
--with-file-aio \
--with-http_spdy_module \
--with-ipv6 \
--add-module=../nginx-auth-ldap-master
make && make install

FROM debian:jessie
# bugs here https://github.com/kvspb/nginx-auth-ldap/issues/88
# nginx: [emerg] http_auth_ldap: parse_require in /etc/nginx/nginx.conf:45
# nginx: [emerg] http_auth_ldap: Setting group in /etc/nginx/nginx.conf:45
MAINTAINER Arkii "[email protected]"
RUN echo 'Asia/Shanghai' > /etc/timezone && \
    /bin/cp /usr/share/zoneinfo/Asia/Shanghai /etc/localtime && \
    groupadd -g 396 nginx && \
    useradd nginx -u 396 -g 396 -M -c 'Nginx web server' -s /sbin/nologin -d /var/lib/nginx && \
    mkdir -p /var/log/nginx /var/lib/nginx /var/cache/nginx /usr/share/nginx && \
    chown -R nginx:nginx /var/log/nginx /var/lib/nginx /var/cache/nginx && \
    ln -sf /dev/stdout /var/log/nginx/access.log && \
    ln -sf /dev/stderr /var/log/nginx/error.log
ENV NGINX_VERSION 1.8.0
RUN apt-get update && \
    apt-get install -y wget unzip make gcc libzip-dev libssl-dev libpcre3-dev libldap2-dev
RUN mkdir /tmp/build && cd /tmp/build && \
    wget https://github.com/kvspb/nginx-auth-ldap/archive/master.zip && \
    unzip master.zip && \
    wget http://nginx.org/download/nginx-${NGINX_VERSION}.tar.gz && \
    tar xf nginx-${NGINX_VERSION}.tar.gz && cd nginx-${NGINX_VERSION} && \
    ./configure \
    --prefix=/etc/nginx \
    --sbin-path=/usr/sbin/nginx \
    --conf-path=/etc/nginx/nginx.conf \
    --error-log-path=/var/log/nginx/error.log \
    --http-log-path=/var/log/nginx/access.log \
    --pid-path=/var/run/nginx.pid \
    --lock-path=/var/run/nginx.lock \
    --http-client-body-temp-path=/var/cache/nginx/client_temp \
    --http-proxy-temp-path=/var/cache/nginx/proxy_temp \
    --http-fastcgi-temp-path=/var/cache/nginx/fastcgi_temp \
    --http-uwsgi-temp-path=/var/cache/nginx/uwsgi_temp \
    --http-scgi-temp-path=/var/cache/nginx/scgi_temp \
    --user=nginx \
    --group=nginx \
    --with-http_ssl_module \
    --with-http_realip_module \
    --with-http_addition_module \
    --with-http_sub_module \
    --with-http_dav_module \
    --with-http_flv_module \
    --with-http_mp4_module \
    --with-http_gunzip_module \
    --with-http_gzip_static_module \
    --with-http_random_index_module \
    --with-http_secure_link_module \
    --with-http_stub_status_module \
    --with-http_auth_request_module \
    --with-mail \
    --with-mail_ssl_module \
    --with-file-aio \
    --with-http_spdy_module \
    --with-ipv6 \
    --add-module=../nginx-auth-ldap-master && \
    make && make install
RUN apt-get remove -y gcc wget make unzip && \
       rm -rf /var/lib/apt/lists/*
EXPOSE 80 443 8000 8080
ENTRYPOINT ["nginx"]
CMD ["-g", "daemon off;"]

# user  nobody;
worker_processes  1;
# error_log  logs/error.log;
# error_log  logs/error.log  notice;
# error_log  logs/error.log  info;
# pid        logs/nginx.pid;
events {
    worker_connections  1024;
}
http {
    include       mime.types;
    default_type  application/octet-stream;
    #log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
    #                  '$status $body_bytes_sent "$http_referer" '
    #                  '"$http_user_agent" "$http_x_forwarded_for"';
    #access_log  logs/access.log  main;
    sendfile        on;
    #tcp_nopush     on;
    #keepalive_timeout  0;
    keepalive_timeout  65;
    #gzip  on;
    auth_ldap_cache_enabled on;
    auth_ldap_cache_expiration_time 10000;
    auth_ldap_cache_size 1000;
    ldap_server ad_1 {
      url "ldap://<YOUR LDAP SERVER>:3268/OU=Offices,DC=company,DC=com?sAMAccountName?sub?(objectClass=person)";
      binddn "CN=Operator,OU=Service Accounts,DC=company,DC=com";
      binddn_passwd <PUT Operator's PASSWORD HERE>;
      #connect_timeout 5s;
      #bind_timeout 5s;
      #request_timeout 5s;
      group_attribute member;
      group_attribute_is_dn on;
      satisfy any;
      require group "CN=Admins,OU=My Security Groups,DC=company,DC=com";
    }
    ldap_server ad_2 {
      url "ldap://<YOUR LDAP SERVER>:3268/OU=Offices,DC=company,DC=com?sAMAccountName?sub?(objectClass=person)";
      binddn "CN=Operator,OU=Service Accounts,DC=company,DC=com";
      binddn_passwd <PUT Operator's PASSWORD HERE>;
      #connect_timeout 5s;
      #bind_timeout 5s;
      #request_timeout 5s;
      group_attribute member;
      group_attribute_is_dn on;
      satisfy any;
      require group "CN=Admins,OU=My Security Groups,DC=company,DC=com";
    }
    server {
        listen       80;
        server_name  localhost;
        auth_ldap "Login with LDAP account";
        auth_ldap_servers ad_1;
        auth_ldap_servers ad_2;
        #charset koi8-r;
        #access_log  logs/host.access.log  main;
        location / {
            root   html;
            index  index.html index.htm;
        }
        #error_page  404              /404.html;
        # redirect server error pages to the static page /50x.html
        #
        error_page   500 502 503 504  /50x.html;
        location = /50x.html {
            root   html;
        }
    }
}