panel-frontend (sha256:1a82305b17f8fece5e08664ac5d43188cc06d84e2bf433a49f2676ec88ce7844)

2026-01-22T11:02:45Z

Pull the image from the command line:

docker pull gitea.licks.gg/rebirth/panel-frontend@sha256:1a82305b17f8fece5e08664ac5d43188cc06d84e2bf433a49f2676ec88ce7844

Digest:

sha256:1a82305b17f8fece5e08664ac5d43188cc06d84e2bf433a49f2676ec88ce7844

For more information on the Container registry, see the documentation.

ADD file:8729f9c0258836b640e9e789c7ab029cf4547e0596557d54dd4a4d7d8e4a785f in /

CMD ["/bin/sh"]

LABEL maintainer=NGINX Docker Maintainers <docker-maint@nginx.com>

ENV NGINX_VERSION=1.25.4

ENV PKG_RELEASE=1

RUN /bin/sh -c set -x && addgroup -g 101 -S nginx && adduser -S -D -H -u 101 -h /var/cache/nginx -s /sbin/nologin -G nginx -g nginx nginx && apkArch="$(cat /etc/apk/arch)" && nginxPackages=" nginx=${NGINX_VERSION}-r${PKG_RELEASE} " && apk add --no-cache --virtual .checksum-deps openssl && case "$apkArch" in x86_64|aarch64) set -x && KEY_SHA512="e09fa32f0a0eab2b879ccbbc4d0e4fb9751486eedda75e35fac65802cc9faa266425edf83e261137a2f4d16281ce2c1a5f4502930fe75154723da014214f0655" && wget -O /tmp/nginx_signing.rsa.pub https://nginx.org/keys/nginx_signing.rsa.pub && if echo "$KEY_SHA512 */tmp/nginx_signing.rsa.pub" | sha512sum -c -; then echo "key verification succeeded!"; mv /tmp/nginx_signing.rsa.pub /etc/apk/keys/; else echo "key verification failed!"; exit 1; fi && apk add -X "https://nginx.org/packages/mainline/alpine/v$(egrep -o '^[0-9]+\.[0-9]+' /etc/alpine-release)/main" --no-cache $nginxPackages ;; *) set -x && tempDir="$(mktemp -d)" && chown nobody:nobody $tempDir && apk add --no-cache --virtual .build-deps gcc libc-dev make openssl-dev pcre2-dev zlib-dev linux-headers bash alpine-sdk findutils && su nobody -s /bin/sh -c " export HOME=${tempDir} && cd ${tempDir} && curl -f -O https://hg.nginx.org/pkg-oss/archive/${NGINX_VERSION}-${PKG_RELEASE}.tar.gz && PKGOSSCHECKSUM=\"79bf214256bf55700c776a87abfc3cf542323a267d879e89110aa44b551d12f6df7d56676a68f255ebbb54275185980d1fa37075f000d98e0ecac28db9e89fe3 *${NGINX_VERSION}-${PKG_RELEASE}.tar.gz\" && if [ \"\$(openssl sha512 -r ${NGINX_VERSION}-${PKG_RELEASE}.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then echo \"pkg-oss tarball checksum verification succeeded!\"; else echo \"pkg-oss tarball checksum verification failed!\"; exit 1; fi && tar xzvf ${NGINX_VERSION}-${PKG_RELEASE}.tar.gz && cd pkg-oss-${NGINX_VERSION}-${PKG_RELEASE} && cd alpine && make base && apk index -o ${tempDir}/packages/alpine/${apkArch}/APKINDEX.tar.gz ${tempDir}/packages/alpine/${apkArch}/*.apk && abuild-sign -k ${tempDir}/.abuild/abuild-key.rsa ${tempDir}/packages/alpine/${apkArch}/APKINDEX.tar.gz " && cp ${tempDir}/.abuild/abuild-key.rsa.pub /etc/apk/keys/ && apk del --no-network .build-deps && apk add -X ${tempDir}/packages/alpine/ --no-cache $nginxPackages ;; esac && apk del --no-network .checksum-deps && if [ -n "$tempDir" ]; then rm -rf "$tempDir"; fi && if [ -f "/etc/apk/keys/abuild-key.rsa.pub" ]; then rm -f /etc/apk/keys/abuild-key.rsa.pub; fi && if [ -f "/etc/apk/keys/nginx_signing.rsa.pub" ]; then rm -f /etc/apk/keys/nginx_signing.rsa.pub; fi && apk add --no-cache --virtual .gettext gettext && mv /usr/bin/envsubst /tmp/ && runDeps="$( scanelf --needed --nobanner /tmp/envsubst | awk '{ gsub(/,/, "\nso:", $2); print "so:" $2 }' | sort -u | xargs -r apk info --installed | sort -u )" && apk add --no-cache $runDeps && apk del --no-network .gettext && mv /tmp/envsubst /usr/local/bin/ && apk add --no-cache tzdata && ln -sf /dev/stdout /var/log/nginx/access.log && ln -sf /dev/stderr /var/log/nginx/error.log && mkdir /docker-entrypoint.d # buildkit

COPY docker-entrypoint.sh / # buildkit

COPY 10-listen-on-ipv6-by-default.sh /docker-entrypoint.d # buildkit

COPY 15-local-resolvers.envsh /docker-entrypoint.d # buildkit

COPY 20-envsubst-on-templates.sh /docker-entrypoint.d # buildkit

COPY 30-tune-worker-processes.sh /docker-entrypoint.d # buildkit

ENTRYPOINT ["/docker-entrypoint.sh"]

EXPOSE map[80/tcp:{}]

STOPSIGNAL SIGQUIT

CMD ["nginx" "-g" "daemon off;"]

ENV NJS_VERSION=0.8.3

RUN /bin/sh -c set -x && apkArch="$(cat /etc/apk/arch)" && nginxPackages=" nginx=${NGINX_VERSION}-r${PKG_RELEASE} nginx-module-xslt=${NGINX_VERSION}-r${PKG_RELEASE} nginx-module-geoip=${NGINX_VERSION}-r${PKG_RELEASE} nginx-module-image-filter=${NGINX_VERSION}-r${PKG_RELEASE} nginx-module-njs=${NGINX_VERSION}.${NJS_VERSION}-r${PKG_RELEASE} " && apk add --no-cache --virtual .checksum-deps openssl && case "$apkArch" in x86_64|aarch64) set -x && KEY_SHA512="e09fa32f0a0eab2b879ccbbc4d0e4fb9751486eedda75e35fac65802cc9faa266425edf83e261137a2f4d16281ce2c1a5f4502930fe75154723da014214f0655" && wget -O /tmp/nginx_signing.rsa.pub https://nginx.org/keys/nginx_signing.rsa.pub && if echo "$KEY_SHA512 */tmp/nginx_signing.rsa.pub" | sha512sum -c -; then echo "key verification succeeded!"; mv /tmp/nginx_signing.rsa.pub /etc/apk/keys/; else echo "key verification failed!"; exit 1; fi && apk add -X "https://nginx.org/packages/mainline/alpine/v$(egrep -o '^[0-9]+\.[0-9]+' /etc/alpine-release)/main" --no-cache $nginxPackages ;; *) set -x && tempDir="$(mktemp -d)" && chown nobody:nobody $tempDir && apk add --no-cache --virtual .build-deps gcc libc-dev make openssl-dev pcre2-dev zlib-dev linux-headers libxslt-dev gd-dev geoip-dev libedit-dev bash alpine-sdk findutils && su nobody -s /bin/sh -c " export HOME=${tempDir} && cd ${tempDir} && curl -f -O https://hg.nginx.org/pkg-oss/archive/${NGINX_VERSION}-${PKG_RELEASE}.tar.gz && PKGOSSCHECKSUM=\"79bf214256bf55700c776a87abfc3cf542323a267d879e89110aa44b551d12f6df7d56676a68f255ebbb54275185980d1fa37075f000d98e0ecac28db9e89fe3 *${NGINX_VERSION}-${PKG_RELEASE}.tar.gz\" && if [ \"\$(openssl sha512 -r ${NGINX_VERSION}-${PKG_RELEASE}.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then echo \"pkg-oss tarball checksum verification succeeded!\"; else echo \"pkg-oss tarball checksum verification failed!\"; exit 1; fi && tar xzvf ${NGINX_VERSION}-${PKG_RELEASE}.tar.gz && cd pkg-oss-${NGINX_VERSION}-${PKG_RELEASE} && cd alpine && make module-geoip module-image-filter module-njs module-xslt && apk index -o ${tempDir}/packages/alpine/${apkArch}/APKINDEX.tar.gz ${tempDir}/packages/alpine/${apkArch}/*.apk && abuild-sign -k ${tempDir}/.abuild/abuild-key.rsa ${tempDir}/packages/alpine/${apkArch}/APKINDEX.tar.gz " && cp ${tempDir}/.abuild/abuild-key.rsa.pub /etc/apk/keys/ && apk del --no-network .build-deps && apk add -X ${tempDir}/packages/alpine/ --no-cache $nginxPackages ;; esac && apk del --no-network .checksum-deps && if [ -n "$tempDir" ]; then rm -rf "$tempDir"; fi && if [ -f "/etc/apk/keys/abuild-key.rsa.pub" ]; then rm -f /etc/apk/keys/abuild-key.rsa.pub; fi && if [ -f "/etc/apk/keys/nginx_signing.rsa.pub" ]; then rm -f /etc/apk/keys/nginx_signing.rsa.pub; fi && apk add --no-cache curl ca-certificates # buildkit

RUN /bin/sh -c mkdir -p /var/cache/nginx/client_temp && mkdir -p /var/cache/nginx/proxy_temp && mkdir -p /var/cache/nginx/fastcgi_temp && mkdir -p /var/cache/nginx/uwsgi_temp && mkdir -p /var/cache/nginx/scgi_temp && chown -R nginx:nginx /var/cache/nginx && chown -R nginx:nginx /var/log/nginx && touch /var/run/nginx.pid && chown nginx:nginx /var/run/nginx.pid && rm -f /etc/nginx/conf.d/default.conf && touch /etc/nginx/nginx.conf && chown nginx:nginx /etc/nginx/nginx.conf # buildkit

RUN /bin/sh -c cat > /etc/nginx/nginx.conf.template <<'EOF' worker_processes auto; pid /var/run/nginx.pid; error_log /var/log/nginx/error.log warn; events { worker_connections 1024; } http { include /etc/nginx/mime.types; default_type application/octet-stream; # PRIVACY: Disable access logs access_log off; sendfile on; keepalive_timeout 65; # Upstream for backend API upstream backend_api { server ${BACKEND_HOST}:${BACKEND_PORT}; keepalive 32; } server { listen 8080; server_name _; root /usr/share/nginx/html; index index.html; # SECURITY: Reject requests with path traversal attempts if ($request_uri ~* "\.\.") { return 400; } # SECURITY: Reject null bytes if ($request_uri ~* "\x00") { return 400; } # API proxy - forward to backend service location /api/ { proxy_pass http://backend_api; proxy_http_version 1.1; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; # Connection pooling proxy_set_header Connection ""; # Timeouts proxy_connect_timeout 30s; proxy_send_timeout 60s; proxy_read_timeout 60s; # Buffer settings proxy_buffering on; proxy_buffer_size 4k; proxy_buffers 8 4k; } # Socket.IO proxy - for real-time WebSocket connections # Handles all namespaces: /owner, /manager, /admin, /caller, /target location /socket.io/ { proxy_pass http://backend_api; proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "upgrade"; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; # WebSocket timeouts (longer for persistent connections) proxy_connect_timeout 60s; proxy_send_timeout 300s; proxy_read_timeout 300s; } # Health check endpoint (excluded from NestJS global prefix) location = /health { proxy_pass http://backend_api; proxy_http_version 1.1; proxy_set_header Connection ""; } # Config endpoint (excluded from NestJS global prefix) # Returns runtime configuration for the frontend location = /config { proxy_pass http://backend_api; proxy_http_version 1.1; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header Connection ""; } # Internal metrics endpoint (excluded from NestJS global prefix) location = /internal-metrics { proxy_pass http://backend_api; proxy_http_version 1.1; proxy_set_header Connection ""; } # Static assets (JS, CSS, images, fonts) - serve with long cache location /assets/ { expires 1y; add_header Cache-Control "public, immutable"; } # Serve pre-compressed files if available location ~* \.(js|css|html|json)$ { gzip_static on; } # All routes (including /cr/*) - SPA routing location / { try_files $uri $uri/ /index.html; } # Security headers add_header X-Frame-Options "SAMEORIGIN" always; add_header X-Content-Type-Options "nosniff" always; add_header X-XSS-Protection "1; mode=block" always; add_header Referrer-Policy "strict-origin-when-cross-origin" always; add_header Content-Security-Policy "default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; style-src-elem 'self' 'unsafe-inline' https://fonts.googleapis.com; img-src 'self' data: https:; font-src 'self' data: https://fonts.gstatic.com; connect-src 'self' wss: ws: https:;" always; } } EOF # buildkit

COPY --chown=nginx:nginx /app/dist /usr/share/nginx/html # buildkit

EXPOSE [8080/tcp]

USER nginx

ENV BACKEND_HOST=backend

ENV BACKEND_PORT=3000

HEALTHCHECK &{["CMD-SHELL" "wget --no-verbose --tries=1 --spider http://localhost:8080/ || exit 1"] "30s" "3s" "5s" "0s" '\x03'}

CMD ["/bin/sh" "-c" "envsubst '${BACKEND_HOST} ${BACKEND_PORT}' < /etc/nginx/nginx.conf.template > /etc/nginx/nginx.conf && nginx -g 'daemon off;'"]

Key	Value
maintainer	NGINX Docker Maintainers <docker-maint@nginx.com>

Details

Container

2026-01-22 11:02:45 +00:00

1

OCI / Docker

linux/amd64

40 MiB

Versions (14) View all

a8a4188398a9abfc5aa5826f8be6d5bffa8e97da

2026-01-22

latest

2026-01-22

8154e1969a77d127a72771a70adf13b638b5f868

2026-01-22

24f7a2b6c43eb64f5aab39eb4d85d0e9cfb050f3

2026-01-22

8671d6387c2e077071cc250872d822bb1ed1ddb0

2026-01-22

panel-frontend (sha256:1a82305b17f8fece5e08664ac5d43188cc06d84e2bf433a49f2676ec88ce7844)

Installation

Image Layers

Labels