From 9a8a11c1fc0fc48583f68cc75f0a56a904a0483c Mon Sep 17 00:00:00 2001
From: Manuel de Brito Fontes <aledbf@gmail.com>
Date: Sat, 18 Jun 2016 15:35:33 -0400
Subject: [PATCH] Update nginx to add dynamic TLS records and spdy

---
 images/nginx-slim/Makefile |  2 +-
 images/nginx-slim/build.sh | 24 ++++++++++++++++++++++--
 2 files changed, 23 insertions(+), 3 deletions(-)

diff --git a/images/nginx-slim/Makefile b/images/nginx-slim/Makefile
index a937f1495c..c0fe2e9ac3 100644
--- a/images/nginx-slim/Makefile
+++ b/images/nginx-slim/Makefile
@@ -1,7 +1,7 @@
 all: push
 
 # 0.0.0 shouldn't clobber any released builds
-TAG = 0.7
+TAG = 0.8
 PREFIX = gcr.io/google_containers/nginx-slim
 
 container:
diff --git a/images/nginx-slim/build.sh b/images/nginx-slim/build.sh
index 123e79e777..62a68d6ab4 100755
--- a/images/nginx-slim/build.sh
+++ b/images/nginx-slim/build.sh
@@ -21,7 +21,7 @@ export NGINX_VERSION=1.11.1
 export NDK_VERSION=0.3.0
 export VTS_VERSION=0.1.9
 export SETMISC_VERSION=0.30
-export LUA_VERSION=0.10.3
+export LUA_VERSION=0.10.5
 export STICKY_SESSIONS_VERSION=c78b7dd79d0d
 export LUA_CJSON_VERSION=2.1.0.4
 export LUA_RESTY_HTTP_VERSION=0.07
@@ -82,7 +82,7 @@ get_src 59920dd3f92c2be32627121605751b52eae32b5884be09f2e4c53fb2fae8aabc \
 get_src ddd297a5f894d966cae19f112c79f99ec9fa13612c3d324c19533247c4953980 \
         "https://github.com/vozlt/nginx-module-vts/archive/v$VTS_VERSION.tar.gz"
 
-get_src a69504c25de67bce968242d331d2e433c021405a6dba7bca0306e6e0b040bb50 \
+get_src 4f0292c37ab3d7cb980c994825040be1bda2c769cbd800e79c43eb37458347d4 \
         "https://github.com/openresty/lua-nginx-module/archive/v$LUA_VERSION.tar.gz"
 
 get_src 5417991b6db4d46383da2d18f2fd46b93fafcebfe87ba87f7cfeac4c9bcb0224 \
@@ -109,9 +109,22 @@ get_src 618de9d87cbb4e6ad21cc4a1a178bbfdabddba9ad07ddee4c1190d23c12887ee \
 get_src 8eabbcd5950fdcc718bb0ef9165206c2ed60f67cd9da553d7bc3e6fe4e338461 \
         "https://github.com/yaoweibin/ngx_http_substitutions_filter_module/archive/$NGINX_SUBSTITUTIONS.tar.gz"
 
+
+#https://blog.cloudflare.com/optimizing-tls-over-tcp-to-reduce-latency/
+curl -sSL -o nginx__dynamic_tls_records.patch https://raw.githubusercontent.com/cloudflare/sslconfig/master/patches/nginx__dynamic_tls_records.patch
+
+# Add SPDY support back to Nginx with HTTP/2
+# https://github.com/cloudflare/sslconfig
+curl -sSL -o nginx_1_9_15_http2_spdy.patch https://raw.githubusercontent.com/felixbuenemann/sslconfig/7c23d2791857f0b07e3008ba745bcf48d8d6b170/patches/nginx_1_9_15_http2_spdy.patch
+
 # build nginx
 cd "$BUILD_PATH/nginx-$NGINX_VERSION"
 
+echo "Applying tls nginx patches..."
+patch -p1 < $BUILD_PATH/nginx__dynamic_tls_records.patch
+patch -p1 < $BUILD_PATH/nginx_1_9_15_http2_spdy.patch 
+
+
 ./configure \
   --prefix=/usr/share/nginx \
   --conf-path=/etc/nginx/nginx.conf \
@@ -137,6 +150,7 @@ cd "$BUILD_PATH/nginx-$NGINX_VERSION"
   --with-http_gzip_static_module \
   --with-http_sub_module \
   --with-http_v2_module \
+  --with-http_spdy_module \
   --with-stream \
   --with-stream_ssl_module \
   --with-threads \
@@ -212,3 +226,9 @@ rm -Rf /usr/share/man /usr/share/doc
 rm -rf /tmp/* /var/tmp/*
 rm -rf /var/lib/apt/lists/*
 rm -rf /var/cache/apt/archives/*
+
+# Download of GeoIP databases
+curl -sSL -o /etc/nginx/GeoIP.dat.gz http://geolite.maxmind.com/download/geoip/database/GeoLiteCountry/GeoIP.dat.gz \
+  && curl -sSL -o /etc/nginx/GeoLiteCity.dat.gz http://geolite.maxmind.com/download/geoip/database/GeoLiteCity.dat.gz \
+  && gunzip /etc/nginx/GeoIP.dat.gz \
+  && gunzip /etc/nginx/GeoLiteCity.dat.gz