nginx/Dockerfile - sourcearcade - Gitiles

 ARG SSL_VARIANT=selfsigned
 ARG NGINX_TAG=1.25-alpine


 FROM nginx:${NGINX_TAG} as nginx_letsencrypt

 ONBUILD RUN echo "Let's encrypt support not implemented yet."; exit 1


 FROM nginx:${NGINX_TAG} as nginx_selfsigned

 ARG SELFSIGNED_REQ_HOST
 ARG SELFSIGNED_REQ_ALT_NAMES
 ONBUILD RUN test "${SELFSIGNED_REQ_HOST}" || { echo "Require SELFSIGNED_REQ_HOST argument."; exit 1; }
 ONBUILD RUN \
 	apk add openssl && \
 	printf "DE\nHassia\nEschborn\nSource Arcade\nWeb\n${SELFSIGNED_REQ_HOST}\n\n" | \
 		openssl req -x509 -nodes -days 14 -newkey rsa:2048 \
 			-addext "subjectAltName = ${SELFSIGNED_REQ_ALT_NAMES}" \
 			-keyout /etc/ssl/private/sa-selfsigned.key \
 			-out /etc/ssl/certs/sa-selfsigned.crt && \
 	apk del openssl


 FROM nginx_${SSL_VARIANT}
	ARG SSL_VARIANT=selfsigned
	ARG NGINX_TAG=1.25-alpine


	FROM nginx:${NGINX_TAG} as nginx_letsencrypt

	ONBUILD RUN echo "Let's encrypt support not implemented yet."; exit 1


	FROM nginx:${NGINX_TAG} as nginx_selfsigned

	ARG SELFSIGNED_REQ_HOST
	ARG SELFSIGNED_REQ_ALT_NAMES
	ONBUILD RUN test "${SELFSIGNED_REQ_HOST}" \|\| { echo "Require SELFSIGNED_REQ_HOST argument."; exit 1; }
	ONBUILD RUN \
	apk add openssl && \
	printf "DE\nHassia\nEschborn\nSource Arcade\nWeb\n${SELFSIGNED_REQ_HOST}\n\n" \| \
	openssl req -x509 -nodes -days 14 -newkey rsa:2048 \
	-addext "subjectAltName = ${SELFSIGNED_REQ_ALT_NAMES}" \
	-keyout /etc/ssl/private/sa-selfsigned.key \
	-out /etc/ssl/certs/sa-selfsigned.crt && \
	apk del openssl


	FROM nginx_${SSL_VARIANT}