$ cat dockerfile
FROM centos:7
MAINTAINER Jarbo mylinux@kjarbo.com
RUN yum -y install gcc gcc-c++ libtool gmake make openssl-devel pcre-devel zlib-devel readline-devel
ADD openresty-1.17.8.2.tar.gz /tmp
RUN cd /tmp/openresty-1.17.8.2 && \
    ./configure --prefix=/usr/local/nginx/ --sbin-path=/usr/local/nginx/sbin/nginx --conf-path=/usr/local/nginx/conf/nginx.conf --pid-path=/usr/local/nginx/run/nginx.pid --error-log-path=/usr/local/nginx/logs/error.log --http-log-path=/usr/local/nginx/logs/access.log --user=nginx --group=nginx --with-pcre --with-stream --with-threads --with-file-aio --with-http_v2_module --with-http_ssl_module --with-http_realip_module --with-http_gzip_static_module --with-http_stub_status_module
RUN cd /tmp/openresty-1.17.8.2 \
    gmake -j 2 && \
    gmake install
RUN rm -rf /tmp/openresty-1.17.8.2* && yum clean all
RUN mkdir -p /usr/local/nginx/conf.d/ && mkdir -p /usr/local/nginx/cert/
RUN groupadd -f nginx && useradd -d /home/nginx -g nginx -s /sbin/nologin nginx
COPY nginx.conf /usr/local/nginx/conf/
COPY waf /usr/local/nginx/waf/
WORKDIR /usr/local/nginx
EXPOSE 80
CMD ["./sbin/nginx", "-g", "daemon off;"]

$ tree waf/

waf/
├── dockerfile
├── nginx.conf
├── openresty-1.17.8.2.tar.gz
└── waf
    ├── access.lua
    ├── config.lua
    ├── init.lua
    ├── lib.lua
    ├── lua-resty-core
    └── rule-config

$ docker build --rm --tag nginx_waf:1.0.1 .
Sending build context to Docker daemon  7.476MB
Step 1/14 : FROM centos:7
 ---> 7e6257c9f8d8
Step 2/14 : MAINTAINER Jarbo mylinux@kjarbo.com
 ---> c9fd01a0048e
Step 3/14 : RUN yum -y install gcc gcc-c++ libtool gmake make openssl-devel pcre-devel zlib-devel readline-devel
 ---> d365ca45b665
Step 4/14 : ADD openresty-1.17.8.2.tar.gz /tmp
 ---> a817c148f209
Step 5/14 : RUN cd /tmp/openresty-1.17.8.2 &&     ./configure --prefix=/usr/local/nginx/ --sbin-path=/usr/local/nginx/sbin/nginx --conf-path=/usr/local/nginx/conf/nginx.conf --pid-path=/usr/local/nginx/run/nginx.pid --error-log-path=/usr/local/nginx/logs/error.log --http-log-path=/usr/local/nginx/logs/access.log --user=nginx --group=nginx --with-pcre --with-stream --with-threads --with-file-aio --with-http_v2_module --with-http_ssl_module --with-http_realip_module --with-http_gzip_static_module --with-http_stub_status_module
 ---> 551039152a05
Step 6/14 : RUN cd /tmp/openresty-1.17.8.2     gmake -j 2 &&     gmake install
 ---> fb51ecedc9f6
Step 7/14 : RUN rm -rf /tmp/openresty-1.17.8.2* && yum clean all
 ---> 1a1b7d576a6b
Step 8/14 : RUN mkdir /usr/local/nginx/conf/conf.d/
 ---> 1eeb023e0e8e
Step 9/14 : RUN groupadd -f nginx && useradd -d /home/nginx -g nginx -s /sbin/nologin nginx
 ---> 6a12efe37f5d
Step 10/14 : COPY nginx.conf /usr/local/nginx/conf/
 ---> e2a3d105d6ea
Removing intermediate container 4fbf5decc647
Step 11/14 : COPY waf /usr/local/nginx/
 ---> 78afde1fb70c
Removing intermediate container 05083124bbe1
Step 12/14 : WORKDIR /usr/local/nginx
 ---> f963571089b7
Removing intermediate container 1c3f31ddd8af
Step 13/14 : EXPOSE 80
 ---> Running in 0fd045e38dc8
 ---> 35a298dd53f0
Removing intermediate container 0fd045e38dc8
Step 14/14 : CMD ./sbin/nginx -g daemon off;
 ---> Running in dbe4ee82af6e
 ---> 9ffdd00aab58
Removing intermediate container dbe4ee82af6e
Successfully built 9ffdd00aab58
Successfully tagged nginx_waf:1.0.1

FROM centos:7
#指定基础镜像，必须为第一个命令。格式： FROM <image> / FROM <image>:<tag> / FROM <image>@<digest>
#示例
 - FROM centos:7

MAINTAINER Jarbo mylinux@kjarbo.com
#维护者信息

RUN yum -y install gcc gcc-c++ libtool gmake make openssl-devel pcre-devel zlib-devel readline-devel
#构建镜像时执行的命令
#有以下两种命令执行方式
 - shell执行，格式：RUN <command>
 - exec执行，格式：RUN["","","",]
#RUN 指令创建的中间镜像会被缓存，并会在下次构建中使用。如果不想使用这些缓存镜像，可以在构建时指定 --no-cache 参数，如：docker build --no-cache

ADD openresty-1.17.8.2.tar.gz /tmp
#将本地文件添加到容器中，tar 类型文件会自动解压(网络压缩资源不会被解压)，可以访问网络资源，类似 wget。格式：ADD <src>... <dest> / ADD ["<src>",... "<dest>"] 用于支持包含空格的路径
#示例：
 - ADD openresty-1.17.8.2.tar.gz /tmp

COPY nginx.conf /usr/local/nginx/conf/
#功能类似ADD，但是是不会自动解压文件，也不能访问网络资源，可以将项目文件 copy 进镜像

WORKDIR /usr/local/nginx
#工作目录，类似于cd命令，进入容器后跳转到此目录

EXPOSE 80
#指定于外界交互的端口。格式：EXPOSE <port> [<port>...]

CMD ["./sbin/nginx", "-g", "daemon off;"]
#构建容器后调用，也就是在容器启动时才进行调用。格式：CMD ["executable","param1","param2"] (执行可执行文件，优先) / CMD ["param1","param2"] (设置了ENTRYPOINT，则直接调用ENTRYPOINT添加参数) / CMD command param1 param2 (执行shell内部命令)

ENTRYPOINT ["top", "-b"]
#配置容器，使其可执行化。配合CMD可省去"application"，只使用参数。

VOLUME ["/path/to/dir"]
#用于指定持久化目录

ENV name=linlikesi
#设置环境变量

USER linlikesi
#指定运行容器时的用户名或 UID，后续的 RUN 也会使用指定用户。使用USER指定用户时，可以使用用户名、UID或GID，或是两者的组合。当服务不需要管理员权限时，可以通过该命令指定运行用户。并且可以在之前创建所需要的用户。格式：USER user / USER user:group / USER uid / USER uid:gid / USER user:gid / USER uid:group

ARG name=linlikesi
#用于指定传递给构建运行时的变量.格式：ARG <name>[=<default value>]

ONBUILD ADD . /app/src
#用于设置镜像触发器。格式：ONBUILD [INSTRUCTION]
#当所构建的镜像被用做其它镜像的基础镜像，该镜像中的触发器将会被钥触发