2016-04-11 15:59:32 +02:00
|
|
|
## wonderfall/reverse
|
|
|
|
|
|
|
|
|
|
  
|
|
|
|
|
|
|
|
|
|
#### What is this?
|
2016-05-12 00:16:33 +02:00
|
|
|
It is nginx statically linked against LibreSSL, with embedded Brotli support. Secured by default (no root processes, even the master one).
|
2016-04-11 15:59:32 +02:00
|
|
|
|
|
|
|
|
#### Features
|
2016-05-12 00:16:33 +02:00
|
|
|
- Based on Alpine Linux.
|
|
|
|
|
- nginx built against LibreSSL.
|
2016-04-11 15:59:32 +02:00
|
|
|
- HTTP/2 support.
|
|
|
|
|
- Brotli compression support.
|
2016-05-12 00:16:33 +02:00
|
|
|
- No root master process.
|
2016-04-11 15:59:32 +02:00
|
|
|
- AIO Threads support.
|
|
|
|
|
- No unnessary modules.
|
|
|
|
|
- Optimized nginx configuration.
|
|
|
|
|
|
|
|
|
|
#### Notes
|
|
|
|
|
It is required to :
|
2016-05-12 00:16:33 +02:00
|
|
|
|
|
|
|
|
- chown your certs files with the right uid/pid
|
2016-04-11 15:59:32 +02:00
|
|
|
- change `listen` directive to 8000/4430 instead of 80/443
|
|
|
|
|
|
2016-05-12 00:16:33 +02:00
|
|
|
LibreSSL recommends Linux 3.17+.
|
2016-04-11 15:59:32 +02:00
|
|
|
|
|
|
|
|
#### Volumes
|
2016-05-12 00:16:33 +02:00
|
|
|
- **/sites-enabled** : vhosts files (*.conf)
|
|
|
|
|
- **/conf.d** : additional configuration files
|
2016-04-11 15:59:32 +02:00
|
|
|
- **/certs** : SSL/TLS certificates
|
2016-05-12 00:16:33 +02:00
|
|
|
- **/var/log/nginx** : nginx logs
|
|
|
|
|
- **/passwds** : authentication files
|
|
|
|
|
|
|
|
|
|
#### Build-time variables
|
|
|
|
|
- **NGINX_VERSION** : version of nginx
|
|
|
|
|
- **LIBRESSL_VERSION** : version of LibreSSL
|
2016-04-11 15:59:32 +02:00
|
|
|
|
2016-05-12 00:16:33 +02:00
|
|
|
#### Environment variables
|
2016-04-11 15:59:32 +02:00
|
|
|
- **GID** : nginx group id *(default : 991)*
|
|
|
|
|
- **UID** : nginx user id *(default : 991)*
|
|
|
|
|
|
2016-05-12 00:16:33 +02:00
|
|
|
#### How to use it?
|
|
|
|
|
https://github.com/hardware/mailserver/wiki/Reverse-proxy-configuration
|
