dockerfiles/reverse/README.md

## wonderfall/reverse

![](https://upload.wikimedia.org/wikipedia/commons/thumb/c/c5/Nginx_logo.svg/115px-Nginx_logo.svg.png)

![](https://upload.wikimedia.org/wikipedia/commons/thumb/a/a1/OpenSSL_logo.png/220px-OpenSSL_logo.png)

#### What is this?
It is nginx statically linked against a custom OpenSSL build, with embedded Brotli support. Secured by default (no root processes, even the master one), it should be safe to use...

#### Features
- Based on Alpine Linux.
- nginx built against OpenSSL.
- OpenSSL : no weak algorithms.
- OpenSSL : ChaCha20 ciphers support.
- nginx : HTTP/2 (+NPN) support.
- nginx : Brotli compression support (and configured).
- nginx : no root master process.
- nginx : AIO Threads support.
- nginx : no unnessary modules.
- nginx : optimized configuration.

#### Notes
It is required to chown your certs files with the right uid/pid and change the `listen` directive to 8000/4430 instead of 80/443. Linux 3.17+, and the latest Docker stable are recommended.

#### Volumes
- **/sites-enabled** : vhosts files (*.conf)
- **/conf.d** : additional configuration files
- **/certs** : SSL/TLS certificates
- **/var/log/nginx** : nginx logs
- **/passwds** : authentication files

#### Build-time variables
- **NGINX_VERSION** : version of nginx
- **OPENSSL_VERSION** : version of LibreSSL

#### Environment variables
- **GID** : nginx group id *(default : 991)*
- **UID** : nginx user id *(default : 991)*

#### How to use it?
https://github.com/hardware/mailserver/wiki/Reverse-proxy-configuration

Some configuration files located in `/etc/nginx/conf` are already provided, you can use them with the `include` directive.

- `ssl_params` : TLS (1.0, 1.1, 1.2), CHACHA20, AES 256/128. Nice balance between compatibility and security.
- `headers_params` : HSTS (+ preload), XSS protection...
- `proxy_params` : useful with `proxy_pass`.
initial commit 2016-04-11 15:59:32 +02:00			`## wonderfall/reverse`

Update README.md 2016-05-27 17:35:12 +02:00			`![](https://upload.wikimedia.org/wikipedia/commons/thumb/c/c5/Nginx_logo.svg/115px-Nginx_logo.svg.png)`
reverse: add configuration files 2016-05-27 17:51:57 +02:00
Update README.md 2016-05-27 17:35:12 +02:00			`![](https://upload.wikimedia.org/wikipedia/commons/thumb/a/a1/OpenSSL_logo.png/220px-OpenSSL_logo.png)`
initial commit 2016-04-11 15:59:32 +02:00
			`#### What is this?`
Update README.md 2016-05-27 17:35:12 +02:00			`It is nginx statically linked against a custom OpenSSL build, with embedded Brotli support. Secured by default (no root processes, even the master one), it should be safe to use...`
initial commit 2016-04-11 15:59:32 +02:00
			`#### Features`
update readmes 2016-05-12 00:16:33 +02:00			`- Based on Alpine Linux.`
Update README.md 2016-05-27 17:35:12 +02:00			`- nginx built against OpenSSL.`
			`- OpenSSL : no weak algorithms.`
			`- OpenSSL : ChaCha20 ciphers support.`
			`- nginx : HTTP/2 (+NPN) support.`
			`- nginx : Brotli compression support (and configured).`
			`- nginx : no root master process.`
			`- nginx : AIO Threads support.`
			`- nginx : no unnessary modules.`
			`- nginx : optimized configuration.`
initial commit 2016-04-11 15:59:32 +02:00
			`#### Notes`
Update README.md 2016-05-27 17:35:12 +02:00			It is required to chown your certs files with the right uid/pid and change the `listen` directive to 8000/4430 instead of 80/443. Linux 3.17+, and the latest Docker stable are recommended.
initial commit 2016-04-11 15:59:32 +02:00
			`#### Volumes`
update readmes 2016-05-12 00:16:33 +02:00			`- /sites-enabled : vhosts files (*.conf)`
			`- /conf.d : additional configuration files`
initial commit 2016-04-11 15:59:32 +02:00			`- /certs : SSL/TLS certificates`
update readmes 2016-05-12 00:16:33 +02:00			`- /var/log/nginx : nginx logs`
			`- /passwds : authentication files`

			`#### Build-time variables`
			`- NGINX_VERSION : version of nginx`
Update README.md 2016-05-27 17:35:12 +02:00			`- OPENSSL_VERSION : version of LibreSSL`
initial commit 2016-04-11 15:59:32 +02:00
update readmes 2016-05-12 00:16:33 +02:00			`#### Environment variables`
initial commit 2016-04-11 15:59:32 +02:00			`- GID : nginx group id (default : 991)`
			`- UID : nginx user id (default : 991)`

update readmes 2016-05-12 00:16:33 +02:00			`#### How to use it?`
			`https://github.com/hardware/mailserver/wiki/Reverse-proxy-configuration`
Update README.md 2016-05-27 17:56:16 +02:00
reverse: update ssl_params 2016-05-27 21:59:12 +02:00			Some configuration files located in `/etc/nginx/conf` are already provided, you can use them with the `include` directive.

			- `ssl_params` : TLS (1.0, 1.1, 1.2), CHACHA20, AES 256/128. Nice balance between compatibility and security.
			- `headers_params` : HSTS (+ preload), XSS protection...
			- `proxy_params` : useful with `proxy_pass`.