From 178779142ed267e1134aabbff6ef7675e64d1aa6 Mon Sep 17 00:00:00 2001
From: Wonderfall <wonderfall@schrodinger.io>
Date: Sat, 18 Feb 2017 20:18:00 +0100
Subject: [PATCH] boring-nginx: dynamic tls records patch

---
 boring-nginx/Dockerfile | 2 ++
 boring-nginx/README.md  | 1 +
 2 files changed, 3 insertions(+)

diff --git a/boring-nginx/Dockerfile b/boring-nginx/Dockerfile
index b1f90e6..b506baf 100644
--- a/boring-nginx/Dockerfile
+++ b/boring-nginx/Dockerfile
@@ -64,6 +64,8 @@ RUN echo "@commuedge https://nl.alpinelinux.org/alpine/edge/community" >> /etc/a
  && if [ "${FINGERPRINT}" != "${GPG_NGINX}" ]; then echo "Warning! Wrong GPG fingerprint!" && exit 1; fi \
  && echo "All seems good, now unpacking ${NGINX_TARBALL}..." \
  && tar xzf ${NGINX_TARBALL} && cd nginx-${NGINX_VERSION} \
+ && wget -q https://raw.githubusercontent.com/cujanovic/nginx-dynamic-tls-records-patch/master/nginx__dynamic_tls_records_1.11.5%2B.patch -O dynamic_records.patch \
+ && patch -p1 < dynamic_records.patch \
  && ./configure \
     --prefix=/etc/nginx \
     --sbin-path=/usr/sbin/nginx \
diff --git a/boring-nginx/README.md b/boring-nginx/README.md
index 98bba37..1d61538 100644
--- a/boring-nginx/README.md
+++ b/boring-nginx/README.md
@@ -9,6 +9,7 @@ This is nginx statically linked against BoringSSL, with embedded Brotli support.
 - Based on Alpine Linux.
 - nginx built against **BoringSSL** with SSE/SHA, and AVX2 SIMD-instructions.
 - Built using hardening gcc flags.
+- Dynamic TLS records patch (cloudflare).
 - TTP/2 (+NPN) support.
 - Brotli compression support (and configured).
 - No root master process.