boring-nginx: dynamic tls records patch

2025-04-20 04:19:18 +00:00 · 2017-02-18 20:18:00 +01:00 · 2017-02-18 20:18:00 +01:00 · 178779142e
commit 178779142e
parent 3d5d826a63
2 changed files with 3 additions and 0 deletions
--- a/boring-nginx/Dockerfile
+++ b/boring-nginx/Dockerfile
@ -64,6 +64,8 @@ RUN echo "@commuedge https://nl.alpinelinux.org/alpine/edge/community" >> /etc/a
 && if [ "${FINGERPRINT}" != "${GPG_NGINX}" ]; then echo "Warning! Wrong GPG fingerprint!" && exit 1; fi \
 && echo "All seems good, now unpacking ${NGINX_TARBALL}..." \
 && tar xzf ${NGINX_TARBALL} && cd nginx-${NGINX_VERSION} \
+ && wget -q https://raw.githubusercontent.com/cujanovic/nginx-dynamic-tls-records-patch/master/nginx__dynamic_tls_records_1.11.5%2B.patch -O dynamic_records.patch \
+ && patch -p1 < dynamic_records.patch \
 && ./configure \
    --prefix=/etc/nginx \
    --sbin-path=/usr/sbin/nginx \
--- a/boring-nginx/README.md
+++ b/boring-nginx/README.md
@ -9,6 +9,7 @@ This is nginx statically linked against BoringSSL, with embedded Brotli support.
 - Based on Alpine Linux.
 - nginx built against **BoringSSL** with SSE/SHA, and AVX2 SIMD-instructions.
 - Built using hardening gcc flags.
+- Dynamic TLS records patch (cloudflare).
 - TTP/2 (+NPN) support.
 - Brotli compression support (and configured).
 - No root master process.