diff --git a/boring-nginx/README.md b/boring-nginx/README.md index ab9aaf7..995f90c 100644 --- a/boring-nginx/README.md +++ b/boring-nginx/README.md @@ -2,21 +2,18 @@ ![](https://upload.wikimedia.org/wikipedia/commons/thumb/c/c5/Nginx_logo.svg/115px-Nginx_logo.svg.png) -![](https://upload.wikimedia.org/wikipedia/commons/thumb/a/a1/OpenSSL_logo.png/220px-OpenSSL_logo.png) - #### What is this? -It is nginx statically linked against a custom OpenSSL build, with embedded Brotli support. Secured by default (no root processes, even the master one), it should be safe to use... +It is nginx statically linked against BoringSSL, with embedded Brotli support. Secured by default (no root processes, even the master one), it should be safe to use... #### Features - Based on Alpine Linux. -- nginx built against OpenSSL. -- OpenSSL : no weak algorithms. -- OpenSSL : ChaCha20 ciphers support. +- nginx built against BoringSSL. - nginx : HTTP/2 (+NPN) support. - nginx : Brotli compression support (and configured). - nginx : no root master process. - nginx : AIO Threads support. -- nginx : no unnessary modules. +- nginx : no unnessary modules (except fastcgi). +- nginx : pcre jit enabled. - nginx : optimized configuration. #### Notes @@ -31,7 +28,8 @@ It is required to chown your certs files with the right uid/pid and change the ` #### Build-time variables - **NGINX_VERSION** : version of nginx -- **OPENSSL_VERSION** : version of LibreSSL +- **GPG_NGINX** : fingerprint of signing key package +- **SIGNATURE** : HTTP signature of nginx, default is *secret* #### Environment variables - **GID** : nginx group id *(default : 991)* @@ -42,6 +40,6 @@ https://github.com/hardware/mailserver/wiki/Reverse-proxy-configuration Some configuration files located in `/etc/nginx/conf` are already provided, you can use them with the `include` directive. -- `ssl_params` : TLS (1.0, 1.1, 1.2), CHACHA20, AES 256/128. Nice balance between compatibility and security. +- `ssl_params` : TLS (1.0, 1.1, 1.2), CHACHA20, AES 256/128. Balance between compatibility and security. - `headers_params` : HSTS (+ preload), XSS protection... - `proxy_params` : useful with `proxy_pass`.