hoellen/dockerfiles
1
0
Fork 0
mirror of https://github.com/hoellen/dockerfiles.git synced 2025-04-20 04:19:18 +00:00
Code Issues Projects Releases Wiki Activity

Update README.md

Browse Source
This commit is contained in:
Wonderfall 2016-05-29 02:14:20 +02:00
parent dcc4266fcc
commit b037609606
1 changed files with 7 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

16
boring-nginx/README.md
View File

@ -2,21 +2,18 @@
![](https://upload.wikimedia.org/wikipedia/commons/thumb/c/c5/Nginx_logo.svg/115px-Nginx_logo.svg.png) ![](https://upload.wikimedia.org/wikipedia/commons/thumb/c/c5/Nginx_logo.svg/115px-Nginx_logo.svg.png)
![](https://upload.wikimedia.org/wikipedia/commons/thumb/a/a1/OpenSSL_logo.png/220px-OpenSSL_logo.png)
#### What is this? #### What is this?
It is nginx statically linked against a custom OpenSSL build, with embedded Brotli support. Secured by default (no root processes, even the master one), it should be safe to use... It is nginx statically linked against BoringSSL, with embedded Brotli support. Secured by default (no root processes, even the master one), it should be safe to use...
#### Features #### Features
- Based on Alpine Linux. - Based on Alpine Linux.
- nginx built against OpenSSL. - nginx built against BoringSSL.
- OpenSSL : no weak algorithms.
- OpenSSL : ChaCha20 ciphers support.
- nginx : HTTP/2 (+NPN) support. - nginx : HTTP/2 (+NPN) support.
- nginx : Brotli compression support (and configured). - nginx : Brotli compression support (and configured).
- nginx : no root master process. - nginx : no root master process.
- nginx : AIO Threads support. - nginx : AIO Threads support.
- nginx : no unnessary modules. - nginx : no unnessary modules (except fastcgi).
- nginx : pcre jit enabled.
- nginx : optimized configuration. - nginx : optimized configuration.
#### Notes #### Notes
@ -31,7 +28,8 @@ It is required to chown your certs files with the right uid/pid and change the `
#### Build-time variables #### Build-time variables
- **NGINX_VERSION** : version of nginx - **NGINX_VERSION** : version of nginx
- **OPENSSL_VERSION** : version of LibreSSL - **GPG_NGINX** : fingerprint of signing key package
- **SIGNATURE** : HTTP signature of nginx, default is *secret*
#### Environment variables #### Environment variables
- **GID** : nginx group id *(default : 991)* - **GID** : nginx group id *(default : 991)*
@ -42,6 +40,6 @@ https://github.com/hardware/mailserver/wiki/Reverse-proxy-configuration
Some configuration files located in `/etc/nginx/conf` are already provided, you can use them with the `include` directive. Some configuration files located in `/etc/nginx/conf` are already provided, you can use them with the `include` directive.
- `ssl_params` : TLS (1.0, 1.1, 1.2), CHACHA20, AES 256/128. Nice balance between compatibility and security. - `ssl_params` : TLS (1.0, 1.1, 1.2), CHACHA20, AES 256/128. Balance between compatibility and security.
- `headers_params` : HSTS (+ preload), XSS protection... - `headers_params` : HSTS (+ preload), XSS protection...
- `proxy_params` : useful with `proxy_pass`. - `proxy_params` : useful with `proxy_pass`.