hoellen/dockerfiles
1
0
Fork 0
mirror of https://github.com/hoellen/dockerfiles.git synced 2025-04-20 04:19:18 +00:00
Code Issues Projects Releases Wiki Activity

Update README.md

Browse Source
This commit is contained in:
Wonderfall 2016-05-29 02:14:20 +02:00
parent dcc4266fcc
commit b037609606
1 changed files with 7 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

16
boring-nginx/README.md
View File

@ -2,21 +2,18 @@
![](https://upload.wikimedia.org/wikipedia/commons/thumb/c/c5/Nginx_logo.svg/115px-Nginx_logo.svg.png)
![](https://upload.wikimedia.org/wikipedia/commons/thumb/a/a1/OpenSSL_logo.png/220px-OpenSSL_logo.png)
#### What is this?
It is nginx statically linked against a custom OpenSSL build, with embedded Brotli support. Secured by default (no root processes, even the master one), it should be safe to use...
It is nginx statically linked against BoringSSL, with embedded Brotli support. Secured by default (no root processes, even the master one), it should be safe to use...
#### Features
- Based on Alpine Linux.
- nginx built against OpenSSL.
- OpenSSL : no weak algorithms.
- OpenSSL : ChaCha20 ciphers support.
- nginx built against BoringSSL.
- nginx : HTTP/2 (+NPN) support.
- nginx : Brotli compression support (and configured).
- nginx : no root master process.
- nginx : AIO Threads support.
- nginx : no unnessary modules.
- nginx : no unnessary modules (except fastcgi).
- nginx : pcre jit enabled.
- nginx : optimized configuration.
#### Notes
@ -31,7 +28,8 @@ It is required to chown your certs files with the right uid/pid and change the `
#### Build-time variables
- **NGINX_VERSION** : version of nginx
- **OPENSSL_VERSION** : version of LibreSSL
- **GPG_NGINX** : fingerprint of signing key package
- **SIGNATURE** : HTTP signature of nginx, default is *secret*
#### Environment variables
- **GID** : nginx group id *(default : 991)*
@ -42,6 +40,6 @@ https://github.com/hardware/mailserver/wiki/Reverse-proxy-configuration
Some configuration files located in `/etc/nginx/conf` are already provided, you can use them with the `include` directive.
- `ssl_params` : TLS (1.0, 1.1, 1.2), CHACHA20, AES 256/128. Nice balance between compatibility and security.
- `ssl_params` : TLS (1.0, 1.1, 1.2), CHACHA20, AES 256/128. Balance between compatibility and security.
- `headers_params` : HSTS (+ preload), XSS protection...
- `proxy_params` : useful with `proxy_pass`.