boring-nginx: fix build, remove old patches

boring-nginx/Dockerfile

@@ -1,4 +1,4 @@
-FROM alpine:3.4
+FROM alpine:edge
 MAINTAINER Wonderfall <wonderfall@schrodinger.io>
 
 ENV UID=991 GID=991
@@ -59,10 +59,6 @@ RUN echo "@commuedge https://nl.alpinelinux.org/alpine/edge/community" >> /etc/a
  && if [ "${FINGERPRINT}" != "${GPG_NGINX}" ]; then echo "Warning! Wrong GPG fingerprint!" && exit 1; fi \
  && echo "All seems good, now unpacking ${NGINX_TARBALL}..." \
  && tar xzf ${NGINX_TARBALL} && cd nginx-${NGINX_VERSION} \
- && wget -q https://raw.githubusercontent.com/felixbuenemann/sslconfig/updated-nginx-1.9.15-spdy-patch/patches/nginx_1_9_15_http2_spdy.patch -O spdy.patch \
- && patch -p1 < spdy.patch \
- && wget -q https://raw.githubusercontent.com/cloudflare/sslconfig/master/patches/nginx__dynamic_tls_records.patch \
- && patch -p1 < nginx__dynamic_tls_records.patch \
  && patch -p1 < /tmp/boring.patch \
  && ./configure \
     --prefix=/etc/nginx \
@@ -71,7 +67,6 @@ RUN echo "@commuedge https://nl.alpinelinux.org/alpine/edge/community" >> /etc/a
     --with-ld-opt="-Wl,-Bsymbolic-functions -Wl,-z,relro -L ../boringssl/.openssl/lib" \
     --with-http_ssl_module \
     --with-http_v2_module \
-    --with-http_spdy_module \
     --with-http_gzip_static_module \
     --with-http_stub_status_module \
     --with-file-aio \
@@ -112,8 +107,8 @@ EXPOSE 8000 4430
 
 VOLUME /sites-enabled /www /conf.d /passwds /certs /var/log/nginx
 
-LABEL description="nginx built from source." \
+LABEL description="nginx built from source" \
       openssl="BoringSSL" \
-      nginx="nginx ${NGINX_VERSION}."
+      nginx="nginx ${NGINX_VERSION}"
 
 CMD ["run.sh"]

boring-nginx/README.md

@@ -3,21 +3,22 @@
 ![](https://upload.wikimedia.org/wikipedia/commons/thumb/c/c5/Nginx_logo.svg/115px-Nginx_logo.svg.png)
 
 #### What is this?
-It is nginx statically linked against BoringSSL, with embedded Brotli support. Secured by default (no root processes, even the master one), it should be safe to use...
+This is nginx statically linked against BoringSSL, with embedded Brotli support.
 
 #### Features
 - Based on Alpine Linux.
 - nginx built against **BoringSSL**.
-- nginx : securely built using hardening gcc flags.
-- nginx : HTTP/2 (+NPN) support.
-- nginx : Brotli compression support (and configured).
-- nginx : no root master process.
-- nginx : AIO Threads support.
-- nginx : no unnessary modules (except fastcgi).
-- nginx : pcre jit enabled.
-- nginx : optimized configuration.
-- ngxpasswd : generates a htpasswd file easily.
-- ngxproxy : generates a *proxy vhost* after asking you a few questions.
+- Built using hardening gcc flags.
+- TTP/2 (+NPN) support.
+- Brotli compression support (and configured).
+- No root master process.
+- AIO Threads support.
+- No unnessary modules (except fastcgi).
+- PCRE-jit enabled.
+- Strong configurations included.
+- Anonymous webserver signature (headers-more).
+- ngxpasswd : generates a htpasswd file.
+- ngxproxy : generates a proxy virtual host file.
 
 #### Notes
 - It is required to change the `listen` directive to 8000/4430 instead of 80/443.
@@ -36,7 +37,7 @@ It is nginx statically linked against BoringSSL, with embedded Brotli support. S
 #### Build-time variables
 - **NGINX_VERSION** : version of nginx
 - **GPG_NGINX** : fingerprint of signing key package
-- **SIGNATURE** : HTTP signature of nginx, default is *secret*
+- **
 
 #### Environment variables
 - **GID** : nginx group id *(default : 991)*