hoellen/dockerfiles
1
0
Fork 0
mirror of https://github.com/hoellen/dockerfiles.git synced 2025-04-21 12:59:16 +00:00
Code Issues Projects Releases Wiki Activity
dockerfiles/reverse/README.md
Wonderfall e8dbcceb42 reverse: update ssl_params
2016-05-27 21:59:12 +02:00

1.8 KiB
Raw Blame History

wonderfall/reverse

What is this?

It is nginx statically linked against a custom OpenSSL build, with embedded Brotli support. Secured by default (no root processes, even the master one), it should be safe to use...

Features

  • Based on Alpine Linux.
  • nginx built against OpenSSL.
  • OpenSSL : no weak algorithms.
  • OpenSSL : ChaCha20 ciphers support.
  • nginx : HTTP/2 (+NPN) support.
  • nginx : Brotli compression support (and configured).
  • nginx : no root master process.
  • nginx : AIO Threads support.
  • nginx : no unnessary modules.
  • nginx : optimized configuration.

Notes

It is required to chown your certs files with the right uid/pid and change the listen directive to 8000/4430 instead of 80/443. Linux 3.17+, and the latest Docker stable are recommended.

Volumes

  • /sites-enabled : vhosts files (*.conf)
  • /conf.d : additional configuration files
  • /certs : SSL/TLS certificates
  • /var/log/nginx : nginx logs
  • /passwds : authentication files

Build-time variables

  • NGINX_VERSION : version of nginx
  • OPENSSL_VERSION : version of LibreSSL

Environment variables

  • GID : nginx group id (default : 991)
  • UID : nginx user id (default : 991)

How to use it?

https://github.com/hardware/mailserver/wiki/Reverse-proxy-configuration

Some configuration files located in /etc/nginx/conf are already provided, you can use them with the include directive.

  • ssl_params : TLS (1.0, 1.1, 1.2), CHACHA20, AES 256/128. Nice balance between compatibility and security.
  • headers_params : HSTS (+ preload), XSS protection...
  • proxy_params : useful with proxy_pass.