uleenucks/libre-nginx
What is this?
This is nginx statically linked against LibreSSL
Features
- Based on Alpine Linux.
- nginx built against LibreSSL
- TLS 1.3 patch : use of TLS 1.3 DRAFT is enforced (haven't found another way yet).
- Built using hardening gcc flags.
- Dynamic TLS records patch (cloudflare).
- TTP/2 (+NPN) support.
- Brotli compression support (and configured).
- AIO Threads support.
- No unnessary modules (except fastcgi).
- PCRE-jit enabled.
- Strong configurations included.
- Anonymous webserver signature (headers-more).
Notes
- It is required to change the
listendirective to 8000/4430 instead of 80/443. - Linux 3.17+, and the latest Docker stable are recommended.
Volumes
- /sites-enabled : vhosts files (*.conf)
- /conf.d : additional configuration files
- /certs : SSL/TLS certificates
- /var/log/nginx : nginx logs
- /passwds : authentication files
- /www : put your websites there
Build-time variables
- NGINX_VERSION : version of nginx
- GPG_NGINX : fingerprint of signing key package
- BUILD_CORES : number of cores used during compilation
How to use it?
https://github.com/hardware/mailserver/wiki/Reverse-proxy-configuration
Some configuration files located in /etc/nginx/conf are already provided, you can use them with the include directive.
ssl_params: Provides a nice balance between compatibility and security.headers_params: HSTS (+ preload), XSS protection, etc.proxy_params: use withproxy_pass.