Skip to content

ajoergensen/docker-nginx-libressl-modsecurity

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

23 Commits
 
 
 
 
 
 
 
 
 
 

Repository files navigation

nginx built with LibreSSL

Features

  • Uses Alpine Linux as base
  • PCRE with JIT enabled
  • HTTP/2.0 (+NPN) support
  • Async I/O using threads support
  • Dynamic TLS records patch support (and configured) - From Cloudflare
  • Brotli compression support (and configured)
  • ModSecurity, enabled but in DetectionOnly mode by default

Currently the HPACK patch from Cloudflare is not used because it does not apply cleanly against mainline.

Usage

docker run --rm --name nginx -v ./htdocs:/var/www -p 80:80 -p 443:443 -d ajoergensen/nginx-libressl:tag

Available tags are stable and mainline

Environment

  • PUID: Change the uid of the user running nginx
  • PGID: Change the gid of the user running nginx
  • CHOWN_WWWDIR: Enable/disable the change of ownership of /var/www to $PUID:$PGID, defaults to TRUE. Note, if /var/www read only this variable will always be FALSE
  • WORKER_PROCESSES: Change the value of nginx worker_processes, defaults to auto.
  • MODSEC_MODE: Configure the ModSecurity rules engine. Values are On, Off, DetectionOnly. Default is DetectionOnly

Other

Though not defined as a volume, I recommend mapping a folder to /etc/nginx/conf.d to store your vhost definitions.

This image works great with docker-gen and docker-letsencrypt-nginx-proxy-companion (as a drop-in replacement for the nginx-proxy image)


Originally based on the official nginx Dockerfile & Wonderfall/boring-nginx - Forked from denji/nginx-libressl