- Uses Alpine Linux as base
- PCRE with JIT enabled
- HTTP/2.0 (+NPN) support
- Async I/O using threads support
- Dynamic TLS records patch support (and configured) - From Cloudflare
- Brotli compression support (and configured)
- ModSecurity, enabled but in DetectionOnly mode by default
Currently the HPACK patch from Cloudflare is not used because it does not apply cleanly against mainline.
docker run --rm --name nginx -v ./htdocs:/var/www -p 80:80 -p 443:443 -d ajoergensen/nginx-libressl:tag
Available tags are stable and mainline
- PUID: Change the uid of the user running nginx
- PGID: Change the gid of the user running nginx
- CHOWN_WWWDIR: Enable/disable the change of ownership of /var/www to $PUID:$PGID, defaults to TRUE. Note, if /var/www read only this variable will always be FALSE
- WORKER_PROCESSES: Change the value of nginx worker_processes, defaults to auto.
- MODSEC_MODE: Configure the ModSecurity rules engine. Values are On, Off, DetectionOnly. Default is DetectionOnly
Though not defined as a volume, I recommend mapping a folder to /etc/nginx/conf.d to store your vhost definitions.
This image works great with docker-gen and docker-letsencrypt-nginx-proxy-companion (as a drop-in replacement for the nginx-proxy image)
Originally based on the official nginx Dockerfile & Wonderfall/boring-nginx - Forked from denji/nginx-libressl