Initial commit; create Dockerfile to build nginx-quic

973cb3cb · DasSkelett · 973cb3cb · 973cb3cb · 973cb3cb
Commit 973cb3cb authored Dec 20, 2020 by DasSkelett
Hide whitespace changes
Inline Side-by-side

Showing with 175 additions and 0 deletions

Dockerfile Dockerfile +30 -0

README.md README.md +18 -0

nginx.conf nginx.conf +127 -0

No files found.
--- a/Dockerfile
+++ b/Dockerfile
+FROM archlinux:base-devel
+RUN set -x \
+    && groupadd --gid 101 --system nginx \
+    && useradd --uid 101 --gid nginx --system --create-home --home-dir /var/cache/nginx --shell /sbin/nologin nginx \
+    && echo "nginx ALL=(ALL) NOPASSWD:ALL" > /etc/sudoers.d/nginx \
+    && pacman --noconfirm -Sy git \
+    && mkdir -m 777 /aur \
+    && su nginx -s /bin/sh -c " \
+        cd /aur \
+        && git clone https://aur.archlinux.org/nginx-quic.git \
+        && cd nginx-quic \
+        && makepkg -scri --noconfirm \
+    " \
+    && rm -rf /aur \
+    && rm -rf /var/cache/pacman/pkg/*
+RUN openssl req -x509 -newkey rsa:4096 -days 365 -subj '/CN=localhost/O=localhost/C=US' \
+      -nodes -keyout /etc/nginx/cert.key -out /etc/nginx/cert.pem \
+    && ln -sf /dev/stdout /var/log/nginx/access.log \
+    && ln -sf /dev/stderr /var/log/nginx/error.log
+COPY nginx.conf /etc/nginx/nginx.conf
+EXPOSE 80
+EXPOSE 443/tcp
+EXPOSE 443/udp
+STOPSIGNAL SIGQUIT
+CMD ["nginx", "-g", "daemon off;"]
--- a/README.md
+++ b/README.md
+# nginx-quic-docker
+This repository holds the Dockerfile and associated files needed to build [dasskelett:nginx-quic](https://hub.docker.com/r/dasskelett/nginx-quic),
+a nginx image compiled from the [nginx-quic branch](https://hg.nginx.org/nginx-quic) with support for HTTP/3 and QUIC.
+The image is based on `archlinux:base-devel` to make use of the [nginx-quic](https://aur.archlinux.org/packages/nginx-quic/) AUR package.
+Containers will listen for HTTPS (HTTP/1.1 via TLS, HTTP/2 via TLS, HTTP/3 via QUIC) connections on port 443 by default.
+The image contains a self-signed certificate for this reason.
+Keep in mind that HTTP/3+QUIC support in nginx is still WIP.
+## Usage
+```bash
+docker run -d --name nginx-quic -p [::]:80:80 -p [::]:443:443/tcp -p [::]:443:443/udp dasskelett/nginx-quic:latest
+```
+For more information about how to use HTTP/3 and QUIC with nginx, see the official [README](https://hg.nginx.org/nginx-quic/file/tip/README).
--- a/nginx.conf
+++ b/nginx.conf
+#user  nobody;
+worker_processes  1;
+#error_log  logs/error.log;
+#error_log  logs/error.log  notice;
+#error_log  logs/error.log  info;
+#pid        logs/nginx.pid;
+events {
+    worker_connections  1024;
+}
+http {
+    include       mime.types;
+    default_type  application/octet-stream;
+    #log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
+    #                  '$status $body_bytes_sent "$http_referer" '
+    #                  '"$http_user_agent" "$http_x_forwarded_for"';
+    #access_log  logs/access.log  main;
+    sendfile        on;
+    #tcp_nopush     on;
+    #keepalive_timeout  0;
+    keepalive_timeout  65;
+    #gzip  on;
+    server {
+        listen       80;
+        server_name  localhost;
+        #charset koi8-r;
+        #access_log  logs/host.access.log  main;
+        location / {
+            add_header Alt-Svc '$http3=":443"; ma=86400';
+            root   /usr/share/nginx/html;
+            index  index.html index.htm;
+        }
+        #error_page  404              /404.html;
+        # redirect server error pages to the static page /50x.html
+        #
+        error_page   500 502 503 504  /50x.html;
+        location = /50x.html {
+            root   /usr/share/nginx/html;
+        }
+        # proxy the PHP scripts to Apache listening on 127.0.0.1:80
+        #
+        #location ~ \.php$ {
+        #    proxy_pass   http://127.0.0.1;
+        #}
+        # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
+        #
+        #location ~ \.php$ {
+        #    root           html;
+        #    fastcgi_pass   127.0.0.1:9000;
+        #    fastcgi_index  index.php;
+        #    fastcgi_param  SCRIPT_FILENAME  /scripts$fastcgi_script_name;
+        #    include        fastcgi_params;
+        #}
+        # deny access to .htaccess files, if Apache's document root
+        # concurs with nginx's one
+        #
+        #location ~ /\.ht {
+        #    deny  all;
+        #}
+    }
+    # HTTPS server
+    server {
+        listen       443 ssl http2;
+        listen       [::]:443 ssl http2;
+        listen       443 http3 reuseport;
+        listen       [::]:443 http3 reuseport;        
+        server_name  localhost;
+        ssl_certificate      cert.pem;
+        ssl_certificate_key  cert.key;
+        ssl_session_cache    shared:SSL:1m;
+        ssl_session_timeout  5m;
+        ssl_ciphers  HIGH:!aNULL:!MD5;
+        ssl_prefer_server_ciphers  on;
+        location / {
+            add_header Alt-Svc '$http3=":443"; ma=86400';
+            root   /usr/share/nginx/html;
+            index  index.html index.htm;
+        }
+        error_page   500 502 503 504  /50x.html;
+        location = /50x.html {
+            root   /usr/share/nginx/html;
+        }
+    }
+    # another virtual host using mix of IP-, name-, and port-based configuration
+    #
+    #server {
+    #    listen       8000;
+    #    listen       somename:8080;
+    #    server_name  somename  alias  another.alias;
+    #    location / {
+    #        root   html;
+    #        index  index.html index.htm;
+    #    }
+    #}
+}