{"id":13808922,"url":"https://github.com/alexhaydock/BoringNginx","last_synced_at":"2025-05-14T03:31:52.084Z","repository":{"id":167984090,"uuid":"59155610","full_name":"alexhaydock/BoringNginx","owner":"alexhaydock","description":"Nginx + Docker + BoringSSL = ✔️ Easy TLS 1.3","archived":false,"fork":false,"pushed_at":"2020-11-09T16:42:21.000Z","size":45,"stargazers_count":56,"open_issues_count":1,"forks_count":10,"subscribers_count":7,"default_branch":"master","last_synced_at":"2024-08-04T01:10:08.171Z","etag":null,"topics":["boringssl","docker","nginx"],"latest_commit_sha":null,"homepage":"https://gitlab.com/alexhaydock/boringnginx","language":"Dockerfile","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/alexhaydock.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2016-05-18T22:22:54.000Z","updated_at":"2024-07-04T22:55:03.000Z","dependencies_parsed_at":null,"dependency_job_id":"0bf254c4-33b4-4fb3-90c1-9595205f7411","html_url":"https://github.com/alexhaydock/BoringNginx","commit_stats":null,"previous_names":["alexhaydock/boringnginx"],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/alexhaydock%2FBoringNginx","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/alexhaydock%2FBoringNginx/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/alexhaydock%2FBoringNginx/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/alexhaydock%2FBoringNginx/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/alexhaydock","download_url":"https://codeload.github.com/alexhaydock/BoringNginx/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":225273291,"owners_count":17448080,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["boringssl","docker","nginx"],"created_at":"2024-08-04T01:01:55.160Z","updated_at":"2024-11-19T00:31:13.823Z","avatar_url":"https://github.com/alexhaydock.png","language":"Dockerfile","funding_links":[],"categories":["Dockerfile"],"sub_categories":[],"readme":"# alexhaydock/boringnginx\n\n[![pipeline status](https://gitlab.com/alexhaydock/boringnginx/badges/master/pipeline.svg)](https://gitlab.com/alexhaydock/boringnginx/-/commits/master)\n\nThis container builds the [latest stable Nginx](https://nginx.org/en/CHANGES) with the [latest BoringSSL code](https://boringssl.googlesource.com/boringssl/). It was created to aid with the easy deployment of TLS 1.3 services at a time when most Linux distributions were not packaging a version of OpenSSL that could handle it.\n\nThis container is built automatically using GitLab CI and supports the `x86_64` and `aarch64` architectures.\n\nThis container builds Nginx with the following modules:\n* [ngx_brotli](https://github.com/google/ngx_brotli.git)\n* [ngx_headers_more](https://github.com/openresty/headers-more-nginx-module)\n* [ngx_http2_geoip](https://github.com/leev/ngx_http_geoip2_module.git) (when built locally with appropriate `GeoIP.conf`)\n* [ngx_subs_filter](https://github.com/yaoweibin/ngx_http_substitutions_filter_module.git)\n\nThere are versions of this container which build against:\n* [BoringSSL](https://gitlab.com/alexhaydock/boringnginx) (this container)\n* [LibreSSL](https://gitlab.com/alexhaydock/nginx-libressl)\n* [OpenSSL](https://gitlab.com/alexhaydock/nginx-openssl)\n\n### Quick test this container locally\nRun this container as a quick test (it will listen on http://127.0.0.1 and you will see logs directly in the terminal when connections are made):\n```\ndocker run --rm -it -p \"127.0.0.1:80:80/tcp\" registry.gitlab.com/alexhaydock/boringnginx:$(uname -m)\n```\n\n### Running with your own config file\nRun this container as a daemon with your own config file:\n```\ndocker run -d -p \"80:80/tcp\" -p \"443:443/tcp\" -v /path/to/nginx.conf:/etc/nginx.conf:ro registry.gitlab.com/alexhaydock/boringnginx:$(uname -m)\n```\n\n### Build This Container Locally\nI cannot distribute the MaxMind GeoIP databases legally with this project, so if you want GeoIP features, you must build this container locally. Sign up for a free account with [MaxMind](https://www.maxmind.com) and follow the instructions to generate your own `GeoIP.conf` and place it in this directory.\n\nNow run:\n```\nmake geoip\n```\n\nOr you can build the regular container with just:\n```\nmake build\n```\n\n### Running Without Root\nYou can lock down this container and run without root and dropping all capabilities by using the `--user` and `--cap-drop=ALL` arguments.\n\nFor this example to work, your config file should instruct Nginx to listen on port `8080` inside the container:\n```\ndocker run --rm -it -p \"80:8080/tcp\" --user 6666 --cap-drop=ALL -v /path/to/nginx.conf:/etc/nginx.conf:ro registry.gitlab.com/alexhaydock/boringnginx:$(uname -m)\n```\n\nYou will need to make sure that the UID you pick matches the one you have set as the `NGINX_ID` in the `Dockerfile`, and that any configs which you mount into the container are owned by this UID (it does not need to exist on the host system).\n\nIf you are running rootless like this, you will also want to ensure that the `nginx.conf` does not try to listen on any ports below `1000` (you can still listen on `:80` and `:443` externally since the Docker daemon runs as root and can handle this - Nginx does not need to).\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Falexhaydock%2FBoringNginx","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Falexhaydock%2FBoringNginx","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Falexhaydock%2FBoringNginx/lists"}