A fork of https://github.com/ricardbejarano/nginx with KTLS enabled and some optimization flags. Used for the different Invidious backends that I host.
https://man.freebsd.org/cgi/man.cgi?ktls(4) | https://www.f5.com/company/blog/nginx/improving-nginx-performance-with-kernel-tls | https://www.kernel.org/doc/html/latest/networking/tls-offload.html
| Dockerfile.glibc | ||
| Dockerfile.musl | ||
| LICENSE | ||
| README.md | ||
nginx (container image)
Built-from-source container image of the NGINX HTTP server
Tags
Docker Hub
Available on Docker Hub as ricardbejarano/nginx:
Quay
Available on Quay as:
quay.io/ricardbejarano/nginx-glibc, tags:1.17.4,master,latest(Dockerfile.glibc)quay.io/ricardbejarano/nginx-musl, tags:1.17.4,master,latest(Dockerfile.musl)
Features
- Super tiny (
glibc-based image is about14.1MB,musl-based image is about12.4MB) - Compiled from source (with binary exploit mitigations) during build time
- Built
FROM scratch, with zero bloat (see Filesystem) - Reduced attack surface (no shell, no UNIX tools, no package manager...)
- Runs as unprivileged (non-
root) user
Configuration
Volumes
- Mount your configuration at
/etc/nginx/nginx.conf.
Building
- To build the
glibc-based image:$ docker build -t nginx:glibc -f Dockerfile.glibc . - To build the
musl-based image:$ docker build -t nginx:musl -f Dockerfile.musl .
Filesystem
glibc
Based on the glibc implementation of libc. Dynamically linked.
/
├── etc/
│ ├── group
│ └── passwd
├── lib/
│ └── x86_64-linux-gnu/
│ ├── libc.so.6
│ ├── libcrypt.so.1
│ ├── libdl.so.2
│ ├── libnss_dns.so.2
│ ├── libnss_files.so.2
│ ├── libpthread.so.0
│ └── libresolv.so.2
├── lib64/
│ └── ld-linux-x86-64.so.2
├── nginx
└── tmp/
musl
Based on the musl implementation of libc. Statically linked.
/
├── etc/
│ ├── group
│ └── passwd
├── nginx
└── tmp/
License
See LICENSE.