added Brotli support, builder image to reduse end size

Dockerfile

@@ -1,8 +1,8 @@
-FROM ubuntu:18.04
+FROM ubuntu:18.04 AS builder
 
 LABEL maintainer="Yury Muski <muski.yury@gmail.com>"
 
-ENV NGINX_PATH /opt/nginx
+ENV NGINX_PATH /etc/nginx
 ENV NGINX_VERSION 1.16.1
 
 WORKDIR /opt
@@ -13,23 +13,72 @@ RUN apt-get update && \
 RUN curl -O https://nginx.org/download/nginx-$NGINX_VERSION.tar.gz && \
     tar xvzf nginx-$NGINX_VERSION.tar.gz && \
     git clone --recursive https://github.com/cloudflare/quiche && \
+    git clone --recursive https://github.com/google/ngx_brotli.git && \
     cd nginx-$NGINX_VERSION && \
     patch -p01 < ../quiche/extras/nginx/nginx-1.16.patch && \ 
     curl https://sh.rustup.rs -sSf | sh -s -- -y -q && \
     export PATH="$HOME/.cargo/bin:$PATH" && \
     ./configure            	\
-   	--prefix=$NGINX_PATH     \
-   	--with-http_ssl_module	\
-   	--with-http_v2_module 	\
-   	--with-http_v3_module 	\
-   	--with-openssl=/opt/quiche/deps/boringssl \
-   	--with-quiche=/opt/quiche &&\
+    --prefix=$NGINX_PATH \
+    --sbin-path=/usr/sbin/nginx \
+    --modules-path=/usr/lib/nginx/modules \
+    --conf-path=$NGINX_PATH/nginx.conf \
+    --error-log-path=/var/log/nginx/error.log \
+    --http-log-path=/var/log/nginx/access.log \
+    --pid-path=/var/run/nginx.pid \
+    --lock-path=/var/run/nginx.lock \
+    --http-client-body-temp-path=/var/cache/nginx/client_temp \
+    --http-proxy-temp-path=/var/cache/nginx/proxy_temp \
+    --http-fastcgi-temp-path=/var/cache/nginx/fastcgi_temp \
+    --http-uwsgi-temp-path=/var/cache/nginx/uwsgi_temp \
+    --http-scgi-temp-path=/var/cache/nginx/scgi_temp \
+    --user=nginx \
+    --group=nginx  \
+    --with-compat \
+    --with-file-aio \
+    --with-threads \
+    --with-http_addition_module \
+    --with-http_auth_request_module \
+    --with-http_dav_module \
+    --with-http_flv_module \
+    --with-http_gunzip_module \
+    --with-http_gzip_static_module \
+    --with-http_mp4_module \
+    --with-http_random_index_module \
+    --with-http_realip_module \
+    --with-http_secure_link_module \
+    --with-http_slice_module \
+    --with-http_ssl_module \
+    --with-http_stub_status_module \
+    --with-http_sub_module \
+    --with-http_v2_module \
+    --with-mail \
+    --with-mail_ssl_module \
+    --with-stream \
+    --with-stream_realip_module \
+    --with-stream_ssl_module \
+    --with-stream_ssl_preread_module \
+    --add-module=/opt/ngx_brotli \
+    --with-http_v3_module 	\
+    --with-openssl=/opt/quiche/deps/boringssl \
+    --with-quiche=/opt/quiche &&\
     make && \
     make install;
 
-RUN ln -sf /dev/stdout $NGINX_PATH/logs/access.log && \
-    ln -sf /dev/stderr $NGINX_PATH/logs/error.log && \
-    ln -sf $NGINX_PATH/sbin/nginx /usr/local/sbin/nginx 
+FROM ubuntu:18.04
+
+COPY --from=builder /usr/sbin/nginx /usr/sbin/
+COPY --from=builder /etc/nginx/ /etc/nginx/
+
+
+RUN groupadd  nginx \
+  && useradd -m -d  /var/cache/nginx -s /sbin/nologin -g nginx nginx \
+  # forward request and error logs to docker log collector
+  && mkdir -p /var/log/nginx \
+  && touch /var/log/nginx/access.log /var/log/nginx/error.log \
+  && chown nginx: /var/log/nginx/access.log /var/log/nginx/error.log \
+  && ln -sf /dev/stdout /var/log/nginx/access.log \
+  && ln -sf /dev/stderr /var/log/nginx/error.log
 
 EXPOSE 80
 

README.md

@@ -1,12 +1,32 @@
 # nginx-http3
-Nginx compiled with BoringSSL and quiche for HTTP3 support
+Nginx compiled with *BoringSSL* and *quiche* for *HTTP3* support, *Brotli* support.
 
-Image is super large ~2GB, recommed to use:
+Based on ubuntu:18.04, size 98.5MB
 
-https://github.com/RanadeepPolavarapu/docker-nginx-http3
-
-usage:
+### usage
 - get certs from certbot in /etc/letsencrypt/
 - create nginx.conf like in example
 
-`docker run --name nginx -d --net host -v /etc/letsencrypt/:/opt/nginx/certs/  -v /opt/nginx/conf/nginx.conf:/opt/nginx/conf/nginx.conf ymuski/nginx-quic:1.16.1`
+`docker run --name nginx -d -p 80:80 -p 443:443/tcp -p 443:443/udp -v /etc/letsencrypt/:/opt/nginx/certs/ -v /opt/nginx/conf/example.nginx.conf:/etc/nginx/nginx.conf  ymuski/nginx-quic`
+
+### Checking
+
+`docker run -it --rm ymuski/curl-http3 curl -ILv https://your_domain --http3`
+
+```
+Sent QUIC client Initial, ALPN: h3-25h3-24h3-23
+* h3 [:method: HEAD]
+* h3 [:path: /]
+* h3 [:scheme: https]
+* h3 [:authority: your_domain]
+* h3 [user-agent: curl/7.69.0-DEV]
+* h3 [accept: */*]
+* Using HTTP/3 Stream ID: 0 (easy handle 0x563fad4bc780)
+> HEAD / HTTP/3
+> Host: your_domain
+> user-agent: curl/7.69.0-DEV
+> accept: */*
+> 
+< HTTP/3 200
+HTTP/3 200
+```

example.nginx.conf

@@ -1,16 +1,22 @@
-worker_processes  1;
-
 events {
     worker_connections  1024;
 }
 
 http {
+    include         /etc/nginx/mime.types;
+    include         /etc/nginx/conf.d/*.conf;
+
+    # https://github.com/google/ngx_brotli
+    brotli_static   on;
+    brotli          on;
 
-    # include       mime.types;
-    # default_type  application/octet-stream;
-    # sendfile      on;
+    # http://nginx.org/en/docs/http/ngx_http_gzip_module.html
+    gzip            on;
+    gzip_vary       on;
+    gzip_proxied    any;
 
     server {
+        # https://github.com/cloudflare/quiche/tree/master/extras/nginx
         # Enable QUIC and HTTP/3.
         listen 443 quic reuseport;