diff --git a/Dockerfile b/Dockerfile index b82690e..212f05c 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,8 +1,8 @@ -FROM ubuntu:18.04 +FROM ubuntu:18.04 AS builder LABEL maintainer="Yury Muski " -ENV NGINX_PATH /opt/nginx +ENV NGINX_PATH /etc/nginx ENV NGINX_VERSION 1.16.1 WORKDIR /opt @@ -13,23 +13,72 @@ RUN apt-get update && \ RUN curl -O https://nginx.org/download/nginx-$NGINX_VERSION.tar.gz && \ tar xvzf nginx-$NGINX_VERSION.tar.gz && \ git clone --recursive https://github.com/cloudflare/quiche && \ + git clone --recursive https://github.com/google/ngx_brotli.git && \ cd nginx-$NGINX_VERSION && \ patch -p01 < ../quiche/extras/nginx/nginx-1.16.patch && \ curl https://sh.rustup.rs -sSf | sh -s -- -y -q && \ export PATH="$HOME/.cargo/bin:$PATH" && \ ./configure \ - --prefix=$NGINX_PATH \ - --with-http_ssl_module \ - --with-http_v2_module \ - --with-http_v3_module \ - --with-openssl=/opt/quiche/deps/boringssl \ - --with-quiche=/opt/quiche &&\ + --prefix=$NGINX_PATH \ + --sbin-path=/usr/sbin/nginx \ + --modules-path=/usr/lib/nginx/modules \ + --conf-path=$NGINX_PATH/nginx.conf \ + --error-log-path=/var/log/nginx/error.log \ + --http-log-path=/var/log/nginx/access.log \ + --pid-path=/var/run/nginx.pid \ + --lock-path=/var/run/nginx.lock \ + --http-client-body-temp-path=/var/cache/nginx/client_temp \ + --http-proxy-temp-path=/var/cache/nginx/proxy_temp \ + --http-fastcgi-temp-path=/var/cache/nginx/fastcgi_temp \ + --http-uwsgi-temp-path=/var/cache/nginx/uwsgi_temp \ + --http-scgi-temp-path=/var/cache/nginx/scgi_temp \ + --user=nginx \ + --group=nginx \ + --with-compat \ + --with-file-aio \ + --with-threads \ + --with-http_addition_module \ + --with-http_auth_request_module \ + --with-http_dav_module \ + --with-http_flv_module \ + --with-http_gunzip_module \ + --with-http_gzip_static_module \ + --with-http_mp4_module \ + --with-http_random_index_module \ + --with-http_realip_module \ + --with-http_secure_link_module \ + --with-http_slice_module \ + --with-http_ssl_module \ + --with-http_stub_status_module \ + --with-http_sub_module \ + --with-http_v2_module \ + --with-mail \ + --with-mail_ssl_module \ + --with-stream \ + --with-stream_realip_module \ + --with-stream_ssl_module \ + --with-stream_ssl_preread_module \ + --add-module=/opt/ngx_brotli \ + --with-http_v3_module \ + --with-openssl=/opt/quiche/deps/boringssl \ + --with-quiche=/opt/quiche &&\ make && \ make install; -RUN ln -sf /dev/stdout $NGINX_PATH/logs/access.log && \ - ln -sf /dev/stderr $NGINX_PATH/logs/error.log && \ - ln -sf $NGINX_PATH/sbin/nginx /usr/local/sbin/nginx +FROM ubuntu:18.04 + +COPY --from=builder /usr/sbin/nginx /usr/sbin/ +COPY --from=builder /etc/nginx/ /etc/nginx/ + + +RUN groupadd nginx \ + && useradd -m -d /var/cache/nginx -s /sbin/nologin -g nginx nginx \ + # forward request and error logs to docker log collector + && mkdir -p /var/log/nginx \ + && touch /var/log/nginx/access.log /var/log/nginx/error.log \ + && chown nginx: /var/log/nginx/access.log /var/log/nginx/error.log \ + && ln -sf /dev/stdout /var/log/nginx/access.log \ + && ln -sf /dev/stderr /var/log/nginx/error.log EXPOSE 80 diff --git a/README.md b/README.md index f3ed7f6..45ce872 100644 --- a/README.md +++ b/README.md @@ -1,12 +1,32 @@ # nginx-http3 -Nginx compiled with BoringSSL and quiche for HTTP3 support +Nginx compiled with *BoringSSL* and *quiche* for *HTTP3* support, *Brotli* support. -Image is super large ~2GB, recommed to use: +Based on ubuntu:18.04, size 98.5MB -https://github.com/RanadeepPolavarapu/docker-nginx-http3 - -usage: +### usage - get certs from certbot in /etc/letsencrypt/ - create nginx.conf like in example -`docker run --name nginx -d --net host -v /etc/letsencrypt/:/opt/nginx/certs/ -v /opt/nginx/conf/nginx.conf:/opt/nginx/conf/nginx.conf ymuski/nginx-quic:1.16.1` \ No newline at end of file +`docker run --name nginx -d -p 80:80 -p 443:443/tcp -p 443:443/udp -v /etc/letsencrypt/:/opt/nginx/certs/ -v /opt/nginx/conf/example.nginx.conf:/etc/nginx/nginx.conf ymuski/nginx-quic` + +### Checking + +`docker run -it --rm ymuski/curl-http3 curl -ILv https://your_domain --http3` + +``` +Sent QUIC client Initial, ALPN: h3-25h3-24h3-23 +* h3 [:method: HEAD] +* h3 [:path: /] +* h3 [:scheme: https] +* h3 [:authority: your_domain] +* h3 [user-agent: curl/7.69.0-DEV] +* h3 [accept: */*] +* Using HTTP/3 Stream ID: 0 (easy handle 0x563fad4bc780) +> HEAD / HTTP/3 +> Host: your_domain +> user-agent: curl/7.69.0-DEV +> accept: */* +> +< HTTP/3 200 +HTTP/3 200 +``` \ No newline at end of file diff --git a/example.nginx.conf b/example.nginx.conf index 57a9643..4a257c9 100644 --- a/example.nginx.conf +++ b/example.nginx.conf @@ -1,16 +1,22 @@ -worker_processes 1; - events { worker_connections 1024; } http { + include /etc/nginx/mime.types; + include /etc/nginx/conf.d/*.conf; + + # https://github.com/google/ngx_brotli + brotli_static on; + brotli on; - # include mime.types; - # default_type application/octet-stream; - # sendfile on; + # http://nginx.org/en/docs/http/ngx_http_gzip_module.html + gzip on; + gzip_vary on; + gzip_proxied any; server { + # https://github.com/cloudflare/quiche/tree/master/extras/nginx # Enable QUIC and HTTP/3. listen 443 quic reuseport;