Switch to eustas/ngx_brotli (#3)

Switch to eustas/ngx_brotli according to google/ngx_brotli#69
hackinit · Jun 7, 2019 · a5d82b3 · a5d82b3
2 parents 272f82e + 3e8a707
commit a5d82b3
Show file tree

Hide file tree

Showing 5 changed files with 110 additions and 90 deletions.
diff --git a/.gitattributes b/.gitattributes
@@ -0,0 +1 @@
+* text=auto eol=lf
diff --git a/Dockerfile b/Dockerfile
@@ -3,6 +3,7 @@ FROM alpine:3.9
 LABEL maintainer="NGINX Docker Maintainers <[email protected]>"
 
 ENV NGINX_VERSION 1.16.0
+ENV BROTLI_COMMIT_HASH 8104036af9cff4b1d34f22d00ba857e2a93a243c
 
 RUN GPG_KEYS=B0F4253373F8F6F510D42178520A9993A1C052F8 \
     # Nginx Build Config
@@ -101,7 +102,10 @@ RUN GPG_KEYS=B0F4253373F8F6F510D42178520A9993A1C052F8 \
     # Downloading Brotli
     && echo "Downloading Brotli" \
 	&& cd /usr/src \
-	&& git clone --recursive https://github.com/google/ngx_brotli.git \
+	&& git clone --recursive https://github.com/eustas/ngx_brotli.git \
+    && cd ngx_brotli \
+	&& git checkout -b $BROTLI_COMMIT_HASH $BROTLI_COMMIT_HASH \
+	&& cd .. \
     # Building Nginx
     && echo "Building Nginx" \
 	&& cd /usr/src/nginx-$NGINX_VERSION \

diff --git a/README.md b/README.md
@@ -1,18 +1,35 @@
 # Docker Nginx
 
-Dockerized Nginx with TLS 1.3 and Brotli support.
+Dockerized Nginx based on Alpine Linux with TLS 1.3 and Brotli support.
 
-Based on [nginxinc/docker-nginx](https://github.com/nginxinc/docker-nginx).
+Inspired by:
+ - [nginxinc/docker-nginx](https://github.com/nginxinc/docker-nginx)
+ - [google/ngx_brotli](https://github.com/google/ngx_brotli)
+ - [eustas/ngx_brotli](https://github.com/eustas/ngx_brotli)
+ - [fholzer/docker-nginx-brotli](https://github.com/fholzer/docker-nginx-brotli)
 
-## Config
+## How to use this image
 
-To enable TLS 1.3, use:
+```shell
+docker pull hackinit/nginx-brotli
+docker run --name some-nginx -v /some/content:/usr/share/nginx/html:ro -d hackinit/nginx-brotli
+```
+
+For extra information, please refer to the [official Docker Hub Nginx documentation](https://hub.docker.com/_/nginx/), since this image builds upon it.
+
+In addition, you can look for Brotli configurations at the upstream repository [eustas/ngx_brotli](https://github.com/eustas/ngx_brotli#configuration-directives).
+
+
+## Sample config
+
+To enable TLS 1.3, add:
 
 ```nginx
 ssl_protocols TLSv1.2 TLSv1.3;
 ssl_ciphers [TLS13+AESGCM+AES128|TLS13+AESGCM+AES256|TLS13+CHACHA20]:[EECDH+ECDSA+AESGCM+AES128|EECDH+ECDSA+CHACHA20]:EECDH+ECDSA+AESGCM+AES256:EECDH+ECDSA+AES128+SHA:EECDH+ECDSA+AES256+SHA:[EECDH+aRSA+AESGCM+AES128|EECDH+aRSA+CHACHA20]:EECDH+aRSA+AESGCM+AES256:EECDH+aRSA+AES128+SHA:EECDH+aRSA+AES256+SHA:RSA+AES128+SHA:RSA+AES256+SHA:RSA+3DES;
 ```
-To enable Brotli, use this in `http` block:
+
+To enable Brotli, add this in `http` block:
 
 ```nginx
 brotli on;  
@@ -24,14 +41,12 @@ brotli_types *;
 
 ## Modification Details
 
-Compiled with OpenSSL 1.1.1b, which supports TLS 1.3.
+Module [ngx_brotli](https://github.com/eustas/ngx_brotli) has been added for Brotli support.
 
-Module [ngx_brotli](https://github.com/google/ngx_brotli) has been added for Brotli support.
-
-## Build
+## Manually build from source
 
 ```bash
 git clone git://github.com/hackinit/docker-nginx.git
 cd docker-nginx
-docker build -t nginx:1.15.12-modified .
-```
+docker build -t nginx-brotli:latest .
+```
diff --git a/nginx.conf b/nginx.conf
@@ -1,34 +1,34 @@
-user  nginx;
-worker_processes  1;
-
-error_log  /var/log/nginx/error.log warn;
-pid        /var/run/nginx.pid;
-
-
-events {
-    worker_connections  1024;
-}
-
-
-http {
-    include       /etc/nginx/mime.types;
-    default_type  application/octet-stream;
-
-    log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
-                      '$status $body_bytes_sent "$http_referer" '
-                      '"$http_user_agent" "$http_x_forwarded_for"';
-
-    access_log  /var/log/nginx/access.log  main;
-
-    sendfile        on;
-    #tcp_nopush     on;
-
-    keepalive_timeout  65;
-
-    gzip  on;
-
-    brotli on;
-    brotli_static on;
-
-    include /etc/nginx/conf.d/*.conf;
-}
+user  nginx;
+worker_processes  1;
+
+error_log  /var/log/nginx/error.log warn;
+pid        /var/run/nginx.pid;
+
+
+events {
+    worker_connections  1024;
+}
+
+
+http {
+    include       /etc/nginx/mime.types;
+    default_type  application/octet-stream;
+
+    log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
+                      '$status $body_bytes_sent "$http_referer" '
+                      '"$http_user_agent" "$http_x_forwarded_for"';
+
+    access_log  /var/log/nginx/access.log  main;
+
+    sendfile        on;
+    #tcp_nopush     on;
+
+    keepalive_timeout  65;
+
+    gzip  on;
+
+    brotli on;
+    brotli_static on;
+
+    include /etc/nginx/conf.d/*.conf;
+}
diff --git a/nginx.vh.default.conf b/nginx.vh.default.conf
@@ -1,44 +1,44 @@
-server {
-    listen       80;
-    server_name  localhost;
-
-    #charset koi8-r;
-    #access_log  /var/log/nginx/host.access.log  main;
-
-    location / {
-        root   /usr/share/nginx/html;
-        index  index.html index.htm;
-    }
-
-    #error_page  404              /404.html;
-
-    # redirect server error pages to the static page /50x.html
-    #
-    error_page   500 502 503 504  /50x.html;
-    location = /50x.html {
-        root   /usr/share/nginx/html;
-    }
-
-    # proxy the PHP scripts to Apache listening on 127.0.0.1:80
-    #
-    #location ~ \.php$ {
-    #    proxy_pass   http://127.0.0.1;
-    #}
-
-    # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
-    #
-    #location ~ \.php$ {
-    #    root           html;
-    #    fastcgi_pass   127.0.0.1:9000;
-    #    fastcgi_index  index.php;
-    #    fastcgi_param  SCRIPT_FILENAME  /scripts$fastcgi_script_name;
-    #    include        fastcgi_params;
-    #}
-
-    # deny access to .htaccess files, if Apache's document root
-    # concurs with nginx's one
-    #
-    #location ~ /\.ht {
-    #    deny  all;
-    #}
-}
+server {
+    listen       80;
+    server_name  localhost;
+
+    #charset koi8-r;
+    #access_log  /var/log/nginx/host.access.log  main;
+
+    location / {
+        root   /usr/share/nginx/html;
+        index  index.html index.htm;
+    }
+
+    #error_page  404              /404.html;
+
+    # redirect server error pages to the static page /50x.html
+    #
+    error_page   500 502 503 504  /50x.html;
+    location = /50x.html {
+        root   /usr/share/nginx/html;
+    }
+
+    # proxy the PHP scripts to Apache listening on 127.0.0.1:80
+    #
+    #location ~ \.php$ {
+    #    proxy_pass   http://127.0.0.1;
+    #}
+
+    # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
+    #
+    #location ~ \.php$ {
+    #    root           html;
+    #    fastcgi_pass   127.0.0.1:9000;
+    #    fastcgi_index  index.php;
+    #    fastcgi_param  SCRIPT_FILENAME  /scripts$fastcgi_script_name;
+    #    include        fastcgi_params;
+    #}
+
+    # deny access to .htaccess files, if Apache's document root
+    # concurs with nginx's one
+    #
+    #location ~ /\.ht {
+    #    deny  all;
+    #}
+}