NGINX Docker built top of rolling release BoringSSL (SSE/AVX2) & TLSv1.3
NGINX built with BoringSSL & TLSv1.3
Before you can use
This project is unstable state because of the rolling release BoringSSL, and modules.
- Images are used Alpine Linux.
- NGINX built BoringSSL with SSE/SHA, and AVX2 SIMD-instructions.
- TLSv1.3 patch: use of TLSv1.3 (DRAFT) is enforced NGINX-1.13+.
- PCRE with JIT enabled.
- HTTP/2.0 (+NPN) support.
- Async I/O using threads support.
- Dynamic TLS records patch CloudFlare support (and configured).
- Brotli compression support (and configured).
- Linux 3.17+, and the latest Docker stable are recommended.
- BoringSSL is naming ECDH curves differently, some modifications will be required if you want to use your own SSL/TLS config file.
secp384r1(OpenSSL, LibreSSL) is
BoringSSL does support multiple curves with its implementation of
an example is provided in the default
X25519is actually the safest curve you can use so it should be the first curve in your list.
- BoringSSL can use cipher groups: a group is defined by brackets and ciphers are separated by
|like this :
Ciphers in a group are considered equivalent on the server-side and let the client decide which cipher is the best.
This can be useful when using ChaCha20, because AES remains faster than ChaCha20 on AES-NI devices.
Based on the Official NGINX Dockerfile &
Docker Pull Command