Public Repository

Last pushed: 2 months ago
Short Description
NGINX with Google PageSpeed Module
Full Description

Nginx + Pagespeed + OpenSSL

Built on funkygibbon/ubuntu, a lightly modified Phusion Base Image

TLDR;

docker run -v "/path/to/www:/app/www" -p "80:80" -p "443:443" funkygibbon/nginx-pagespeed

Nginx is compiled from mainline source, if you would like to build the stable version, clone this repository and edit the NGINX_VERSION number to suit.

Files are served from /app/www/

SSL configuration is stored in /etc/nginx/ssl

Nginx reads /etc/nginx/sites-enabled for its virtual hosts, and comes with some sane defaults for out-of-the-box webserving.

Building the image

fuww/nginx-pagespeed

docker build -t fuww/nginx-pagespeed:latest . && \
docker run -p "80:80" -e "SSL_ENABLED=false" fuww/nginx-pagespeed

docker-compose up

docker tag fuww/nginx-pagespeed:latest fuww/nginx-pagespeed:latest && \
docker push fuww/nginx-pagespeed:latest

Environment

Nginx is configurable via environment variables, which are applied to the configuration on each service start, so you can adjust server parameters on the fly with, for example:

docker exec -ti <nginx> export "UPLOAD_MAX_SIZE=10M"; sv restart nginx
variable value
APP_USER nginx
APP_GROUP nginx
UPLOAD_MAX_SIZE 30M
NGINX_MAX_WORKER_PROCESSES 8
CHOWN_APP_DIR true
docker run -e "UPLOAD_MAX_SIZE=10M" funkygibbon/nginx-pagespeed

On service start

  • nginx user is set to ${APP_USER:-$DEFAULT_APP_USER} (default is nginx)
  • creates user and group from {APP_USER:-$DEFAULT_APP_USER}:${APP_GROUP:-$DEFAULT_APP_GROUP}, some sanity checks for matching UID / GID in the event that user/group already exists
  • if ${CHOWN_APP_DIR:-$DEFAULT_CHOWN_APP_DIR} is true, chown -R ${APP_USER:-$DEFAULT_APP_USER}:${APP_GROUP:-$DEFAULT_APP_GROUP} /app/www (default true)
  • worker_processes is set to the number of available processor cores and adjusts /etc/nginx/nginx.conf to match, up to a maximum number of cores ${NGINX_MAX_WORKER_PROCESSES:-$DEFAULT_MAX_WORKER_PROCESSES}
  • client_max_body_size is set to ${UPLOAD_MAX_SIZE:-$DEFAULT_UPLOAD_MAX_SIZE}

Security

Nginx is compiled from mainline source according to Ubuntu compile flags, with the following modifcations:

HTTPS is configured using modern sane defaults, including

  • Mozilla's intermediate profile - see https://wiki.mozilla.org/Security/Server_Side_TLS
  • SSLv2 and SSLv3 are disabled, TLSv1 TLSv2 and TLSv3 are enabled
  • Automatic generation of a 2048bit DH parameter file if one is not provided
  • Self-signed SSL certificates are generated on first container start, and stored in /etc/nginx/ssl/default.key /etc/nginx/ssl/default.crt. To install your own certificates I recommend creating an ssl and sites-enabled folder and mounting these folders as volumes, alongside your www volume.

Nginx changelog: http://nginx.org/en/CHANGES

Docker Compose

An example docker-compose.yml file:

app:
  image: funkygibbon/nginx-pagespeed
  ports:
    - "80:80"
    - "443:443"
  volumes:
    - /path/to/www:/app/www
    - /path/to/ssl:/etc/nginx/ssl
    - /path/to/sites-enabled:/etc/nginx/sites-enabled
  environment:
    - UPLOAD_MAX_SIZE=100M
Docker Pull Command
Owner
fuww

Comments (0)