webpanorg/nginx

By webpanorg

Updated 11 months ago

Image
Web Servers
0

65

Nginx + HTTP3 docker image

This is a project that contains the source code for the webpanorg/nginx image. It includes the original Dockerfile for building nginx with additional modules. The Dockerfile includes a build of nginx with support for http3.

How to use this image

Docker compose file

version: '3'

services:
  nginx:
    container_name: nginx
    hostname: nginx
    image: webpanorg/nginx:latest
    ports:
      - "80:80"
      - "443:443/tcp"
      - "443:443/udp"
    volumes:
      - /opt/docker/nginx/nginx.conf:/etc/nginx/nginx.conf:ro
      - /opt/docker/nginx/letsencrypt:/etc/letsencrypt:ro
      - /opt/docker/nginx/html:/etc/nginx/html:ro
      - /opt/docker/nginx/tmp:/etc/nginx/tmp:ro
    restart: always

Nginx config file

error_log  /var/log/nginx/error.log notice;
pid        /var/run/nginx.pid;

events {
    worker_connections  1024;
}

http {
    include /etc/nginx/mime.types;
    default_type  application/octet-stream;

    server {
        listen 80;
        listen [::]:80;
        server_name _;

        location /.well-known/acme-challenge/ {
            root /etc/nginx/tmp;
        }

        location / {
            return 301 https://$host$request_uri;
        }
    }


    server {
        server_name ${your_domain};
        client_max_body_size 4G;

        listen 443 quic;
        listen 443 ssl;

        http2 on;
        http3 on;
        quic_gso on;
        quic_retry on;

        ssl_protocols TLSv1.2 TLSv1.3;

        ssl_certificate   /etc/letsencrypt/live/${your_domain}/fullchain.pem;
        ssl_certificate_key   /etc/letsencrypt/live/${your_domain}/privkey.pem;

        add_header Alt-Svc 'h3=":443";max=86400';

        location / {
            proxy_set_header Upgrade $http_upgrade;
            proxy_set_header Connection upgrade;
            proxy_set_header Accept-Encoding gzip;
            proxy_set_header Origin https://$host;
            proxy_set_header Host $host;
            proxy_set_header X-Forwarded-For $remote_addr;
            proxy_http_version 1.1;
            proxy_pass http://127.0.0.1:8080;
        }
    }
}

Command for create ssl with certbot

docker run --rm \
 -v /opt/docker/nginx/letsencrypt:/etc/letsencrypt \
 -v /opt/docker/nginx/tmp:/tmp/letsencrypt \
 certbot/certbot \
 certonly \
 --webroot \
 --agree-tos \
 --renew-by-default \
 --preferred-challenges http-01 \
 --email email@example.com \
 --webroot-path /tmp/letsencrypt \
 -d ${domain}

Docker Pull Command

docker pull webpanorg/nginx