The Docker image is ready to use:
docker pull ghcr.io/ammnt/nginx:http3
or
docker pull ammnt/nginx:http3
- Based on latest version of Alpine Linux - low size (~8 MB);
- QuicTLS with kTLS module:
https://github.com/quictls/openssl - HTTP/3 + QUIC native support from NGINX;
- HTTP/2 with ALPN support;
- TLS 1.3 and 0-RTT support;
- TLS 1.2 and TCP Fast Open (TFO) support;
- Built using hardening GCC flags;
- NJS support;
- PCRE with JIT compilation;
- zlib library latest version;
- Rootless master process - unprivileged container;
- Async I/O threads module;
- Healthcheck added;
- Removed unnecessary modules;
- Added OCI labels and annotations;
- No excess ENTRYPOINT in the image;
- Prioritize ChaCha cipher patch and anonymous signature - removed "Server" header ("banner"):
https://github.com/ammnt/nginx/blob/http3/Dockerfile
Feel free to contact me with more security improvements🙋