Nginx docker container based off alpine. Designed to be run fully read-only.
- Docker for container management
- acme.sh for certificate management
- Switch among two backend servers based on state file
- Proxy https/websocket to app server if state files are present
- Static file server if state files are not present
- Support TLS1.3, OCSP Stapling, HSTS (CSP responsibility of proxied app)
- Combined RSA/ECC certs, Stateless acme.sh certificate renewals
- HTTP2 push and preload
- 4096 bit DH params
- Custom error pages
- Highly constrained busybox image with small subset of commands
[, [[, adjtimex, basename, bunzip2, bzcat, bzip2,
cat, clear, cp, cpio, cryptpw, cut, date, dirname,
dnsdomainname, dos2unix, du, echo, env, false, find,
grep, gunzip, gzip, head, hostname, install, kill,
ln, ls, md5sum, mkdir, more, mv, nice, nohup, nologin,
nslookup, od, ping, pipe_progress, ps, pwd, reset,
run-parts, sed, sh, sha1sum, sha256sum, sha3sum,
sha512sum, sleep, start-stop-daemon, tail, tar, tee,
test, true, udhcpc, uname, unit, unix2dos, unzip, wc,
which, whoami, xargs, yes, zcat
$ SITE_ADDR=www.example.com ./run.sh
Uses ~/.acme.sh/${SITE_ADDR}_ecc for ecc certificates and ~/.acme.sh/${SITE_ADDR} for RSA certificates
$ CERTS=/etc/ssl/certs SITE_ADDR=www.example.com ./run.sh