镜像基于nginx官方版本构建,增加quic+brotli
详情:
基于官方nginx原版镜像构建而成
仅编译增加了quic、brotli和以下组件
优化了组件参数和nginx性能外,其他官方参数未调整
docker-nginx
参数配置:
调整了nginx.conf,增加了quic和brotli的优化参数
组件情况和来源:
1、quic
quic.nginx.org
2、brotli
https://github.com/google/ngx_brotli.git
3、ngx_cache_purge-2.3
http://labs.frickle.com/files/ngx_cache_purge-2.3.tar.gz
4、ngx_slowfs_cache-1.10
http://labs.frickle.com/files/ngx_slowfs_cache-1.10.tar.gz
5、pcre-8.45
https://zenlayer.dl.sourceforge.net/project/pcre/pcre/8.45/pcre-8.45.tar.gz
5、pcre2(至1.27.1起)
https://github.com/PCRE2Project/pcre2/releases/download/pcre2-10.43/pcre2-10.43.tar.gz
6、ngx_http_substitutions_filter
clone https://github.com/yaoweibin/ngx_http_substitutions_filter_module
7、ngx-fancyindex
https://github.com/aperezdc/ngx-fancyindex.git启用镜像
docker run --name nginx-brotli-quic -p 8888:80 -p 9999:443 -d ticifer/nginx-quicbr:tagname在nginx配置文件ssl配置中增加一下参数:
listen 443 http3 reuseport;
http2 on; //开启http2全局支持
http3 on;//开启http3全局支持
http3_hq on;//开启http_hq全局支持
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ecdh_curve X25519:P-256:P-384;
resolver 8.8.8.8 8.8.4.4 valid=300s;
resolver_timeout 5s;
ssl_early_data on;
ssl_session_tickets on;
quic_retry on;
ssl_buffer_size 1400;
ssl_prefer_server_ciphers on;
ssl_session_timeout 10m;
ssl_session_cache builtin:1000 shared:SSL:10m;
ssl_ciphers TLS13-AES-256-GCM-SHA384:TLS13-CHACHA20-POLY1305-SHA256:TLS13-AES-128-GCM-SHA256:TLS13-AES-128-CCM-8-SHA256:TLS13-AES-128-CCM-SHA256:EECDH+CHACHA20:EECDH+AES128:RSA+AES128:EECDH+AES256:RSA+AES256:EECDH+3DES:RSA+3DES:!MD5;
add_header alt-svc 'h3=":443"; ma=86400';
add_header alt-svc 'h3-29=":443"; ma=86400,h3-28=":443"; ma=86400';
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains;preload";
add_header Referrer-Policy "no-referrer";注意事项:
nginx配置文件一定要正确!
下面这行参数仅需要在一个站点配置,不用每个站点配置文件都加
listen 443 http3 reuseport镜像拉取地址:
#docker hub
docker push ticifer/nginx-brotli-quic:tagname
#本站
docker pull hub.xiaoyu.ge/public/nginx-brotli-quic:tagname正文完
