NGINX + OpenSSL 3.0

README.md

#Testing NGINX with OpenSSL 3.0

1. Build Docker image

docker build -t nginx:openssl-3.0 .

2. Run NGINX container

docker run --name ngxos3 -d -p 443:443 -v $PWD:/etc/nginx/conf.d nginx:openssl-3.0

Dockerfile

FROM nginx AS build

WORKDIR /src
RUN apt-get update && \
    apt-get install -y git gcc make mercurial libperl-dev libpcre3-dev zlib1g-dev libxslt1-dev libgd-ocaml-dev libgeoip-dev
RUN git clone -b openssl-3.0 https://github.com/openssl/openssl openssl-3.0 && \
    hg clone https://hg.nginx.org/nginx && \
    hg clone http://hg.nginx.org/njs
RUN cd nginx && \
    auto/configure `nginx -V 2>&1 | sed "s/ \-\-/ \\\ \n\t--/g" | grep "\-\-" | grep -ve opt= -e param=` \
                   --with-openssl=../openssl-3.0 --with-debug --add-module=../njs/nginx && \
    make

FROM nginx
COPY --from=build /src/nginx/objs/nginx /usr/sbin
EXPOSE 80 443

ssl_server.conf

server {
    listen 443 http2 ssl;
    ssl_certificate     conf.d/foo.example.com.crt;
    ssl_certificate_key conf.d/foo.example.com.key;
    ssl_protocols       TLSv1.3;
    ssl_conf_command    Ciphersuites TLS_CHACHA20_POLY1305_SHA256;
    ssl_early_data      on;

    root /usr/share/nginx/html;

    add_header X-ssl-protocol $ssl_protocol;
    add_header X-ssl-curves $ssl_curves;
    add_header X-0rtt $ssl_early_data;
}

# vim: syntax=nginx