#Testing NGINX with OpenSSL 3.0
- Build Docker image
docker build -t nginx:openssl-3.0 .
- Run NGINX container
docker run --name ngxos3 -d -p 443:443 -v $PWD:/etc/nginx/conf.d nginx:openssl-3.0
FROM nginx AS build | |
WORKDIR /src | |
RUN apt-get update && \ | |
apt-get install -y git gcc make mercurial libperl-dev libpcre3-dev zlib1g-dev libxslt1-dev libgd-ocaml-dev libgeoip-dev | |
RUN git clone -b openssl-3.0 https://github.com/openssl/openssl openssl-3.0 && \ | |
hg clone https://hg.nginx.org/nginx && \ | |
hg clone http://hg.nginx.org/njs | |
RUN cd nginx && \ | |
auto/configure `nginx -V 2>&1 | sed "s/ \-\-/ \\\ \n\t--/g" | grep "\-\-" | grep -ve opt= -e param=` \ | |
--with-openssl=../openssl-3.0 --with-debug --add-module=../njs/nginx && \ | |
make | |
FROM nginx | |
COPY --from=build /src/nginx/objs/nginx /usr/sbin | |
EXPOSE 80 443 |
server { | |
listen 443 http2 ssl; | |
ssl_certificate conf.d/foo.example.com.crt; | |
ssl_certificate_key conf.d/foo.example.com.key; | |
ssl_protocols TLSv1.3; | |
ssl_conf_command Ciphersuites TLS_CHACHA20_POLY1305_SHA256; | |
ssl_early_data on; | |
root /usr/share/nginx/html; | |
add_header X-ssl-protocol $ssl_protocol; | |
add_header X-ssl-curves $ssl_curves; | |
add_header X-0rtt $ssl_early_data; | |
} | |
# vim: syntax=nginx |