cleanstart/nginx

Verified Publisher

By CleanStart

•Updated about 9 hours ago

Secure by Design, Built for Speed, Hardened Container Images on a minimal base CleanStart OS.

Image
Web servers
0

50K+

cleanstart/nginx repository overview

CleanStart Container for Nginx

High-performance web server and reverse proxy server known for its stability, rich feature set, simple configuration, and low resource consumption. This CleanStart image provides a secure, lightweight, and production-ready web server environment optimized for containerized deployments.

šŸ“Œ CleanStart Foundation: Security-hardened, minimal base OS designed for enterprise containerized environments.

Key Features

  • High-performance HTTP server and reverse proxy
  • Lightweight architecture with low memory footprint
  • Advanced load balancing and caching capabilities
  • Enterprise-grade security features and SSL/TLS support

Common Use Cases

  • Static website hosting and content delivery
  • Reverse proxy for microservices architecture
  • Load balancer for distributed applications
  • SSL termination and security gateway

Quick Start

Pull Commands Download the web server container images

docker pull cleanstart/nginx:latest
docker pull cleanstart/nginx:latest-dev

Basic Web Server Start web server with default configuration

docker run -d --name nginx-server \
  -p 80:80 \
  --security-opt=no-new-privileges \
  cleanstart/nginx:latest

Custom Content Mount Serve custom content by mounting local directory

docker run -d --name nginx-custom \
  -p 8080:80 \
  -v $(pwd)/html:/usr/share/nginx/html:ro \
  cleanstart/nginx:latest

Reverse Proxy Setup Configure as reverse proxy for backend services

docker run -d --name nginx-proxy \
  -p 80:80 \
  -v $(pwd)/nginx.conf:/etc/nginx/nginx.conf:ro \
  cleanstart/nginx:latest

Docker Compose Web Service Complete web service configuration

version: '3.8'
services:
  nginx:
    image: cleanstart/nginx:latest
    container_name: nginx
    restart: unless-stopped
    ports:
      - "80:80"
    volumes:
      - ./html:/usr/share/nginx/html:ro
    security_opt:
      - no-new-privileges:true

Configuration

Environment Variables

VariableDefaultDescription
PATH/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/binSystem PATH configuration
NGINX_ENTRYPOINT_QUIET_LOGS1Reduces nginx startup output verbosity when set to 1

Security & Best Practices

Recommended Security Context

  • Configure SSL/TLS certificates for HTTPS
  • Implement proper access controls and rate limiting
  • Use security headers (HSTS, CSP, X-Frame-Options)
  • Regular security updates and vulnerability scanning
  • Configure proper logging and monitoring
  • Use read-only filesystems for static content
  • Implement proper firewall rules
  • Hide server version information
securityContext:
  runAsNonRoot: true
  runAsUser: 1000
  runAsGroup: 1000
  readOnlyRootFilesystem: true
  allowPrivilegeEscalation: false
  capabilities:
    drop: ['ALL']

Best Practices

  • Use specific image tags for production (avoid latest)
  • Configure resource limits: memory and CPU constraints
  • Enable read-only root filesystem when possible
  • Run containers with non-root user (--user 1000:1000)
  • Use --security-opt=no-new-privileges flag
  • Regularly update container images for security patches
  • Implement proper network segmentation
  • Monitor container metrics for anomalies

Architecture Support

Multi-Platform Images

docker pull --platform linux/amd64 cleanstart/nginx:latest
docker pull --platform linux/arm64 cleanstart/nginx:latest

Resources & Documentation


⁠Vulnerability Disclaimer

CleanStart offers Docker images that include third-party open-source libraries and packages maintained by independent contributors. While CleanStart maintains these images and applies industry-standard security practices, it cannot guarantee the security or integrity of upstream components beyond its control.

Users acknowledge and agree that open-source software may contain undiscovered vulnerabilities or introduce new risks through updates. CleanStart shall not be liable for security issues originating from third-party libraries, including but not limited to zero-day exploits, supply chain attacks, or contributor-introduced risks.

Security remains a shared responsibility: CleanStart provides updated images and guidance where possible, while users are responsible for evaluating deployments and implementing appropriate controls.

Tag summary

Content type

Image

Digest

sha256:bca623809…

Size

23.4 MB

Last updated

about 9 hours ago

docker pull cleanstart/nginx:1.31.3-amd64