denji/nginx-boringssl

By denji

Updated 25 days ago

NGINX + BoringSSL (Rolling) on Alpine: x86_64 SIMD, ARM NEON, RISC-V RVV

Image
Networking
Developer tools
Web servers
4

100K+

denji/nginx-boringssl repository overview

NGINX with BoringSSL

NGINX built with BoringSSL


Automated Build Pulls Stars

Docker Image CI

Docker Image

Images are published to both registries:

  • docker.io/denji/nginx-boringssl
  • ghcr.io/nginx-modules/nginx-boringssl

Supported tags and architectures

Tag patternArchitectures
stable-alpine, mainline-alpinex86_64, ARMv6/7 (32-bit), AArch64 (ARMv8), RISC-V64
stable-aarch64-alpine, mainline-aarch64-alpineAArch64 (ARMv8)
stable-armv6-alpine, mainline-armv6-alpineARMv6 (32-bit)
stable-armv7-alpine, mainline-armv7-alpineARMv7 (32-bit)
stable-riscv64-alpine, mainline-riscv64-alpineRISC-V 64

Stability Notice

This project is currently in an experimental state due to the continuously evolving BoringSSL releases and third-party module integration. Production deployments should consider testing compatibility before adoption.


Features

  • Based on Alpine Linux.
  • PCRE with JIT enabled.
  • HTTP/2 (+NPN) support.
  • Async I/O using threads supported.
  • Dynamic TLS record patch for Cloudflare (enabled).
  • Gzip static .gz files support enabled.
  • Brotli static .br files support enabled.
    • On-the-fly Brotli compression is disabled (unstable).
  • Based on Official NGINX Dockerfile and Wonderfall/boring-nginx.

Implementation Notes

  • Recommended environment: Linux kernel 3.17+ and the latest stable Docker version.
  • BoringSSL represents ECDH curves differently compared to OpenSSL/LibreSSL:
    • secp384r1P-384.
    • X25519 is the most secure curve and should be prioritized.
    • Multiple curves can be defined via SSL_CTX_set1_curves_list(). Default configuration is provided in /etc/nginx/conf/ssl_params.
  • Cipher groups can be defined using bracket notation: [cipher1|cipher2|cipher3].
    • Ciphers within a group are treated as equivalent; the client selects the optimal cipher.
    • This mechanism is particularly useful for ChaCha20, while AES remains faster on hardware with AES-NI support.

Tag summary

Content type

Image

Digest

sha256:f0ccfa9b9

Size

37.6 MB

Last updated

25 days ago

docker pull denji/nginx-boringssl:stable-alpine