54

The world's smallest and most secure NGINX Docker image

 6 years ago
source link: https://www.tuicool.com/articles/hit/NbmIZvF
Go to the source link to view the article. You can view the picture content, updated content and better typesetting reading experience. If the link is broken, please click the button below to view the snapshot at that time.
neoserver,ios ssh client

qYRBJzm.png!web

nginx (Docker image)

Built-from-source container image of the NGINX HTTP server

Available at ricardbejarano/nginx .

Tags

1.15.9-glibc , 1.15.9 , glibc , latest (glibc/Dockerfile)

1.15.9-musl , musl (musl/Dockerfile)

Features

  • Super tiny ( glibc -based is ~13MB and musl -based is ~12.3MB )
  • Built from source, including libraries
  • Built from scratch , see thesection below for an exhaustive list of the image's contents
  • Included TLS1.3 protocol support (with OpenSSL )
  • Reduced attack surface (no bash , no UNIX tools, no package manager...)

Filesystem

The images' contents are:

glibc

Based on the glibc implementation of libc . 

/
├── etc/
│   ├── group/
│   ├── nginx/
│   │   ├── html/
│   │   │   ├── 50x.html
│   │   │   └── index.html
│   │   ├── mime.types
│   │   └── nginx.conf
│   └── passwd
├── lib/
│   └── x86_64-linux-gnu/
│       ├── libc.so.6
│       ├── libcrypt.so.1
│       ├── libdl.so.2
│       ├── libnss_dns.so.2
│       ├── libnss_files.so.2
│       ├── libpthread.so.0
│       └── libresolv.so.2
├── lib64/
│   └── ld-linux-x86-64.so.2
├── nginx
└── tmp/
    └── .keep

musl

Based on the musl implementation of libc . 

/
├── etc/
│   ├── group
│   ├── nginx/
│   │   ├── html/
│   │   │   ├── 50x.html
│   │   │   └── index.html
│   │   ├── mime.types
│   │   └── nginx.conf
│   └── passwd
├── lib/
│   ├── ld-musl-x86_64.so.1
│   └── libssl.so.1.1
├── nginx
└── tmp/
    └── .keep

License

See LICENSE .


report

Recommend

About Joyk


Aggregate valuable and interesting links.
Joyk means Joy of geeK