Consider using Freenginx

[tukusejssirs]

I would be interested in using Freenginx (Mercurial links available here along with the link to the GitHub mirror) instead of Nginx.

@JonasAlfredsson, what do you think? :thinking:

Anyway, thanks for creating and maintaining docker-nginx-certbot! :pray:

[JonasAlfredsson]

Yeah, I have also thought about building the unprivileged image of Nginx as well.

But I have not had time to think about how this would be realized. Do we add more Dockerfiles into this repo? Do we move the /src/scrips folder to its own "nginx-certbot-utils" repo and make it a submodule to a "docker-freenginx-certbot" repo?

[tukusejssirs]

Yeah, I have also thought about building the unprivileged image of Nginx as well.

Yeah, that would be awesome too, however, IMHO while that is a related feature, it is a different one. YMMV

But I have not had time to think about how this would be realized.

At least for now, Freenginx should be compatible with Nginx, therefore, IMHO all that should be needed to do is (more or less) replacing Nginx with Freenginx. It might be different in the future, so you might want to think about this from maintenance POV too.

Do we add more Dockerfiles into this repo?

Yes and you might want to publish it to Docker Hub, probably using a different (base) tag. That would also add up some extra work.

Do we move the /src/scrips folder to its own "nginx-certbot-utils" repo and make it a submodule to a "docker-freenginx-certbot" repo?

I have no idea, maybe not. :wink:

[tukusejssirs]

This issue is also related to #175, as Freenginx seems to have incorporated the experimental HTTP/3 support. Also look at this Dockerfile. (Note that I am also interested in the QUIC / HTTP/3 support in docker-nginx-certbot.)

[JonasAlfredsson]

So one would have to build freenginx from source, and set up checks to keep it up to date, and then upload to DockerHub for us to then be able to include certbot+scripts. So it is definitely more work to create a "drop-in" replacement.

Also, since this repo follows the main Nginx container, HTTP3 support is dictated by them.

[tukusejssirs]

So one would have to build freenginx from source, and set up checks to keep it up to date, and then upload to DockerHub for us to then be able to include certbot+scripts. So it is definitely more work to create a "drop-in" replacement.

That makes sense.

There are already some Freenginx images on Docker Hub, though there is no official image (yet).

However, these two images look regularly pushed to Docker Hub:

• jauderho/freenginx;
• vincejv/nginx.

Maybe I like the latter more, however, you might prefer something else. :wink:

Also, since this repo follows the main Nginx container, HTTP3 support is dictated by them.

Actually, it works as expected (I have tested it with docker-nginx-certbot), however, at first I have forgotten to add 0.0.0.0:443:443/udp to the exposed ports in my Docker Compose file. :wink: OFC, both TCP and UDP HTTP/3 ports need to be the same. Therefore, that is not an issue anymore.

We could document it though. I could create a PR with what I did to make it work. Where would you like to at this? To docs/advanced_usage.md? Or should I rather create a new file (e.g. docs/enable_http3_quic.md)?

[JonasAlfredsson]

What do you want to document? The HTTP3 stuff is not really part of the nginx-certbot codebase, so it might be misplaced in this repo. But would you mind pasting what you intended to write here and we can see if it does fit? :)