webkaos
is a web-server based on the latest version of Nginx.
- Improved default SSL/TLS preferencies (A+ on SSL Labs, Immuni Web, Mozilla Observatory, CryptCheck and Security Headers)
- Dynamic TLS Records support
- The latest version of BoringSSL with some state-of-the-art crypto features
- TLS 1.3 support (RFC 8446)
- TCP Fast Open support
- Lua and Headers More modules from the box
- Brotli and NAXSI as dynamic modules
- Improved SysV script
- Well-looking error pages
- Improved design of index pages
- Performance tuning for highload
sudo yum install -y yum install -y https://yum.kaos.st/kaos-repo-latest.el7.noarch.rpm
sudo yum install webkaos
Official webkaos images available on Docker Hub. All Docker images support templating using environment variables.
Usage examples:
docker run --name my-webkaos -v /some/content:/usr/share/webkaos/html:ro -p 8080:80 -d essentialkaos/webkaos:centos7
docker run --name my-webkaos -v /some/content:/usr/share/webkaos/html:ro -p 8080:8080 -d essentialkaos/webkaos:centos7-unprivileged
Useful environment variables:
WEBKAOS_ENABLE_ENTRYPOINT_LOGS
- Enable logging for actions made by entrypoint script;WEBKAOS_DISABLE_PROC_TUNE
- Disable automaticworker_processes
tuning;WEBKAOS_DISABLE_BUCKET_TUNE
- Disable automaticserver_names_hash_bucket_size
tuning;WEBKAOS_DISABLE_TEMPLATES
- Disable automatic templates rendering.
Using rpmbuilder
... install and configure rpmbuilder there
git clone https://github.com/essentialkaos/webkaos.git
cd webkaos/
rpmbuilder webkaos.spec -dl SOURCES/
rpmbuilder webkaos.spec -3 -V -di
Q: Why is it named webkaos?
A: The very first version of this webserver was named nginx-kaos
. But it uses a lot of different, awesome projects and libraries, not only nginx. So, we decided to choose something neutral.
Q: Is it safe to use webkaos in production?
A: Yes. But we can't guarantee that there are no bugs in nginx, its modules, or used dependencies.
Q: Can I use Docker images with Kubernetes/Nomad/Rancher?
A: Yes.
Q: Can you provide packages for Ubuntu/Debian/FreeBSD?
A: Theoretically, yes. Practically, no. We use only RHEL-based distros in our infrastructure, and we can't provide the same quality of packages for other distros.
Q: Can you provide Alpine-based Docker images?
A: No. Using RPM packages simplify their support for us. There is a complex process of building and testing packages with different tools (rpmbuilder, rpmlint, perfecto, bibop, shellcheck) and we can't provide the same level of quality without them. Also, it is tough to write and maintain Dockerfiles with a large number of build actions and stages.
Q: Why doesn't Dockerfile contain a package version?
A: Webkaos is based on the latest, mainline (unstable) version of Nginx, every release of which contains different fixes. So it is important to use the latest version of webkaos, and not to stick to a particular one.