diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml
new file mode 100644
index 0000000..26cc60d
--- /dev/null
+++ b/.github/workflows/build.yml
@@ -0,0 +1,117 @@
+name: Build and push image📦
+
+on:
+ workflow_dispatch:
+ schedule:
+ - cron: "00 17 * * SAT"
+ # push:
+ # branches: ["http3"]
+ # pull_request:
+ # branches: [ "http3" ]
+
+env:
+ REGISTRY: ghcr.io
+ IMAGE_NAME: ${{ github.repository }}
+
+jobs:
+ build:
+ if: github.actor == 'ammnt'
+ runs-on: ubuntu-latest
+ permissions:
+ contents: read
+ packages: write
+ id-token: write
+
+ steps:
+ - name: Checkout repository
+ uses: actions/checkout@v4.0.0
+
+ - name: Install cosign
+ if: github.event_name != 'pull_request'
+ uses: sigstore/cosign-installer@v3.1.2
+
+ - name: Setup Docker buildx
+ uses: docker/setup-buildx-action@v3.0.0
+
+ - name: Log into ${{ env.REGISTRY }}
+ if: github.event_name != 'pull_request'
+ uses: docker/login-action@v3.0.0
+ with:
+ registry: ${{ env.REGISTRY }}
+ username: ${{ github.actor }}
+ password: ${{ secrets.GITHUB_TOKEN }}
+
+ - name: Log into Docker Hub
+ uses: docker/login-action@v3.0.0
+ with:
+ username: ${{ secrets.DOCKERHUB_USERNAME }}
+ password: ${{ secrets.DOCKERHUB_TOKEN }}
+
+ - name: Extract Docker metadata
+ id: meta
+ uses: docker/metadata-action@v5.0.0
+ with:
+ images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}
+
+ - name: Build the Docker image
+ id: build
+ uses: docker/build-push-action@v5.0.0
+ with:
+ provenance: false
+ context: .
+ platforms: linux/amd64
+ load: ${{ github.event_name != 'pull_request' }}
+ tags: |
+ ${{ steps.meta.outputs.tags }}
+ ammnt/angie:http3
+ labels: ${{ steps.meta.outputs.labels }}
+ cache-from: type=gha
+ cache-to: type=gha,mode=max
+
+ - name: Test the Docker image
+ run: |
+ docker run --name angie --restart unless-stopped -p 127.0.0.1:8080:8080/tcp -d ammnt/angie:http3
+ curl -vki http://127.0.0.1:8080
+
+ - name: Push the Docker image
+ id: push
+ uses: docker/build-push-action@v5.0.0
+ with:
+ provenance: false
+ context: .
+ platforms: linux/amd64
+ push: ${{ github.event_name != 'pull_request' }}
+ tags: |
+ ${{ steps.meta.outputs.tags }}
+ ammnt/angie:http3
+ labels: ${{ steps.meta.outputs.labels }}
+ cache-from: type=gha
+ cache-to: type=gha,mode=max
+
+ - name: Sign the published Docker image
+ if: ${{ github.event_name != 'pull_request' }}
+ env:
+ COSIGN_EXPERIMENTAL: "true"
+ run: |
+ cosign sign -y \
+ -a "repo=${{ github.repository }}" \
+ -a "workflow=${{ github.workflow }}" \
+ -a "ref=${{ github.sha }}" \
+ ghcr.io/ammnt/angie:@${{ steps.push.outputs.digest }}
+ cosign sign -y \
+ -a "repo=${{ github.repository }}" \
+ -a "workflow=${{ github.workflow }}" \
+ -a "ref=${{ github.sha }}" \
+ ammnt/ngiangienx:@${{ steps.push.outputs.digest }}
+
+ - name: Run deploy update on the server
+ uses: appleboy/ssh-action@v1.0.0
+ with:
+ host: ${{ secrets.SERVER_HOST }}
+ username: ${{ secrets.SERVER_USERNAME }}
+ key: ${{ secrets.SERVER_KEY }}
+ port: ${{ secrets.SERVER_PORT }}
+ script: |
+ cd /home/${{ secrets.SERVER_USERNAME }}/agh
+ docker-compose pull web dns
+ docker-compose up -d web dns
diff --git a/.gitignore b/.gitignore
new file mode 100644
index 0000000..bcf31b4
--- /dev/null
+++ b/.gitignore
@@ -0,0 +1,4 @@
+.DS_Store
+.vscode
+.git
+.env
diff --git a/Dockerfile b/Dockerfile
new file mode 100644
index 0000000..47062c3
--- /dev/null
+++ b/Dockerfile
@@ -0,0 +1,116 @@
+FROM --platform=linux/amd64 docker.io/library/alpine:latest
+RUN NB_CORES="${BUILD_CORES-$(getconf _NPROCESSORS_CONF)}" \
+&& apk -U upgrade && apk add --no-cache \
+ openssl \
+ pcre \
+ zlib \
+ libgcc \
+ libstdc++ \
+ g++ \
+ make \
+ build-base \
+ linux-headers \
+ ca-certificates \
+ automake \
+ autoconf \
+ git \
+ talloc \
+ talloc-dev \
+ libtool \
+ pcre-dev \
+ zlib-dev \
+ binutils \
+ gnupg \
+ cmake \
+ go \
+ mercurial \
+ libxslt \
+ libxslt-dev \
+ tini \
+&& cd /tmp && git clone --recursive --depth 1 https://github.com/webserver-llc/angie.git \
+&& sed -i -e 's@"angie/"@" "@g' /tmp/angie/src/core/angie.h \
+&& sed -i -e 's@r->headers_out.server == NULL@0@g' /tmp/angie/src/http/ngx_http_header_filter_module.c \
+&& sed -i -e 's@r->headers_out.server == NULL@0@g' /tmp/angie/src/http/v2/ngx_http_v2_filter_module.c \
+&& sed -i -e 's@r->headers_out.server == NULL@0@g' /tmp/angie/src/http/v3/ngx_http_v3_filter_module.c \
+&& sed -i -e 's@
angie@@g' /tmp/angie/src/http/ngx_http_special_response.c \
+&& sed -i -e 's@NGINX_VERSION ".*"@NGINX_VERSION " "@g' /tmp/angie/src/core/nginx.h \
+&& sed -i -e 's@ANGIE_VERSION ".*"@ANGIE_VERSION " "@g' /tmp/angie/src/core/angie.h \
+&& sed -i -e 's/listen 80;/listen 8080;/g' /tmp/angie/conf/angie.conf \
+&& sed -i -e '1i pid /tmp/angie.pid;\n' /tmp/angie/conf/angie.conf \
+&& sed -i -e 's/SSL_OP_CIPHER_SERVER_PREFERENCE);/SSL_OP_CIPHER_SERVER_PREFERENCE | SSL_OP_PRIORITIZE_CHACHA);/g' /tmp/angie/src/event/ngx_event_openssl.c \
+&& addgroup -S angie && adduser -S angie -s /sbin/nologin -G angie --no-create-home \
+&& cd /tmp && git clone --recursive --depth 1 https://github.com/quictls/openssl && hg clone http://hg.nginx.org/njs \
+&& cd /tmp/njs && ./configure && make -j "${NB_CORES}" && make clean \
+&& mkdir /var/cache/angie && cd /tmp/angie && ./auto/configure \
+ --prefix=/etc/angie \
+ --sbin-path=/usr/sbin/angie \
+ --user=angie \
+ --group=angie \
+ --http-log-path=/tmp/access.log \
+ --error-log-path=/tmp/error.log \
+ --conf-path=/etc/angie/angie.conf \
+ --pid-path=/tmp/angie.pid \
+ --lock-path=/tmp/angie.lock \
+ --http-client-body-temp-path=/var/cache/angie/client_temp \
+ --http-proxy-temp-path=/var/cache/angie/proxy_temp \
+ --http-fastcgi-temp-path=/var/cache/angie/fastcgi_temp \
+ --with-openssl="/tmp/openssl" \
+ --with-openssl-opt=enable-ktls \
+ --with-openssl-opt=enable-ec_nistp_64_gcc_128 \
+ --with-cc-opt="-O2 -g -m64 -march=westmere -falign-functions=32 -flto -funsafe-math-optimizations -fstack-protector-strong --param=ssp-buffer-size=4 -Wimplicit-fallthrough=0 -Wno-error=strict-aliasing -Wformat -Wno-error=pointer-sign -Wno-implicit-function-declaration -Wno-int-conversion -Wno-error=unused-result -Wno-unused-result -fcode-hoisting -Werror=format-security -Wno-deprecated-declarations -Wp,-D_FORTIFY_SOURCE=2 -DTCP_FASTOPEN=23 -fPIC" \
+ --with-ld-opt="-lrt -ltalloc -Wl,-Bsymbolic-functions -lpcre -Wl,-z,relro -Wl,-z,now -Wl,--as-needed -pie" \
+ --with-compat \
+ --with-file-aio \
+ --with-pcre-jit \
+ --with-threads \
+ --with-http_realip_module \
+ --with-http_stub_status_module \
+ --with-http_ssl_module \
+ --with-http_v2_module \
+ --with-http_v3_module \
+ --with-stream \
+ --with-stream_realip_module \
+ --with-stream_ssl_module \
+ --with-stream_ssl_preread_module \
+ --without-stream_split_clients_module \
+ --without-stream_set_module \
+ --without-stream_map_module \
+ --without-http_geo_module \
+ --without-http_scgi_module \
+ --without-http_uwsgi_module \
+ --without-http_autoindex_module \
+ --without-http_split_clients_module \
+ --without-http_memcached_module \
+ --without-http_ssi_module \
+ --without-http_empty_gif_module \
+ --without-http_browser_module \
+ --without-http_userid_module \
+ --without-http_mirror_module \
+ --without-http_referer_module \
+ --without-mail_pop3_module \
+ --without-mail_imap_module \
+ --without-mail_smtp_module \
+ --add-module=/tmp/njs/nginx \
+&& make -j "${NB_CORES}" && make install && make clean && strip /usr/sbin/angie* \
+&& chown -R angie:angie /var/cache/angie && chmod -R g+w /var/cache/angie \
+&& chown -R angie:angie /etc/angie && chmod -R g+w /etc/angie \
+&& update-ca-certificates && apk --purge del libgcc libstdc++ g++ make build-base linux-headers automake autoconf git talloc talloc-dev libtool zlib-dev binutils gnupg cmake mercurial go pcre-dev ca-certificates openssl libxslt-dev apk-tools \
+&& rm -rf /tmp/* /var/cache/apk/ /var/cache/misc /root/.gnupg /root/.cache /root/go /etc/apk \
+&& ln -sf /dev/stdout /tmp/access.log && ln -sf /dev/stderr /tmp/error.log
+
+HEALTHCHECK --interval=3s --timeout=1s \
+CMD ["/usr/bin/nc", "-vz", "-w1", "127.0.0.1", "8080"]
+
+ENTRYPOINT [ "/sbin/tini", "--" ]
+
+EXPOSE 8080/tcp 8443/tcp 8443/udp
+LABEL description="Angie built with QUIC and HTTP/3 support🚀" \
+ maintainer="ammnt " \
+ org.opencontainers.image.description="Angie built with QUIC and HTTP/3 support🚀" \
+ org.opencontainers.image.authors="ammnt, admin@msftcnsi.com" \
+ org.opencontainers.image.title="Angie built with QUIC and HTTP/3 support🚀" \
+ org.opencontainers.image.source="https://github.com/ammnt/angie/"
+
+STOPSIGNAL SIGQUIT
+USER angie
+CMD ["/usr/sbin/angie", "-g", "daemon off;"]
diff --git a/README.md b/README.md
new file mode 100644
index 0000000..eeed293
--- /dev/null
+++ b/README.md
@@ -0,0 +1,32 @@
+# Angie with HTTP/3 and QUIC support🚀
+
+The Docker image is ready to use:
+docker pull ghcr.io/ammnt/angie:http3
+or
+docker pull ammnt/angie:http3
+
+# Description:
+
+- Based on latest version of Alpine Linux - low size (~8 MB);
+- QuicTLS with kTLS module:
+https://github.com/quictls/openssl
+- HTTP/3 + QUIC native support;
+- HTTP/2 with ALPN support;
+- TLS 1.3 and 0-RTT support;
+- TLS 1.2 and TCP Fast Open (TFO) support;
+- Built using hardening GCC flags;
+- NJS support;
+- PCRE with JIT compilation;
+- zlib library latest version;
+- Rootless master process - unprivileged container;
+- Async I/O threads module;
+- Healthcheck added;
+- Removed unnecessary modules;
+- Added OCI labels and annotations;
+- No excess ENTRYPOINT in the image;
+- Prioritize ChaCha cipher patch and anonymous signature - removed "Server" header ("banner"):
+https://github.com/ammnt/angie/blob/http3/Dockerfile
+
+# Note:
+
+Feel free to contact me with more security improvements🙋