This repository ships a layered NGINX stack designed for production workloads:
nginx/base: runtime and template engine foundationnginx/core: hardened static-origin profile on top ofbasenginx/cdn: CDN-focused cache policy layer on top ofcore
docker.io/library/nginx:1.28.2-alpine-slim
-> ghcr.io/gecut/nginx/base
-> ghcr.io/gecut/nginx/core
-> ghcr.io/gecut/nginx/cdn
Each layer can override /etc/nginx/* from its parent. The effective config is rendered from templates at container startup.
| Layer | Primary role | Adds | Typical usage |
|---|---|---|---|
base |
Runtime foundation | Entrypoint orchestration, envsubst template rendering, worker auto-tune | Build your own NGINX profile |
core |
Secure origin profile | Static serving defaults, security locations, real IP handling, gzip, optional CORS/webp/force-domain/rate-limit | General static origin behind LB/CDN |
cdn |
Cache policy specialization | Cache-Control policy maps, ETag, CDN-oriented defaults | High-performance static CDN origin |
- Entrypoint (
/etc/nginx/entrypoint.sh) runs scripts in/etc/nginx/entrypoint.dsorted by filename. 20-envsubst-on-templates.shrenders all*.templatefiles from/etc/nginx/templatesto/etc/nginx/conf.d.- Later scripts can remove or generate files (feature toggles and runtime-generated includes).
- NGINX loads
/etc/nginx/conf.d/*.conffromnginx.conf.
Practical precedence:
base defaults < core defaults and templates < cdn overrides and templates < runtime env vars
nginx/base/etc/nginx/entrypoint.shnginx/base/etc/nginx/entrypoint.d/20-envsubst-on-templates.shnginx/base/etc/nginx/templates/*nginx/core/etc/nginx/templates/http.d/*nginx/core/etc/nginx/templates/location.d/*nginx/cdn/nginx/core/etc/nginx/templates/http.d/*