webkaos
is a web-server based on the latest version of Nginx.
- Improved default SSL/TLS preferencies (A+ on SSL Labs, Immuni Web, Mozilla Observatory, CryptCheck and Security Headers)
- Dynamic TLS Records support
- The latest version of BoringSSL with some state-of-the-art crypto features
- TLS 1.3 support (RFC 8446)
- TCP Fast Open support
- Lua and Headers More modules from the box
- Brotli and NAXSI as dynamic modules
- Improved SysV script
- Well-looking error pages
- Improved design of index pages
- Performance tuning for highload
sudo yum install -y https://pkgs.kaos.st/kaos-repo-latest.el$(grep 'CPE_NAME' /etc/os-release | tr -d '"' | cut -d':' -f5).noarch.rpm
sudo yum install webkaos
# install optional modules
sudo yum install webkaos-module-brotli webkaos-module-naxsi
Official webkaos images available on GitHub Container Registry and Docker Hub. All Docker images support templating using environment variables.
Official images:
ghcr.io/essentialkaos/webkaos:centos7
ghcr.io/essentialkaos/webkaos:centos7-unprivileged
ghcr.io/essentialkaos/webkaos:ol7
ghcr.io/essentialkaos/webkaos:ol7-unprivileged
ghcr.io/essentialkaos/webkaos:ol8
ghcr.io/essentialkaos/webkaos:ol8-unprivileged
ghcr.io/essentialkaos/webkaos:ol9
ghcr.io/essentialkaos/webkaos:ol9-unprivileged
essentialkaos/webkaos:centos7
essentialkaos/webkaos:centos7-unprivileged
essentialkaos/webkaos:ol7
essentialkaos/webkaos:ol7-unprivileged
essentialkaos/webkaos:ol8
essentialkaos/webkaos:ol8-unprivileged
essentialkaos/webkaos:ol9
essentialkaos/webkaos:ol9-unprivileged
Usage examples:
# Image on CentOS 7
docker run --name my-webkaos -v /some/content:/usr/share/webkaos/html:ro -p 8080:80 -d essentialkaos/webkaos:centos7
# Image on OracleLinux 8
docker run --name my-webkaos -v /some/content:/usr/share/webkaos/html:ro -p 8080:80 -d essentialkaos/webkaos:ol8
# Unprivileged image on CentOS 7
docker run --name my-webkaos -v /some/content:/usr/share/webkaos/html:ro -p 8080:8080 -d essentialkaos/webkaos:centos7-unprivileged
# Unprivileged image on OracleLinux 8
docker run --name my-webkaos -v /some/content:/usr/share/webkaos/html:ro -p 8080:8080 -d essentialkaos/webkaos:ol8-unprivileged
Useful environment variables:
WEBKAOS_ENABLE_ENTRYPOINT_LOGS
- Enable logging for actions made by entrypoint script;WEBKAOS_DISABLE_PROC_TUNE
- Disable automaticworker_processes
tuning;WEBKAOS_DISABLE_BUCKET_TUNE
- Disable automaticserver_names_hash_bucket_size
tuning;WEBKAOS_DISABLE_TEMPLATES
- Disable automatic templates rendering.
Using rpmbuilder
... install and configure rpmbuilder there
git clone https://github.com/essentialkaos/webkaos.git
cd webkaos/
rpmbuilder webkaos.spec -dl SOURCES/
rpmbuilder webkaos.spec -3 -V -di
Q: Why is it named webkaos?
A: The very first version of this webserver was named nginx-kaos
. But it uses a lot of different, awesome projects and libraries, not only nginx. So, we decided to choose something neutral.
Q: Is it safe to use webkaos in production?
A: Yes. But we can't guarantee that there are no bugs in nginx, its modules, or used dependencies.
Q: Can I use Docker images with Kubernetes/Nomad/Rancher?
A: Yes.
Q: Can you provide packages for Ubuntu/Debian/FreeBSD?
A: Theoretically, yes. Practically, no. We use only RHEL-based distros in our infrastructure, and we can't provide the same quality of packages for other distros.
Q: Can you provide Alpine-based Docker images?
A: No. Using RPM packages simplify their support for us. There is a complex process of building and testing packages with different tools (rpmbuilder, rpmlint, perfecto, bibop, shellcheck) and we can't provide the same level of quality without them. Also, it is tough to write and maintain Dockerfiles with a large number of build actions and stages.