Cache Windows Update for all clients via Nginx
What can I do with this? This image will run Nginx as a cache proxy for all Windows Update of all your clients. This means an update is downloaded only once from the web and then stored in the cache. Any further request for this update will be served from the local cache, preserving WAN bandwidth.
- /nginx/www - Directory of all updates
docker run --name windows-update-cache \
-p 80:80/tcp \
-p 443:443/tcp \
-v .../www:/nginx/www \
-d 11notes/windows-update-cache:[tag]version: "3.8"
services:
traefik:
image: "11notes/windows-update-cache:1.0.0"
container_name: "windows-update-cache"
ports:
- "80:80"
- "443:443"
volumes:
- "www:/nginx/www"
sysctls:
- net.ipv4.ip_unprivileged_port_start=80
volumes:
www:| Parameter | Value | Description |
|---|---|---|
user |
docker | user docker |
uid |
1000 | user id 1000 |
gid |
1000 | group id 1000 |
home |
/nginx | home directory of user docker |
| Parameter | Value | Default |
|---|---|---|
TZ |
Time Zone | |
DEBUG |
Show debug information | |
CACHE_SIZE |
size of cache | 256g |
CACHE_MAX_AGE |
how long data should be cached | 14d |
CACHE_ACCESS_DENIED |
domain.com:443, FQDN:port to inform about access denied | 127.0.0.1:8443 |
- Only use rootless container runtime (podman, rootless docker)
- Allow non-root ports < 1024 via
echo "net.ipv4.ip_unprivileged_port_start=53" > /etc/sysctl.d/ports.conf - Use a reverse proxy like Traefik, Nginx to terminate TLS with a valid certificate
- Use Let’s Encrypt certificates to protect your SSL endpoints
This image is provided to you at your own risk. Always make backups before updating an image to a new version. Check the changelog for breaking changes.