From 09c383b97c3e237cd45362650bd4d4b486d36379 Mon Sep 17 00:00:00 2001
From: Fabien BOURGEOIS <fabien@yaltik.com>
Date: Mon, 29 Mar 2021 10:59:57 +0200
Subject: [PATCH] [IMP]Nginx base image : make certificat paths configurable

---
 nginx/Dockerfile | 2 ++
 nginx/root.conf  | 4 ++--
 2 files changed, 4 insertions(+), 2 deletions(-)

diff --git a/nginx/Dockerfile b/nginx/Dockerfile
index fa74821..be7f1e7 100644
--- a/nginx/Dockerfile
+++ b/nginx/Dockerfile
@@ -5,6 +5,8 @@ MAINTAINER Yaltik - Fabien Bourgeois <fabien@yaltik.com>
 ENV NGINX_HOST localhost 127.0.0.1
 ENV NGINX_PORT 8080
 ENV NGINX_SSL_PORT 8443
+ENV CERTIFICATE_PATH /etc/nginx/certs/req.pem;
+ENV CERTIFICATE_KEY_PATH /etc/nginx/certs/cert.key;
 
 # Create sensible CERTS
 RUN mkdir /etc/nginx/certs
diff --git a/nginx/root.conf b/nginx/root.conf
index f7c6379..79f6aa3 100644
--- a/nginx/root.conf
+++ b/nginx/root.conf
@@ -2,8 +2,8 @@ server {
     listen       ${NGINX_PORT} default_server;
     listen       ${NGINX_SSL_PORT} ssl default_server;
     server_name ${NGINX_HOST};
-    ssl_certificate /etc/nginx/certs/req.pem;
-    ssl_certificate_key /etc/nginx/certs/cert.key;
+    ssl_certificate ${CERTIFICATE_PATH};
+    ssl_certificate_key ${CERTIFICATE_KEY_PATH};
 
     ssl_protocols  TLSv1.2 TLSv1.3;  # don’t use SSLv3 ref: POODLE, nor TLSv1 / TLSv1.1
     ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384;