Yaltik/docker_images
2
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

[IMP]Nginx base image : make certificat paths configurable

Browse Source
This commit is contained in:
Fabien BOURGEOIS 2021-03-29 10:59:57 +02:00
parent 578dd155fb
commit 09c383b97c
2 changed files with 4 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
nginx/Dockerfile
View File

@ -5,6 +5,8 @@ MAINTAINER Yaltik - Fabien Bourgeois <fabien@yaltik.com>
ENV NGINX_HOST localhost 127.0.0.1 ENV NGINX_HOST localhost 127.0.0.1
ENV NGINX_PORT 8080 ENV NGINX_PORT 8080
ENV NGINX_SSL_PORT 8443 ENV NGINX_SSL_PORT 8443
ENV CERTIFICATE_PATH /etc/nginx/certs/req.pem;
ENV CERTIFICATE_KEY_PATH /etc/nginx/certs/cert.key;
# Create sensible CERTS # Create sensible CERTS
RUN mkdir /etc/nginx/certs RUN mkdir /etc/nginx/certs

4
nginx/root.conf
View File

@ -2,8 +2,8 @@ server {
listen ${NGINX_PORT} default_server; listen ${NGINX_PORT} default_server;
listen ${NGINX_SSL_PORT} ssl default_server; listen ${NGINX_SSL_PORT} ssl default_server;
server_name ${NGINX_HOST}; server_name ${NGINX_HOST};
ssl_certificate /etc/nginx/certs/req.pem; ssl_certificate ${CERTIFICATE_PATH};
ssl_certificate_key /etc/nginx/certs/cert.key; ssl_certificate_key ${CERTIFICATE_KEY_PATH};
ssl_protocols TLSv1.2 TLSv1.3; # dont use SSLv3 ref: POODLE, nor TLSv1 / TLSv1.1 ssl_protocols TLSv1.2 TLSv1.3; # dont use SSLv3 ref: POODLE, nor TLSv1 / TLSv1.1
ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384; ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384;