[ADD]Nginx generic image

2016-10-04 09:32:47 +02:00 · 2016-10-04 09:32:47 +02:00 · 6595400177
parent 1a1115e4f0
commit 6595400177
7 changed files with 112 additions and 0 deletions
--- a/nginx/Dockerfile
+++ b/nginx/Dockerfile
@ -0,0 +1,20 @@
+FROM nginx:stable
+MAINTAINER Yaltik - Fabien Bourgeois <fabien@yaltik.com>
+
+# Default variables
+ENV NGINX_HOST localhost
+
+# Create sensible CERTS
+RUN mkdir /etc/nginx/certs
+COPY req.pem cert.key dhparams.pem /etc/nginx/certs/
+#
+# Clean, copy templates and usefull files
+RUN rm /etc/nginx/conf.d/*
+COPY launch.sh /launch.sh
+RUN mkdir /etc/nginx/templates
+COPY root.conf /etc/nginx/templates/
+
+# Dot not daemonize nginx
+RUN echo 'daemon off;' >> /etc/nginx/nginx.conf
+
+CMD bash /launch.sh
--- a/nginx/base.yml
+++ b/nginx/base.yml
@ -0,0 +1,5 @@
+version: '2'
+services:
+  nginx:
+    build: .
+    image: nginx:yaltik
--- a/nginx/cert.key
+++ b/nginx/cert.key
@ -0,0 +1,28 @@
+-----BEGIN PRIVATE KEY-----
+MIIEvAIBADANBgkqhkiG9w0BAQEFAASCBKYwggSiAgEAAoIBAQC4fwByixmey2hZ
+H7Nk/gwWSjSQmzjXHAknZRNRcOtyO936F93ikJXsF3XCW0bo1MpguBgvzC7A8zKZ
+sv4WiD4GdWkpzvv2ujNeTuqqmifkruNW4FoKSDYvX6qozcDXeIL4xy1wvTs6RW+z
+dyEdUabQsd/JyDj2Vst6UW5hDSXABwxtNf6btAQo/h2r79lzwJEgOtm3ahQbXThw
+GGkmKTT9xOHPsSfil+ldOidNdBgUNdrtH9jcyUJl26H9ttDufXHesl+zfrWdDf+I
+OMbtn7eCv9bTyK5iWsSUGS9tPMOYeq7NZm+4fhOVeQz9yKjW7dk8V5ucbPA5LHvg
+v+2KvyyPAgMBAAECggEADWt3fd1uVKWZBnqO0vbDrE9jeW1A+iyY4duxRwg+qAWA
+xPM9eYBo105xi1yWUNNBkT1yzO8+K1zFPnbNkpgAYvnhV2At5alvmRmGajhiVHkA
+Ik6ZXgwYnOOJh1PIBiRG6o+aV4v8JeXtFRHCP96zkpSNoaDFu+1eSZxoufh52XjK
+Kcf7dYeyxxcPYzP5C4xyDop/edUFBgtjlPnnwdvcxi6E1l53z2csQY5Qb4uUXweg
+eHC3Z0E34NGzy8wXcEJjQKAJhPIOwQdcyzK5GJCdTfmkgQEj/nQKp21hkk4AKoI+
+dgvXGqjAKBE8VBm8XDCGf8edXnw1DQLbLBL97nu7aQKBgQDaYjNHkbb5sJpPKxw2
+hYVZRiVo366S4k+l/P+cvHtd+7EsWVhCfoyQ5zyHRECHkeYuVYFEzCWDLi7YmFWc
+CpeB8C0VKcMGK6lo/ngrJvoi8VfXjfibk1uY4yLZp+D7pzBhnDDOVrGRR7CRHJAH
+aZHwRKxLk+Z66gD3WKJgOGzsuwKBgQDYRoFVKlzUZza5fczNitrzYcKhbP+2+cTu
+vqFTHIdol+QuWkxR7jjL1BnEBjF5fdqhJmeKqymDSI9g3TI0R9kTKO74UgM7tZbB
+eFMzXN5MF3NbOvvlE2lxNftGlwlExgmlMfH1BhUtrazAjBlnl/OHbWEItgHWf8aZ
+zTjHZvYMPQKBgGDbixjkFP57iIUyfqnj4Hfu96qjAt+cxmy9YHWY1zKg7jzYR5/+
+VsPx+1OXPvOiDzBfthzYWo7rDdX9AoNZ40a7SpOHWTtEZDfwHUYuXGThG++7xRbj
+bY3Kt+tHXS7gQUIZrz/lDY58+F/0BiFzfknNe4ltyJydat5JjoMUo6L/AoGACJfk
+k6m3PolLV1t0Q8Z8pKcBwMA/+Nk7xfC1IERF7RX77wuPdMHuZ8rpqyxD0vv5L+YC
+vzPF1n2PlN21HPat3WEG/b7kef7hGpbZV3UdMBDOeJWDZLq8uc7XSRq/N4hW4cV2
+Q7IWLVZ1QsFOURtshbkG3f29XPR+w6Wv19xzclECgYB1CKwwCN5bxRC4m1JwRbao
+YZEI8GEjO+RnnLpPWJIUdo/LSEn4VWeF4hJfaMj2muUvSPynxjHT2P7/Q43f9LfK
+M+3WwhoU5MpEg9GjWkL9APiBOcQXvLVsliADr3jQeypURkmMJ0iA92A16+fHiSb/
+Jo1GfTjPWydHMAu/FTA1mg==
+-----END PRIVATE KEY-----
--- a/nginx/dhparams.pem
+++ b/nginx/dhparams.pem
@ -0,0 +1,8 @@
+-----BEGIN DH PARAMETERS-----
+MIIBCAKCAQEA+z2OwgJGhfCKOrEnC2gE8mkMqhIyjtcMFlJtkVHUx3VOQBQQrxij
+8Dg5bYS3QrW4ba4HSX5RV1i1XiBw59XlgmhSkYNdA1TF8Q3lMo7clDseRB+aLaUc
+wnMU+X1GImDbKetYkLd53NPN+80g7Tgc0ODwC0prtsiihy9b4lHPXAA3RWpfMg5j
+XmBj0E5cgmLblBPkepjnpSFf30YmKp1qU537e8Tf7vi6Dtw8ItomGAvjW00YtOLn
+uODrP+59ZGT3wKLBLzzlAy+fh+0X//pfHmJEXcqiJ0evfR2j4QSDjhGWDFiUKgy+
+bP+NyThAlQkQWfttdEQopZ1Bli7Mkb4WqwIBAg==
+-----END DH PARAMETERS-----
--- a/nginx/launch.sh
+++ b/nginx/launch.sh
@ -0,0 +1,13 @@
+#!/bin/bash
+
+# Needed for envsubst to replace $ in final rendering
+export DOLLSIGN=$
+
+# Bash templating
+cd /etc/nginx/templates
+for tpl in * ; do
+  envsubst < $tpl > /etc/nginx/conf.d/$tpl
+done
+
+# Nginx launch
+nginx
--- a/nginx/req.pem
+++ b/nginx/req.pem
@ -0,0 +1,21 @@
+-----BEGIN CERTIFICATE-----
+MIIDXTCCAkWgAwIBAgIJAMNHxQKHnSwQMA0GCSqGSIb3DQEBCwUAMEUxCzAJBgNV
+BAYTAkZSMRMwEQYDVQQIDApTb21lLVN0YXRlMSEwHwYDVQQKDBhJbnRlcm5ldCBX
+aWRnaXRzIFB0eSBMdGQwHhcNMTYwNDI3MTQwODE0WhcNMTYwNTI3MTQwODE0WjBF
+MQswCQYDVQQGEwJGUjETMBEGA1UECAwKU29tZS1TdGF0ZTEhMB8GA1UECgwYSW50
+ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB
+CgKCAQEAuH8AcosZnstoWR+zZP4MFko0kJs41xwJJ2UTUXDrcjvd+hfd4pCV7Bd1
+wltG6NTKYLgYL8wuwPMymbL+Fog+BnVpKc779rozXk7qqpon5K7jVuBaCkg2L1+q
+qM3A13iC+MctcL07OkVvs3chHVGm0LHfycg49lbLelFuYQ0lwAcMbTX+m7QEKP4d
+q+/Zc8CRIDrZt2oUG104cBhpJik0/cThz7En4pfpXTonTXQYFDXa7R/Y3MlCZduh
+/bbQ7n1x3rJfs361nQ3/iDjG7Z+3gr/W08iuYlrElBkvbTzDmHquzWZvuH4TlXkM
+/cio1u3ZPFebnGzwOSx74L/tir8sjwIDAQABo1AwTjAdBgNVHQ4EFgQU4KdwYLF+
+B/wmvb/gsNeNOkkFVJgwHwYDVR0jBBgwFoAU4KdwYLF+B/wmvb/gsNeNOkkFVJgw
+DAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAQEALdMzA41GXUIDcILY8W7l
+0gkUBPjXVRdzJKZe+wK5cAyGOH3mMwXFn20JgVKsjcVlNQL9vA3AP35YnupFETfB
+/7IMQjrQD6+TwcW3nB5DiEbAJwagxOoCKggmVp28erClxHAq7XK+L++elXV5RinS
+LmaIp7BysreOrFBKKDoMvN0q/CgLYHP1mQh4Xn9/bL21W3uzLP4mD7ugQMcdb4ww
+/8HSI5zUfCm4CvH/FQZyoMQsvpXOUCSm8XOQYd4YyIo4pH+7cCIFEtq+pIkPmAme
+nd/ASxhxng0pnK3/eptEVhlCPA1R/bo5jsew9vKBl4VSVzks4LJdtxFyYc9Jqwsl
+OQ==
+-----END CERTIFICATE-----
--- a/nginx/root.conf
+++ b/nginx/root.conf
@ -0,0 +1,17 @@
+server {
+    listen       80 default_server;
+    listen       443 ssl default_server;
+    server_name ${NGINX_HOST};
+    ssl_certificate /etc/nginx/certs/req.pem;
+    ssl_certificate_key /etc/nginx/certs/cert.key;
+    ssl_protocols  TLSv1 TLSv1.1 TLSv1.2;  # don’t use SSLv3 ref: POODLE
+    ssl_ciphers 'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA'; # Logjam
+    ssl_prefer_server_ciphers on; # Logjam
+    ssl_dhparam /etc/nginx/certs/dhparams.pem; # Logjam
+    client_max_body_size 200M;
+
+    location / {
+        root   /var/www/html;
+        index  index.html index.htm index.php;
+    }
+}