[ADD]Nginx generic image
This commit is contained in:
parent
1a1115e4f0
commit
6595400177
20
nginx/Dockerfile
Normal file
20
nginx/Dockerfile
Normal file
@ -0,0 +1,20 @@
|
||||
FROM nginx:stable
|
||||
MAINTAINER Yaltik - Fabien Bourgeois <fabien@yaltik.com>
|
||||
|
||||
# Default variables
|
||||
ENV NGINX_HOST localhost
|
||||
|
||||
# Create sensible CERTS
|
||||
RUN mkdir /etc/nginx/certs
|
||||
COPY req.pem cert.key dhparams.pem /etc/nginx/certs/
|
||||
#
|
||||
# Clean, copy templates and usefull files
|
||||
RUN rm /etc/nginx/conf.d/*
|
||||
COPY launch.sh /launch.sh
|
||||
RUN mkdir /etc/nginx/templates
|
||||
COPY root.conf /etc/nginx/templates/
|
||||
|
||||
# Dot not daemonize nginx
|
||||
RUN echo 'daemon off;' >> /etc/nginx/nginx.conf
|
||||
|
||||
CMD bash /launch.sh
|
5
nginx/base.yml
Normal file
5
nginx/base.yml
Normal file
@ -0,0 +1,5 @@
|
||||
version: '2'
|
||||
services:
|
||||
nginx:
|
||||
build: .
|
||||
image: nginx:yaltik
|
28
nginx/cert.key
Normal file
28
nginx/cert.key
Normal file
@ -0,0 +1,28 @@
|
||||
-----BEGIN PRIVATE KEY-----
|
||||
MIIEvAIBADANBgkqhkiG9w0BAQEFAASCBKYwggSiAgEAAoIBAQC4fwByixmey2hZ
|
||||
H7Nk/gwWSjSQmzjXHAknZRNRcOtyO936F93ikJXsF3XCW0bo1MpguBgvzC7A8zKZ
|
||||
sv4WiD4GdWkpzvv2ujNeTuqqmifkruNW4FoKSDYvX6qozcDXeIL4xy1wvTs6RW+z
|
||||
dyEdUabQsd/JyDj2Vst6UW5hDSXABwxtNf6btAQo/h2r79lzwJEgOtm3ahQbXThw
|
||||
GGkmKTT9xOHPsSfil+ldOidNdBgUNdrtH9jcyUJl26H9ttDufXHesl+zfrWdDf+I
|
||||
OMbtn7eCv9bTyK5iWsSUGS9tPMOYeq7NZm+4fhOVeQz9yKjW7dk8V5ucbPA5LHvg
|
||||
v+2KvyyPAgMBAAECggEADWt3fd1uVKWZBnqO0vbDrE9jeW1A+iyY4duxRwg+qAWA
|
||||
xPM9eYBo105xi1yWUNNBkT1yzO8+K1zFPnbNkpgAYvnhV2At5alvmRmGajhiVHkA
|
||||
Ik6ZXgwYnOOJh1PIBiRG6o+aV4v8JeXtFRHCP96zkpSNoaDFu+1eSZxoufh52XjK
|
||||
Kcf7dYeyxxcPYzP5C4xyDop/edUFBgtjlPnnwdvcxi6E1l53z2csQY5Qb4uUXweg
|
||||
eHC3Z0E34NGzy8wXcEJjQKAJhPIOwQdcyzK5GJCdTfmkgQEj/nQKp21hkk4AKoI+
|
||||
dgvXGqjAKBE8VBm8XDCGf8edXnw1DQLbLBL97nu7aQKBgQDaYjNHkbb5sJpPKxw2
|
||||
hYVZRiVo366S4k+l/P+cvHtd+7EsWVhCfoyQ5zyHRECHkeYuVYFEzCWDLi7YmFWc
|
||||
CpeB8C0VKcMGK6lo/ngrJvoi8VfXjfibk1uY4yLZp+D7pzBhnDDOVrGRR7CRHJAH
|
||||
aZHwRKxLk+Z66gD3WKJgOGzsuwKBgQDYRoFVKlzUZza5fczNitrzYcKhbP+2+cTu
|
||||
vqFTHIdol+QuWkxR7jjL1BnEBjF5fdqhJmeKqymDSI9g3TI0R9kTKO74UgM7tZbB
|
||||
eFMzXN5MF3NbOvvlE2lxNftGlwlExgmlMfH1BhUtrazAjBlnl/OHbWEItgHWf8aZ
|
||||
zTjHZvYMPQKBgGDbixjkFP57iIUyfqnj4Hfu96qjAt+cxmy9YHWY1zKg7jzYR5/+
|
||||
VsPx+1OXPvOiDzBfthzYWo7rDdX9AoNZ40a7SpOHWTtEZDfwHUYuXGThG++7xRbj
|
||||
bY3Kt+tHXS7gQUIZrz/lDY58+F/0BiFzfknNe4ltyJydat5JjoMUo6L/AoGACJfk
|
||||
k6m3PolLV1t0Q8Z8pKcBwMA/+Nk7xfC1IERF7RX77wuPdMHuZ8rpqyxD0vv5L+YC
|
||||
vzPF1n2PlN21HPat3WEG/b7kef7hGpbZV3UdMBDOeJWDZLq8uc7XSRq/N4hW4cV2
|
||||
Q7IWLVZ1QsFOURtshbkG3f29XPR+w6Wv19xzclECgYB1CKwwCN5bxRC4m1JwRbao
|
||||
YZEI8GEjO+RnnLpPWJIUdo/LSEn4VWeF4hJfaMj2muUvSPynxjHT2P7/Q43f9LfK
|
||||
M+3WwhoU5MpEg9GjWkL9APiBOcQXvLVsliADr3jQeypURkmMJ0iA92A16+fHiSb/
|
||||
Jo1GfTjPWydHMAu/FTA1mg==
|
||||
-----END PRIVATE KEY-----
|
8
nginx/dhparams.pem
Normal file
8
nginx/dhparams.pem
Normal file
@ -0,0 +1,8 @@
|
||||
-----BEGIN DH PARAMETERS-----
|
||||
MIIBCAKCAQEA+z2OwgJGhfCKOrEnC2gE8mkMqhIyjtcMFlJtkVHUx3VOQBQQrxij
|
||||
8Dg5bYS3QrW4ba4HSX5RV1i1XiBw59XlgmhSkYNdA1TF8Q3lMo7clDseRB+aLaUc
|
||||
wnMU+X1GImDbKetYkLd53NPN+80g7Tgc0ODwC0prtsiihy9b4lHPXAA3RWpfMg5j
|
||||
XmBj0E5cgmLblBPkepjnpSFf30YmKp1qU537e8Tf7vi6Dtw8ItomGAvjW00YtOLn
|
||||
uODrP+59ZGT3wKLBLzzlAy+fh+0X//pfHmJEXcqiJ0evfR2j4QSDjhGWDFiUKgy+
|
||||
bP+NyThAlQkQWfttdEQopZ1Bli7Mkb4WqwIBAg==
|
||||
-----END DH PARAMETERS-----
|
13
nginx/launch.sh
Normal file
13
nginx/launch.sh
Normal file
@ -0,0 +1,13 @@
|
||||
#!/bin/bash
|
||||
|
||||
# Needed for envsubst to replace $ in final rendering
|
||||
export DOLLSIGN=$
|
||||
|
||||
# Bash templating
|
||||
cd /etc/nginx/templates
|
||||
for tpl in * ; do
|
||||
envsubst < $tpl > /etc/nginx/conf.d/$tpl
|
||||
done
|
||||
|
||||
# Nginx launch
|
||||
nginx
|
21
nginx/req.pem
Normal file
21
nginx/req.pem
Normal file
@ -0,0 +1,21 @@
|
||||
-----BEGIN CERTIFICATE-----
|
||||
MIIDXTCCAkWgAwIBAgIJAMNHxQKHnSwQMA0GCSqGSIb3DQEBCwUAMEUxCzAJBgNV
|
||||
BAYTAkZSMRMwEQYDVQQIDApTb21lLVN0YXRlMSEwHwYDVQQKDBhJbnRlcm5ldCBX
|
||||
aWRnaXRzIFB0eSBMdGQwHhcNMTYwNDI3MTQwODE0WhcNMTYwNTI3MTQwODE0WjBF
|
||||
MQswCQYDVQQGEwJGUjETMBEGA1UECAwKU29tZS1TdGF0ZTEhMB8GA1UECgwYSW50
|
||||
ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB
|
||||
CgKCAQEAuH8AcosZnstoWR+zZP4MFko0kJs41xwJJ2UTUXDrcjvd+hfd4pCV7Bd1
|
||||
wltG6NTKYLgYL8wuwPMymbL+Fog+BnVpKc779rozXk7qqpon5K7jVuBaCkg2L1+q
|
||||
qM3A13iC+MctcL07OkVvs3chHVGm0LHfycg49lbLelFuYQ0lwAcMbTX+m7QEKP4d
|
||||
q+/Zc8CRIDrZt2oUG104cBhpJik0/cThz7En4pfpXTonTXQYFDXa7R/Y3MlCZduh
|
||||
/bbQ7n1x3rJfs361nQ3/iDjG7Z+3gr/W08iuYlrElBkvbTzDmHquzWZvuH4TlXkM
|
||||
/cio1u3ZPFebnGzwOSx74L/tir8sjwIDAQABo1AwTjAdBgNVHQ4EFgQU4KdwYLF+
|
||||
B/wmvb/gsNeNOkkFVJgwHwYDVR0jBBgwFoAU4KdwYLF+B/wmvb/gsNeNOkkFVJgw
|
||||
DAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAQEALdMzA41GXUIDcILY8W7l
|
||||
0gkUBPjXVRdzJKZe+wK5cAyGOH3mMwXFn20JgVKsjcVlNQL9vA3AP35YnupFETfB
|
||||
/7IMQjrQD6+TwcW3nB5DiEbAJwagxOoCKggmVp28erClxHAq7XK+L++elXV5RinS
|
||||
LmaIp7BysreOrFBKKDoMvN0q/CgLYHP1mQh4Xn9/bL21W3uzLP4mD7ugQMcdb4ww
|
||||
/8HSI5zUfCm4CvH/FQZyoMQsvpXOUCSm8XOQYd4YyIo4pH+7cCIFEtq+pIkPmAme
|
||||
nd/ASxhxng0pnK3/eptEVhlCPA1R/bo5jsew9vKBl4VSVzks4LJdtxFyYc9Jqwsl
|
||||
OQ==
|
||||
-----END CERTIFICATE-----
|
17
nginx/root.conf
Normal file
17
nginx/root.conf
Normal file
@ -0,0 +1,17 @@
|
||||
server {
|
||||
listen 80 default_server;
|
||||
listen 443 ssl default_server;
|
||||
server_name ${NGINX_HOST};
|
||||
ssl_certificate /etc/nginx/certs/req.pem;
|
||||
ssl_certificate_key /etc/nginx/certs/cert.key;
|
||||
ssl_protocols TLSv1 TLSv1.1 TLSv1.2; # don’t use SSLv3 ref: POODLE
|
||||
ssl_ciphers 'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA'; # Logjam
|
||||
ssl_prefer_server_ciphers on; # Logjam
|
||||
ssl_dhparam /etc/nginx/certs/dhparams.pem; # Logjam
|
||||
client_max_body_size 200M;
|
||||
|
||||
location / {
|
||||
root /var/www/html;
|
||||
index index.html index.htm index.php;
|
||||
}
|
||||
}
|
Loading…
Reference in New Issue
Block a user