Yaltik
/
docker_images
2
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

[IMP]Nginx image : ssl protocols and ciphers configurables

This commit is contained in:
Fabien BOURGEOIS 2021-03-29 20:13:54 +02:00
parent 09c383b97c
commit 78bceb7d60
2 changed files with 6 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
nginx/Dockerfile
View File

@ -5,8 +5,10 @@ MAINTAINER Yaltik - Fabien Bourgeois <fabien@yaltik.com>
ENV NGINX_HOST localhost 127.0.0.1
ENV NGINX_PORT 8080
ENV NGINX_SSL_PORT 8443
ENV CERTIFICATE_PATH /etc/nginx/certs/req.pem;
ENV CERTIFICATE_KEY_PATH /etc/nginx/certs/cert.key;
ENV CERTIFICATE_PATH /etc/nginx/certs/req.pem
ENV CERTIFICATE_KEY_PATH /etc/nginx/certs/cert.key
ENV SSL_PROTOCOLS TLSv1.2 TLSv1.3
ENV SSL_CIPHERS ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384
# Create sensible CERTS
RUN mkdir /etc/nginx/certs

4
nginx/root.conf
View File

@ -5,8 +5,8 @@ server {
ssl_certificate ${CERTIFICATE_PATH};
ssl_certificate_key ${CERTIFICATE_KEY_PATH};
ssl_protocols TLSv1.2 TLSv1.3; # dont use SSLv3 ref: POODLE, nor TLSv1 / TLSv1.1
ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384;
ssl_protocols ${SSL_PROTOCOLS};
ssl_ciphers ${SSL_CIPHERS};
ssl_prefer_server_ciphers off;
ssl_dhparam /etc/nginx/certs/dhparams.pem; # Logjam