[IMP]Nginx image : ssl protocols and ciphers configurables
This commit is contained in:
parent
09c383b97c
commit
78bceb7d60
@ -5,8 +5,10 @@ MAINTAINER Yaltik - Fabien Bourgeois <fabien@yaltik.com>
|
||||
ENV NGINX_HOST localhost 127.0.0.1
|
||||
ENV NGINX_PORT 8080
|
||||
ENV NGINX_SSL_PORT 8443
|
||||
ENV CERTIFICATE_PATH /etc/nginx/certs/req.pem;
|
||||
ENV CERTIFICATE_KEY_PATH /etc/nginx/certs/cert.key;
|
||||
ENV CERTIFICATE_PATH /etc/nginx/certs/req.pem
|
||||
ENV CERTIFICATE_KEY_PATH /etc/nginx/certs/cert.key
|
||||
ENV SSL_PROTOCOLS TLSv1.2 TLSv1.3
|
||||
ENV SSL_CIPHERS ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384
|
||||
|
||||
# Create sensible CERTS
|
||||
RUN mkdir /etc/nginx/certs
|
||||
|
@ -5,8 +5,8 @@ server {
|
||||
ssl_certificate ${CERTIFICATE_PATH};
|
||||
ssl_certificate_key ${CERTIFICATE_KEY_PATH};
|
||||
|
||||
ssl_protocols TLSv1.2 TLSv1.3; # don’t use SSLv3 ref: POODLE, nor TLSv1 / TLSv1.1
|
||||
ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384;
|
||||
ssl_protocols ${SSL_PROTOCOLS};
|
||||
ssl_ciphers ${SSL_CIPHERS};
|
||||
ssl_prefer_server_ciphers off;
|
||||
|
||||
ssl_dhparam /etc/nginx/certs/dhparams.pem; # Logjam
|
||||
|
Loading…
Reference in New Issue
Block a user