FROM nginx:stable MAINTAINER Yaltik - Fabien Bourgeois # Default variables ENV NGINX_HOST localhost 127.0.0.1 ENV NGINX_PORT 8080 ENV NGINX_SSL_PORT 8443 ENV NGINX_EXTERNAL_PORT 80 ENV NGINX_EXTERNAL_SSL_PORT 443 ENV CERTIFICATE_PATH /etc/nginx/certs/req.pem ENV CERTIFICATE_KEY_PATH /etc/nginx/certs/cert.key ENV SSL_PROTOCOLS TLSv1.2 TLSv1.3 ENV SSL_CIPHERS ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384 ENV CLIENT_BODY_BUFFER_SIZE 1K ENV CLIENT_HEADER_BUFFER_SIZE 1k ENV CLIENT_MAX_BODY_SIZE 1k ENV LARGE_CLIENT_HEADER_BUFFERS 4 8k # Create sensible CERTS RUN mkdir /etc/nginx/certs COPY req.pem cert.key dhparams.pem /etc/nginx/certs/ # # Clean, copy templates and usefull files RUN rm /etc/nginx/conf.d/* COPY launch.sh /launch.sh RUN mkdir /etc/nginx/templates COPY nginx.conf /etc/nginx/ COPY root.conf /etc/nginx/templates/ # Dot not daemonize nginx RUN echo 'daemon off;' >> /etc/nginx/nginx.conf # nginx user (no root) RUN touch /var/run/nginx.pid && \ chown -R nginx:nginx /var/run/nginx.pid && \ chown -R nginx:nginx /var/cache/nginx && \ chown -R nginx:nginx /etc/nginx/ USER nginx CMD bash /launch.sh