docker_images/nginx/Dockerfile
Fabien BOURGEOIS 578dd155fb [IMP]Nginx : security improvements
* Updated ciphers / protocols and other base conf ;
* Run as nginx user, no more root then fork.
2021-03-29 09:51:14 +02:00

31 lines
738 B
Docker

FROM nginx:stable
MAINTAINER Yaltik - Fabien Bourgeois <fabien@yaltik.com>
# Default variables
ENV NGINX_HOST localhost 127.0.0.1
ENV NGINX_PORT 8080
ENV NGINX_SSL_PORT 8443
# Create sensible CERTS
RUN mkdir /etc/nginx/certs
COPY req.pem cert.key dhparams.pem /etc/nginx/certs/
#
# Clean, copy templates and usefull files
RUN rm /etc/nginx/conf.d/*
COPY launch.sh /launch.sh
RUN mkdir /etc/nginx/templates
COPY root.conf /etc/nginx/templates/
# Dot not daemonize nginx
RUN echo 'daemon off;' >> /etc/nginx/nginx.conf
# nginx user (no root)
RUN touch /var/run/nginx.pid && \
chown -R nginx:nginx /var/run/nginx.pid && \
chown -R nginx:nginx /var/cache/nginx && \
chown -R nginx:nginx /etc/nginx/
USER nginx
CMD bash /launch.sh