42 lines
1.3 KiB
Docker
42 lines
1.3 KiB
Docker
FROM nginx:stable
|
|
MAINTAINER Yaltik - Fabien Bourgeois <fabien@yaltik.com>
|
|
|
|
# Default variables
|
|
ENV NGINX_HOST localhost 127.0.0.1
|
|
ENV NGINX_PORT 8080
|
|
ENV NGINX_SSL_PORT 8443
|
|
ENV NGINX_EXTERNAL_PORT 80
|
|
ENV NGINX_EXTERNAL_SSL_PORT 443
|
|
ENV CERTIFICATE_PATH /etc/nginx/certs/req.pem
|
|
ENV CERTIFICATE_KEY_PATH /etc/nginx/certs/cert.key
|
|
ENV SSL_PROTOCOLS TLSv1.2 TLSv1.3
|
|
ENV SSL_CIPHERS ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384
|
|
ENV CLIENT_BODY_BUFFER_SIZE 1K
|
|
ENV CLIENT_HEADER_BUFFER_SIZE 1k
|
|
ENV CLIENT_MAX_BODY_SIZE 1k
|
|
ENV LARGE_CLIENT_HEADER_BUFFERS 2 1k
|
|
|
|
# Create sensible CERTS
|
|
RUN mkdir /etc/nginx/certs
|
|
COPY req.pem cert.key dhparams.pem /etc/nginx/certs/
|
|
#
|
|
# Clean, copy templates and usefull files
|
|
RUN rm /etc/nginx/conf.d/*
|
|
COPY launch.sh /launch.sh
|
|
RUN mkdir /etc/nginx/templates
|
|
COPY nginx.conf /etc/nginx/
|
|
COPY root.conf /etc/nginx/templates/
|
|
|
|
# Dot not daemonize nginx
|
|
RUN echo 'daemon off;' >> /etc/nginx/nginx.conf
|
|
|
|
# nginx user (no root)
|
|
RUN touch /var/run/nginx.pid && \
|
|
chown -R nginx:nginx /var/run/nginx.pid && \
|
|
chown -R nginx:nginx /var/cache/nginx && \
|
|
chown -R nginx:nginx /etc/nginx/
|
|
|
|
USER nginx
|
|
|
|
CMD bash /launch.sh
|