Merge branch 'thaJeztah-switch-to-nginx-image'
This commit is contained in:
commit
1aef35678e
4 changed files with 5 additions and 12 deletions
11
Dockerfile
11
Dockerfile
|
@ -1,14 +1,10 @@
|
||||||
FROM ubuntu:14.04
|
FROM nginx:1.7.7
|
||||||
MAINTAINER Jason Wilder jwilder@litl.com
|
MAINTAINER Jason Wilder jwilder@litl.com
|
||||||
|
|
||||||
# Install Nginx.
|
# Install wget and install/updates certificates
|
||||||
RUN echo "deb http://ppa.launchpad.net/nginx/stable/ubuntu trusty main" > /etc/apt/sources.list.d/nginx-stable-trusty.list \
|
RUN apt-get update \
|
||||||
&& echo "deb-src http://ppa.launchpad.net/nginx/stable/ubuntu trusty main" >> /etc/apt/sources.list.d/nginx-stable-trusty.list \
|
|
||||||
&& apt-key adv --keyserver keyserver.ubuntu.com --recv-keys C300EE8C \
|
|
||||||
&& apt-get update \
|
|
||||||
&& apt-get install -y -q --no-install-recommends \
|
&& apt-get install -y -q --no-install-recommends \
|
||||||
ca-certificates \
|
ca-certificates \
|
||||||
nginx \
|
|
||||||
wget \
|
wget \
|
||||||
&& apt-get clean \
|
&& apt-get clean \
|
||||||
&& rm -r /var/lib/apt/lists/*
|
&& rm -r /var/lib/apt/lists/*
|
||||||
|
@ -30,7 +26,6 @@ RUN wget https://github.com/jwilder/docker-gen/releases/download/$DOCKER_GEN_VER
|
||||||
COPY . /app/
|
COPY . /app/
|
||||||
WORKDIR /app/
|
WORKDIR /app/
|
||||||
|
|
||||||
EXPOSE 80 443
|
|
||||||
ENV DOCKER_HOST unix:///tmp/docker.sock
|
ENV DOCKER_HOST unix:///tmp/docker.sock
|
||||||
|
|
||||||
VOLUME ["/etc/nginx/certs"]
|
VOLUME ["/etc/nginx/certs"]
|
||||||
|
|
2
Procfile
2
Procfile
|
@ -1,2 +1,2 @@
|
||||||
nginx: nginx
|
nginx: nginx
|
||||||
dockergen: docker-gen -watch -only-exposed -notify "nginx -s reload" /app/nginx.tmpl /etc/nginx/sites-enabled/default
|
dockergen: docker-gen -watch -only-exposed -notify "nginx -s reload" /app/nginx.tmpl /etc/nginx/conf.d/default.conf
|
||||||
|
|
|
@ -82,7 +82,7 @@ and `CERT_NAME=shared` will then use this shared cert.
|
||||||
|
|
||||||
The SSL cipher configuration is based on [mozilla nginx intermediate profile](https://wiki.mozilla.org/Security/Server_Side_TLS#Nginx) which
|
The SSL cipher configuration is based on [mozilla nginx intermediate profile](https://wiki.mozilla.org/Security/Server_Side_TLS#Nginx) which
|
||||||
should provide compatibility with clients back to Firefox 1, Chrome 1, IE 7, Opera 5, Safari 1,
|
should provide compatibility with clients back to Firefox 1, Chrome 1, IE 7, Opera 5, Safari 1,
|
||||||
Windows XP IE8, Android 2.3, Java 7. The configuration also enables OCSP stapling, HSTS, and SSL
|
Windows XP IE8, Android 2.3, Java 7. The configuration also enables HSTS, and SSL
|
||||||
session caches.
|
session caches.
|
||||||
|
|
||||||
The behavior for the proxy when port 80 and 443 are exposed is as follows:
|
The behavior for the proxy when port 80 and 443 are exposed is as follows:
|
||||||
|
|
|
@ -96,8 +96,6 @@ server {
|
||||||
ssl_prefer_server_ciphers on;
|
ssl_prefer_server_ciphers on;
|
||||||
ssl_session_timeout 5m;
|
ssl_session_timeout 5m;
|
||||||
ssl_session_cache shared:SSL:50m;
|
ssl_session_cache shared:SSL:50m;
|
||||||
ssl_stapling on;
|
|
||||||
ssl_stapling_verify on;
|
|
||||||
|
|
||||||
ssl_certificate /etc/nginx/certs/{{ (printf "%s.crt" $cert) }};
|
ssl_certificate /etc/nginx/certs/{{ (printf "%s.crt" $cert) }};
|
||||||
ssl_certificate_key /etc/nginx/certs/{{ (printf "%s.key" $cert) }};
|
ssl_certificate_key /etc/nginx/certs/{{ (printf "%s.key" $cert) }};
|
||||||
|
|
Reference in a new issue