Merge branch 'thaJeztah-switch-to-nginx-image'

This commit is contained in:
Jason Wilder 2014-12-03 11:15:33 -07:00
commit 1aef35678e
4 changed files with 5 additions and 12 deletions

View file

@ -1,14 +1,10 @@
FROM ubuntu:14.04 FROM nginx:1.7.7
MAINTAINER Jason Wilder jwilder@litl.com MAINTAINER Jason Wilder jwilder@litl.com
# Install Nginx. # Install wget and install/updates certificates
RUN echo "deb http://ppa.launchpad.net/nginx/stable/ubuntu trusty main" > /etc/apt/sources.list.d/nginx-stable-trusty.list \ RUN apt-get update \
&& echo "deb-src http://ppa.launchpad.net/nginx/stable/ubuntu trusty main" >> /etc/apt/sources.list.d/nginx-stable-trusty.list \
&& apt-key adv --keyserver keyserver.ubuntu.com --recv-keys C300EE8C \
&& apt-get update \
&& apt-get install -y -q --no-install-recommends \ && apt-get install -y -q --no-install-recommends \
ca-certificates \ ca-certificates \
nginx \
wget \ wget \
&& apt-get clean \ && apt-get clean \
&& rm -r /var/lib/apt/lists/* && rm -r /var/lib/apt/lists/*
@ -30,7 +26,6 @@ RUN wget https://github.com/jwilder/docker-gen/releases/download/$DOCKER_GEN_VER
COPY . /app/ COPY . /app/
WORKDIR /app/ WORKDIR /app/
EXPOSE 80 443
ENV DOCKER_HOST unix:///tmp/docker.sock ENV DOCKER_HOST unix:///tmp/docker.sock
VOLUME ["/etc/nginx/certs"] VOLUME ["/etc/nginx/certs"]

View file

@ -1,2 +1,2 @@
nginx: nginx nginx: nginx
dockergen: docker-gen -watch -only-exposed -notify "nginx -s reload" /app/nginx.tmpl /etc/nginx/sites-enabled/default dockergen: docker-gen -watch -only-exposed -notify "nginx -s reload" /app/nginx.tmpl /etc/nginx/conf.d/default.conf

View file

@ -82,7 +82,7 @@ and `CERT_NAME=shared` will then use this shared cert.
The SSL cipher configuration is based on [mozilla nginx intermediate profile](https://wiki.mozilla.org/Security/Server_Side_TLS#Nginx) which The SSL cipher configuration is based on [mozilla nginx intermediate profile](https://wiki.mozilla.org/Security/Server_Side_TLS#Nginx) which
should provide compatibility with clients back to Firefox 1, Chrome 1, IE 7, Opera 5, Safari 1, should provide compatibility with clients back to Firefox 1, Chrome 1, IE 7, Opera 5, Safari 1,
Windows XP IE8, Android 2.3, Java 7. The configuration also enables OCSP stapling, HSTS, and SSL Windows XP IE8, Android 2.3, Java 7. The configuration also enables HSTS, and SSL
session caches. session caches.
The behavior for the proxy when port 80 and 443 are exposed is as follows: The behavior for the proxy when port 80 and 443 are exposed is as follows:

View file

@ -96,8 +96,6 @@ server {
ssl_prefer_server_ciphers on; ssl_prefer_server_ciphers on;
ssl_session_timeout 5m; ssl_session_timeout 5m;
ssl_session_cache shared:SSL:50m; ssl_session_cache shared:SSL:50m;
ssl_stapling on;
ssl_stapling_verify on;
ssl_certificate /etc/nginx/certs/{{ (printf "%s.crt" $cert) }}; ssl_certificate /etc/nginx/certs/{{ (printf "%s.crt" $cert) }};
ssl_certificate_key /etc/nginx/certs/{{ (printf "%s.key" $cert) }}; ssl_certificate_key /etc/nginx/certs/{{ (printf "%s.key" $cert) }};