Merge branch 'thaJeztah-switch-to-nginx-image'
This commit is contained in:
commit
1aef35678e
4 changed files with 5 additions and 12 deletions
11
Dockerfile
11
Dockerfile
|
@ -1,14 +1,10 @@
|
|||
FROM ubuntu:14.04
|
||||
FROM nginx:1.7.7
|
||||
MAINTAINER Jason Wilder jwilder@litl.com
|
||||
|
||||
# Install Nginx.
|
||||
RUN echo "deb http://ppa.launchpad.net/nginx/stable/ubuntu trusty main" > /etc/apt/sources.list.d/nginx-stable-trusty.list \
|
||||
&& echo "deb-src http://ppa.launchpad.net/nginx/stable/ubuntu trusty main" >> /etc/apt/sources.list.d/nginx-stable-trusty.list \
|
||||
&& apt-key adv --keyserver keyserver.ubuntu.com --recv-keys C300EE8C \
|
||||
&& apt-get update \
|
||||
# Install wget and install/updates certificates
|
||||
RUN apt-get update \
|
||||
&& apt-get install -y -q --no-install-recommends \
|
||||
ca-certificates \
|
||||
nginx \
|
||||
wget \
|
||||
&& apt-get clean \
|
||||
&& rm -r /var/lib/apt/lists/*
|
||||
|
@ -30,7 +26,6 @@ RUN wget https://github.com/jwilder/docker-gen/releases/download/$DOCKER_GEN_VER
|
|||
COPY . /app/
|
||||
WORKDIR /app/
|
||||
|
||||
EXPOSE 80 443
|
||||
ENV DOCKER_HOST unix:///tmp/docker.sock
|
||||
|
||||
VOLUME ["/etc/nginx/certs"]
|
||||
|
|
2
Procfile
2
Procfile
|
@ -1,2 +1,2 @@
|
|||
nginx: nginx
|
||||
dockergen: docker-gen -watch -only-exposed -notify "nginx -s reload" /app/nginx.tmpl /etc/nginx/sites-enabled/default
|
||||
dockergen: docker-gen -watch -only-exposed -notify "nginx -s reload" /app/nginx.tmpl /etc/nginx/conf.d/default.conf
|
||||
|
|
|
@ -82,7 +82,7 @@ and `CERT_NAME=shared` will then use this shared cert.
|
|||
|
||||
The SSL cipher configuration is based on [mozilla nginx intermediate profile](https://wiki.mozilla.org/Security/Server_Side_TLS#Nginx) which
|
||||
should provide compatibility with clients back to Firefox 1, Chrome 1, IE 7, Opera 5, Safari 1,
|
||||
Windows XP IE8, Android 2.3, Java 7. The configuration also enables OCSP stapling, HSTS, and SSL
|
||||
Windows XP IE8, Android 2.3, Java 7. The configuration also enables HSTS, and SSL
|
||||
session caches.
|
||||
|
||||
The behavior for the proxy when port 80 and 443 are exposed is as follows:
|
||||
|
|
|
@ -96,8 +96,6 @@ server {
|
|||
ssl_prefer_server_ciphers on;
|
||||
ssl_session_timeout 5m;
|
||||
ssl_session_cache shared:SSL:50m;
|
||||
ssl_stapling on;
|
||||
ssl_stapling_verify on;
|
||||
|
||||
ssl_certificate /etc/nginx/certs/{{ (printf "%s.crt" $cert) }};
|
||||
ssl_certificate_key /etc/nginx/certs/{{ (printf "%s.key" $cert) }};
|
||||
|
|
Reference in a new issue