docker container

2016-04-21 23:48:21 +03:00 · 2016-04-21 23:48:21 +03:00 · ad24e24633
parent b33dcd2331
commit ad24e24633
5 changed files with 127 additions and 0 deletions
--- a/package/docker/Dockerfile
+++ b/package/docker/Dockerfile
@ -0,0 +1,34 @@
+# KeeWeb official docker container
+# https://keeweb.info
+# (C) Antelle 2016, MIT license https://github.com/antelle/keeweb
+# Based on nginx-ssl-secure https://github.com/MarvAmBass/docker-nginx-ssl-secure/
+
+# docker build -t keeweb .
+# docker run --name keeweb -d -p 443:443 keeweb
+
+FROM nginx:stable
+MAINTAINER Antelle "antelle.net@gmail.com"
+
+# install
+RUN apt-get -y update && apt-get -y install git openssl
+
+# setup nginx
+RUN rm -rf /etc/nginx/conf.d/*; \
+    mkdir -p /etc/nginx/cert
+
+RUN sed -i 's/access_log.*/access_log \/dev\/stdout;/g' /etc/nginx/nginx.conf; \
+    sed -i 's/error_log.*/error_log \/dev\/stdout info;/g' /etc/nginx/nginx.conf; \
+    sed -i 's/^pid/daemon off;\npid/g' /etc/nginx/nginx.conf
+
+ADD keeweb.conf /etc/nginx/conf.d/keeweb.conf
+
+ADD entrypoint.sh /opt/entrypoint.sh
+RUN chmod a+x /opt/entrypoint.sh
+
+ENTRYPOINT ["/opt/entrypoint.sh"]
+CMD ["nginx"]
+
+# clone keeweb
+RUN git clone --depth 1 --single-branch --branch gh-pages https://github.com/antelle/keeweb.git
+
+EXPOSE 443
--- a/package/docker/LICENSE
+++ b/package/docker/LICENSE
@ -0,0 +1,23 @@
+License of nginx-ssl-secure, https://github.com/MarvAmBass/docker-nginx-ssl-secure/
+
+The MIT License (MIT)
+
+Copyright (c) 2014 Marvin
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.
--- a/package/docker/entrypoint.sh
+++ b/package/docker/entrypoint.sh
@ -0,0 +1,37 @@
+#!/bin/bash
+
+echo "Welcome to KeeWeb docker container!"
+
+if [ -z ${DH_SIZE+x} ]
+then
+  >&2 echo ">> no \$DH_SIZE specified using default"
+  DH_SIZE="2048"
+fi
+
+
+DH="/etc/nginx/cert/dh.pem"
+
+if [ ! -e "$DH" ]
+then
+  echo ">> seems like the first start of nginx"
+  echo ">> doing some preparations..."
+  echo ""
+
+  echo ">> generating $DH with size: $DH_SIZE"
+  openssl dhparam -out "$DH" $DH_SIZE
+fi
+
+if [ ! -e "/etc/nginx/cert/cert.pem" ] || [ ! -e "/etc/nginx/cert/key.pem" ]
+then
+  echo ">> generating self signed cert"
+  openssl req -x509 -newkey rsa:4086 \
+  -subj "/C=XX/ST=XXXX/L=XXXX/O=XXXX/CN=localhost" \
+  -keyout "/etc/nginx/cert/key.pem" \
+  -out "/etc/nginx/cert/cert.pem" \
+  -days 3650 -nodes -sha256
+fi
+
+# exec CMD
+echo ">> exec docker CMD"
+echo "$@"
+exec "$@"
--- a/package/docker/keeweb.conf
+++ b/package/docker/keeweb.conf
@ -0,0 +1,32 @@
+server {
+    listen 443 ssl;
+    root /keeweb;
+    index index.html;
+    server_name localhost;
+    ssl_certificate /etc/nginx/cert/cert.pem;
+    ssl_certificate_key /etc/nginx/cert/key.pem;
+
+    # hide nginx version
+    server_tokens off;
+
+    # add nosniff header (https://www.owasp.org/index.php/List_of_useful_HTTP_headers)
+    add_header X-Content-Type-Options nosniff;
+
+    add_header Strict-Transport-Security "max-age=31536000; includeSubdomains";
+
+    # Getting a high secure SSL configured system
+
+    # Tutorials used:
+    # https://scotthelme.co.uk/a-plus-rating-qualys-ssl-test/
+    # http://www.howtoforge.com/ssl-perfect-forward-secrecy-in-nginx-webserver
+
+    # enable dh
+    ssl_dhparam /etc/nginx/cert/dh.pem;
+
+    # protocols
+    ssl_protocols TLSv1 TLSv1.1 TLSv1.2; # disable poodle
+
+    # ciphers
+    ssl_prefer_server_ciphers on;
+    ssl_ciphers ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AESGCM:RSA+AES:RSA+3DES:!aNULL:!MD5:!DSS;
+}
--- a/release-notes.md
+++ b/release-notes.md
@ -4,6 +4,7 @@ Release notes
 ##### v1.2.0 (TBD)
 `+` allow selecting attachments with click  
 `+` save groups collapsed/expanded state  
+`+` docker container  
 `+` edit and remove tags  
 `+` register file associations  
 `-` prevent second app instance on windows