mirrors
/
keeweb
mirror of https://github.com/keeweb/keeweb
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

ext

pull/233/head
antelle 2016-04-22 08:06:13 +03:00
parent 89ee918062
commit c39ec3db53
3 changed files with 9 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
package/docker/Dockerfile
View File

@ -4,7 +4,7 @@
# Based on nginx-ssl-secure https://github.com/MarvAmBass/docker-nginx-ssl-secure/
# docker build -t keeweb .
# docker run --name keeweb -d -p 443:443 -p 80:80 keeweb
# docker run --name keeweb -d -p 443:443 -p 80:80 -e 'DH_SIZE=512' -v $EXT_DIR:/etc/nginx/external/ keeweb
FROM nginx:stable
MAINTAINER Antelle "antelle.net@gmail.com"
@ -14,7 +14,7 @@ RUN apt-get -y update && apt-get -y install git openssl
# setup nginx
RUN rm -rf /etc/nginx/conf.d/*; \
mkdir -p /etc/nginx/cert
mkdir -p /etc/nginx/external
RUN sed -i 's/access_log.*/access_log \/dev\/stdout;/g' /etc/nginx/nginx.conf; \
sed -i 's/error_log.*/error_log \/dev\/stdout info;/g' /etc/nginx/nginx.conf; \

8
package/docker/entrypoint.sh
View File

@ -9,7 +9,7 @@ then
fi
DH="/etc/nginx/cert/dh.pem"
DH="/etc/nginx/external/dh.pem"
if [ ! -e "$DH" ]
then
@ -21,13 +21,13 @@ then
openssl dhparam -out "$DH" $DH_SIZE
fi
if [ ! -e "/etc/nginx/cert/cert.pem" ] || [ ! -e "/etc/nginx/cert/key.pem" ]
if [ ! -e "/etc/nginx/external/cert.pem" ] || [ ! -e "/etc/nginx/external/key.pem" ]
then
echo ">> generating self signed cert"
openssl req -x509 -newkey rsa:4086 \
-subj "/C=XX/ST=XXXX/L=XXXX/O=XXXX/CN=localhost" \
-keyout "/etc/nginx/cert/key.pem" \
-out "/etc/nginx/cert/cert.pem" \
-keyout "/etc/nginx/external/key.pem" \
-out "/etc/nginx/external/cert.pem" \
-days 3650 -nodes -sha256
fi

6
package/docker/keeweb.conf
View File

@ -3,8 +3,8 @@ server {
root /keeweb;
index index.html;
server_name localhost;
ssl_certificate /etc/nginx/cert/cert.pem;
ssl_certificate_key /etc/nginx/cert/key.pem;
ssl_certificate /etc/nginx/external/cert.pem;
ssl_certificate_key /etc/nginx/external/key.pem;
server_tokens off;
add_header X-Content-Type-Options nosniff;
@ -14,7 +14,7 @@ server {
# https://scotthelme.co.uk/a-plus-rating-qualys-ssl-test/
# http://www.howtoforge.com/ssl-perfect-forward-secrecy-in-nginx-webserver
ssl_dhparam /etc/nginx/cert/dh.pem;
ssl_dhparam /etc/nginx/external/dh.pem;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2; # disable poodle
ssl_prefer_server_ciphers on;
ssl_ciphers ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AESGCM:RSA+AES:RSA+3DES:!aNULL:!MD5:!DSS;