Fabio/nginx-proxy-auto-docker
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Merge 52bfa6774c into 75c7b1399b

Browse source
This commit is contained in:
Ivan Isaev 2022-12-02 22:17:00 +01:00 committed by GitHub
commit 8ac62203f9
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
2 changed files with 15 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

5
README.md
View file

@ -295,6 +295,11 @@ The contents of `/path/to/certs` should contain the certificates and private key
If you are running the container in a virtualized environment (Hyper-V, VirtualBox, etc...), /path/to/certs must exist in that environment or be made accessible to that environment. By default, Docker is not able to mount directories on the host machine to containers running in a virtual machine. If you are running the container in a virtualized environment (Hyper-V, VirtualBox, etc...), /path/to/certs must exist in that environment or be made accessible to that environment. By default, Docker is not able to mount directories on the host machine to containers running in a virtual machine.
#### Passphrase
Optionally you can set passphrase for certificate by creating `.pw` file with passphrase in `/path/to/certs` directory.
For example `foo.bar.com.pw`.
#### Diffie-Hellman Groups #### Diffie-Hellman Groups
[RFC7919 groups](https://datatracker.ietf.org/doc/html/rfc7919#appendix-A) with key lengths of 2048, 3072, and 4096 bits are [provided by `nginx-proxy`](https://github.com/nginx-proxy/nginx-proxy/dhparam). The ENV `DHPARAM_BITS` can be set to `2048` or `3072` to change from the default 4096-bit key. The DH key file will be located in the container at `/etc/nginx/dhparam/dhparam.pem`. Mounting a different `dhparam.pem` file at that location will override the RFC7919 key. [RFC7919 groups](https://datatracker.ietf.org/doc/html/rfc7919#appendix-A) with key lengths of 2048, 3072, and 4096 bits are [provided by `nginx-proxy`](https://github.com/nginx-proxy/nginx-proxy/dhparam). The ENV `DHPARAM_BITS` can be set to `2048` or `3072` to change from the default 4096-bit key. The DH key file will be located in the container at `/etc/nginx/dhparam/dhparam.pem`. Mounting a different `dhparam.pem` file at that location will override the RFC7919 key.

10
nginx.tmpl
View file

@ -249,6 +249,9 @@ server {
ssl_session_tickets off; ssl_session_tickets off;
ssl_certificate /etc/nginx/certs/default.crt; ssl_certificate /etc/nginx/certs/default.crt;
ssl_certificate_key /etc/nginx/certs/default.key; ssl_certificate_key /etc/nginx/certs/default.key;
{{ if (exists "/etc/nginx/certs/default.pw") }}
ssl_password_file /etc/nginx/certs/default.pw;
{{ end }}
} }
{{ end }} {{ end }}
@ -362,6 +365,10 @@ server {
ssl_certificate /etc/nginx/certs/{{ (printf "%s.crt" $cert) }}; ssl_certificate /etc/nginx/certs/{{ (printf "%s.crt" $cert) }};
ssl_certificate_key /etc/nginx/certs/{{ (printf "%s.key" $cert) }}; ssl_certificate_key /etc/nginx/certs/{{ (printf "%s.key" $cert) }};
{{ if (exists (printf "/etc/nginx/certs/%s.pw" $cert)) }}
ssl_password_file {{ printf "/etc/nginx/certs/%s.pw" $cert }};
{{ end }}
{{ if (exists (printf "/etc/nginx/certs/%s.dhparam.pem" $cert)) }} {{ if (exists (printf "/etc/nginx/certs/%s.dhparam.pem" $cert)) }}
ssl_dhparam {{ printf "/etc/nginx/certs/%s.dhparam.pem" $cert }}; ssl_dhparam {{ printf "/etc/nginx/certs/%s.dhparam.pem" $cert }};
{{ end }} {{ end }}
@ -472,6 +479,9 @@ server {
ssl_certificate /etc/nginx/certs/default.crt; ssl_certificate /etc/nginx/certs/default.crt;
ssl_certificate_key /etc/nginx/certs/default.key; ssl_certificate_key /etc/nginx/certs/default.key;
{{ if (exists "/etc/nginx/certs/default.pw") }}
ssl_password_file /etc/nginx/certs/default.pw;
{{ end }}
} }
{{ end }} {{ end }}