thib8956/nginx-proxy
1
0
Fork 0
mirror of https://github.com/thib8956/nginx-proxy synced 2025-11-04 11:09:20 +00:00
Code Issues Releases Wiki Activity

chore: 5/6 - Shift dhparam method to the bottom

Browse Source 
Minor change on error message.
This commit is contained in:
polarathene
2021-09-28 20:57:03 +13:00
parent ed009c0ec8
commit 0f330b85b1
1 changed files with 31 additions and 31 deletions
Download Patch File Download Diff File Expand all files Collapse all files

62
docker-entrypoint.sh
View File

@@ -1,37 +1,6 @@
#!/bin/bash
set -e
function _setup_dhparam() {
echo 'Setting up DH Parameters..'
# DH params will be supplied for nginx here:
DHPARAM_FILE='/etc/nginx/dhparam/dhparam.pem'
# DH params may be provided by the user (rarely necessary),
# or use an existing pre-generated group from RFC7919, defaulting to 4096-bit:
if [[ -f ${DHPARAM_FILE} ]]
then
echo 'Warning: A custom dhparam.pem file was provided. Best practice is to use standardized RFC7919 DHE groups instead.' >&2
else
# ENV DHPARAM_BITS - Defines which RFC7919 DHE group to use (default: 4096-bit):
local FFDHE_GROUP="${DHPARAM_BITS:-4096}"
# RFC7919 groups are defined here:
# https://datatracker.ietf.org/doc/html/rfc7919#appendix-A
local RFC7919_DHPARAM_FILE="/app/dhparam/ffdhe${FFDHE_GROUP}.pem"
# Only the following pre-generated sizes are supported,
# emit an error and kill the container if provided an invalid value:
if [[ ! ${DHPARAM_BITS} =~ ^(2048|3072|4096)$ ]]
then
echo "ERROR: Unsupported DHPARAM_BITS size: ${DHPARAM_BITS}, use 2048, 3072, or 4096 (default)." >&2
exit 1
fi
# Provide the DH params file to nginx:
cp "${RFC7919_DHPARAM_FILE}" "${DHPARAM_FILE}"
fi
}
function _check_unix_socket() {
# Warn if the DOCKER_HOST socket does not exist
if [[ $DOCKER_HOST = unix://* ]]; then
@@ -64,6 +33,37 @@ function _resolvers() {
fi
}
function _setup_dhparam() {
echo 'Setting up DH Parameters..'
# DH params will be supplied for nginx here:
DHPARAM_FILE='/etc/nginx/dhparam/dhparam.pem'
# DH params may be provided by the user (rarely necessary),
# or use an existing pre-generated group from RFC7919, defaulting to 4096-bit:
if [[ -f ${DHPARAM_FILE} ]]
then
echo 'Warning: A custom dhparam.pem file was provided. Best practice is to use standardized RFC7919 DHE groups instead.' >&2
else
# ENV DHPARAM_BITS - Defines which RFC7919 DHE group to use (default: 4096-bit):
local FFDHE_GROUP="${DHPARAM_BITS:-4096}"
# RFC7919 groups are defined here:
# https://datatracker.ietf.org/doc/html/rfc7919#appendix-A
local RFC7919_DHPARAM_FILE="/app/dhparam/ffdhe${FFDHE_GROUP}.pem"
# Only the following pre-generated sizes are supported,
# emit an error and kill the container if provided an invalid value:
if [[ ! ${DHPARAM_BITS} =~ ^(2048|3072|4096)$ ]]
then
echo "ERROR: Unsupported DHPARAM_BITS size: ${DHPARAM_BITS}, use 2048, 3072, or 4096 (default)." >&2
exit 1
fi
# Provide the DH params file to nginx:
cp "${RFC7919_DHPARAM_FILE}" "${DHPARAM_FILE}"
fi
}
# Run the init logic if the default CMD was provided
if [[ $* == 'forego start -r' ]]; then
_check_unix_socket