thib8956/nginx-proxy
1
0
Fork 0
mirror of https://github.com/thib8956/nginx-proxy synced 2024-11-22 03:46:29 +00:00
Code Issues Releases Wiki Activity

Allow passing DHPARAM_BITS via env, lower bits to 256 for unit tests

Browse Source
This commit is contained in:
Steve Kamerman 2017-01-12 14:55:25 -05:00
parent dffc0c47cf
commit 7d253dd0f3
3 changed files with 10 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
docker-entrypoint.sh
View File

@ -15,7 +15,8 @@ if [[ $DOCKER_HOST = unix://* ]]; then
fi fi
# Generate dhparam file if required # Generate dhparam file if required
/app/generate-dhparam.sh # Note: if $DHPARAM_BITS is not defined, generate-dhparam.sh will use 2048 as a default
/app/generate-dhparam.sh $DHPARAM_BITS
# If the user has run the default command and the socket doesn't exist, fail # If the user has run the default command and the socket doesn't exist, fail
if [ "$socketMissing" = 1 -a "$1" = forego -a "$2" = start -a "$3" = '-r' ]; then if [ "$socketMissing" = 1 -a "$1" = forego -a "$2" = start -a "$3" = '-r' ]; then

4
generate-dhparam.sh
View File

@ -1,10 +1,12 @@
#!/bin/bash -e #!/bin/bash -e
# The first argument is the bit depth of the dhparam, or 2048 if unspecified
DHPARAM_BITS=${1:-2048}
# If a dhparam file is not available, use the pre-generated one and generate a new one in the background. # If a dhparam file is not available, use the pre-generated one and generate a new one in the background.
# Note that /etc/nginx/dhparam is a volume, so this dhparam will persist restarts. # Note that /etc/nginx/dhparam is a volume, so this dhparam will persist restarts.
PREGEN_DHPARAM_FILE="/app/dhparam.pem.default" PREGEN_DHPARAM_FILE="/app/dhparam.pem.default"
DHPARAM_FILE="/etc/nginx/dhparam/dhparam.pem" DHPARAM_FILE="/etc/nginx/dhparam/dhparam.pem"
DHPARAM_BITS="2048"
GEN_LOCKFILE="/tmp/dhparam_generating.lock" GEN_LOCKFILE="/tmp/dhparam_generating.lock"
# The hash of the pregenerated dhparam file is used to check if the pregen dhparam is already in use # The hash of the pregenerated dhparam file is used to check if the pregen dhparam is already in use

8
test/ssl_dhparam.bats
View File

@ -7,7 +7,7 @@ function setup {
stop_bats_containers web stop_bats_containers web
} }
@test "[$TEST_FILE] test dhparam.pem is generated if missing (WARNING: this test is slow)" { @test "[$TEST_FILE] test dhparam.pem is generated if missing" {
SUT_CONTAINER=bats-nginx-proxy-${TEST_FILE}-1 SUT_CONTAINER=bats-nginx-proxy-${TEST_FILE}-1
# WHEN # WHEN
@ -16,6 +16,7 @@ function setup {
--label bats-type="nginx-proxy" \ --label bats-type="nginx-proxy" \
--name $SUT_CONTAINER \ --name $SUT_CONTAINER \
-v /var/run/docker.sock:/tmp/docker.sock:ro \ -v /var/run/docker.sock:/tmp/docker.sock:ro \
-e DHPARAM=256 \
$SUT_IMAGE \ $SUT_IMAGE \
&& wait_for_nginxproxy_container_to_start $SUT_CONTAINER \ && wait_for_nginxproxy_container_to_start $SUT_CONTAINER \
&& docker logs $SUT_CONTAINER && docker logs $SUT_CONTAINER
@ -23,7 +24,7 @@ function setup {
DEFAULT_HASH=$(docker exec $SUT_CONTAINER md5sum /etc/nginx/dhparam/dhparam.pem | cut -d" " -f1) DEFAULT_HASH=$(docker exec $SUT_CONTAINER md5sum /etc/nginx/dhparam/dhparam.pem | cut -d" " -f1)
assert_success assert_success
docker_wait_for_log $SUT_CONTAINER 9 "Generating DH parameters" docker_wait_for_log $SUT_CONTAINER 30 "Generating DH parameters"
# THEN # THEN
docker_wait_for_log $SUT_CONTAINER 240 "dhparam generation complete, reloading nginx" docker_wait_for_log $SUT_CONTAINER 240 "dhparam generation complete, reloading nginx"
@ -56,13 +57,14 @@ function setup {
--name $SUT_CONTAINER \ --name $SUT_CONTAINER \
-v /var/run/docker.sock:/tmp/docker.sock:ro \ -v /var/run/docker.sock:/tmp/docker.sock:ro \
-v $TMP_DIR:/etc/nginx/dhparam \ -v $TMP_DIR:/etc/nginx/dhparam \
-e DHPARAM=256 \
$SUT_IMAGE \ $SUT_IMAGE \
&& wait_for_nginxproxy_container_to_start $SUT_CONTAINER \ && wait_for_nginxproxy_container_to_start $SUT_CONTAINER \
&& docker logs $SUT_CONTAINER && docker logs $SUT_CONTAINER
# THEN # THEN
assert_success assert_success
docker_wait_for_log $SUT_CONTAINER 9 "Generating DH parameters" docker_wait_for_log $SUT_CONTAINER 30 "Generating DH parameters"
docker exec $SUT_CONTAINER rm -rf /etc/nginx/dhparam/* docker exec $SUT_CONTAINER rm -rf /etc/nginx/dhparam/*
} }